package org.eclipse.scout.rt.shared.servicetunnel.http;

import java.nio.charset.StandardCharsets;
import org.eclipse.scout.rt.platform.ApplicationScoped;
import org.eclipse.scout.rt.platform.config.CONFIG;
import org.eclipse.scout.rt.platform.security.SecurityUtility;
import org.eclipse.scout.rt.platform.util.StringUtility;
import org.eclipse.scout.rt.shared.SharedConfigProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:org/eclipse/scout/rt/shared/servicetunnel/http/DefaultAuthTokenVerifier.class */
public class DefaultAuthTokenVerifier {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultAuthTokenVerifier.class);

    public boolean isEnabled() {
        return getPublicKey() != null;
    }

    protected byte[] getPublicKey() {
        return (byte[]) CONFIG.getPropertyValue(SharedConfigProperties.AuthTokenPublicKeyProperty.class);
    }

    public boolean verify(DefaultAuthToken defaultAuthToken) {
        if (defaultAuthToken == null) {
            return false;
        }
        try {
            if (verifyUser(defaultAuthToken) && verifyValidUntil(defaultAuthToken)) {
                return verifySignature(defaultAuthToken);
            }
            return false;
        } catch (RuntimeException e) {
            LOG.info("Failed verifying signature of token {}", defaultAuthToken, e);
            return false;
        }
    }

    protected boolean verifyUser(DefaultAuthToken defaultAuthToken) {
        return StringUtility.hasText(defaultAuthToken.getUserId());
    }

    protected boolean verifyValidUntil(DefaultAuthToken defaultAuthToken) {
        return System.currentTimeMillis() < defaultAuthToken.getValidUntil();
    }

    protected boolean verifySignature(DefaultAuthToken defaultAuthToken) {
        byte[] publicKey;
        byte[] signature = defaultAuthToken.getSignature();
        if (signature == null || (publicKey = getPublicKey()) == null) {
            return false;
        }
        return SecurityUtility.verifySignature(publicKey, defaultAuthToken.write(false).getBytes(StandardCharsets.UTF_8), signature);
    }
}
