package org.dataone.portal;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Timer;
import java.util.TimerTask;
import javax.net.ssl.HttpsURLConnection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dataone.client.auth.AuthTokenSession;
import org.dataone.client.auth.CertificateManager;
import org.dataone.client.v1.itk.D1Client;
import org.dataone.configuration.Settings;
import org.dataone.service.types.v1.Person;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.dataone.service.util.DateTimeMarshaller;

/* loaded from: input_file:org/dataone/portal/TokenGenerator.class */
public class TokenGenerator {
    public static Log log = LogFactory.getLog(TokenGenerator.class);
    private static TokenGenerator instance = null;
    private String consumerKey = null;
    private RSAPublicKey publicKey = null;
    private RSAPrivateKey privateKey = null;
    private int TTL_SECONDS = Settings.getConfiguration().getInt("token.ttl", 64800);

    public static TokenGenerator getInstance() throws IOException {
        if (instance == null) {
            instance = new TokenGenerator();
        }
        return instance;
    }

    private TokenGenerator() throws IOException {
        setPrivateKey();
        setConsumerKey();
        setPublicKey();
        new Timer("Signing Certificate Monitor").scheduleAtFixedRate(new TimerTask() { // from class: org.dataone.portal.TokenGenerator.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                try {
                    Certificate fetchServerCertificate = TokenGenerator.this.fetchServerCertificate();
                    if (fetchServerCertificate != null && !((RSAPublicKey) fetchServerCertificate.getPublicKey()).getModulus().equals(TokenGenerator.this.publicKey.getModulus())) {
                        TokenGenerator.this.setPublicKey();
                        TokenGenerator.this.setPrivateKey();
                        TokenGenerator.this.setConsumerKey();
                    }
                } catch (Exception e) {
                    TokenGenerator.log.warn("Couldn't fetch the server certificate for change comparison. " + e.getMessage());
                }
            }
        }, new Date(), 300000L);
    }

    public Certificate fetchServerCertificate() {
        try {
            String nodeBaseServiceUrl = D1Client.getCN().getNodeBaseServiceUrl();
            log.debug("fetching cert from server: " + nodeBaseServiceUrl);
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(nodeBaseServiceUrl).openConnection();
            httpsURLConnection.connect();
            return httpsURLConnection.getServerCertificates()[0];
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    public String getJWT(String str, String str2) throws JOSEException, ParseException, IOException {
        RSASSASigner rSASSASigner = new RSASSASigner(this.privateKey);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.setTime(calendar.getTime());
        calendar2.add(13, this.TTL_SECONDS);
        JWTClaimsSet jWTClaimsSet = new JWTClaimsSet();
        jWTClaimsSet.setClaim("consumerKey", this.consumerKey);
        jWTClaimsSet.setClaim("userId", str);
        jWTClaimsSet.setClaim("issuedAt", DateTimeMarshaller.serializeDateToUTC(calendar.getTime()));
        jWTClaimsSet.setClaim("ttl", Integer.valueOf(this.TTL_SECONDS));
        jWTClaimsSet.setClaim("fullName", str2);
        jWTClaimsSet.setSubject(str);
        jWTClaimsSet.setIssueTime(calendar.getTime());
        jWTClaimsSet.setExpirationTime(calendar2.getTime());
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), jWTClaimsSet);
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setPrivateKey() throws IOException {
        String string = Settings.getConfiguration().getString("cn.server.privatekey.filename");
        CertificateManager certificateManager = CertificateManager.getInstance();
        if (string != null) {
            this.privateKey = (RSAPrivateKey) certificateManager.loadPrivateKeyFromFile(string, null);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setPublicKey() throws IOException {
        String string = Settings.getConfiguration().getString("cn.server.publiccert.filename");
        CertificateManager certificateManager = CertificateManager.getInstance();
        log.debug("certificateFileName=" + string);
        if (string != null && string.length() > 0) {
            this.publicKey = (RSAPublicKey) certificateManager.loadCertificateFromFile(string).getPublicKey();
            return;
        }
        Certificate fetchServerCertificate = fetchServerCertificate();
        log.debug("using certificate from server: " + fetchServerCertificate);
        if (fetchServerCertificate != null) {
            this.publicKey = (RSAPublicKey) fetchServerCertificate.getPublicKey();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setConsumerKey() {
        this.consumerKey = Settings.getConfiguration().getString("annotator.consumerKey");
    }

    public Session getSession(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            if (!parse.verify(new RSASSAVerifier(this.publicKey))) {
                log.info("public key: " + this.publicKey);
                log.warn("Could not use public key to verify provided token: " + str);
                setPrivateKey();
                setPublicKey();
                setConsumerKey();
                if (!parse.verify(new RSASSAVerifier(this.publicKey))) {
                    log.info("public key: " + this.publicKey);
                    log.warn("Again, could not use public key to verify provided token: " + str);
                    return null;
                }
            }
            Calendar calendar = Calendar.getInstance();
            Date expirationTime = parse.getJWTClaimsSet().getExpirationTime();
            if (!expirationTime.after(calendar.getTime())) {
                log.warn("Token expiration date has passed: " + expirationTime);
                return null;
            }
            String subject = parse.getJWTClaimsSet().getSubject();
            Subject subject2 = new Subject();
            subject2.setValue(subject);
            AuthTokenSession authTokenSession = new AuthTokenSession(str);
            authTokenSession.setSubject(subject2);
            SubjectInfo subjectInfo = null;
            try {
                subjectInfo = D1Client.getCN().getSubjectInfo(subject2);
            } catch (Exception e) {
                log.warn(e.getMessage(), e);
            }
            if (subjectInfo == null) {
                subjectInfo = new SubjectInfo();
                Person person = new Person();
                person.setSubject(subject2);
                person.setFamilyName("Unknown");
                person.addGivenName("Unknown");
                subjectInfo.setPersonList(Arrays.asList(person));
            }
            authTokenSession.setSubjectInfo(subjectInfo);
            return authTokenSession;
        } catch (Exception e2) {
            log.warn("Could not get session from provided token: " + str, e2);
            return null;
        }
    }

    public static void main(String[] strArr) {
        String str = null;
        try {
            str = getInstance().getJWT(strArr[0], strArr.length > 1 ? strArr[1] : "Unknown");
        } catch (JOSEException | IOException | ParseException e) {
            e.printStackTrace();
        }
        System.out.println(str);
    }
}
