package org.commonjava.indy.bind.jaxrs.util;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.commonjava.indy.bind.jaxrs.keycloak.AuthConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:org/commonjava/indy/bind/jaxrs/util/JwtTokenUtils.class */
public class JwtTokenUtils {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private static final String DEFAULT_SUBJECT = "sub";
    private static final String CLAIM_BUILD_ID = "build-id";

    @Inject
    private AuthConfig authConfig;

    public JwtTokenUtils() {
    }

    public JwtTokenUtils(AuthConfig authConfig) {
        this.authConfig = authConfig;
    }

    public String generateToken(String str) {
        Claims claims = Jwts.claims();
        claims.put(CLAIM_BUILD_ID, str);
        return doGenerateToken(claims);
    }

    private synchronized String doGenerateToken(Map<String, Object> map) {
        long currentTimeMillis = System.currentTimeMillis();
        this.logger.info("Generate token with claims: {}", map);
        return Jwts.builder().setClaims(map).setSubject(DEFAULT_SUBJECT).setIssuedAt(new Date(currentTimeMillis)).setExpiration(new Date(currentTimeMillis + (this.authConfig.getTokenExpirationHours().intValue() * 60 * 60 * 1000))).signWith(SignatureAlgorithm.HS512, this.authConfig.getSecret().getBytes()).compact();
    }

    public boolean validate(String str, String str2) {
        try {
            Claims claims = (Claims) Jwts.parser().setSigningKey(this.authConfig.getSecret().getBytes()).parseClaimsJws(str2).getBody();
            this.logger.info("Validation with claims: {}", claims);
            if (!claims.getExpiration().before(new Date())) {
                return claims.get(CLAIM_BUILD_ID) != null && str.contains((String) claims.get(CLAIM_BUILD_ID));
            }
            this.logger.warn("Token with claims {} expired.", claims);
            return false;
        } catch (ExpiredJwtException e) {
            this.logger.warn("Token with claims {} expired: {}", e.getClaims(), e.getMessage());
            return false;
        } catch (Exception e2) {
            this.logger.warn("Validate token failed: {}", e2.getMessage());
            return false;
        }
    }
}
