package org.n52.security.service.authentication.token;

import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import net.sf.json.JSONSerializer;
import org.n52.security.authentication.principals.AttributePrincipal;
import org.n52.security.authentication.principals.RolePrincipal;
import org.n52.security.authentication.principals.UsernameIDPrincipal;
import org.n52.security.common.attributes.Attribute;
import org.n52.security.common.attributes.StringAttributeValue;
import org.n52.security.common.crypto.DigestUtil;
import org.n52.security.common.crypto.EncryptionUtil;
import org.n52.security.common.util.DateUtil;
import org.n52.security.common.util.StringUtils;

/* loaded from: input_file:org/n52/security/service/authentication/token/Token.class */
public class Token {
    private static final String JSON_NAME_SIGNATURE = "sig";
    private static final String JSON_NAME_ISSUER = "isr";
    private static final String JSON_NAME_EXPIRATION = "exp";
    private static final String JSON_NAME_ROLES = "roles";
    private static final String JSON_NAME_UID = "uid";
    private static final String JSON_NAME_SUBJECT = "sbj";
    private static final String JSON_NAME_DATA = "data";
    private String m_issuer;
    private Date m_expiration;
    private String m_signature = "";
    private final String m_uid;
    private final Collection m_roles;
    private final Collection m_userAttributes;

    public Token(String str, Collection collection, Collection collection2, Date date, String str2) {
        this.m_issuer = "";
        this.m_uid = str;
        this.m_roles = collection;
        this.m_userAttributes = collection2;
        this.m_expiration = date;
        this.m_issuer = str2;
    }

    public static Token parse(String str) {
        JSONObject json = JSONSerializer.toJSON(str);
        JSONObject jSONObject = json.getJSONObject(JSON_NAME_DATA);
        JSONObject jSONObject2 = jSONObject.getJSONObject(JSON_NAME_SUBJECT);
        String string = jSONObject2.getString(JSON_NAME_UID);
        JSONArray jSONArray = jSONObject2.getJSONArray(JSON_NAME_ROLES);
        ArrayList arrayList = new ArrayList();
        HashSet<String> hashSet = new HashSet(jSONObject2.keySet());
        hashSet.remove(JSON_NAME_UID);
        hashSet.remove(JSON_NAME_ROLES);
        for (String str2 : hashSet) {
            arrayList.add(new Attribute(str2, new StringAttributeValue(jSONObject2.getString(str2))));
        }
        Date time = DateUtil.fromISOString(jSONObject.getString(JSON_NAME_EXPIRATION)).getTime();
        String string2 = jSONObject.getString(JSON_NAME_ISSUER);
        String string3 = json.getString(JSON_NAME_SIGNATURE);
        Token token = new Token(string, jSONArray, arrayList, time, string2);
        token.setSignature(string3);
        return token;
    }

    public void sign(Key key) {
        try {
            setSignature(EncryptionUtil.encryptAsymmetric(new String(calcDataHash(), "utf-8"), key));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e);
        }
    }

    private byte[] calcDataHash() {
        return DigestUtil.calculateDigestOf(encodeData().toString(), "SHA-1");
    }

    public boolean signatureValid(Key key) {
        try {
            return EncryptionUtil.decryptAsymmetric(this.m_signature, key).equalsIgnoreCase(new String(calcDataHash(), "utf-8"));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e);
        }
    }

    public boolean expired() {
        return new Date().after(this.m_expiration);
    }

    public String toString() {
        return encodeToken().toString();
    }

    public Subject toSubject() {
        Subject subject = new Subject();
        Set<Principal> principals = subject.getPrincipals();
        principals.add(new UsernameIDPrincipal(this.m_uid));
        Iterator it = this.m_roles.iterator();
        while (it.hasNext()) {
            principals.add(new RolePrincipal((String) it.next()));
        }
        Iterator it2 = this.m_userAttributes.iterator();
        while (it2.hasNext()) {
            principals.add(new AttributePrincipal((Attribute) it2.next()));
        }
        return subject;
    }

    public String toBase64() {
        return StringUtils.encodeBase64(encodeToken().toString());
    }

    private JSONObject encodeToken() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.element(JSON_NAME_DATA, encodeData());
        jSONObject.element(JSON_NAME_SIGNATURE, getSignature());
        return jSONObject;
    }

    private JSONObject encodeData() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.element(JSON_NAME_SUBJECT, encodeSubject());
        jSONObject.element(JSON_NAME_EXPIRATION, DateUtil.tofullISOString(this.m_expiration));
        jSONObject.element(JSON_NAME_ISSUER, this.m_issuer);
        return jSONObject;
    }

    private JSONObject encodeSubject() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.element(JSON_NAME_UID, this.m_uid);
        jSONObject.element(JSON_NAME_ROLES, this.m_roles);
        for (Attribute attribute : this.m_userAttributes) {
            jSONObject.accumulate(attribute.getKey(), attribute.getValue().getUnspecifiedValue());
        }
        return jSONObject;
    }

    public void setSignature(String str) {
        this.m_signature = str;
    }

    public String getSignature() {
        return this.m_signature;
    }
}
