package org.commandmosaic.security.jwt.core;

import com.google.common.collect.ImmutableSet;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
import java.util.Arrays;
import java.util.Date;
import java.util.Optional;
import java.util.Set;
import org.commandmosaic.security.core.Identity;
import org.commandmosaic.security.core.SimpleIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/commandmosaic/security/jwt/core/DefaultTokenProvider.class */
public class DefaultTokenProvider implements TokenProvider {
    private static final Logger log = LoggerFactory.getLogger(DefaultTokenProvider.class);
    private static final String AUTHORITIES_KEY = "authorities";
    private static final String MULTI_VALUE_SEPARATOR = ",";
    private final Key key;
    private final long tokenValidityInMilliseconds;
    private final long tokenValidityInMillisecondsForRememberMe;

    public DefaultTokenProvider(byte[] bArr, long j, long j2) {
        if (j <= 0) {
            throw new IllegalArgumentException("tokenValidityInSeconds must be a positive number");
        }
        if (j2 <= 0) {
            throw new IllegalArgumentException("tokenValidityInSecondsForRememberMe must be a positive number");
        }
        this.key = Keys.hmacShaKeyFor(bArr);
        this.tokenValidityInMilliseconds = 1000 * j;
        this.tokenValidityInMillisecondsForRememberMe = 1000 * j2;
    }

    @Override // org.commandmosaic.security.jwt.core.TokenProvider
    public String createToken(Identity identity, boolean z) {
        String join = String.join(MULTI_VALUE_SEPARATOR, identity.getAuthorities());
        long time = new Date().getTime();
        return Jwts.builder().setSubject(identity.getName()).claim(AUTHORITIES_KEY, join).signWith(this.key, SignatureAlgorithm.HS512).setExpiration(z ? new Date(time + this.tokenValidityInMillisecondsForRememberMe) : new Date(time + this.tokenValidityInMilliseconds)).compact();
    }

    @Override // org.commandmosaic.security.jwt.core.TokenProvider
    public Optional<Identity> getCallerIdentity(String str) {
        if (str == null || str.trim().isEmpty()) {
            return Optional.empty();
        }
        try {
            Claims claims = (Claims) Jwts.parserBuilder().setSigningKey(this.key).build().parseClaimsJws(str).getBody();
            return Optional.of(new SimpleIdentity(claims.getSubject(), (Set) Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(MULTI_VALUE_SEPARATOR)).collect(ImmutableSet.toImmutableSet())));
        } catch (JwtException | IllegalArgumentException e) {
            log.info("Invalid JWT token.");
            log.trace("Invalid JWT token trace.", e);
            return Optional.empty();
        }
    }
}
