package org.opencb.cellbase.core.api.key;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opencb/cellbase/core/api/key/ApiKeyManager.class */
public class ApiKeyManager {
    private SignatureAlgorithm algorithm;
    private Key privateKey;
    private Key publicKey;
    private JwtParser jwtParser;
    private String defaultApiKey;
    private final Logger logger;
    public static final int SECRET_KEY_MIN_LENGTH = 50;

    public ApiKeyManager(String str) {
        this(SignatureAlgorithm.HS256.getValue(), new SecretKeySpec(Base64.getEncoder().encode(str.getBytes(StandardCharsets.UTF_8)), SignatureAlgorithm.HS256.getJcaName()));
    }

    public ApiKeyManager(String str, Key key) {
        this.logger = LoggerFactory.getLogger(ApiKeyManager.class);
        this.algorithm = SignatureAlgorithm.forName(str);
        this.privateKey = key;
        this.publicKey = key;
        this.jwtParser = Jwts.parserBuilder().setSigningKey(this.publicKey).build();
        ApiKeyJwtPayload apiKeyJwtPayload = new ApiKeyJwtPayload();
        apiKeyJwtPayload.setSubject("ANONYMOUS");
        apiKeyJwtPayload.setVersion(ApiKeyJwtPayload.CURRENT_VERSION);
        apiKeyJwtPayload.setQuota(new ApiKeyQuota(ApiKeyQuota.MAX_NUM_ANOYMOUS_QUERIES.longValue()));
        this.defaultApiKey = encode(apiKeyJwtPayload);
    }

    public ApiKeyManager() {
        this.logger = LoggerFactory.getLogger(ApiKeyManager.class);
        this.jwtParser = Jwts.parserBuilder().build();
    }

    public String encode(ApiKeyJwtPayload apiKeyJwtPayload) {
        return Jwts.builder().setClaims(apiKeyJwtPayload).signWith(this.privateKey, this.algorithm).compact();
    }

    public ApiKeyJwtPayload decode(String str) {
        if (this.publicKey != null) {
            return new ApiKeyJwtPayload((Claims) this.jwtParser.parseClaimsJws(str).getBody());
        }
        return new ApiKeyJwtPayload((Claims) this.jwtParser.parseClaimsJwt(str.substring(0, str.lastIndexOf(".") + 1)).getBody());
    }

    public String recode(String str) {
        ApiKeyJwtPayload decode = decode(str);
        if (MapUtils.isNotEmpty(decode.getSources())) {
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, Date> entry : decode.getSources().entrySet()) {
                if (new Date().getTime() <= entry.getValue().getTime()) {
                    hashMap.put(entry.getKey(), entry.getValue());
                }
            }
            decode.setSources(hashMap);
        }
        return encode(decode);
    }

    public void validate(String str) {
        decode(str);
    }

    public boolean hasExpiredSource(String str, String str2) throws IllegalArgumentException {
        ApiKeyJwtPayload decode = decode(str2);
        if (MapUtils.isNotEmpty(decode.getSources()) && decode.getSources().containsKey(str)) {
            return new Date().getTime() > decode.getSources().get(str).getTime();
        }
        throw new IllegalArgumentException("Data source '" + str + "' is not enabled for API key '" + str2 + "'");
    }

    public Set<String> getValidSources(String str) throws IllegalArgumentException {
        return getValidSources(str, new HashSet());
    }

    public Set<String> getValidSources(String str, Set<String> set) throws IllegalArgumentException {
        HashSet hashSet = new HashSet();
        if (CollectionUtils.isNotEmpty(set)) {
            hashSet.addAll(set);
        }
        if (StringUtils.isNotEmpty(str)) {
            ApiKeyJwtPayload decode = decode(str);
            if (MapUtils.isNotEmpty(decode.getSources())) {
                for (Map.Entry<String, Date> entry : decode.getSources().entrySet()) {
                    if (new Date().getTime() > entry.getValue().getTime()) {
                        String str2 = "CellBase API key expired at " + ApiKeyJwtPayload.DATE_FORMATTER.format(entry.getValue()) + " for data source '" + entry.getKey() + "'";
                        this.logger.error(str2);
                        throw new IllegalArgumentException(str2);
                    }
                    hashSet.add(entry.getKey());
                }
            }
        }
        return hashSet;
    }

    public String getDefaultApiKey() {
        return this.defaultApiKey;
    }

    public void display(String str) {
        ApiKeyJwtPayload decode = decode(str);
        StringBuilder sb = new StringBuilder();
        sb.append("API key: ").append(str).append("\n");
        sb.append("Organization: ").append(decode.getSubject()).append("\n");
        if (decode.getIssuedAt() != null) {
            sb.append("Issued at: ").append(ApiKeyJwtPayload.DATE_FORMATTER.format(decode.getIssuedAt())).append("\n");
        } else {
            sb.append("Issued at: unknown\n");
        }
        if (decode.getExpiration() != null) {
            sb.append("Expiration at: ").append(ApiKeyJwtPayload.DATE_FORMATTER.format(decode.getExpiration())).append("\n");
        } else {
            sb.append("Expiration at: unknown\n");
        }
        sb.append("Version: ").append(decode.getVersion()).append("\n");
        sb.append("Sources:\n");
        for (Map.Entry<String, Date> entry : decode.getSources().entrySet()) {
            sb.append("\t- '").append(entry.getKey()).append("' until ").append(ApiKeyJwtPayload.DATE_FORMATTER.format(entry.getValue())).append("\n");
        }
        sb.append("Quota:\n");
        sb.append("\tMax. num. queries: ").append(decode.getQuota().getMaxNumQueries()).append("\n");
        System.out.println(sb);
    }
}
