package com.predic8.membrane.core.interceptor.authentication.session;

import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.annot.MCTextContent;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator;
import org.jose4j.jwk.Use;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.ReservedClaimNames;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumer;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.lang.JoseException;

@MCElement(name = "jwtSessionManager2", mixed = true)
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-4.7.0.jar:com/predic8/membrane/core/interceptor/authentication/session/JwtSessionManager.class */
public class JwtSessionManager extends SessionManager {
    private SecureRandom random = new SecureRandom();
    private RsaJsonWebKey rsaJsonWebKey;
    private String key;

    public String getKey() {
        return this.key;
    }

    @MCTextContent
    public void setKey(String str) {
        this.key = str;
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.SessionManager
    public void init(Router router) {
        super.init(router);
        try {
            if (this.key != null) {
                this.rsaJsonWebKey = new RsaJsonWebKey(JsonUtil.parseJson(this.key));
                return;
            }
            this.rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
            this.rsaJsonWebKey.setKeyId(new BigInteger(130, this.random).toString(32));
            this.rsaJsonWebKey.setUse(Use.SIGNATURE);
            this.rsaJsonWebKey.setAlgorithm(AlgorithmIdentifiers.RSA_USING_SHA256);
            throw new RuntimeException("jwtSessionManager/@key is not set. Please use '" + this.rsaJsonWebKey.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE) + "'.");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected SessionManager.Session validateAndReconstructSession(String str) {
        JwtConsumer build = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(30).setRequireSubject().setVerificationKey(this.rsaJsonWebKey.getRsaPublicKey()).build();
        SessionManager.Session session = new SessionManager.Session();
        try {
            JwtClaims processToClaims = build.processToClaims(str);
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, List<Object>> entry : processToClaims.flattenClaims().entrySet()) {
                if (!ReservedClaimNames.EXPIRATION_TIME.equals(entry.getKey()) && !"iat".equals(entry.getKey()) && !ReservedClaimNames.JWT_ID.equals(entry.getKey()) && !ReservedClaimNames.NOT_BEFORE.equals(entry.getKey())) {
                    if ("sub".equals(entry.getKey())) {
                        session.setUserName((String) entry.getValue().get(0));
                    } else if ("level".equals(entry.getKey())) {
                        session.setLevel(Integer.parseInt((String) entry.getValue().get(0)));
                    } else {
                        if (!entry.getKey().startsWith("map.")) {
                            throw new RuntimeException("not parsed: " + entry.getKey());
                        }
                        hashMap.put(entry.getKey().substring(4), (String) entry.getValue().get(0));
                    }
                }
            }
            session.setUserAttributes(hashMap);
            return session;
        } catch (InvalidJwtException e) {
            e.printStackTrace();
            return session;
        }
    }

    protected String signSession(SessionManager.Session session, Exchange exchange) {
        String str = "";
        String userName = session.getUserName();
        if (userName != null) {
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setExpirationTimeMinutesInTheFuture(((float) getTimeout()) / 60000.0f);
            jwtClaims.setIssuedAtToNow();
            jwtClaims.setGeneratedJwtId();
            jwtClaims.setNotBeforeMinutesInThePast(2.0f);
            jwtClaims.setSubject(userName);
            jwtClaims.setStringClaim("level", "" + session.getLevel());
            synchronized (session) {
                for (Map.Entry<String, String> entry : session.getUserAttributes().entrySet()) {
                    jwtClaims.setStringClaim("map." + entry.getKey(), entry.getValue());
                }
            }
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setKey(this.rsaJsonWebKey.getPrivateKey());
            jsonWebSignature.setKeyIdHeaderValue(this.rsaJsonWebKey.getKeyId());
            jsonWebSignature.setHeader("typ", "JWT");
            jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
            try {
                str = jsonWebSignature.getCompactSerialization();
            } catch (JoseException e) {
                throw new RuntimeException(e);
            }
        }
        return str + "; " + (getDomain() != null ? "Domain=" + getDomain() + "; " : "") + "Path=/" + (exchange.getRule().getSslInboundContext() != null ? "; Secure" : "");
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.SessionManager
    public void postProcess(Exchange exchange) {
        SessionManager.Session session = (SessionManager.Session) exchange.getProperty(com.predic8.membrane.core.interceptor.session.SessionManager.SESSION);
        if (session == null || exchange.getResponse() == null) {
            return;
        }
        exchange.getResponse().getHeader().addCookieSession(getCookieName(), signSession(session, exchange));
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.SessionManager
    public SessionManager.Session getSession(Exchange exchange) {
        SessionManager.Session session = (SessionManager.Session) exchange.getProperty(com.predic8.membrane.core.interceptor.session.SessionManager.SESSION);
        if (session != null) {
            return session;
        }
        String firstCookie = exchange.getRequest().getHeader().getFirstCookie(getCookieName());
        if (firstCookie == null) {
            return null;
        }
        SessionManager.Session validateAndReconstructSession = validateAndReconstructSession(firstCookie);
        exchange.setProperty(com.predic8.membrane.core.interceptor.session.SessionManager.SESSION, validateAndReconstructSession);
        return validateAndReconstructSession;
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.SessionManager
    public SessionManager.Session createSession(Exchange exchange) {
        SessionManager.Session session = new SessionManager.Session();
        exchange.setProperty(com.predic8.membrane.core.interceptor.session.SessionManager.SESSION, session);
        return session;
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.SessionManager
    public void removeSession(SessionManager.Session session) {
        session.clear();
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.SessionManager
    public void removeSession(Exchange exchange) {
        SessionManager.Session session = (SessionManager.Session) exchange.getProperty(com.predic8.membrane.core.interceptor.session.SessionManager.SESSION);
        if (session != null) {
            return;
        }
        session.clear();
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.SessionManager, com.predic8.membrane.core.interceptor.authentication.session.CleanupThread.Cleaner
    public void cleanup() {
    }
}
