package org.cocktail.auth.services;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.apache.log4j.Logger;
import org.cocktail.auth.TokenConfigurer;
import org.cocktail.auth.accessproviders.IAccessProvider;
import org.cocktail.auth.model.Auth;
import org.joda.time.DateTime;

/* loaded from: input_file:org/cocktail/auth/services/AbstractAuthenticationService.class */
public abstract class AbstractAuthenticationService implements AuthenticationService {
    private static final Logger LOG = Logger.getLogger(AbstractAuthenticationService.class);
    private IAccessProvider accessProvider;
    private final TokenConfigurer tokenConfigurer;

    public AbstractAuthenticationService(TokenConfigurer tokenConfigurer, IAccessProvider iAccessProvider) {
        this.tokenConfigurer = tokenConfigurer;
        this.accessProvider = iAccessProvider;
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public Auth checkAccess(String str, String str2) {
        if (str == null) {
            LOG.debug("checkAccess : token d'authentification cktlrestauthkey non trouvé : " + str);
            throw mo5getAuthException("Token d'authentification non trouvé");
        }
        Auth authFromJwt = getAuthFromJwt(str);
        new AuthTimeoutValidator(this.tokenConfigurer.getAuthkeyTimeOut()).validate(authFromJwt);
        checkUserAccess(authFromJwt, str2);
        return authFromJwt;
    }

    /* renamed from: getAuthException */
    protected abstract RuntimeException mo5getAuthException(String str);

    @Override // org.cocktail.auth.services.AuthenticationService
    public Auth checkAuthKey(String str) {
        Auth parseAuthKey = parseAuthKey(str);
        if (parseAuthKey == null) {
            LOG.debug("checkAuthKey : token d'authentification cktlrestauthkey non trouvé : " + str);
            throw mo5getAuthException("Token d'authentification non trouvé");
        }
        new AuthTimeoutValidator(this.tokenConfigurer.getAuthkeyTimeOut()).validate(parseAuthKey);
        return parseAuthKey;
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public void checkAuth(Auth auth) {
        assertAuthNotNull(auth);
        assertAuthNonExpiree(auth);
    }

    private void assertAuthNotNull(Auth auth) {
        if (auth == null) {
            throw mo5getAuthException("Informations d'authentification non trouvées : Auth non présent");
        }
    }

    private void assertAuthNonExpiree(Auth auth) {
        new AuthTimeoutValidator(this.tokenConfigurer.getAuthkeyTimeOut()).validate(auth);
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public Auth parseAuthKey(String str) {
        if (this.tokenConfigurer.isAuthMockEnabled()) {
            return this.tokenConfigurer.getMockedAuth();
        }
        if (str == null) {
            return null;
        }
        return getAuthFromJwt(str);
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public void checkUserAccessFromAuthKey(String str, String str2) {
        checkUserAccess(getAuthFromJwt(str), str2);
    }

    protected void checkUserAccess(Auth auth, String str) {
        getAccessProvider().checkAccess(auth, str);
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public String getJwtFromAuth(Auth auth) {
        auth.setCreationDate(new DateTime());
        return Jwts.builder().setSubject(auth.getUser() + ":" + auth.getPersId()).setIssuedAt(auth.getCreationDate().toDate()).setExpiration(auth.getCreationDate().plus(this.tokenConfigurer.getAuthkeyTimeOut() * 1000).toDate()).signWith(Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(this.tokenConfigurer.getJwsKey()))).compact();
    }

    public String getJwtFromAuth(Auth auth, String str) {
        checkJwsKey(str);
        auth.setCreationDate(new DateTime());
        return Jwts.builder().setSubject(auth.getUser() + ":" + auth.getPersId()).setIssuedAt(auth.getCreationDate().toDate()).signWith(Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(str))).compact();
    }

    private void checkJwsKey(String str) {
        if (!this.tokenConfigurer.getJwsKey().equals(str)) {
            throw new SecurityException("Le secret fournit pour l'identification est invalide");
        }
    }

    private Auth getAuthFromJwt(String str) {
        Claims claims = (Claims) Jwts.parserBuilder().setSigningKey(Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(this.tokenConfigurer.getJwsKey()))).build().parseClaimsJws(str).getBody();
        String[] split = claims.getSubject().split(":");
        Auth auth = new Auth(split[0], new Integer(split[1]));
        auth.setCreationDate(new DateTime(claims.getIssuedAt()));
        return auth;
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public IAccessProvider getAccessProvider() {
        return this.accessProvider;
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public void setAccessProvider(IAccessProvider iAccessProvider) {
        this.accessProvider = iAccessProvider;
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public String updateToken(Auth auth) {
        return getJwtFromAuth(auth);
    }

    @Override // org.cocktail.auth.services.AuthenticationService
    public DateTime getExpirationDate(String str) {
        return new AuthTimeoutValidator(this.tokenConfigurer.getAuthkeyTimeOut()).getExpirationDate(getAuthFromJwt(str));
    }
}
