package org.dataone.portal;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Calendar;
import javax.net.ssl.HttpsURLConnection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dataone.client.auth.AuthTokenSession;
import org.dataone.client.auth.CertificateManager;
import org.dataone.client.v1.itk.D1Client;
import org.dataone.configuration.Settings;
import org.dataone.service.exceptions.BaseException;
import org.dataone.service.types.v1.Person;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.dataone.service.util.DateTimeMarshaller;

/* loaded from: input_file:org/dataone/portal/TokenGenerator.class */
public class TokenGenerator {
    public static Log log = LogFactory.getLog(TokenGenerator.class);
    private static TokenGenerator instance = null;
    private String consumerKey;
    private RSAPublicKey publicKey;
    private RSAPrivateKey privateKey;

    public static TokenGenerator getInstance() throws IOException {
        if (instance == null) {
            instance = new TokenGenerator();
        }
        return instance;
    }

    private TokenGenerator() throws IOException {
        this.consumerKey = null;
        this.publicKey = null;
        this.privateKey = null;
        String string = Settings.getConfiguration().getString("cn.server.privatekey.filename");
        if (string != null) {
            this.privateKey = (RSAPrivateKey) CertificateManager.getInstance().loadPrivateKeyFromFile(string, (String) null);
        }
        this.consumerKey = Settings.getConfiguration().getString("annotator.consumerKey");
        String string2 = Settings.getConfiguration().getString("cn.server.publiccert.filename");
        log.debug("certificateFileName=" + string2);
        if (string2 != null) {
            this.publicKey = (RSAPublicKey) CertificateManager.getInstance().loadCertificateFromFile(string2).getPublicKey();
            return;
        }
        Certificate fetchServerCertificate = fetchServerCertificate();
        log.debug("using certificate from server: " + fetchServerCertificate);
        if (fetchServerCertificate != null) {
            this.publicKey = (RSAPublicKey) fetchServerCertificate.getPublicKey();
        }
    }

    public Certificate fetchServerCertificate() {
        try {
            String nodeBaseServiceUrl = D1Client.getCN().getNodeBaseServiceUrl();
            log.debug("fetching cert from server: " + nodeBaseServiceUrl);
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(nodeBaseServiceUrl).openConnection();
            httpsURLConnection.connect();
            return httpsURLConnection.getServerCertificates()[0];
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    public String getJWT(String str, String str2) throws JOSEException, ParseException, IOException {
        RSASSASigner rSASSASigner = new RSASSASigner(this.privateKey);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.setTime(calendar.getTime());
        calendar2.add(13, 64800);
        JWTClaimsSet jWTClaimsSet = new JWTClaimsSet();
        jWTClaimsSet.setClaim("consumerKey", this.consumerKey);
        jWTClaimsSet.setClaim("userId", str);
        jWTClaimsSet.setClaim("issuedAt", DateTimeMarshaller.serializeDateToUTC(calendar.getTime()));
        jWTClaimsSet.setClaim("ttl", 64800);
        jWTClaimsSet.setClaim("fullName", str2);
        jWTClaimsSet.setSubject(str);
        jWTClaimsSet.setIssueTime(calendar.getTime());
        jWTClaimsSet.setExpirationTime(calendar2.getTime());
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), jWTClaimsSet);
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }

    public Session getSession(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            if (!parse.verify(new RSASSAVerifier(this.publicKey)) || !parse.getJWTClaimsSet().getExpirationTime().after(Calendar.getInstance().getTime())) {
                return null;
            }
            String subject = parse.getJWTClaimsSet().getSubject();
            Subject subject2 = new Subject();
            subject2.setValue(subject);
            AuthTokenSession authTokenSession = new AuthTokenSession(str);
            authTokenSession.setSubject(subject2);
            SubjectInfo subjectInfo = null;
            try {
                subjectInfo = D1Client.getCN().getSubjectInfo(subject2);
            } catch (BaseException e) {
                log.warn(e.getMessage(), e);
            }
            if (subjectInfo == null) {
                subjectInfo = new SubjectInfo();
                Person person = new Person();
                person.setSubject(subject2);
                person.setFamilyName("Unknown");
                person.addGivenName("Unknown");
                subjectInfo.setPersonList(Arrays.asList(person));
            }
            authTokenSession.setSubjectInfo(subjectInfo);
            return authTokenSession;
        } catch (Exception e2) {
            log.warn("Could not get session from provided token: " + str, e2);
            e2.printStackTrace();
            return null;
        }
    }
}
