package org.kuali.kfs.sys.service.impl;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SecurityException;
import java.security.Key;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.core.api.config.property.ConfigurationService;
import org.kuali.kfs.sys.businessobject.JwtData;
import org.kuali.kfs.sys.service.JwtService;

/* loaded from: input_file:WEB-INF/lib/kfs-core-finp-9401-SNAPSHOT.jar:org/kuali/kfs/sys/service/impl/JwtServiceImpl.class */
public class JwtServiceImpl implements JwtService {
    private static final Logger LOG = LogManager.getLogger();
    private static final String JWT_SIGNING_KEY = "jwt.encryption.key";
    protected ConfigurationService configurationService;

    @Override // org.kuali.kfs.sys.service.JwtService
    public String generateJwt(JwtData jwtData) {
        LOG.debug("generateJwt() started");
        String propertyValueAsString = this.configurationService.getPropertyValueAsString(JWT_SIGNING_KEY);
        if (propertyValueAsString == null) {
            throw new RuntimeException("Missing configuration property: jwt.encryption.key");
        }
        return Jwts.builder().setSubject(jwtData.getPrincipalName()).setIssuedAt(jwtData.getIssuedAt()).setExpiration(jwtData.getExpired()).signWith(decodeKey(propertyValueAsString), SignatureAlgorithm.HS512).compact();
    }

    @Override // org.kuali.kfs.sys.service.JwtService
    public JwtData decodeJwt(String str) {
        LOG.debug("decodeJwt() started");
        String propertyValueAsString = this.configurationService.getPropertyValueAsString(JWT_SIGNING_KEY);
        if (propertyValueAsString == null) {
            throw new RuntimeException("Missing configuration property: jwt.encryption.key");
        }
        try {
            Claims body = Jwts.parserBuilder().setSigningKey(decodeKey(propertyValueAsString)).build().parseClaimsJws(str).getBody();
            JwtData jwtData = new JwtData();
            jwtData.setPrincipalName(body.getSubject());
            jwtData.setIssuedAt(body.getIssuedAt());
            jwtData.setExpired(body.getExpiration());
            return jwtData;
        } catch (ExpiredJwtException | MalformedJwtException | UnsupportedJwtException | SecurityException | IllegalArgumentException e) {
            LOG.debug("decodeJwt() Invalid JWT", e);
            throw new RuntimeException("Invalid JWT");
        }
    }

    private static Key decodeKey(String str) {
        return Keys.hmacShaKeyFor(Decoders.BASE64.decode(str));
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }
}
