package net.officefloor.web.jwt.authority;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.Jwts;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPair;
import java.time.Instant;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.concurrent.ThreadLocalRandom;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.function.BiFunction;
import java.util.function.Function;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import net.officefloor.frame.api.build.None;
import net.officefloor.frame.api.clock.Clock;
import net.officefloor.frame.api.managedobject.ManagedObject;
import net.officefloor.frame.api.managedobject.source.ManagedObjectExecuteContext;
import net.officefloor.frame.api.managedobject.source.ManagedObjectFunctionBuilder;
import net.officefloor.frame.api.managedobject.source.ManagedObjectFunctionDependency;
import net.officefloor.frame.api.managedobject.source.ManagedObjectSourceContext;
import net.officefloor.frame.api.managedobject.source.impl.AbstractAsyncManagedObjectSource;
import net.officefloor.frame.api.managedobject.source.impl.AbstractManagedObjectSource;
import net.officefloor.plugin.managedobject.poll.StatePollContext;
import net.officefloor.plugin.managedobject.poll.StatePoller;
import net.officefloor.server.http.HttpStatus;
import net.officefloor.web.jwt.authority.jwks.JwksKeyWriter;
import net.officefloor.web.jwt.authority.jwks.JwksPublishSectionSource;
import net.officefloor.web.jwt.authority.key.AesCipherFactory;
import net.officefloor.web.jwt.authority.key.AesSynchronousKeyFactory;
import net.officefloor.web.jwt.authority.key.AsynchronousKeyFactory;
import net.officefloor.web.jwt.authority.key.CipherFactory;
import net.officefloor.web.jwt.authority.key.Rsa256AynchronousKeyFactory;
import net.officefloor.web.jwt.authority.key.SynchronousKeyFactory;
import net.officefloor.web.jwt.authority.repository.JwtAccessKey;
import net.officefloor.web.jwt.authority.repository.JwtAuthorityKey;
import net.officefloor.web.jwt.authority.repository.JwtAuthorityRepository;
import net.officefloor.web.jwt.authority.repository.JwtRefreshKey;
import net.officefloor.web.jwt.jwks.JwksKeyParser;
import net.officefloor.web.jwt.jwks.JwksSectionSource;
import net.officefloor.web.jwt.validate.JwtValidateKey;

/* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource.class */
public class JwtAuthorityManagedObjectSource extends AbstractManagedObjectSource<None, Flows> {
    public static final String PROPERTY_IDENTITY_CLASS = "identity.class";
    public static final String PROPERTY_ACCESS_TOKEN_EXPIRATION_PERIOD = "access.token.expiration.period";
    public static final String PROPERTY_ACCESS_KEY_OVERLAP_PERIODS = "access.key.token.overlap.periods";
    public static final int MINIMUM_ACCESS_KEY_OVERLAP_PERIODS = 3;
    public static final String PROPERTY_ACCESS_KEY_EXPIRATION_PERIOD = "access.key.expiration.period";
    public static final String PROPERTY_ACCESS_TOKEN_KEY_FACTORY = "access.token.key.factory";
    public static final String PROPERTY_REFRESH_TOKEN_EXPIRATION_PERIOD = "refresh.token.expiration.period";
    public static final String PROPERTY_REFRESH_KEY_OVERLAP_PERIODS = "refresh.key.token.overlap.periods";
    public static final int MINIMUM_REFRESH_KEY_OVERLAP_PERIODS = 3;
    public static final String PROPERTY_REFRESH_KEY_EXPIRATION_PERIOD = "refresh.key.expiration.period";
    public static final String PROPERTY_REFRESH_TOKEN_CIPHER_FACTORY = "refresh.token.cipher.factory";
    public static final String PROPERTY_REFRESH_TOKEN_KEY_FACTORY = "refresh.token.key.factory";
    public static final String PROPERTY_KEY_LOAD_WAIT_TIME = "key.load.wait.time";
    public static final int DEFAULT_KEY_LOAD_WAIT_TIME = 3;
    private Class<?> identityClass;
    private JavaType identityJavaType;
    private long accessTokenExpirationPeriod;
    private long accessKeyExpirationPeriod;
    private int accessKeyOverlapPeriods;
    private AsynchronousKeyFactory accessTokenKeyFactory;
    private long refreshTokenExpirationPeriod;
    private long refreshKeyExpirationPeriod;
    private int refreshKeyOverlapPeriods;
    private CipherFactory refreshTokenCipherFactory;
    private SynchronousKeyFactory refreshTokenKeyFactory;
    private Clock<Long> timeInSeconds;
    private long keyLoadWaitTime;
    private StatePoller<JwtAccessKey[], Flows> jwtAccessKeys;
    private StatePoller<JwtRefreshKey[], Flows> jwtRefreshKeys;
    private Function<Long, JwtAuthorityRepository.RetrieveKeysContext> retrieveKeysContextFactory;
    private JwtAuthorityRepository.SaveKeysContext saveKeysContext;
    public static final long DEFAULT_ACCESS_TOKEN_EXPIRATION_PERIOD = TimeUnit.MINUTES.toSeconds(20);
    public static final long DEFAULT_ACCESS_KEY_EXPIRATION_PERIOD = TimeUnit.DAYS.toSeconds(7);
    public static final String DEFAULT_ACCESS_TOKEN_KEY_FACTORY = Rsa256AynchronousKeyFactory.class.getName();
    public static final long DEFAULT_REFRESH_TOKEN_EXPIRATION_PERIOD = TimeUnit.HOURS.toSeconds(8);
    public static final long DEFAULT_REFRESH_KEY_EXPIRATION_PERIOD = TimeUnit.DAYS.toSeconds(28);
    public static final String DEFAULT_REFRESH_TOKEN_CIPHER_FACTORY = AesCipherFactory.class.getName();
    public static final String DEFAULT_REFRESH_TOKEN_KEY_FACTORY = AesSynchronousKeyFactory.class.getName();
    private static final Charset UTF8 = Charset.forName("UTF-8");
    private static final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.RFC_1123_DATE_TIME.withZone(ZoneId.systemDefault());
    private static final ObjectMapper mapper = new ObjectMapper();
    private static final JavaType timeWindowJavaType = mapper.constructType(TimeWindow.class);

