package io.pravega.shared.security.token;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.pravega.auth.InvalidTokenException;
import io.pravega.auth.TokenException;
import io.pravega.auth.TokenExpiredException;
import java.time.Instant;
import java.util.Arrays;
import java.util.Date;
import java.util.Map;
import java.util.Set;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/pravega/shared/security/token/JsonWebToken.class */
public class JsonWebToken {

    @SuppressFBWarnings(justification = "generated code")
    private static final Logger log = LoggerFactory.getLogger(JsonWebToken.class);
    private final String subject;
    private final String audience;
    private final byte[] signingKey;
    private final Date expirationTime;
    private final Instant currentInstant;
    private final Map<String, Object> permissionsByResource;
    private final SignatureAlgorithm signatureAlgorithm;

    public JsonWebToken(String str, String str2, byte[] bArr) {
        this(str, str2, bArr, null, null);
    }

    public JsonWebToken(@NonNull String str, @NonNull String str2, @NonNull byte[] bArr, Integer num, Map<String, Object> map) {
        this.signatureAlgorithm = SignatureAlgorithm.HS512;
        if (str == null) {
            throw new NullPointerException("subject is marked @NonNull but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("audience is marked @NonNull but is null");
        }
        if (bArr == null) {
            throw new NullPointerException("signingKey is marked @NonNull but is null");
        }
        if (num != null) {
            Preconditions.checkArgument(num.intValue() >= -1);
        }
        this.subject = str;
        this.audience = str2;
        this.signingKey = (byte[]) bArr.clone();
        this.currentInstant = Instant.now();
        if (num == null || num.intValue() == -1) {
            this.expirationTime = null;
        } else {
            this.expirationTime = Date.from(this.currentInstant.plusSeconds(num.intValue()));
        }
        this.permissionsByResource = map;
    }

    public String toCompactString() {
        JwtBuilder issuedAt = Jwts.builder().setSubject(this.subject).setAudience(this.audience).setIssuedAt(Date.from(this.currentInstant));
        if (this.permissionsByResource != null) {
            issuedAt.addClaims(this.permissionsByResource);
        }
        if (this.expirationTime != null) {
            issuedAt.setExpiration(this.expirationTime);
        }
        issuedAt.signWith(this.signatureAlgorithm, this.signingKey);
        return issuedAt.compact();
    }

    @VisibleForTesting
    static Claims parseClaims(String str, byte[] bArr) throws TokenExpiredException, InvalidTokenException, TokenException {
        if (Strings.isNullOrEmpty(str)) {
            throw new InvalidTokenException("Token is null or empty");
        }
        try {
            Jws parseClaimsJws = Jwts.parser().setSigningKey(bArr).parseClaimsJws(str);
            log.debug("Successfully parsed JWT token.");
            return (Claims) parseClaimsJws.getBody();
        } catch (ExpiredJwtException e) {
            throw new TokenExpiredException(e);
        } catch (JwtException e2) {
            throw new TokenException(e2);
        } catch (MalformedJwtException | SignatureException e3) {
            throw new InvalidTokenException(e3);
        }
    }

    public static Set<Map.Entry<String, Object>> fetchClaims(String str, byte[] bArr) throws TokenException {
        return parseClaims(str, bArr).entrySet();
    }

    @SuppressFBWarnings(justification = "generated code")
    public String toString() {
        return "JsonWebToken(subject=" + this.subject + ", audience=" + this.audience + ", signingKey=" + Arrays.toString(this.signingKey) + ", expirationTime=" + this.expirationTime + ", currentInstant=" + this.currentInstant + ", permissionsByResource=" + this.permissionsByResource + ", signatureAlgorithm=" + this.signatureAlgorithm + ")";
    }
}
