package org.n52.security.service.authentication.token;

import java.security.Key;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import javax.security.auth.Subject;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import net.sf.json.JSONSerializer;
import org.n52.security.common.attributes.Attribute;
import org.n52.security.common.attributes.StringAttributeValue;
import org.n52.security.common.crypto.DigestUtil;
import org.n52.security.common.crypto.EncryptionUtil;
import org.n52.security.common.subject.AttributePrincipal;
import org.n52.security.common.subject.RolePrincipal;
import org.n52.security.common.subject.UsernameIDPrincipal;
import org.n52.security.common.util.DateUtil;
import org.n52.security.common.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/service/authentication/token/Token.class */
public class Token {
    private static final Logger LOG = LoggerFactory.getLogger(Token.class);
    private static final String JSON_NAME_SIGNATURE = "sig";
    private static final String JSON_NAME_ISSUER = "isr";
    private static final String JSON_NAME_EXPIRATION = "exp";
    private static final String JSON_NAME_ROLES = "roles";
    private static final String JSON_NAME_UID = "uid";
    private static final String JSON_NAME_SUBJECT = "sbj";
    private static final String JSON_NAME_DATA = "data";
    private String m_issuer;
    private String m_expiration;
    private String m_signature;
    private final String m_uid;
    private final Collection<String> m_roles;
    private final Collection<Attribute> m_userAttributes;

    public Token(String str, Collection<String> collection, Collection<Attribute> collection2, Date date, String str2) {
        this(str, collection, collection2, DateUtil.tofullISOString(date), str2);
    }

    public Token(String str, Collection collection, Collection collection2, String str2, String str3) {
        this.m_issuer = "";
        this.m_signature = "";
        this.m_uid = str;
        this.m_roles = collection;
        this.m_userAttributes = collection2;
        this.m_expiration = str2;
        this.m_issuer = str3;
    }

    public static Token parse(String str) {
        try {
            JSONObject json = JSONSerializer.toJSON(str);
            JSONObject jSONObject = json.getJSONObject(JSON_NAME_DATA);
            JSONObject jSONObject2 = jSONObject.getJSONObject(JSON_NAME_SUBJECT);
            String string = jSONObject2.getString("uid");
            JSONArray jSONArray = jSONObject2.getJSONArray(JSON_NAME_ROLES);
            ArrayList arrayList = new ArrayList();
            HashSet<String> hashSet = new HashSet(jSONObject2.keySet());
            hashSet.remove("uid");
            hashSet.remove(JSON_NAME_ROLES);
            for (String str2 : hashSet) {
                arrayList.add(new Attribute(str2, new StringAttributeValue(jSONObject2.getString(str2))));
            }
            String string2 = jSONObject.getString(JSON_NAME_EXPIRATION);
            String string3 = jSONObject.getString(JSON_NAME_ISSUER);
            String string4 = json.getString(JSON_NAME_SIGNATURE);
            Token token = new Token(string, (Collection) jSONArray, (Collection) arrayList, string2, string3);
            token.setSignature(string4);
            return token;
        } catch (Exception e) {
            LOG.error("Error while parsing token string: {}", str);
            throw e;
        }
    }

    public void sign(Key key) {
        setSignature(EncryptionUtil.encryptAsymmetric(DigestUtil.digestToString(calcDataHash()), key));
    }

    private byte[] calcDataHash() {
        return DigestUtil.calculateDigestOf(encodeData().toString(), "SHA-1");
    }

    public boolean signatureValid(Key key) {
        return EncryptionUtil.decryptAsymmetric(this.m_signature, key).equalsIgnoreCase(DigestUtil.digestToString(calcDataHash()));
    }

    public boolean expired() {
        return new Date().after(DateUtil.fromISOString(this.m_expiration).getTime());
    }

    public String toString() {
        return encodeToken().toString();
    }

    public Subject toSubject() {
        Subject subject = new Subject();
        addUsernameId(subject);
        addRoles(subject);
        addAttributes(subject);
        return subject;
    }

    protected void addAttributes(Subject subject) {
        Iterator<Attribute> it = this.m_userAttributes.iterator();
        while (it.hasNext()) {
            subject.getPrincipals().add(new AttributePrincipal(it.next()));
        }
    }

    protected void addRoles(Subject subject) {
        Iterator<String> it = this.m_roles.iterator();
        while (it.hasNext()) {
            subject.getPrincipals().add(new RolePrincipal(it.next()));
        }
    }

    protected void addUsernameId(Subject subject) {
        subject.getPrincipals().add(new UsernameIDPrincipal(this.m_uid));
    }

    public String toBase64() {
        return StringUtils.encodeBase64(encodeToken().toString());
    }

    private JSONObject encodeToken() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.element(JSON_NAME_DATA, encodeData());
        jSONObject.element(JSON_NAME_SIGNATURE, getSignature());
        return jSONObject;
    }

    private JSONObject encodeData() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.element(JSON_NAME_SUBJECT, encodeSubject());
        jSONObject.element(JSON_NAME_EXPIRATION, this.m_expiration);
        jSONObject.element(JSON_NAME_ISSUER, this.m_issuer);
        return jSONObject;
    }

    private JSONObject encodeSubject() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.element("uid", this.m_uid);
        jSONObject.element(JSON_NAME_ROLES, this.m_roles);
        for (Attribute attribute : this.m_userAttributes) {
            jSONObject.accumulate(attribute.getKey(), attribute.getValue().getUnspecifiedValue());
        }
        return jSONObject;
    }

    public void setSignature(String str) {
        this.m_signature = str;
    }

    public String getSignature() {
        return this.m_signature;
    }

    public String getIssuer() {
        return this.m_issuer;
    }
}
