package org.dataone.portal;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Calendar;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dataone.client.auth.CertificateManager;
import org.dataone.configuration.Settings;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.util.DateTimeMarshaller;
import org.junit.Assert;

/* loaded from: input_file:org/dataone/portal/TokenGenerator.class */
public class TokenGenerator {
    public static Log log = LogFactory.getLog(TokenGenerator.class);
    private static TokenGenerator instance = null;
    private String consumerKey;
    private RSAPublicKey publicKey;
    private RSAPrivateKey privateKey;

    public static TokenGenerator getInstance() throws IOException {
        if (instance == null) {
            instance = new TokenGenerator();
        }
        return instance;
    }

    private TokenGenerator() throws IOException {
        this.consumerKey = null;
        this.publicKey = null;
        this.privateKey = null;
        String string = Settings.getConfiguration().getString("cn.server.publiccert.filename");
        String string2 = Settings.getConfiguration().getString("cn.server.privatekey.filename");
        this.publicKey = (RSAPublicKey) CertificateManager.getInstance().loadCertificateFromFile(string).getPublicKey();
        this.privateKey = (RSAPrivateKey) CertificateManager.getInstance().loadPrivateKeyFromFile(string2, (String) null);
        this.consumerKey = Settings.getConfiguration().getString("annotator.consumerKey");
    }

    public String getJWT(String str, String str2) throws JOSEException, ParseException, IOException {
        RSASSASigner rSASSASigner = new RSASSASigner(this.privateKey);
        Calendar calendar = Calendar.getInstance();
        JWTClaimsSet jWTClaimsSet = new JWTClaimsSet();
        jWTClaimsSet.setClaim("consumerKey", this.consumerKey);
        jWTClaimsSet.setClaim("userId", str);
        jWTClaimsSet.setClaim("fullName", str2);
        jWTClaimsSet.setClaim("issuedAt", DateTimeMarshaller.serializeDateToUTC(calendar.getTime()));
        jWTClaimsSet.setClaim("ttl", 86400);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), jWTClaimsSet);
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }

    public Session getSession(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            Assert.assertTrue(parse.verify(new RSASSAVerifier(this.publicKey)));
            String obj = parse.getJWTClaimsSet().getClaim("userId").toString();
            Subject subject = new Subject();
            subject.setValue(obj);
            Session session = new Session();
            session.setSubject(subject);
            return session;
        } catch (Exception e) {
            log.warn("Could not get session from provided token: " + str, e);
            return null;
        }
    }
}
