package de.docware.util.security.signature.securestart;

import de.docware.framework.modules.gui.misc.http.server.f;
import de.docware.framework.modules.gui.misc.logger.LogType;
import de.docware.framework.modules.webservice.restful.RESTfulEndpoint;
import de.docware.util.date.DateUtils;
import de.docware.util.h;
import java.io.UTFDataFormatException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Date;
import org.apache.commons.codec.binary.Base64;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:de/docware/util/security/signature/securestart/JWT.class */
public abstract class JWT {

    /* loaded from: input_file:de/docware/util/security/signature/securestart/JWT$CLAIM.class */
    public enum CLAIM {
        iss,
        sub,
        aud,
        exp,
        nbf,
        iat,
        jti
    }

    /* loaded from: input_file:de/docware/util/security/signature/securestart/JWT$ReturnCode.class */
    public enum ReturnCode {
        SUCCESS,
        UNKNOWN_ERROR,
        SIGNATURE_INVALID,
        REQUEST_HEADER_WRONG_FORMAT,
        REQUEST_HEADER_MISSING,
        TOKEN_WRONG_FORMAT,
        HEADER_ALG_MISSING,
        HEADER_ALG_NOT_SUPPORTED,
        HEADER_NOT_JSON,
        HEADER_NOT_UTF8,
        PAYLOAD_EXPIRY_DATE_MISSING,
        TOKEN_EXPIRED,
        SIGNATURE_CREATION_ERROR,
        PAYLOAD_NOT_UTF8,
        TOKEN_VALIDITY_TOO_LONG,
        PAYLOAD_CREATION_DATE_MISSING,
        PAYLOAD_CREATION_DATE_INVALID
    }

    /* loaded from: input_file:de/docware/util/security/signature/securestart/JWT$a.class */
    public static class a {
        private ReturnCode qQi;
        private String message;
        private Throwable qAn;

        public a(ReturnCode returnCode) {
            this.qQi = returnCode;
        }

        public a(ReturnCode returnCode, String str) {
            this.qQi = returnCode;
            this.message = str;
        }

        public a(ReturnCode returnCode, String str, Throwable th) {
            this.qQi = returnCode;
            this.message = str;
            this.qAn = th;
        }

        public ReturnCode dVc() {
            return this.qQi;
        }

        public String getMessage() {
            return this.message;
        }
    }

    /* loaded from: input_file:de/docware/util/security/signature/securestart/JWT$b.class */
    public static class b {
        private String llu;
        private String qQB;
        private String qQC;

        public b(String str, String str2, String str3) {
            this.llu = str;
            this.qQB = str2;
            this.qQC = str3;
        }

        public String cJL() {
            return this.llu;
        }

        public String dVd() throws UTFDataFormatException {
            return this.qQB;
        }

        public String dVe() {
            return this.qQC;
        }
    }

    public static RESTfulEndpoint.c a(f fVar, String str, String str2, long j, int i, int i2, de.docware.framework.modules.gui.misc.logger.a aVar) {
        a a2 = a(str, str2, j, i, i2);
        if (a2.dVc() != ReturnCode.SUCCESS) {
            return new RESTfulEndpoint.c(a(a2.dVc()), a2.getMessage());
        }
        try {
            b anh = anh(str);
            String dVd = anh.dVd();
            if (fVar != null) {
                fVar.c("securePayload", dVd);
            }
            de.docware.framework.modules.gui.misc.logger.b.a(aVar, LogType.DEBUG, "JWT header='" + anh.cJL() + "', payload='" + dVd + "'");
            return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.SUCCESS);
        } catch (de.docware.util.security.signature.securestart.a e) {
            de.docware.framework.modules.gui.misc.logger.b.a(aVar, LogType.ERROR, e);
            return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, e.getMessage(), e);
        } catch (UTFDataFormatException e2) {
            de.docware.framework.modules.gui.misc.logger.b.a(aVar, LogType.ERROR, e2);
            return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, "Payload has no valid UTF-8 encoding", e2);
        }
    }

