package org.mycore.frontend.jersey.resources;

import com.auth0.jwt.JWT;
import com.auth0.jwt.exceptions.JWTVerificationException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Optional;
import org.mycore.common.MCRSession;
import org.mycore.common.MCRSessionMgr;
import org.mycore.frontend.jersey.MCRCacheControl;
import org.mycore.frontend.jersey.MCRJWTUtil;
import org.mycore.frontend.jersey.MCRStaticContent;
import org.mycore.frontend.servlets.MCRServlet;

@Path("/jwt")
/* loaded from: input_file:org/mycore/frontend/jersey/resources/MCRJWTResource.class */
public class MCRJWTResource {
    public static final String AUDIENCE = "mcr:session";

    @Context
    HttpServletRequest request;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.mycore.frontend.jersey.resources.MCRJWTResource$1JWTClaims, reason: invalid class name */
    /* loaded from: input_file:org/mycore/frontend/jersey/resources/MCRJWTResource$1JWTClaims.class */
    public static final class C1JWTClaims extends Record {
        private final String sessionId;
        private final String userId;

        C1JWTClaims(String str, String str2) {
            this.sessionId = str;
            this.userId = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, C1JWTClaims.class), C1JWTClaims.class, "sessionId;userId", "FIELD:Lorg/mycore/frontend/jersey/resources/MCRJWTResource$1JWTClaims;->sessionId:Ljava/lang/String;", "FIELD:Lorg/mycore/frontend/jersey/resources/MCRJWTResource$1JWTClaims;->userId:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, C1JWTClaims.class), C1JWTClaims.class, "sessionId;userId", "FIELD:Lorg/mycore/frontend/jersey/resources/MCRJWTResource$1JWTClaims;->sessionId:Ljava/lang/String;", "FIELD:Lorg/mycore/frontend/jersey/resources/MCRJWTResource$1JWTClaims;->userId:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, C1JWTClaims.class, Object.class), C1JWTClaims.class, "sessionId;userId", "FIELD:Lorg/mycore/frontend/jersey/resources/MCRJWTResource$1JWTClaims;->sessionId:Ljava/lang/String;", "FIELD:Lorg/mycore/frontend/jersey/resources/MCRJWTResource$1JWTClaims;->userId:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String sessionId() {
            return this.sessionId;
        }

        public String userId() {
            return this.userId;
        }
    }

    @Produces({"application/json; charset=UTF-8"})
    @MCRCacheControl(noTransform = true, noStore = true, private_ = @MCRCacheControl.FieldArgument(active = true), noCache = @MCRCacheControl.FieldArgument(active = true))
    @MCRStaticContent
    @GET
    public Response getTokenFromSession() throws IOException {
        if (!Optional.ofNullable(this.request.getSession(false)).map(httpSession -> {
            return httpSession.getAttribute(MCRServlet.ATTR_MYCORE_SESSION);
        }).isPresent()) {
            return MCRJWTUtil.getJWTLoginErrorResponse("No active MyCoRe session found.");
        }
        return MCRJWTUtil.getJWTLoginSuccessResponse(getToken(MCRServlet.getSession(this.request), this.request.getParameterValues("ua"), this.request.getParameterValues("sa")));
    }

    private String getToken(MCRSession mCRSession, String[] strArr, String[] strArr2) {
        return MCRJWTUtil.getJWTBuilder(mCRSession, strArr, strArr2).withJWTId(mCRSession.getID()).withIssuer(this.request.getRequestURL().toString()).withAudience(new String[]{AUDIENCE}).withClaim(MCRJWTUtil.JWT_CLAIM_IP, mCRSession.getCurrentIP()).sign(MCRJWTUtil.getJWTAlgorithm());
    }

    public static void validate(String str) throws JWTVerificationException {
        if (Optional.of(JWT.require(MCRJWTUtil.getJWTAlgorithm()).withAudience(new String[]{AUDIENCE}).build().verify(str)).map(decodedJWT -> {
            return new C1JWTClaims(decodedJWT.getId(), decodedJWT.getSubject());
        }).filter(c1JWTClaims -> {
            return Optional.ofNullable(MCRSessionMgr.getSession(c1JWTClaims.sessionId)).filter(mCRSession -> {
                return mCRSession.getUserInformation().getUserID().equals(c1JWTClaims.userId);
            }).isPresent();
        }).isEmpty()) {
            throw new JWTVerificationException("MCRSession is invalid.");
        }
    }
}
