package io.confluent.tokenapi.services;

import io.confluent.common.security.auth.JwtPrincipal;
import io.confluent.tokenapi.entities.AuthenticationResponse;
import io.confluent.tokenapi.entities.RefreshTokenRequest;
import io.confluent.tokenapi.exceptions.AuthenticationTokenException;
import io.confluent.tokenapi.jwt.JwtProvider;
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.eclipse.jetty.http.DateGenerator;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/tokenapi/services/TokenService.class */
public class TokenService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) TokenService.class);
    private final JwtProvider jwtProvider;
    public static final String TOKEN_MAX_EXP_CLAIM_NAME = "mex";
    public static final String C3_TOKEN_MAX_LIFE_HEADER = "X-C3-Token-Max-Life";
    public static final long MAX_C3_TOKEN_MAX_LIFE_HEADER_VALUE = 86400000;

    public TokenService(JwtProvider jwtProvider) {
        this.jwtProvider = jwtProvider;
    }

    public String issueToken(Principal principal, Map<String, Object> map, List<String> list) {
        return issueToken(principal, map, this.jwtProvider.tokenLifetime(), list);
    }

    public String issueToken(Principal principal, Map<String, Object> map, long j, List<String> list) {
        try {
            if (!(principal instanceof JwtPrincipal)) {
                return this.jwtProvider.newJwsToken(principal, map, j, (String[]) list.toArray(new String[0]));
            }
            JwtPrincipal jwtPrincipal = (JwtPrincipal) principal;
            return this.jwtProvider.refreshTokenWithoutValidation(jwtPrincipal, jwtPrincipal.getJwt(), (String[]) list.toArray(new String[0]));
        } catch (JoseException e) {
            throw new AuthenticationTokenException("Authentication Token generation failed", e);
        }
    }

    public String refreshToken(Principal principal, RefreshTokenRequest refreshTokenRequest) {
        try {
            return this.jwtProvider.refreshToken(principal, refreshTokenRequest.getAccessToken());
        } catch (JoseException e) {
            throw new AuthenticationTokenException("Token refresh failed. ", e);
        }
    }

    public String refreshToken(Principal principal, RefreshTokenRequest refreshTokenRequest, Map<String, Object> map, long j) {
        try {
            return this.jwtProvider.refreshToken(principal, refreshTokenRequest.getAccessToken(), map, j);
        } catch (JoseException e) {
            throw new AuthenticationTokenException("Token refresh failed. ", e);
        }
    }

    public String getCookieHeader(String str) {
        return getCookieHeader(str, this.jwtProvider.tokenLifetime());
    }

    public String getCookieHeader(String str, long j) {
        return "auth_token=" + (Objects.isNull(str) ? "" : str) + "; HttpOnly; Secure; Path=/; Expires=" + (j <= 0 ? DateGenerator.formatCookieDate(0L).trim() : DateGenerator.formatCookieDate(System.currentTimeMillis() + (1000 * j))) + "; SameSite=Lax; Max-Age=" + j;
    }

    public AuthenticationResponse getAuthenticationResponse(String str) {
        return getAuthenticationResponse(str, this.jwtProvider.tokenLifetime());
    }

    public AuthenticationResponse getAuthenticationResponse(String str, long j) {
        return new AuthenticationResponse(str, "Bearer", j);
    }

    public long getTokenLifeTime(String str, long j) {
        try {
            return this.jwtProvider.getJwtReader().processToClaims(str).getExpirationTime().getValue() - (j / 1000);
        } catch (MalformedClaimException | InvalidJwtException e) {
            throw new AuthenticationTokenException("Authentication Token generation failed", e);
        }
    }

    public Map<String, Object> customClaimsForTokenLifetime(List<String> list, long j) {
        HashMap hashMap = new HashMap();
        long min = Math.min(Math.max(0L, Long.parseLong(list.get(0))), 86400000L);
        log.debug("Setting C3_TOKEN_MAX_LIFE value as {}", Long.valueOf(min));
        hashMap.put("mex", Long.valueOf((j + min) / 1000));
        return hashMap;
    }
}
