package de.digitalcollections.commons.springsecurity.jwt;

import ch.qos.logback.core.CoreConstants;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.time.Instant;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:BOOT-INF/lib/dc-commons-springsecurity-4.0.3.jar:de/digitalcollections/commons/springsecurity/jwt/TokenAuthenticationService.class */
public class TokenAuthenticationService {
    private static final String TOKEN_PREFIX = "Bearer";
    private static final String HEADER_KEY = "Authorization";
    private String secret;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private long expirationTime;

    public TokenAuthenticationService(String str) {
        this.expirationTime = CoreConstants.MILLIS_IN_ONE_WEEK;
        this.secret = str;
    }

    public TokenAuthenticationService(PrivateKey privateKey, PublicKey publicKey) {
        this.expirationTime = CoreConstants.MILLIS_IN_ONE_WEEK;
        this.privateKey = privateKey;
        this.publicKey = publicKey;
    }

    public TokenAuthenticationService(PublicKey publicKey) {
        this.expirationTime = CoreConstants.MILLIS_IN_ONE_WEEK;
        this.publicKey = publicKey;
    }

    public TokenAuthenticationService(String str, long j) {
        this.expirationTime = CoreConstants.MILLIS_IN_ONE_WEEK;
        this.secret = str;
        this.expirationTime = j;
    }

    public boolean canIssueTokens() {
        return (this.privateKey != null && this.privateKey.getAlgorithm().equals("RSA")) || !(this.secret == null || this.secret.isEmpty());
    }

    public void addAuthentication(HttpServletResponse httpServletResponse, String str) {
        if (this.privateKey != null && !this.privateKey.getAlgorithm().equals("RSA")) {
            throw new RuntimeException(String.format("Private Key must use RSA cipher, but uses %s", this.privateKey.getAlgorithm()));
        }
        if ((this.secret == null || this.secret.isEmpty()) && this.privateKey == null) {
            throw new RuntimeException("Cannot issue tokens due to missing secret or private key.");
        }
        JwtBuilder expiration = Jwts.builder().setSubject(str).setExpiration(Date.from(Instant.now().plusMillis(this.expirationTime)));
        if (this.privateKey != null) {
            expiration.signWith(SignatureAlgorithm.RS512, this.privateKey);
        } else {
            expiration.signWith(SignatureAlgorithm.HS512, this.secret);
        }
        httpServletResponse.addHeader("Authorization", "Bearer " + expiration.compact());
    }

    public Authentication getAuthentication(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        String str = null;
        try {
            JwtParser parser = Jwts.parser();
            if (this.publicKey != null) {
                parser.setSigningKey(this.publicKey);
            } else {
                parser.setSigningKey(this.secret);
            }
            str = parser.parseClaimsJws(header).getBody().getSubject();
        } catch (ExpiredJwtException e) {
        }
        if (str != null) {
            return new AuthenticatedUser(str);
        }
        return null;
    }
}
