package eu.europa.ec.mare.usm.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.io.Deserializer;
import io.jsonwebtoken.io.Serializer;
import io.jsonwebtoken.lang.Strings;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SecurityException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Properties;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.ejb.Singleton;
import javax.ejb.Startup;
import javax.json.bind.Jsonb;
import javax.json.bind.JsonbBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Startup
/* loaded from: input_file:WEB-INF/lib/jwt-handler-impl-2.2.12.jar:eu/europa/ec/mare/usm/jwt/DefaultJwtTokenHandler.class */
public class DefaultJwtTokenHandler implements JwtTokenHandler {
    public static final long DEFAULT_TTL = 28800000;
    private static final String PROPERTIES_FILE = "/jwt.properties";
    private static final String SIGNATURE_KEY_PROPERTY_NAME = "secretKey";
    private static final String PROP_SUBJECT = "subject";
    private static final String PROP_ISSUER = "issuer";
    private static final String PROP_ID = "id";
    private static final String TTL_PROPERTY_NAME = "timeToLiveInMinutes";
    private static final String DEFAULT_KEY = "usmSecretKey";
    private static final String DEFAULT_ID = "usm/authentication";
    private static final String DEFAULT_ISSUER = "usm";
    private static final String DEFAULT_SUBJECT = "authentication";
    private static final String USER_NAME = "userName";
    private static final String FEATURES = "features";
    private byte[] secretKey;
    private Properties properties = new Properties();
    private Jsonb jsonb = JsonbBuilder.create();
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultJwtTokenHandler.class);
    private static final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/jwt-handler-impl-2.2.12.jar:eu/europa/ec/mare/usm/jwt/DefaultJwtTokenHandler$JsonbDeserializer.class */
    public class JsonbDeserializer<T> implements Deserializer<T> {
        JsonbDeserializer() {
        }

        @Override // io.jsonwebtoken.io.Deserializer
        public T deserialize(byte[] bArr) {
            return (T) DefaultJwtTokenHandler.this.jsonb.fromJson(new String(bArr, Strings.UTF_8), Object.class);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/jwt-handler-impl-2.2.12.jar:eu/europa/ec/mare/usm/jwt/DefaultJwtTokenHandler$JsonbSerializer.class */
    public class JsonbSerializer<T> implements Serializer<T> {
        JsonbSerializer() {
        }

        @Override // io.jsonwebtoken.io.Serializer
        public byte[] serialize(T t) {
            return DefaultJwtTokenHandler.this.jsonb.toJson(t).getBytes(Strings.UTF_8);
        }
    }

    @PostConstruct
    public void init() {
        InputStream resourceAsStream = getClass().getResourceAsStream(PROPERTIES_FILE);
        if (resourceAsStream != null) {
            try {
                this.properties.load(resourceAsStream);
            } catch (IOException e) {
                LOGGER.warn("Failed to load class-path resource:'{}'. Using default values", PROPERTIES_FILE, e);
            }
        } else {
            LOGGER.debug("Class-path resource: '{}' does not exist. Using default values", PROPERTIES_FILE);
        }
        initKey();
    }

    @Override // eu.europa.ec.mare.usm.jwt.JwtTokenHandler
    public String createToken(String str) {
        return createToken(str, null);
    }

    @Override // eu.europa.ec.mare.usm.jwt.JwtTokenHandler
    public String createToken(String str, List<Integer> list) {
        LOGGER.debug("createToken( {} ) - (ENTER)", str);
        String str2 = null;
        if (str != null && !str.trim().isEmpty()) {
            long currentTimeMillis = System.currentTimeMillis();
            Claims claims = Jwts.claims();
            claims.setId(this.properties.getProperty(PROP_ID, DEFAULT_ID));
            claims.setIssuer(this.properties.getProperty(PROP_ISSUER, DEFAULT_ISSUER));
            claims.setSubject(this.properties.getProperty(PROP_SUBJECT, DEFAULT_SUBJECT));
            claims.setIssuedAt(new Date(currentTimeMillis));
            claims.setExpiration(new Date(currentTimeMillis + 28800000));
            claims.put(USER_NAME, str);
            if (list != null) {
                claims.put(FEATURES, list);
            }
            str2 = signClaims(claims);
        }
        LOGGER.debug("createToken() - (LEAVE)");
        return str2;
    }

    @Override // eu.europa.ec.mare.usm.jwt.JwtTokenHandler
    public String extendToken(String str) {
        LOGGER.debug("extendToken({}) - (ENTER)", str);
        String str2 = null;
        Claims parseClaims = parseClaims(str);
        if (parseClaims != null) {
            long currentTimeMillis = System.currentTimeMillis();
            parseClaims.setIssuedAt(new Date(currentTimeMillis));
            parseClaims.setExpiration(new Date(currentTimeMillis + getTtlInMilliseconds()));
            str2 = signClaims(parseClaims);
        }
        LOGGER.debug("extendToken() - (LEAVE)");
        return str2;
    }

    private long getTtlInMilliseconds() {
        String configValue = getConfigValue(TTL_PROPERTY_NAME);
        if (configValue == null || configValue.isEmpty()) {
            return 28800000L;
        }
        try {
            long parseLong = Long.parseLong(configValue);
            long j = parseLong * 60 * 1000;
            if (j > 0) {
                return j;
            }
            LOGGER.warn("Configured TTL value is not positive: {}", Long.valueOf(parseLong));
            return 28800000L;
        } catch (NumberFormatException e) {
            LOGGER.warn("Failed to parse TTL config value to number: {}", configValue);
            return 28800000L;
        }
    }

