package org.nuxeo.ecm.jwt;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTCreationException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.lang.reflect.Field;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.api.local.ClientLoginModule;
import org.nuxeo.ecm.jwt.JWTService;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;
import org.nuxeo.runtime.model.SimpleContributionRegistry;

/* loaded from: input_file:org/nuxeo/ecm/jwt/JWTServiceImpl.class */
public class JWTServiceImpl extends DefaultComponent implements JWTService {
    public static final String XP_CONFIGURATION = "configuration";
    public static final String NUXEO_ISSUER = "nuxeo";
    protected final JWTServiceConfigurationRegistry registry = new JWTServiceConfigurationRegistry();
    private static final Log log = LogFactory.getLog(JWTServiceImpl.class);
    protected static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    protected static final TypeReference<Map<String, Object>> MAP_STRING_OBJECT = new TypeReference<Map<String, Object>>() { // from class: org.nuxeo.ecm.jwt.JWTServiceImpl.1
    };

    /* loaded from: input_file:org/nuxeo/ecm/jwt/JWTServiceImpl$JWTBuilderImpl.class */
    public class JWTBuilderImpl implements JWTService.JWTBuilder {
        public final JWTCreator.Builder builder = JWT.create();

        public JWTBuilderImpl() {
            this.builder.withIssuer(JWTServiceImpl.NUXEO_ISSUER);
            String actingUser = ClientLoginModule.getCurrentPrincipal().getActingUser();
            if (actingUser == null) {
                throw new NuxeoException("No currently logged-in user");
            }
            this.builder.withSubject(actingUser);
            withTTL(0);
        }

        @Override // org.nuxeo.ecm.jwt.JWTService.JWTBuilder
        public JWTBuilderImpl withTTL(int i) {
            if (i <= 0) {
                i = JWTServiceImpl.this.getDefaultTTL();
            }
            this.builder.withExpiresAt(Date.from(Instant.now().plusSeconds(i)));
            return this;
        }

        @Override // org.nuxeo.ecm.jwt.JWTService.JWTBuilder
        public JWTBuilderImpl withClaim(String str, Object obj) {
            if (obj instanceof Boolean) {
                this.builder.withClaim(str, (Boolean) obj);
            } else if (obj instanceof Date) {
                this.builder.withClaim(str, (Date) obj);
            } else if (obj instanceof Double) {
                this.builder.withClaim(str, (Double) obj);
            } else if (obj instanceof Integer) {
                this.builder.withClaim(str, (Integer) obj);
            } else if (obj instanceof Long) {
                this.builder.withClaim(str, (Long) obj);
            } else if (obj instanceof String) {
                this.builder.withClaim(str, (String) obj);
            } else if (obj instanceof Integer[]) {
                this.builder.withArrayClaim(str, (Integer[]) obj);
            } else if (obj instanceof Long[]) {
                this.builder.withArrayClaim(str, (Long[]) obj);
            } else {
                if (!(obj instanceof String[])) {
                    throw new NuxeoException("Unknown claim type: " + obj);
                }
                this.builder.withArrayClaim(str, (String[]) obj);
            }
            return this;
        }

        @Override // org.nuxeo.ecm.jwt.JWTService.JWTBuilder
        public String build() {
            try {
                Algorithm algorithm = JWTServiceImpl.this.getAlgorithm();
                if (algorithm == null) {
                    throw new NuxeoException("JWTService secret not configured");
                }
                return this.builder.sign(algorithm);
            } catch (JWTCreationException e) {
                throw new NuxeoException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/nuxeo/ecm/jwt/JWTServiceImpl$JWTServiceConfigurationRegistry.class */
    public static class JWTServiceConfigurationRegistry extends SimpleContributionRegistry<JWTServiceConfigurationDescriptor> {
        protected static final String KEY = "";
        protected static final JWTServiceConfigurationDescriptor DEFAULT_CONTRIBUTION = new JWTServiceConfigurationDescriptor();

        protected JWTServiceConfigurationRegistry() {
        }

        public String getContributionId(JWTServiceConfigurationDescriptor jWTServiceConfigurationDescriptor) {
            return KEY;
        }

        public boolean isSupportingMerge() {
            return true;
        }

        public JWTServiceConfigurationDescriptor clone(JWTServiceConfigurationDescriptor jWTServiceConfigurationDescriptor) {
            return new JWTServiceConfigurationDescriptor(jWTServiceConfigurationDescriptor);
        }

        public void merge(JWTServiceConfigurationDescriptor jWTServiceConfigurationDescriptor, JWTServiceConfigurationDescriptor jWTServiceConfigurationDescriptor2) {
            jWTServiceConfigurationDescriptor2.merge(jWTServiceConfigurationDescriptor);
        }

        public JWTServiceConfigurationDescriptor getContribution() {
            JWTServiceConfigurationDescriptor jWTServiceConfigurationDescriptor = (JWTServiceConfigurationDescriptor) getContribution(KEY);
            if (jWTServiceConfigurationDescriptor == null) {
                jWTServiceConfigurationDescriptor = DEFAULT_CONTRIBUTION;
            }
            return jWTServiceConfigurationDescriptor;
        }
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (!XP_CONFIGURATION.equals(str)) {
            throw new NuxeoException("Unknown extension point: " + str);
        }
        this.registry.addContribution((JWTServiceConfigurationDescriptor) obj);
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (XP_CONFIGURATION.equals(str)) {
            this.registry.removeContribution((JWTServiceConfigurationDescriptor) obj);
        }
    }

