package org.mycore.frontend.jersey.resources;

import com.auth0.jwt.JWT;
import com.auth0.jwt.exceptions.JWTVerificationException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.mycore.common.MCRSession;
import org.mycore.common.MCRSessionMgr;
import org.mycore.frontend.jersey.MCRCacheControl;
import org.mycore.frontend.jersey.MCRJWTUtil;
import org.mycore.frontend.jersey.MCRStaticContent;
import org.mycore.frontend.servlets.MCRServlet;

@Path("/jwt")
/* loaded from: input_file:org/mycore/frontend/jersey/resources/MCRJWTResource.class */
public class MCRJWTResource {
    public static final String AUDIENCE = "mcr:session";

    @Context
    HttpServletRequest request;

    @GET
    @MCRCacheControl(noTransform = true, noStore = true, private_ = @MCRCacheControl.FieldArgument(active = true), noCache = @MCRCacheControl.FieldArgument(active = true))
    @Produces({"application/json; charset=UTF-8"})
    @MCRStaticContent
    public Response getTokenFromSession() throws IOException {
        if (!Optional.ofNullable(this.request.getSession(false)).map(httpSession -> {
            return httpSession.getAttribute(MCRServlet.ATTR_MYCORE_SESSION);
        }).isPresent()) {
            return MCRJWTUtil.getJWTLoginErrorResponse("No active MyCoRe session found.");
        }
        return MCRJWTUtil.getJWTLoginSuccessResponse(getToken(MCRServlet.getSession(this.request), this.request.getParameterValues("ua")));
    }

    private String getToken(MCRSession mCRSession, String[] strArr) throws UnsupportedEncodingException {
        return MCRJWTUtil.getJWTBuilder(mCRSession.getUserInformation(), strArr).withJWTId(mCRSession.getID()).withIssuer(this.request.getRequestURL().toString()).withAudience(new String[]{AUDIENCE}).withClaim(MCRJWTUtil.JWT_CLAIM_IP, mCRSession.getCurrentIP()).sign(MCRJWTUtil.getJWTAlgorithm());
    }

    public static void validate(String str) throws JWTVerificationException {
        if (!Optional.of(JWT.require(MCRJWTUtil.getJWTAlgorithm()).withAudience(new String[]{AUDIENCE}).build().verify(str)).map((v0) -> {
            return v0.getId();
        }).map(MCRSessionMgr::getSession).isPresent()) {
            throw new JWTVerificationException("MCRSession is invalid.");
        }
    }
}
