package io.inversion.action.security.schemes;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTCreationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.inversion.ApiException;
import io.inversion.Param;
import io.inversion.Request;
import io.inversion.Response;
import io.inversion.User;
import io.inversion.action.security.AuthScheme;
import io.inversion.action.security.schemes.HttpAuthScheme;
import io.inversion.json.JSList;
import io.inversion.json.JSMap;
import io.inversion.json.JSNode;
import io.inversion.json.JSParser;
import java.io.UnsupportedEncodingException;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/inversion/action/security/schemes/BearerScheme.class */
public class BearerScheme extends HttpAuthScheme {
    public static final String CONTEXT_KEY_API_NAME = "__API_NAME";
    protected final transient Logger log = LoggerFactory.getLogger(getClass().getName());
    protected Param.In in = Param.In.HEADER;
    protected String requestHeaderKey = "Authorization";
    protected String barerFormat = "JWT";
    protected String requiredTokenPrefix = "Bearer ";
    protected int ttl = 900000;
    protected SecretDao secretDao = null;

    /* loaded from: input_file:io/inversion/action/security/schemes/BearerScheme$In.class */
    public enum In {
        header
    }

    /* loaded from: input_file:io/inversion/action/security/schemes/BearerScheme$SecretDao.class */
    public interface SecretDao {
        List<String> getSecrets(Request request);
    }

    public BearerScheme() {
        withHttpScheme(HttpAuthScheme.HttpScheme.bearer);
    }

    public String getBarerFormat() {
        return this.barerFormat;
    }

    public AuthScheme withBarerFormat(String str) {
        this.barerFormat = str;
        return this;
    }

    public User getUser(Request request, Response response) throws ApiException {
        String findParam = request.findParam(this.requestHeaderKey, new Param.In[]{this.in});
        if (findParam == null) {
            return null;
        }
        String trim = findParam.trim();
        if (!trim.toLowerCase().startsWith(this.requiredTokenPrefix.toLowerCase())) {
            return null;
        }
        String trim2 = trim.substring(this.requiredTokenPrefix.length()).trim();
        DecodedJWT decodedJWT = null;
        Iterator<String> it = this.secretDao.getSecrets(request).iterator();
        while (it.hasNext()) {
            decodedJWT = decodeJWT(trim2, it.next());
            if (decodedJWT != null) {
                break;
            }
        }
        User user = null;
        if (decodedJWT != null) {
            user = buildUser(decodedJWT);
        }
        return user;
    }

    public User buildUser(DecodedJWT decodedJWT) {
        User user = new User();
        JSNode asJSNode = JSParser.asJSNode(new String(Base64.getDecoder().decode(decodedJWT.getPayload().getBytes())));
        for (String str : asJSNode.keySet()) {
            user.withClaim(str, asJSNode.get(str));
        }
        return user;
    }

    public String buildToken(Request request, User user) {
        List<String> secrets = this.secretDao.getSecrets(request);
        if (secrets.size() > 0) {
            return buildToken(user, secrets.get(0));
        }
        return null;
    }

    public String buildToken(User user, String str) {
        try {
            JWTCreator.Builder create = JWT.create();
            create.withExpiresAt(new Date(System.currentTimeMillis() + this.ttl));
            create.withSubject(user.getSubject());
            JSMap asJSMap = JSParser.asJSMap(new ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(user));
            for (String str2 : asJSMap.keySet()) {
                Object obj = asJSMap.get(str2);
                if (obj != null) {
                    if (obj instanceof JSList) {
                        create.withArrayClaim(str2, (String[]) ((JSList) obj).asList().toArray(new String[((JSList) obj).size()]));
                    } else {
                        create.withClaim(str2, String.valueOf(obj));
                    }
                }
            }
            return signJWT(create, str);
        } catch (Exception e) {
            throw ApiException.new500InternalServerError("Error creating JWT", new Object[]{e.getMessage()});
        }
    }

    public String signJWT(JWTCreator.Builder builder, String str) throws IllegalArgumentException, JWTCreationException, UnsupportedEncodingException {
        return builder.sign(Algorithm.HMAC256(str));
    }

    public DecodedJWT decodeJWT(String str, String str2) {
        try {
            return JWT.require(Algorithm.HMAC256(str2)).acceptLeeway(1L).build().verify(str);
        } catch (Exception e) {
            this.log.info("Error decoding jwt:", e.getMessage());
            return null;
        }
    }

    public SecretDao getSecretDao() {
        return this.secretDao;
    }

    public BearerScheme withSecretDao(SecretDao secretDao) {
        this.secretDao = secretDao;
        return this;
    }

    public String getRequiredTokenPrefix() {
        return this.requiredTokenPrefix;
    }

    public BearerScheme withRequiredTokenPrefix(String str) {
        this.requiredTokenPrefix = str;
        return this;
    }
}
