package io.firebus.adapters.http.security;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.firebus.Payload;
import io.firebus.adapters.http.HttpGateway;
import io.firebus.adapters.http.SecurityHandler;
import io.firebus.utils.DataList;
import io.firebus.utils.DataMap;
import java.io.IOException;
import java.util.Date;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;

/* loaded from: input_file:io/firebus/adapters/http/security/JWTCookie.class */
public class JWTCookie extends SecurityHandler {
    protected String cookieName;
    protected String cookieDomain;
    protected String fbMetadataName;
    protected String jwtSecret;
    protected String jwtIssuer;
    protected String idmUrl;
    protected String idmClientId;
    protected String idmClientSecret;
    protected long timeout;

    public JWTCookie(HttpGateway httpGateway, DataMap dataMap) {
        super(httpGateway, dataMap);
        this.cookieName = this.config.getString("cookie");
        this.cookieDomain = this.config.getString("cookiedomain");
        this.fbMetadataName = this.config.getString("fbmetaname");
        this.jwtSecret = this.config.getString("jwtsecret");
        this.jwtIssuer = this.config.getString("jwtissuer");
        this.idmUrl = this.config.getString("idmurl");
        this.idmClientId = this.config.getString("idmclientid");
        this.idmClientSecret = this.config.getString("idmclientsecret");
        if (this.config.containsKey("timeout")) {
            this.timeout = this.config.getNumber("timeout").longValue();
        } else {
            this.timeout = 3600000L;
        }
        if (this.cookieDomain == null || !this.cookieDomain.equals("")) {
            return;
        }
        this.cookieDomain = null;
    }

    @Override // io.firebus.adapters.http.SecurityHandler
    public boolean checkHttpRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String tokenFromRequest = getTokenFromRequest(httpServletRequest);
        if (tokenFromRequest != null) {
            DecodedJWT decode = JWT.decode(tokenFromRequest);
            String issuer = decode.getIssuer();
            long time = decode.getExpiresAt().getTime();
            long currentTimeMillis = System.currentTimeMillis();
            if (time > currentTimeMillis && issuer.equals(this.jwtIssuer)) {
                if (time >= currentTimeMillis + (this.timeout / 2)) {
                    return true;
                }
                setTokenOnResponse(decode.getClaim("email").asString(), httpServletResponse);
                return true;
            }
        }
        unauthenticated(httpServletRequest, httpServletResponse);
        return false;
    }

    @Override // io.firebus.adapters.http.SecurityHandler
    public void enrichFirebusRequest(HttpServletRequest httpServletRequest, Payload payload) {
        payload.metadata.put(this.fbMetadataName, getTokenFromRequest(httpServletRequest));
    }

    @Override // io.firebus.adapters.http.SecurityHandler
    public void enrichAuthResponse(String str, HttpServletResponse httpServletResponse) {
        setTokenOnResponse(str, httpServletResponse);
    }

    protected String getTokenFromRequest(HttpServletRequest httpServletRequest) {
        Cookie[] cookies;
        String str = null;
        if (this.cookieName != null && (cookies = httpServletRequest.getCookies()) != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (cookies[i].getName().equals(this.cookieName)) {
                    str = cookies[i].getValue();
                }
            }
        }
        return str;
    }

    /* JADX WARN: Finally extract failed */
    protected String generateToken(String str) {
        HttpEntity entity;
        Algorithm HMAC256 = Algorithm.HMAC256(this.jwtSecret);
        JWTCreator.Builder withExpiresAt = JWT.create().withIssuer(this.jwtIssuer).withClaim("email", str).withExpiresAt(new Date(new Date().getTime() + this.timeout));
        if (this.idmUrl != null && this.idmClientId != null && this.idmClientSecret != null) {
            try {
                HttpPost httpPost = new HttpPost(this.idmUrl);
                httpPost.setHeader("Content-Type", "application/json");
                DataMap dataMap = new DataMap();
                dataMap.put("client_id", this.idmClientId);
                dataMap.put("client_secret", this.idmClientSecret);
                dataMap.put("user", str);
                httpPost.setEntity(new StringEntity(dataMap.toString(), "UTF-8"));
                CloseableHttpResponse execute = this.httpGateway.getHttpClient().execute(httpPost);
                try {
                    if (execute.getStatusLine().getStatusCode() == 200 && (entity = execute.getEntity()) != null) {
                        DataMap dataMap2 = new DataMap(entity.getContent());
                        DataList list = dataMap2.getList("roles");
                        if (list != null && list.size() > 0) {
                            String[] strArr = new String[list.size()];
                            for (int i = 0; i < list.size(); i++) {
                                strArr[i] = list.getString(i);
                            }
                            withExpiresAt.withArrayClaim("roles", strArr);
                        }
                        DataList list2 = dataMap2.getList("domains");
                        if (list2 != null && list2.size() > 0) {
                            String[] strArr2 = new String[list2.size()];
                            for (int i2 = 0; i2 < list2.size(); i2++) {
                                strArr2[i2] = list2.getString(i2);
                            }
                            withExpiresAt.withArrayClaim("domains", strArr2);
                        }
                    }
                    execute.close();
                } catch (Throwable th) {
                    execute.close();
                    throw th;
                }
            } catch (Exception e) {
            }
        }
        return withExpiresAt.sign(HMAC256);
    }

    protected void setTokenOnResponse(String str, HttpServletResponse httpServletResponse) {
        if (this.cookieName != null) {
            Cookie cookie = new Cookie(this.cookieName, generateToken(str));
            cookie.setPath("/");
            cookie.setMaxAge((int) (this.timeout / 1000));
            if (this.cookieDomain != null) {
                cookie.setDomain(this.cookieDomain);
            }
            httpServletResponse.addCookie(cookie);
        }
    }

    @Override // io.firebus.adapters.http.SecurityHandler
    public void enrichLogoutResponse(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(this.cookieName, "");
        cookie.setPath("/");
        cookie.setMaxAge(0);
        if (this.cookieDomain != null) {
            cookie.setDomain(this.cookieDomain);
        }
        httpServletResponse.addCookie(cookie);
    }
}
