package com.appiancorp.connectedenvironments.service;

import com.appiancorp.connectedenvironments.ConnectedEnvironmentAuthenticationContext;
import com.appiancorp.connectedenvironments.notification.Notification;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironment;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironmentRequest;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironmentRequestBuilder;
import com.appiancorp.securetoken.Token;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Optional;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.message.BasicHeader;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/connectedenvironments/service/JwtUtils.class */
public final class JwtUtils {
    public static final String INITIATOR_NAME = "initiatorName";
    public static final String INITIATOR_IP = "initiatorIp";
    public static final String INITIATOR_USERNAME = "initiatorUsername";
    public static final String NONCE = "nonce";
    public static final String APPROVER_NAME = "approverName";
    public static final String APPROVER_USERNAME = "approverUsername";
    public static final String APPROVER_IP = "approverIp";
    public static final String DECISION_DATE = "decisionDate";
    public static final String NAME = "name";
    public static final String REQUEST_TYPE = "requestType";
    public static final String REQUEST_STATUS = "requestStatus";
    public static final String FINAL_DATE = "expirationDate";
    private static final String DUMMY_NONCE = "dummy_nonce";
    public static final int MINUTES_UNTIL_EXPIRATION = 5;
    private static final Logger LOG = Logger.getLogger(JwtUtils.class);

    /* loaded from: input_file:com/appiancorp/connectedenvironments/service/JwtUtils$DateProvider.class */
    public static class DateProvider {
        private Date notBeforeDate;
        private Date expirationDate;

        public DateProvider(int i) {
            Calendar calendar = Calendar.getInstance();
            this.notBeforeDate = calendar.getTime();
            calendar.add(12, i);
            this.expirationDate = calendar.getTime();
        }

        public Date getNotBeforeDate() {
            return new java.sql.Date(this.notBeforeDate.getTime());
        }

        public Date getExpirationDate() {
            return new java.sql.Date(this.expirationDate.getTime());
        }
    }

    private JwtUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Token verify(PublicKey publicKey, String str) {
        String baseUri = ((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).getBaseUri();
        LOG.debug("Starting token verification. BaseUri: " + baseUri);
        LOG.debug("Token: " + str);
        return Token.verifier().withToken(str).withAudience(baseUri).withLeeway(15L).verify(publicKey);
    }