    public static RESTfulEndpoint.SecureReturnCode a(ReturnCode returnCode) {
        return returnCode == ReturnCode.SUCCESS ? RESTfulEndpoint.SecureReturnCode.SUCCESS : (returnCode == ReturnCode.SIGNATURE_INVALID || returnCode == ReturnCode.TOKEN_WRONG_FORMAT || returnCode == ReturnCode.HEADER_ALG_MISSING || returnCode == ReturnCode.HEADER_ALG_NOT_SUPPORTED || returnCode == ReturnCode.HEADER_NOT_JSON || returnCode == ReturnCode.HEADER_NOT_UTF8 || returnCode == ReturnCode.PAYLOAD_EXPIRY_DATE_MISSING || returnCode == ReturnCode.PAYLOAD_NOT_UTF8 || returnCode == ReturnCode.REQUEST_HEADER_MISSING || returnCode == ReturnCode.REQUEST_HEADER_WRONG_FORMAT) ? RESTfulEndpoint.SecureReturnCode.SIGNATURE_INVALID : returnCode == ReturnCode.TOKEN_EXPIRED ? RESTfulEndpoint.SecureReturnCode.TOKEN_EXPIRED : RESTfulEndpoint.SecureReturnCode.UNKNOWN_ERROR;
    }

    public static a a(String str, String str2, long j, long j2, long j3) {
        try {
            try {
                b anh = anh(str);
                String cJL = anh.cJL();
                try {
                    String ani = ani(cJL);
                    byte[] decodeBase64 = Base64.decodeBase64(anh.dVe());
                    if (ani.equals("HmacSHA256")) {
                        try {
                            if (!Arrays.equals(decodeBase64, ak(ani, str2, cJL, anh.dVd()))) {
                                return new a(ReturnCode.SIGNATURE_INVALID, "Signature validation error for token '" + str + "'");
                            }
                        } catch (Exception e) {
                            return new a(ReturnCode.SIGNATURE_CREATION_ERROR, "Error while creating JWT signature", e);
                        }
                    } else {
                        if (!ani.equals("SHA256withRSA")) {
                            return null;
                        }
                        de.docware.util.security.signature.b a2 = de.docware.util.security.signature.d.a(new de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLI), ani);
                        a2.ang(str2);
                        if (!a2.c((Base64.encodeBase64URLSafeString(cJL.getBytes(StandardCharsets.UTF_8)) + "." + Base64.encodeBase64URLSafeString(anh.dVd().getBytes(StandardCharsets.UTF_8))).getBytes(StandardCharsets.UTF_8), decodeBase64)) {
                            return new a(ReturnCode.SIGNATURE_INVALID, "Signature validation error for token '" + str + "'");
                        }
                    }
                    if (j > 0) {
                        String dVd = anh.dVd();
                        try {
                            long ank = ank(dVd);
                            if (j3 > 0) {
                                try {
                                    long anl = anl(dVd);
                                    if (anl <= 0) {
                                        a aVar = new a(ReturnCode.PAYLOAD_CREATION_DATE_INVALID, "Creation date '" + anl + "' ('iat' attribute) from JWT payload '" + aVar + "' invalid.");
                                        return aVar;
                                    }
                                    if ((j2 > 0 ? anl - j2 : anl - 60) > j) {
                                        a aVar2 = new a(ReturnCode.PAYLOAD_CREATION_DATE_INVALID, "Creation date '" + anl + "' ('iat' attribute) from JWT payload '" + aVar2 + "' invalid because larger than current time '" + dVd + "' (possibly system time difference considered).");
                                        return aVar2;
                                    }
                                    long j4 = ank - anl;
                                    if (j2 > 0) {
                                        j4 -= j2;
                                    }
                                    if (j4 > j3) {
                                        a aVar3 = new a(ReturnCode.TOKEN_VALIDITY_TOO_LONG, "Token validity [seconds] " + j4 + " larger than allowed " + aVar3);
                                        return aVar3;
                                    }
                                } catch (JSONException e2) {
                                    return new a(ReturnCode.PAYLOAD_EXPIRY_DATE_MISSING, "Could not obtain creation date ('iat' attribute) from JWT payload '" + dVd + "'", e2);
                                }
                            }
                            long j5 = j - ank;
                            if (j5 > 0) {
                                boolean z = true;
                                if (j2 > 0 && j5 - j2 <= 0) {
                                    z = false;
                                }
                                if (z) {
                                    return new a(ReturnCode.TOKEN_EXPIRED, "Token expired at " + DateUtils.B(new Date(ank * 1000)) + " (" + ank + " seconds since epoch)");
                                }
                            }
                        } catch (JSONException e3) {
                            return new a(ReturnCode.PAYLOAD_EXPIRY_DATE_MISSING, "Could not obtain expiry date ('exp' attribute) from JWT payload '" + dVd + "'", e3);
                        }
                    }
                    return new a(ReturnCode.SUCCESS);
                } catch (de.docware.util.security.signature.securestart.a e4) {
                    return new a(e4.dVc(), e4.getMessage(), e4);
                } catch (JSONException e5) {
                    return new a(ReturnCode.HEADER_NOT_JSON, "JWT header '" + cJL + "' is not a valid JSON", e5);
                }
            } catch (de.docware.util.security.signature.securestart.a e6) {
                return new a(e6.dVc(), e6.getMessage(), e6);
            }
        } catch (Exception e7) {
            return new a(ReturnCode.UNKNOWN_ERROR, "Unexpected error while validating token '" + str + "' with message " + e7.getMessage(), e7);
        }
    }