    @Override // eu.europa.ec.mare.usm.jwt.JwtTokenHandler
    public String parseToken(String str) {
        LOGGER.debug("parseToken({}) - (ENTER)", str);
        String str2 = null;
        Claims parseClaims = parseClaims(str);
        if (parseClaims != null) {
            str2 = (String) parseClaims.get(USER_NAME);
        }
        LOGGER.debug("parseToken() - (LEAVE)");
        return str2;
    }

    @Override // eu.europa.ec.mare.usm.jwt.JwtTokenHandler
    public List<Integer> parseTokenFeatures(String str) {
        LOGGER.debug("parseToken({}) - (ENTER)", str);
        List<Integer> list = null;
        Claims parseClaims = parseClaims(str);
        if (parseClaims != null) {
            list = (List) ((List) parseClaims.get(FEATURES, List.class)).stream().map((v0) -> {
                return v0.intValue();
            }).collect(Collectors.toList());
        }
        LOGGER.debug("parseToken() - (LEAVE)");
        return list;
    }

    private String signClaims(Claims claims) {
        HashMap hashMap = new HashMap();
        hashMap.put(Header.TYPE, Header.JWT_TYPE);
        hashMap.put(JwsHeader.ALGORITHM, signatureAlgorithm);
        return Jwts.builder().setHeader(hashMap).setClaims(claims).signWith(Keys.hmacShaKeyFor(getSecretKey()), signatureAlgorithm).serializeToJsonWith(new JsonbSerializer()).compact();
    }

    private Claims parseClaims(String str) {
        Claims claims = null;
        if (str != null && !str.trim().isEmpty()) {
            try {
                claims = Jwts.parserBuilder().setSigningKey(Keys.hmacShaKeyFor(getSecretKey())).deserializeJsonWith(new JsonbDeserializer()).build().parseClaimsJws(str).getBody();
            } catch (ExpiredJwtException e) {
                LOGGER.error("Token expired", e);
            } catch (MalformedJwtException | UnsupportedJwtException | SecurityException | IllegalArgumentException e2) {
                LOGGER.error("Failed to parse token", e2);
            }
        }
        return claims;
    }

    private String genkey() {
        return Base64.getEncoder().encodeToString(Keys.secretKeyFor(signatureAlgorithm).getEncoded());
    }

    private void initKey() {
        String configValue = getConfigValue(SIGNATURE_KEY_PROPERTY_NAME);
        if (configValue == null || configValue.isEmpty()) {
            LOGGER.debug("No secret JWT signature key found. Generating a random one");
            configValue = generateAndBindKey("USM/secretKey");
        }
        LOGGER.debug("Secret JWT signature key set to: {}", configValue);
        this.secretKey = Base64.getDecoder().decode(configValue);
        LOGGER.debug("Parsed Base64 JWT signature key: {}", this.secretKey);
    }

    private String generateAndBindKey(String str) {
        String str2;
        try {
            str2 = genkey();
            JndiUtil.createJNDI(str, str2);
            LOGGER.debug("Key now bound to JNDI name {}", str);
        } catch (Exception e) {
            LOGGER.error("Error Generating secret key. Using default value", e);
            str2 = DEFAULT_KEY;
            JndiUtil.createJNDI(str, str2);
            LOGGER.debug("Key now bound to JNDI name {}", str);
        }
        return str2;
    }

    private String getConfigValue(String str) {
        String property = System.getProperty("USM." + str);
        if (property != null && !property.isEmpty()) {
            LOGGER.debug("{} found in system properties.", str);
            return property;
        }
        LOGGER.debug("{} not found in system properties. Checking in properties file.", str);
        String property2 = this.properties.getProperty(str);
        if (property2 != null && !property2.isEmpty()) {
            LOGGER.debug("{} found in JWT properties file.", str);
            return property2;
        }
        LOGGER.debug("{} not found in JWT properties file. Checking in JNDI context.", str);
        String str2 = "USM/" + str;
        Object lookup = JndiUtil.lookup(str2);
        if (lookup == null || lookup.toString().isEmpty()) {
            LOGGER.debug("No JNDI entry {} found", str2);
        } else {
            property2 = lookup.toString();
            LOGGER.debug("Found JNDI entry {} with value {}", str2, property2);
        }
        return property2;
    }

    private byte[] getSecretKey() {
        return this.secretKey;
    }
}
