package org.squashtest.tm.web.security.authentication.customauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.validation.constraints.NotBlank;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/squashtest/tm/web/security/authentication/customauth/CustomAuthTokenGenerator.class */
public class CustomAuthTokenGenerator<T> {
    private static final String JWT_HEADER = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
    private final ObjectMapper objectMapper;
    private final String secret;

    public CustomAuthTokenGenerator(@NotBlank String str) {
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Crypto secret must be configured.");
        }
        this.secret = str;
        this.objectMapper = new ObjectMapper();
    }

    public String generateToken(T t) throws IOException {
        String writeValueAsString = this.objectMapper.writeValueAsString(t);
        return String.valueOf(encBase64(JWT_HEADER)) + "." + encBase64(writeValueAsString) + "." + hmacSha256(String.valueOf(encBase64(JWT_HEADER)) + "." + encBase64(writeValueAsString), this.secret);
    }

    public boolean isValidToken(String str) {
        String[] split = str.split("\\.");
        checkHeader(decBase64(split[0]));
        checkSignature(split[0], split[1], split[2]);
        return true;
    }

    private void checkHeader(String str) {
        if (!JWT_HEADER.equals(str)) {
            throw new InvalidCustomAuthTokenException("Invalid header.");
        }
    }

    private void checkSignature(String str, String str2, String str3) {
        String hmacSha256 = hmacSha256(String.valueOf(str) + "." + str2, this.secret);
        if (hmacSha256 == null || !hmacSha256.equals(str3)) {
            throw new InvalidCustomAuthTokenException("Invalid signature.");
        }
    }

    private static String hmacSha256(String str, String str2) {
        try {
            byte[] bytes = str2.getBytes(StandardCharsets.UTF_8);
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bytes, "HmacSHA256"));
            return encBase64(mac.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new InvalidCustomAuthTokenException("Error while encoding data.", e);
        }
    }

    private static String encBase64(String str) {
        return encBase64(str.getBytes());
    }

    private static String decBase64(String str) {
        return decBase64(str.getBytes());
    }

    private static String encBase64(byte[] bArr) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private static String decBase64(byte[] bArr) {
        return new String(Base64.getUrlDecoder().decode(bArr));
    }
}