    @Override // org.nuxeo.ecm.jwt.JWTService
    public JWTService.JWTBuilder newBuilder() {
        return new JWTBuilderImpl();
    }

    protected void builderWithClaim(JWTCreator.Builder builder, String str, Object obj) {
        if (obj instanceof Boolean) {
            builder.withClaim(str, (Boolean) obj);
            return;
        }
        if (obj instanceof Date) {
            builder.withClaim(str, (Date) obj);
            return;
        }
        if (obj instanceof Double) {
            builder.withClaim(str, (Double) obj);
            return;
        }
        if (obj instanceof Integer) {
            builder.withClaim(str, (Integer) obj);
            return;
        }
        if (obj instanceof Long) {
            builder.withClaim(str, (Long) obj);
            return;
        }
        if (obj instanceof String) {
            builder.withClaim(str, (String) obj);
            return;
        }
        if (obj instanceof Integer[]) {
            builder.withArrayClaim(str, (Integer[]) obj);
        } else if (obj instanceof Long[]) {
            builder.withArrayClaim(str, (Long[]) obj);
        } else {
            if (!(obj instanceof String[])) {
                throw new NuxeoException("Unknown claim type: " + obj);
            }
            builder.withArrayClaim(str, (String[]) obj);
        }
    }

    @Override // org.nuxeo.ecm.jwt.JWTService
    public Map<String, Object> verifyToken(String str) {
        Objects.requireNonNull(str);
        Algorithm algorithm = getAlgorithm();
        if (algorithm == null) {
            log.debug("secret not configured, cannot verify token");
            return null;
        }
        try {
            return (Map) ((Map) getFieldValue(getFieldValue(JWT.require(algorithm).withIssuer(NUXEO_ISSUER).build().verify(str), "payload"), "tree")).entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return nodeToValue((JsonNode) entry.getValue());
            }));
        } catch (JWTVerificationException e) {
            if (!log.isTraceEnabled()) {
                return null;
            }
            log.trace("token verification failed: " + e.toString());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Object nodeToValue(JsonNode jsonNode) {
        Object obj;
        if (jsonNode == null || jsonNode.isNull() || jsonNode.isMissingNode()) {
            return null;
        }
        if (jsonNode.isObject()) {
            try {
                JsonParser treeAsTokens = OBJECT_MAPPER.treeAsTokens(jsonNode);
                Throwable th = null;
                try {
                    Object readValueAs = treeAsTokens.readValueAs(MAP_STRING_OBJECT);
                    if (treeAsTokens != null) {
                        if (0 != 0) {
                            try {
                                treeAsTokens.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            treeAsTokens.close();
                        }
                    }
                    return readValueAs;
                } finally {
                }
            } catch (IOException e) {
                throw new NuxeoException("Cannot map claim value to Map", e);
            }
        }
        if (!jsonNode.isArray()) {
            try {
                obj = getFieldValue(jsonNode, "_value");
            } catch (NuxeoException e2) {
                log.warn("Cannot extract primitive value from JsonNode: " + jsonNode.getClass().getName());
                obj = null;
            }
            if (obj instanceof Integer) {
                obj = Long.valueOf(((Integer) obj).longValue());
            }
            return obj;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = jsonNode.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(OBJECT_MAPPER.treeToValue((JsonNode) it.next(), Object.class));
            } catch (IOException e3) {
                throw new NuxeoException("Cannot map Claim array value to Object", e3);
            }
        }
        return arrayList;
    }

    protected int getDefaultTTL() {
        return this.registry.getContribution().getDefaultTTL();
    }

    protected Algorithm getAlgorithm() {
        String secret = this.registry.getContribution().getSecret();
        if (StringUtils.isBlank(secret)) {
            return null;
        }
        return Algorithm.HMAC512(secret);
    }

    protected static <T> T getFieldValue(Object obj, String str) {
        try {
            Field declaredField = obj.getClass().getDeclaredField(str);
            declaredField.setAccessible(true);
            return (T) declaredField.get(obj);
        } catch (IllegalArgumentException | ReflectiveOperationException | SecurityException e) {
            throw new NuxeoException(e);
        }
    }
}
