package com.devexperts.mdd.auth.util;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.Base64;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/devexperts/mdd/auth/util/SignedToken.class */
public class SignedToken {
    public static final String MAC_ALGORITHM = "HmacSHA256";
    public static final String MAC_CHARSET = "UTF-8";
    static final Base64.Encoder ENCODER = Base64.getUrlEncoder().withoutPadding();
    static final Base64.Decoder DECODER = Base64.getUrlDecoder();
    private final String issuer;
    private final String subject;
    private final Instant expiration;
    private final Instant notBefore;
    private final Instant issuedAt;
    private final String message;
    private final transient String rawToken;

    /* loaded from: input_file:com/devexperts/mdd/auth/util/SignedToken$Builder.class */
    public static class Builder {
        private String issuer;
        private String subject;
        private Instant expiration;
        private Instant notBefore;
        private Instant issued;
        private String message;

        protected Builder() {
        }

        public SignedToken toToken() {
            return new SignedToken(this.issuer, this.subject, this.message, this.notBefore, this.expiration, this.issued, null);
        }

        public String getIssuer() {
            return this.issuer;
        }

        public Builder setIssuer(String str) {
            this.issuer = str;
            return this;
        }

        public String getSubject() {
            return this.subject;
        }

        public Builder setSubject(String str) {
            this.subject = str;
            return this;
        }

        public Instant getExpiration() {
            return this.expiration;
        }

        public Builder setExpiration(Instant instant) {
            this.expiration = SignedToken.validateTime(instant);
            return this;
        }

        public Builder setExpirationFromNow(TemporalAmount temporalAmount) {
            this.expiration = SignedToken.validateTime(Instant.now().plus(temporalAmount));
            return this;
        }

        public Instant getNotBefore() {
            return this.notBefore;
        }

        public Builder setNotBefore(Instant instant) {
            this.notBefore = SignedToken.validateTime(instant);
            return this;
        }

        public Instant getIssued() {
            return this.issued;
        }

        public Builder setIssued(Instant instant) {
            this.issued = SignedToken.validateTime(instant);
            return this;
        }

        public Builder setIssuedNow() {
            this.issued = Instant.now();
            return this;
        }

        public String getMessage() {
            return this.message;
        }

        public Builder setMessage(String str) {
            this.message = str;
            return this;
        }

        public Builder setUser(String str) {
            setMessage(str);
            return this;
        }

        public Builder setUser(String str, Set<String> set) {
            String str2 = (String) set.stream().collect(Collectors.joining(";"));
            this.message = str + (str2.isEmpty() ? "" : "," + str2);
            return this;
        }
    }

    protected SignedToken(String str, String str2, String str3, Instant instant, Instant instant2, Instant instant3, String str4) {
        this.issuer = validate(str, "issuer");
        this.subject = validate(str2, "subject");
        this.message = str3;
        this.notBefore = validateTime(instant);
        this.expiration = validateTime((Instant) Objects.requireNonNull(instant2, "expiration"));
        this.issuedAt = validateTime(instant3);
        this.rawToken = str4;
        if (instant != null && instant.isAfter(instant2)) {
            throw new IllegalArgumentException("Not-before time must not be after expiration time");
        }
    }

    public static SignedToken valueOf(String str) {
        Objects.requireNonNull(str, "token");
        int indexOf = str.indexOf(46);
        if (indexOf <= 0) {
            throw new IllegalArgumentException("Illegal token: " + str);
        }
        try {
            byte[] decode = DECODER.decode(str.substring(0, indexOf));
            DECODER.decode(str.substring(indexOf + 1));
            String[] split = new String(decode, MAC_CHARSET).split(",", 6);
            if (split.length < 6) {
                throw new IllegalArgumentException("Illegal token: " + str);
            }
            return new SignedToken(split[0], split[1], split[5], parseTime(split[2]), parseTime(split[3]), parseTime(split[4]), str);
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    public static Builder newBuilder(String str, String str2, Instant instant) {
        return new Builder().setIssuer(str).setSubject(str2).setExpiration(instant);
    }