    public static String cu(String str, String str2, String str3) throws de.docware.util.security.signature.securestart.a {
        try {
            String string = new JSONObject(str).getString("alg");
            if (string == null) {
                throw new de.docware.util.security.signature.securestart.a("Missing 'alg' attribute in JWT header '" + str + "'");
            }
            String anj = anj(string);
            if (anj == null) {
                throw new de.docware.util.security.signature.securestart.a("Algorithm '" + string + "' not supported");
            }
            String str4 = org.apache.commons.net.util.Base64.encodeBase64URLSafeString(str.getBytes(StandardCharsets.UTF_8)) + "." + org.apache.commons.net.util.Base64.encodeBase64URLSafeString(str2.getBytes(StandardCharsets.UTF_8));
            if (anj.equals("HmacSHA256")) {
                return str4 + "." + org.apache.commons.net.util.Base64.encodeBase64URLSafeString(de.docware.util.security.signature.a.a(anj, str4.getBytes(StandardCharsets.UTF_8), str3.getBytes(StandardCharsets.UTF_8)));
            }
            if (!anj.equals("SHA256withRSA")) {
                return null;
            }
            de.docware.util.security.signature.b a2 = de.docware.util.security.signature.d.a(new de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLI), anj);
            a2.anf(str3);
            return str4 + "." + org.apache.commons.net.util.Base64.encodeBase64URLSafeString(a2.aa(str4.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            throw new de.docware.util.security.signature.securestart.a("Error while creating token: " + e.getMessage(), e);
        }
    }

    public static b anh(String str) throws de.docware.util.security.signature.securestart.a {
        String[] lG = h.lG(str, ".");
        if (lG.length != 3) {
            throw new de.docware.util.security.signature.securestart.a("Token '" + str + "' has not the specified format 'xxx.yyy.zzz'", ReturnCode.TOKEN_WRONG_FORMAT);
        }
        return new b(new String(Base64.decodeBase64(lG[0]), StandardCharsets.UTF_8), new String(Base64.decodeBase64(lG[1]), StandardCharsets.UTF_8), lG[2]);
    }

    private static byte[] ak(String str, String str2, String str3, String str4) throws NoSuchAlgorithmException, InvalidKeyException {
        return de.docware.util.security.signature.a.a(str, (Base64.encodeBase64URLSafeString(str3.getBytes(StandardCharsets.UTF_8)) + "." + Base64.encodeBase64URLSafeString(str4.getBytes(StandardCharsets.UTF_8))).getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8));
    }

    public static String ani(String str) throws JSONException, de.docware.util.security.signature.securestart.a {
        String string = new JSONObject(str).getString("alg");
        if (string == null) {
            throw new de.docware.util.security.signature.securestart.a("Missing 'alg' attribute in JWT header '" + str + "'", ReturnCode.HEADER_ALG_MISSING);
        }
        String anj = anj(string);
        if (anj == null) {
            throw new de.docware.util.security.signature.securestart.a("Algorithm '" + string + "' not supported", ReturnCode.HEADER_ALG_NOT_SUPPORTED);
        }
        return anj;
    }

    private static String anj(String str) {
        if (str.equals("HS256")) {
            return "HmacSHA256";
        }
        if (str.equals("RS256")) {
            return "SHA256withRSA";
        }
        return null;
    }

    public static long ank(String str) throws JSONException {
        return new JSONObject(str).getLong("exp");
    }

    private static long anl(String str) throws JSONException {
        return new JSONObject(str).getLong("iat");
    }
}