    public static ConnectedEnvironmentRequest toRequest(ConnectedEnvironmentRequest.Status status, ConnectedEnvironmentRequest.RequestType requestType, ConnectedEnvironmentAuthenticationContext connectedEnvironmentAuthenticationContext) {
        Token token = connectedEnvironmentAuthenticationContext.getToken();
        return new ConnectedEnvironmentRequestBuilder().setUrl(token.getStringClaim("iss")).setName(token.getStringClaim(NAME)).setNonce(token.getStringClaim(NONCE)).setInitiatorUsername(token.getStringClaim(INITIATOR_USERNAME)).setInitiatedDate(new java.sql.Date(token.getDateClaim("nbf").getTime())).setExpirationDate(new java.sql.Date(token.getDateClaim(FINAL_DATE).getTime())).setInitiatorName(token.getStringClaim(INITIATOR_NAME)).setInitiatorIp(connectedEnvironmentAuthenticationContext.getRemoteIpAddress()).setRequestType(requestType).setStatus(status).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ConnectedEnvironmentRequest toRequestForConnectionNotification(String str, ConnectedEnvironmentRequest.Status status, ConnectedEnvironmentRequest.RequestType requestType, ConnectedEnvironmentAuthenticationContext connectedEnvironmentAuthenticationContext) {
        Token token = connectedEnvironmentAuthenticationContext.getToken();
        return new ConnectedEnvironmentRequestBuilder().setUrl(token.getStringClaim("iss")).setName(token.getStringClaim(NAME)).setNonce(DUMMY_NONCE).setInitiatorUsername(token.getStringClaim(INITIATOR_USERNAME)).setInitiatedDate(new java.sql.Date(token.getDateClaim("nbf").getTime())).setExpirationDate(ConnectedEnvironmentPersistenceUtil.getDateNow()).setInitiatorName(token.getStringClaim(INITIATOR_NAME)).setInitiatorIp(connectedEnvironmentAuthenticationContext.getRemoteIpAddress()).setRequestType(requestType).setStatus(status).setUrl(str).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String buildInitialOutgoingRequestJwt(ConnectedEnvironmentRequest connectedEnvironmentRequest, String str, String str2, KeyPair keyPair) {
        DateProvider dateProvider = new DateProvider(5);
        LOG.debug("Initial outgoing request token audience: " + connectedEnvironmentRequest.getUrl());
        return Token.builder().withClaim(NAME, str2).withClaim(NONCE, connectedEnvironmentRequest.getNonce()).withClaim(INITIATOR_USERNAME, connectedEnvironmentRequest.getInitiatorUsername()).withClaim(INITIATOR_NAME, connectedEnvironmentRequest.getInitiatorName()).withClaim(REQUEST_TYPE, connectedEnvironmentRequest.getRequestType().toString()).withClaim(FINAL_DATE, connectedEnvironmentRequest.getExpirationDate()).withClaim(REQUEST_STATUS, ConnectedEnvironmentRequest.Status.RECEIVED.toString()).withAudience(connectedEnvironmentRequest.getUrl()).withExpiresAt(dateProvider.getExpirationDate()).withNotBefore(dateProvider.getNotBeforeDate()).withIssuer(str).sign(keyPair);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String fromConnectedEnvironment(ConnectedEnvironment connectedEnvironment, String str, String str2, String str3, KeyPair keyPair) {
        DateProvider dateProvider = new DateProvider(5);
        return Token.builder().withClaim(NAME, str2).withClaim(INITIATOR_USERNAME, str3).withAudience(connectedEnvironment.getUrl()).withExpiresAt(dateProvider.getExpirationDate()).withNotBefore(dateProvider.getNotBeforeDate()).withIssuer(str).sign(keyPair);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String buildUpdateRequestJwt(ConnectedEnvironmentRequest connectedEnvironmentRequest, String str, String str2, KeyPair keyPair, ConnectedEnvironmentRequest.Status status) {
        DateProvider dateProvider = new DateProvider(5);
        return Token.builder().withClaim(NAME, str2).withClaim(NONCE, connectedEnvironmentRequest.getNonce()).withClaim(APPROVER_USERNAME, connectedEnvironmentRequest.getApproverUsername()).withClaim(APPROVER_NAME, connectedEnvironmentRequest.getApproverName()).withClaim(REQUEST_STATUS, status.toString()).withAudience(connectedEnvironmentRequest.getUrl()).withNotBefore(dateProvider.getNotBeforeDate()).withExpiresAt(dateProvider.getExpirationDate()).withIssuer(str).sign(keyPair);
    }

    public static String buildNotificationJwt(Notification notification, KeyPair keyPair) {
        DateProvider dateProvider = new DateProvider(5);
        return Token.builder().withClaim(NAME, notification.getLocalName()).withClaim(INITIATOR_USERNAME, notification.getActorUsername()).withClaim(INITIATOR_NAME, notification.getActorName()).withClaim(REQUEST_STATUS, notification.getStatus().toString()).withAudience(notification.getRemoteUrl()).withNotBefore(dateProvider.getNotBeforeDate()).withExpiresAt(dateProvider.getExpirationDate()).withIssuer(notification.getLocalUrl()).sign(keyPair);
    }

    public static String buildResponseJwt(String str, String str2, String str3, KeyPair keyPair, ConnectedEnvironmentRequest.Status status) {
        DateProvider dateProvider = new DateProvider(5);
        return Token.builder().withClaim(NAME, str3).withClaim(REQUEST_STATUS, status.toString()).withAudience(str).withExpiresAt(dateProvider.getExpirationDate()).withNotBefore(dateProvider.getNotBeforeDate()).withIssuer(str2).sign(keyPair);
    }

    public static ArrayList<Header> createHeadersWithJwtAuth(String str) {
        ArrayList<Header> arrayList = new ArrayList<>();
        arrayList.add(new BasicHeader(ConnectedEnvironmentsAdminServiceImpl.JWT_AUTHORIZATION_TYPE, ConnectedEnvironmentsAdminServiceImpl.JWT_BEARER + str));
        return arrayList;
    }

    public static Optional<String> getResponseToken(HttpResponse httpResponse) {
        for (Header header : httpResponse.getHeaders(ConnectedEnvironmentsAdminServiceImpl.JWT_AUTHORIZATION_TYPE)) {
            String value = header.getValue();
            if (value != null && value.startsWith(ConnectedEnvironmentsAdminServiceImpl.JWT_BEARER)) {
                String substring = value.substring(ConnectedEnvironmentsAdminServiceImpl.JWT_BEARER.length());
                if (!substring.isEmpty()) {
                    return Optional.of(substring);
                }
            }
        }
        return Optional.empty();
    }
}