    public static Builder newBuilder(String str, String str2, TemporalAmount temporalAmount) {
        return new Builder().setIssuer(str).setSubject(str2).setExpirationFromNow(temporalAmount);
    }

    public String getIssuer() {
        return this.issuer;
    }

    public String getSubject() {
        return this.subject;
    }

    public String getMessage() {
        return this.message;
    }

    public Instant getNotBefore() {
        return this.notBefore;
    }

    public Instant getIssuedAt() {
        return this.issuedAt;
    }

    public Instant getExpiration() {
        return this.expiration;
    }

    public boolean isIssuedBefore(SignedToken signedToken) {
        Instant issuedAt = getIssuedAt();
        Instant issuedAt2 = ((SignedToken) Objects.requireNonNull(signedToken, "token")).getIssuedAt();
        return (issuedAt == null || issuedAt2 == null || !issuedAt.isBefore(issuedAt2)) ? false : true;
    }

    public String signToken(String str) {
        try {
            byte[] encode = ENCODER.encode(createPayload().getBytes(MAC_CHARSET));
            return new String(encode) + "." + new String(ENCODER.encode(computeMac(encode, str.getBytes(MAC_CHARSET))));
        } catch (IOException e) {
            throw new IllegalStateException("Error generating token", e);
        }
    }

    @Deprecated
    public boolean verifyToken(String str) {
        return verifyToken(str, Instant.now());
    }

    @Deprecated
    public boolean verifyToken(String str, Instant instant) {
        Instant truncatedTo = ((Instant) Objects.requireNonNull(instant, "now")).truncatedTo(ChronoUnit.SECONDS);
        if (truncatedTo.isAfter(this.expiration)) {
            return false;
        }
        if (this.notBefore == null || !truncatedTo.isBefore(this.notBefore)) {
            return verifySignature(str);
        }
        return false;
    }

    public boolean verifySignature(String str) {
        if (this.rawToken == null) {
            return true;
        }
        return signToken(str).equals(this.rawToken);
    }

    public boolean verifyTime(Instant instant) {
        Instant truncatedTo = instant.truncatedTo(ChronoUnit.SECONDS);
        return (this.notBefore == null || !truncatedTo.isBefore(this.notBefore)) && (this.expiration == null || !truncatedTo.isAfter(this.expiration));
    }

    public String toString() {
        return "SignedToken{iss=" + this.issuer + ", sub=" + this.subject + ", exp=" + this.expiration + ", nbf=" + this.notBefore + ", iat=" + this.issuedAt + ", msg=" + this.message + "}";
    }

    private String createPayload() {
        StringBuilder sb = new StringBuilder();
        sb.append(this.issuer).append(',').append(this.subject).append(',');
        if (this.notBefore != null) {
            sb.append(this.notBefore.getEpochSecond());
        }
        sb.append(',').append(this.expiration.getEpochSecond()).append(',');
        if (this.issuedAt != null) {
            sb.append(this.issuedAt.getEpochSecond());
        }
        sb.append(',').append(this.message != null ? this.message : "");
        return sb.toString();
    }

    private static String validate(String str, String str2) {
        Objects.requireNonNull(str, str2);
        if (str.indexOf(44) >= 0) {
            throw new IllegalArgumentException(str2 + " must not contain commas");
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Instant validateTime(Instant instant) {
        if (instant != null) {
            return instant.truncatedTo(ChronoUnit.SECONDS);
        }
        return null;
    }

    private static Instant parseTime(String str) {
        if (str.isEmpty()) {
            return null;
        }
        return Instant.ofEpochSecond(Long.valueOf(str).longValue());
    }

    private static byte[] computeMac(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance(MAC_ALGORITHM);
            mac.init(new SecretKeySpec(bArr2, MAC_ALGORITHM));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }
}
