package onlyoffice.integration;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import java.util.Base64;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import onlyoffice.integration.config.OnlyOfficeConfigManager;
import org.json.JSONObject;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {OnlyOfficeJWT.class})
/* loaded from: input_file:onlyoffice/integration/OnlyOfficeJWT.class */
public class OnlyOfficeJWT {

    @Reference
    private OnlyOfficeConfigManager _config;
    private static final Log _log = LogFactoryUtil.getLog(OnlyOfficeJWT.class);

    public Boolean isEnabled() {
        String secret = this._config.getSecret();
        return Boolean.valueOf((secret == null || secret.isEmpty()) ? false : true);
    }

    public String createToken(JSONObject jSONObject) {
        if (!isEnabled().booleanValue()) {
            return "";
        }
        try {
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("alg", "HS256");
            jSONObject2.put("typ", "JWT");
            Base64.Encoder urlEncoder = Base64.getUrlEncoder();
            String replace = urlEncoder.encodeToString(jSONObject2.toString().getBytes("UTF-8")).replace("=", "");
            String replace2 = urlEncoder.encodeToString(jSONObject.toString().getBytes("UTF-8")).replace("=", "");
            return replace + "." + replace2 + "." + calculateHash(replace, replace2);
        } catch (Exception e) {
            _log.error("Couldn't createToken: " + e.getMessage(), e);
            return "";
        }
    }

    public JSONObject validate(JSONObject jSONObject, HttpServletRequest httpServletRequest) throws Exception {
        String optString = jSONObject.optString("token");
        Boolean bool = true;
        if (optString == null || optString == "") {
            String header = httpServletRequest.getHeader(this._config.getJwtHeader());
            optString = (header == null || !header.startsWith("Bearer ")) ? header : header.substring(7);
            bool = false;
        }
        if (optString == null || optString == "") {
            throw new SecurityException("Expected JWT");
        }
        if (!verify(optString).booleanValue()) {
            throw new SecurityException("Wrong JWT hash");
        }
        JSONObject jSONObject2 = new JSONObject(new String(Base64.getUrlDecoder().decode(optString.split("\\.")[1]), "UTF-8"));
        return bool.booleanValue() ? jSONObject2 : jSONObject2.getJSONObject("payload");
    }

    private Boolean verify(String str) {
        if (!isEnabled().booleanValue()) {
            return false;
        }
        String[] split = str.split("\\.");
        if (split.length != 3) {
            return false;
        }
        try {
            return calculateHash(split[0], split[1]).equals(split[2]);
        } catch (Exception e) {
            _log.error("Couldn't calculate hash: " + e.getMessage(), e);
            return false;
        }
    }

    private String calculateHash(String str, String str2) throws Exception {
        return Base64.getUrlEncoder().encodeToString(getHasher().doFinal((str + "." + str2).getBytes("UTF-8"))).replace("=", "");
    }

    private Mac getHasher() throws Exception {
        String secret = this._config.getSecret();
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(secret.getBytes("UTF-8"), "HmacSHA256"));
        return mac;
    }
}
