package com.mware.core.security;

import com.mware.core.util.TeeInputStream;
import com.mware.kryo.reflectasm.shaded.org.objectweb.asm.Opcodes;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:com/mware/core/security/AuthToken.class */
public class AuthToken {
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private final String userId;
    private final SecretKey jwtKey;
    private final Date expiration;
    private final String tokenId;

    public AuthToken(String str, SecretKey secretKey, Date date) {
        this(generateTokenId(), str, secretKey, date);
    }

    private AuthToken(String str, String str2, SecretKey secretKey, Date date) {
        this.tokenId = str;
        this.userId = str2;
        this.jwtKey = secretKey;
        this.expiration = date;
    }

    public static SecretKey generateKey(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes(), TeeInputStream.LOOP_REPORT_INTERVAL, Opcodes.ACC_NATIVE));
    }

    public static AuthToken parse(String str, SecretKey secretKey) throws AuthTokenException {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            if (!parse.verify(new MACVerifier(secretKey))) {
                throw new AuthTokenException("JWT signature verification failed");
            }
            JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
            return new AuthToken(jWTClaimsSet.getJWTID(), jWTClaimsSet.getSubject(), secretKey, jWTClaimsSet.getExpirationTime());
        } catch (Exception e) {
            throw new AuthTokenException(e);
        }
    }

    public String serialize() throws AuthTokenException {
        try {
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), new JWTClaimsSet.Builder().jwtID(this.tokenId).subject(this.userId).expirationTime(this.expiration).build());
            signedJWT.sign(new MACSigner(this.jwtKey));
            return signedJWT.serialize();
        } catch (Exception e) {
            throw new AuthTokenException(e);
        }
    }

    public String getTokenId() {
        return this.tokenId;
    }

    public String getUserId() {
        return this.userId;
    }

    public Date getExpiration() {
        return this.expiration;
    }

    public boolean isExpired(int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(this.expiration);
        calendar.add(13, i);
        return calendar.getTime().before(new Date());
    }

    private static String generateTokenId() {
        byte[] bArr = new byte[128];
        SECURE_RANDOM.nextBytes(bArr);
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.putLong(System.currentTimeMillis());
        return Base64.getEncoder().encodeToString(bArr) + "@" + Base64.getEncoder().encodeToString(allocate.array());
    }
}
