package cern.rbac.common;

import cern.accsoft.commons.util.Assert;
import cern.rbac.common.impl.AppPrincipalImpl;
import cern.rbac.common.impl.LocationPrincipalImpl;
import cern.rbac.common.impl.RbaConstants;
import cern.rbac.common.impl.UserPrincipalImpl;
import cern.rbac.common.impl.decode.TestTokenDecoderDecorator;
import cern.rbac.common.impl.decode.TextTokenDecoder;
import cern.rbac.common.impl.serialization.decode.SerializedTokenFields;
import cern.rbac.common.impl.serialization.decode.TokenDecoder;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import oracle.net.ns.SQLnetDef;

/* loaded from: input_file:BOOT-INF/lib/rbac-common-2.0.2.jar:cern/rbac/common/RbaToken.class */
public final class RbaToken implements Serializable {
    private static final long serialVersionUID = -376146868388891764L;
    public static final RbaToken EMPTY_TOKEN;
    private final byte[] encoded;
    private transient int serialId;
    private transient Date authTime;
    private transient Date endTime;
    private transient AppPrincipal app;
    private transient LocationPrincipal loc;
    private transient UserPrincipal user;
    private transient ExtraFields extra;
    private transient TokenType tokenType;
    private transient byte[] body;
    private transient byte[] signature;

    private static TokenDecoder getDefaultDecoder() {
        return new TextTokenDecoder(RbacConfiguration.getCurrent());
    }

    @Deprecated
    public RbaToken(byte[] bArr) throws TokenFormatException {
        this(bArr, getDefaultDecoder());
    }

    @Deprecated
    public RbaToken(byte[] bArr, TokenDecoder tokenDecoder) throws TokenFormatException {
        this(ByteBuffer.wrap(bArr), tokenDecoder);
    }

    @Deprecated
    public RbaToken(byte[] bArr, int i, int i2) throws TokenFormatException {
        this(ByteBuffer.wrap(bArr, i, i2), getDefaultDecoder());
    }

    private RbaToken(ByteBuffer byteBuffer, TokenDecoder tokenDecoder) throws TokenFormatException {
        Assert.notNull(byteBuffer, "Encoded byte array is null.");
        Assert.notNull(tokenDecoder, "Decoder is null.");
        this.encoded = new byte[byteBuffer.remaining()];
        byteBuffer.get(this.encoded);
        decode(tokenDecoder);
    }

    public static RbaToken parseAndValidate(ByteBuffer byteBuffer, RbacConfiguration rbacConfiguration) throws TokenFormatException {
        return new RbaToken(byteBuffer, new TextTokenDecoder(rbacConfiguration));
    }

    public static RbaToken parseNoValidate(ByteBuffer byteBuffer) throws TokenFormatException {
        return new RbaToken(byteBuffer, new TestTokenDecoderDecorator(new TextTokenDecoder(null)));
    }

    public boolean isEmpty() {
        return this.encoded.length == 0;
    }

    public TokenType getType() {
        return this.tokenType;
    }

    public int getSerialId() {
        return this.serialId;
    }

    public Date getAuthTime() {
        return (Date) this.authTime.clone();
    }

    public Date getEndTime() {
        return (Date) this.endTime.clone();
    }

    public Date getRenewTill() {
        return (this.extra == null || this.extra.getRenewTill() == null) ? getEndTime() : (Date) this.extra.getRenewTill().clone();
    }

    public AppPrincipal getApplication() {
        return this.app;
    }

    public LocationPrincipal getLocation() {
        return this.loc;
    }

    public UserPrincipal getUser() {
        return this.user;
    }

    public ExtraFields getExtra() {
        return this.extra;
    }

    public byte[] getEncoded() {
        return (byte[]) this.encoded.clone();
    }

    public boolean isValid() {
        return isValid(0);
    }

    public boolean isValid(int i) {
        return this.endTime.getTime() > System.currentTimeMillis() + (((long) i) * 1000);
    }

    public boolean verify(Collection<PublicKey> collection) throws GeneralSecurityException {
        Signature signature = Signature.getInstance(RbaConstants.SIGNATURE_ALGORITHM);
        Iterator<PublicKey> it = collection.iterator();
        while (it.hasNext()) {
            signature.initVerify(it.next());
            signature.update(this.body);
            if (signature.verify(this.signature)) {
                return true;
            }
        }
        return false;
    }

    public int hashCode() {
        return this.serialId;
    }

    public boolean equals(Object obj) {
        return (obj instanceof RbaToken) && ((RbaToken) obj).serialId == this.serialId;
    }

    public String toString() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'@'HH:mm:ss");
        return String.format("RbaToken[serial=0x%s; authTime=%s; endTime=%s; application=%s; location=%s; user=%s; extra=%s]", Long.toHexString(this.serialId & SQLnetDef.NSPDDLSLMAX), simpleDateFormat.format(this.authTime), simpleDateFormat.format(this.endTime), this.app, this.loc, this.user, this.extra);
    }

    private void decode(TokenDecoder tokenDecoder) throws TokenFormatException {
        try {
            if (isEmpty()) {
                initEmptyToken();
                return;
            }
            SerializedTokenFields decode = tokenDecoder.decode(this.encoded);
            this.serialId = decode.getSerialId();
            this.authTime = new Date(decode.getAuthenticationTime() * 1000);
            this.endTime = new Date(decode.getExpirationTime() * 1000);
            this.app = new AppPrincipalImpl(decode.getApplicationName(), decode.isApplicationCritical(), Integer.valueOf(decode.getApplicationTimeout()));
            this.loc = new LocationPrincipalImpl(decode.getLocationName(), InetAddress.getByAddress(decode.getLocationAddress()), decode.isLocationAuthReq());
            this.user = new UserPrincipalImpl(decode.getUserName(), decode.getUserFullName(), decode.getUserEmail(), decode.getRoles(), decode.getUserAccountType());
            this.extra = decode.getExtraFields();
            this.body = decode.getBody();
            this.signature = decode.getSignature();
            this.tokenType = this.extra == null ? TokenType.APPLICATION : this.extra.getTokenType();
        } catch (Exception e) {
            throw new TokenFormatException(e);
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        decode(getDefaultDecoder());
    }

    private void initEmptyToken() {
        this.serialId = 0;
        this.authTime = new Date(0L);
        this.endTime = new Date(0L);
        this.app = null;
        this.loc = null;
        this.user = null;
        this.extra = null;
        this.tokenType = TokenType.APPLICATION;
    }

    static {
        try {
            EMPTY_TOKEN = parseNoValidate(ByteBuffer.wrap(new byte[0]));
        } catch (TokenFormatException e) {
            throw new AssertionError(e);
        }
    }
}
