package org.openksavi.sponge.restapi.server.security;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.CompressionCodecs;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.crypto.MacProvider;
import java.security.Key;
import java.time.Duration;
import java.time.Instant;
import java.util.concurrent.atomic.AtomicLong;
import org.openksavi.sponge.core.util.LocalCache;
import org.openksavi.sponge.core.util.LocalCacheBuilder;
import org.openksavi.sponge.core.util.SpongeUtils;
import org.openksavi.sponge.restapi.server.RestApiInvalidAuthTokenServerException;

/* loaded from: input_file:org/openksavi/sponge/restapi/server/security/JwtRestApiAuthTokenService.class */
public class JwtRestApiAuthTokenService extends BaseRestApiAuthTokenService {
    protected static final String CLAIM_AUTH_SESSION_ID = "authSessionId";
    protected static final SignatureAlgorithm SIGNATURE_ALGORITHM = SignatureAlgorithm.HS512;
    private LocalCache<Long, AuthTokenSession> authTokenSessions;
    private Key key = MacProvider.generateKey(SIGNATURE_ALGORITHM);
    private AtomicLong currentAuthSessionId = new AtomicLong(0);

    /* loaded from: input_file:org/openksavi/sponge/restapi/server/security/JwtRestApiAuthTokenService$AuthTokenSession.class */
    protected static class AuthTokenSession {
        private UserAuthentication userAuthentication;
        private Instant creationTime = Instant.now();

        public AuthTokenSession(UserAuthentication userAuthentication) {
            this.userAuthentication = userAuthentication;
        }

        public UserAuthentication getUserAuthentication() {
            return this.userAuthentication;
        }

        public Instant getCreationTime() {
            return this.creationTime;
        }
    }

    @Override // org.openksavi.sponge.restapi.server.security.BaseRestApiAuthTokenService
    public void init() {
        super.init();
        Duration authTokenExpirationDuration = getRestApiService().getSettings().getAuthTokenExpirationDuration();
        if (authTokenExpirationDuration != null && (authTokenExpirationDuration.isZero() || authTokenExpirationDuration.isNegative())) {
            authTokenExpirationDuration = null;
        }
        LocalCacheBuilder cacheBuilder = SpongeUtils.cacheBuilder();
        if (authTokenExpirationDuration != null) {
            cacheBuilder.expireAfterAccess(authTokenExpirationDuration);
        }
        this.authTokenSessions = cacheBuilder.build();
    }

    @Override // org.openksavi.sponge.restapi.server.security.RestApiAuthTokenService
    public String createAuthToken(UserAuthentication userAuthentication) {
        Long valueOf = Long.valueOf(this.currentAuthSessionId.incrementAndGet());
        JwtBuilder builder = Jwts.builder();
        builder.claim(CLAIM_AUTH_SESSION_ID, valueOf).signWith(SIGNATURE_ALGORITHM, this.key).compressWith(CompressionCodecs.DEFLATE);
        String compact = builder.compact();
        this.authTokenSessions.put(valueOf, new AuthTokenSession(userAuthentication));
        return compact;
    }

    @Override // org.openksavi.sponge.restapi.server.security.RestApiAuthTokenService
    public UserAuthentication validateAuthToken(String str) {
        try {
            Long l = (Long) ((Claims) Jwts.parser().setSigningKey(this.key).parseClaimsJws(str).getBody()).get(CLAIM_AUTH_SESSION_ID, Long.class);
            if (l == null) {
                throw new RestApiInvalidAuthTokenServerException("Invalid or expired authentication token");
            }
            AuthTokenSession authTokenSession = (AuthTokenSession) this.authTokenSessions.getIfPresent(l);
            if (authTokenSession == null) {
                throw new RestApiInvalidAuthTokenServerException("Invalid or expired authentication token");
            }
            return authTokenSession.getUserAuthentication();
        } catch (JwtException e) {
            throw new RestApiInvalidAuthTokenServerException(e.getMessage(), e);
        }
    }

    @Override // org.openksavi.sponge.restapi.server.security.RestApiAuthTokenService
    public void removeAuthToken(String str) {
        Long l = (Long) ((Claims) Jwts.parser().setSigningKey(this.key).parseClaimsJws(str).getBody()).get(CLAIM_AUTH_SESSION_ID, Long.class);
        if (l != null) {
            this.authTokenSessions.invalidate(l);
        }
    }
}
