package com.nazdaq.noms.app.auth.check;

import com.nazdaq.core.helpers.AppConfig;
import com.nazdaq.core.helpers.RequestHelper;
import com.nazdaq.noms.app.auth.AutoLoginLink;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Iterator;
import models.acl.UserGroup;
import models.users.User;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import play.mvc.Http;

/* loaded from: input_file:com/nazdaq/noms/app/auth/check/AuthJWT.class */
public class AuthJWT {
    private static final Logger log = LoggerFactory.getLogger(AuthJWT.class);
    public static final String HEADER_AUTH = "Authorization";

    public static String generateToken(@NotNull User user, boolean z) {
        JwtBuilder signWith = Jwts.builder().signWith(SignatureAlgorithm.HS512, AppConfig.secretKey);
        Claims claims = Jwts.claims();
        ArrayList arrayList = new ArrayList();
        Iterator<UserGroup> it = user.getGroups().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        claims.put("grps", arrayList);
        claims.put(User.ADMIN_USERNAME, Boolean.valueOf(user.inAdminGroup()));
        claims.put("user", user.getUsername());
        claims.put("lnglife", Boolean.valueOf(z));
        if (!z) {
            Calendar calendar = Calendar.getInstance();
            calendar.add(10, AppConfig.login_expiration);
            signWith = signWith.setExpiration(calendar.getTime());
            claims.put("exp", calendar.getTime());
        }
        log.debug("Generating token for user {}, Long: {}", user.getUsername(), Boolean.valueOf(z));
        return signWith.setClaims(claims).setSubject(user.getUsername()).compact();
    }

    public static boolean isJWTAuthRequest(Http.Request request) {
        String headerValue = RequestHelper.getHeaderValue(request, HEADER_AUTH);
        String headerValue2 = RequestHelper.getHeaderValue(request, "User-Agent");
        if (headerValue2 == null || !headerValue2.toLowerCase().contains("microsoft office")) {
            return (headerValue == null || headerValue.isEmpty()) ? false : true;
        }
        log.info("Ignored auth from Microsoft agent: {}", headerValue2);
        return false;
    }

    public static User checkToken(String str) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new Exception("Token can't be empty!");
        }
        if (str.startsWith("Bearer ")) {
            str = str.replace("Bearer", AutoLoginLink.MODE_HOME).trim();
        }
        try {
            String subject = ((Claims) Jwts.parser().setSigningKey(AppConfig.secretKey).parseClaimsJws(str).getBody()).getSubject();
            if (subject == null || subject.isEmpty()) {
                throw new Exception("Got empty JWT subject, You may forgot to enable API for this user!");
            }
            User user = User.getuserbyusername(subject);
            if (user != null) {
                return user;
            }
            throw new Exception("Failed to find user: " + subject + ".");
        } catch (ExpiredJwtException e) {
            throw new Exception("Token has expired, regenerate a new token.");
        } catch (SignatureException e2) {
            throw new Exception("Untrusted JWT, Error: " + e2.getMessage());
        } catch (Exception e3) {
            log.error("Failed to check JWT Auth token: {}", str);
            throw new Exception("Error occurred while checking JWT authentication.", e3);
        }
    }
}
