package org.kuali.kfs.sys.service.impl;

import com.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.core.api.config.property.ConfigurationService;
import org.kuali.kfs.sys.businessobject.JwtData;
import org.kuali.kfs.sys.service.JwtService;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2022-05-18.jar:org/kuali/kfs/sys/service/impl/JwtServiceImpl.class */
public class JwtServiceImpl implements JwtService {
    private static final Logger LOG = LogManager.getLogger();
    private static final String JWT_SIGNING_KEY = "jwt.encryption.key";
    protected ConfigurationService configurationService;

    @Override // org.kuali.kfs.sys.service.JwtService
    public String generateNewKey() {
        LOG.debug("generateNewKey() started");
        try {
            return Base64.getEncoder().encodeToString(KeyGenerator.getInstance(JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM).generateKey().getEncoded());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Unable to generate key", e);
        }
    }

    @Override // org.kuali.kfs.sys.service.JwtService
    public String generateJwt(JwtData jwtData) {
        LOG.debug("generateJwt() started");
        String propertyValueAsString = this.configurationService.getPropertyValueAsString(JWT_SIGNING_KEY);
        if (propertyValueAsString == null) {
            throw new RuntimeException("Missing configuration property: jwt.encryption.key");
        }
        return generateJwt(jwtData, propertyValueAsString);
    }

    @Override // org.kuali.kfs.sys.service.JwtService
    public String generateJwt(JwtData jwtData, String str) {
        LOG.debug("generateJwt() started");
        return Jwts.builder().setSubject(jwtData.getPrincipalName()).setIssuedAt(jwtData.getIssuedAt()).setExpiration(jwtData.getExpired()).signWith(SignatureAlgorithm.HS512, decodeKey(str)).compact();
    }

    @Override // org.kuali.kfs.sys.service.JwtService
    public JwtData decodeJwt(String str) {
        LOG.debug("decodeJwt() started");
        String propertyValueAsString = this.configurationService.getPropertyValueAsString(JWT_SIGNING_KEY);
        if (propertyValueAsString == null) {
            throw new RuntimeException("Missing configuration property: jwt.encryption.key");
        }
        return decodeJwt(str, propertyValueAsString);
    }

    @Override // org.kuali.kfs.sys.service.JwtService
    public JwtData decodeJwt(String str, String str2) {
        LOG.debug("decodeJwt() started");
        try {
            Claims body = Jwts.parser().setSigningKey(decodeKey(str2)).parseClaimsJws(str).getBody();
            JwtData jwtData = new JwtData();
            jwtData.setPrincipalName(body.getSubject());
            jwtData.setIssuedAt(body.getIssuedAt());
            jwtData.setExpired(body.getExpiration());
            return jwtData;
        } catch (ExpiredJwtException | MalformedJwtException | SignatureException | UnsupportedJwtException | IllegalArgumentException e) {
            LOG.debug("decodeJwt() Invalid JWT", e);
            throw new RuntimeException("Invalid JWT");
        }
    }

    private Key decodeKey(String str) {
        byte[] decode = Base64.getDecoder().decode(str);
        return new SecretKeySpec(decode, 0, decode.length, JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }
}
