package io.apiman.common.auth;

import java.util.Date;
import java.util.Iterator;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.TreeSet;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.commons.codec.digest.DigestUtils;
import org.codehaus.jackson.map.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/apiman-common-auth-1.2.0.redhat-053.jar:io/apiman/common/auth/AuthTokenUtil.class */
public class AuthTokenUtil {
    private static Logger logger = LoggerFactory.getLogger(AuthTokenUtil.class);
    private static final ObjectMapper mapper = new ObjectMapper();
    private static ISharedSecretSource sharedSecretSource;

    public static final String produceToken(String str, Set<String> set, int i) {
        return StringUtils.newStringUtf8(Base64.encodeBase64(StringUtils.getBytesUtf8(toJSON(createAuthToken(str, set, i)))));
    }

    public static final AuthToken consumeToken(String str) throws IllegalArgumentException {
        AuthToken fromJSON = fromJSON(StringUtils.newStringUtf8(Base64.decodeBase64(str)));
        validateToken(fromJSON);
        return fromJSON;
    }

    public static final void validateToken(AuthToken authToken) throws IllegalArgumentException {
        if (authToken.getExpiresOn().before(new Date())) {
            throw new IllegalArgumentException("Authentication token expired: " + authToken.getExpiresOn());
        }
        String generateSignature = generateSignature(authToken);
        if (authToken.getSignature() == null || !authToken.getSignature().equals(generateSignature)) {
            throw new IllegalArgumentException("Missing or invalid signature on the auth token.");
        }
    }

    public static final AuthToken createAuthToken(String str, Set<String> set, int i) {
        AuthToken authToken = new AuthToken();
        authToken.setIssuedOn(new Date());
        authToken.setExpiresOn(new Date(System.currentTimeMillis() + i));
        authToken.setPrincipal(str);
        authToken.setRoles(set);
        signAuthToken(authToken);
        return authToken;
    }

    public static final void signAuthToken(AuthToken authToken) {
        authToken.setSignature(generateSignature(authToken));
    }

    private static String generateSignature(AuthToken authToken) {
        StringBuilder sb = new StringBuilder();
        sb.append(authToken.getPrincipal());
        sb.append("||");
        sb.append(authToken.getExpiresOn().getTime());
        sb.append("||");
        sb.append(authToken.getIssuedOn().getTime());
        sb.append("||");
        boolean z = true;
        Iterator it = new TreeSet(authToken.getRoles()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (z) {
                z = false;
            } else {
                sb.append(",");
            }
            sb.append(str);
        }
        sb.append("||");
        sb.append(sharedSecretSource.getSharedSecret());
        return DigestUtils.sha256Hex(sb.toString());
    }

    public static final String toJSON(AuthToken authToken) {
        try {
            return mapper.writer().writeValueAsString(authToken);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static final AuthToken fromJSON(String str) {
        try {
            return (AuthToken) mapper.reader(AuthToken.class).readValue(str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    static {
        Iterator it = ServiceLoader.load(ISharedSecretSource.class).iterator();
        if (it.hasNext()) {
            sharedSecretSource = (ISharedSecretSource) it.next();
        }
        if (sharedSecretSource == null) {
            logger.warn("Missing a Shared-Secret source for auth-token style authentication.  Defaulting to insecure, hard-coded value.");
            sharedSecretSource = new ISharedSecretSource() { // from class: io.apiman.common.auth.AuthTokenUtil.1
                @Override // io.apiman.common.auth.ISharedSecretSource
                public String getSharedSecret() {
                    return "2BB6E867BC7564162AB1FD26BE61E49365934FBA9B3E56B1323ABE104C798D5C";
                }
            };
        }
    }
}
