package org.apache.knox.gateway.services.security.token.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.net.URI;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;

/* loaded from: input_file:org/apache/knox/gateway/services/security/token/impl/JWTToken.class */
public class JWTToken implements JWT {
    private static JWTProviderMessages log = (JWTProviderMessages) MessagesFactory.get(JWTProviderMessages.class);
    public static final String KNOX_ID_CLAIM = "knox.id";
    SignedJWT jwt;

    private JWTToken(String str, String str2, String str3) throws ParseException {
        this.jwt = new SignedJWT(new Base64URL(str), new Base64URL(str2), new Base64URL(str3));
    }

    public JWTToken(String str) throws ParseException {
        try {
            this.jwt = SignedJWT.parse(str);
        } catch (ParseException e) {
            log.unableToParseToken(e);
            throw e;
        }
    }

    public JWTToken(String str, String[] strArr) {
        this(str, strArr, (List<String>) null);
    }

    public JWTToken(String str, String[] strArr, List<String> list) {
        this(str, strArr, list, null);
    }

    public JWTToken(String str, String[] strArr, List<String> list, String str2) {
        JWSHeader jWSHeader = new JWSHeader(new JWSAlgorithm(str), str2 == null ? null : new JOSEObjectType(str2), (String) null, (Set) null, (URI) null, (JWK) null, (URI) null, (Base64URL) null, (Base64URL) null, (List) null, (String) null, (Map) null, (Base64URL) null);
        if (getClaimValue(strArr, 2) != null) {
            list = list == null ? new ArrayList() : list;
            list.add(getClaimValue(strArr, 2));
        }
        JWTClaimsSet.Builder audience = new JWTClaimsSet.Builder().issuer(getClaimValue(strArr, 0)).subject(getClaimValue(strArr, 1)).audience(list);
        audience = getClaimValue(strArr, 3) != null ? audience.expirationTime(new Date(Long.parseLong(getClaimValue(strArr, 3)))) : audience;
        audience.claim(KNOX_ID_CLAIM, String.valueOf(UUID.randomUUID()));
        this.jwt = new SignedJWT(jWSHeader, audience.build());
    }

    private String getClaimValue(String[] strArr, int i) {
        if (strArr == null || strArr.length <= i) {
            return null;
        }
        return strArr[i];
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getHeader() {
        return this.jwt.getHeader().toString();
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public JWSAlgorithm getSignatureAlgorithm() {
        return this.jwt.getHeader().getAlgorithm();
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public JOSEObjectType getType() {
        return this.jwt.getHeader().getType();
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getClaims() {
        String str = null;
        try {
            str = this.jwt.getJWTClaimsSet().toJSONObject().toJSONString();
        } catch (ParseException e) {
            log.unableToParseToken(e);
        }
        return str;
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getPayload() {
        return this.jwt.getPayload().toString();
    }

    public String toString() {
        return this.jwt.serialize();
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public void setSignaturePayload(byte[] bArr) {
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public byte[] getSignaturePayload() {
        byte[] bArr = null;
        Base64URL signature = this.jwt.getSignature();
        if (signature != null) {
            bArr = signature.decode();
        }
        return bArr;
    }

    public static JWTToken parseToken(String str) throws ParseException {
        log.parsingToken(str);
        String[] split = str.split("\\.");
        return new JWTToken(split[0], split[1], split[2]);
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getClaim(String str) {
        String str2 = null;
        try {
            str2 = this.jwt.getJWTClaimsSet().getStringClaim(str);
        } catch (ParseException e) {
            log.unableToParseToken(e);
        }
        return str2;
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getSubject() {
        return getClaim(JWT.SUBJECT);
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getIssuer() {
        return getClaim(JWT.ISSUER);
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getAudience() {
        String str = null;
        String[] audienceClaims = getAudienceClaims();
        if (audienceClaims != null) {
            str = audienceClaims[0];
        }
        return str;
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String[] getAudienceClaims() {
        String[] strArr = null;
        try {
            strArr = this.jwt.getJWTClaimsSet().getStringArrayClaim(JWT.AUDIENCE);
        } catch (ParseException e) {
            log.unableToParseToken(e);
        }
        return strArr;
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getExpires() {
        Date expiresDate = getExpiresDate();
        if (expiresDate != null) {
            return String.valueOf(expiresDate.getTime());
        }
        return null;
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public Date getExpiresDate() {
        Date date = null;
        try {
            date = this.jwt.getJWTClaimsSet().getExpirationTime();
        } catch (ParseException e) {
            log.unableToParseToken(e);
        }
        return date;
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public Date getNotBeforeDate() {
        Date date = null;
        try {
            date = this.jwt.getJWTClaimsSet().getNotBeforeTime();
        } catch (ParseException e) {
            log.unableToParseToken(e);
        }
        return date;
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public String getPrincipal() {
        return getClaim(JWT.PRINCIPAL);
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public void sign(JWSSigner jWSSigner) {
        try {
            this.jwt.sign(jWSSigner);
        } catch (JOSEException e) {
            log.unableToSignToken(e);
        }
    }

    @Override // org.apache.knox.gateway.services.security.token.impl.JWT
    public boolean verify(JWSVerifier jWSVerifier) {
        boolean z = false;
        try {
            z = this.jwt.verify(jWSVerifier);
        } catch (JOSEException e) {
            log.unableToVerifyToken(e);
        }
        return z;
    }
}