    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$Flows.class */
    public enum Flows {
        RETRIEVE_ENCODE_KEYS,
        RETRIEVE_REFRESH_KEYS
    }

    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$JwtAccesKeysCollectorImpl.class */
    private class JwtAccesKeysCollectorImpl implements JwtAccessKeyCollector {
        private final StatePollContext<JwtAccessKey[]> pollContext;

        public JwtAccesKeysCollectorImpl(StatePollContext<JwtAccessKey[]> statePollContext) {
            this.pollContext = statePollContext;
        }

        @Override // net.officefloor.web.jwt.authority.JwtAccessKeyCollector
        public void setKeys(JwtAccessKey[] jwtAccessKeyArr) {
            this.pollContext.setNextState(jwtAccessKeyArr, -1L, (TimeUnit) null);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$JwtAccessKeyImpl.class */
    public static class JwtAccessKeyImpl implements JwtAccessKey {
        private final long startTime;
        private final long expireTime;
        private final Key privateKey;
        private final Key publicKey;

        private JwtAccessKeyImpl(JwtAccessKey jwtAccessKey) {
            this.startTime = jwtAccessKey.getStartTime();
            this.expireTime = jwtAccessKey.getExpireTime();
            this.privateKey = jwtAccessKey.getPrivateKey();
            this.publicKey = jwtAccessKey.getPublicKey();
        }

        private JwtAccessKeyImpl(long j, long j2, Key key, Key key2) {
            this.startTime = j;
            this.expireTime = j2;
            this.privateKey = key;
            this.publicKey = key2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isValid() {
            return (this.startTime > 0) & (this.expireTime > this.startTime) & (this.privateKey != null) & (this.publicKey != null);
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtAuthorityKey
        public long getStartTime() {
            return this.startTime;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtAuthorityKey
        public long getExpireTime() {
            return this.expireTime;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtAccessKey
        public Key getPrivateKey() {
            return this.privateKey;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtAccessKey
        public Key getPublicKey() {
            return this.publicKey;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$JwtAuthorityKeyFactory.class */
    public interface JwtAuthorityKeyFactory<K extends JwtAuthorityKey> {
        K createJwtAuthorityKey(long j) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$JwtAuthorityKeyRetriever.class */
    public interface JwtAuthorityKeyRetriever<K extends JwtAuthorityKey> {
        K[] retrieveKeys(long j, JwtAuthorityRepository jwtAuthorityRepository) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$JwtAuthorityKeySaver.class */
    public interface JwtAuthorityKeySaver<K extends JwtAuthorityKey> {
        void saveKeys(List<K> list, JwtAuthorityRepository jwtAuthorityRepository) throws Exception;
    }

    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$JwtAuthorityManagedObject.class */
    private class JwtAuthorityManagedObject<I> implements ManagedObject, JwtAuthority<I> {
        private JwtAuthorityManagedObject() {
        }

        public Object getObject() throws Throwable {
            return this;
        }

        @Override // net.officefloor.web.jwt.authority.JwtAuthority
        public RefreshToken createRefreshToken(I i) throws RefreshTokenException {
            JwtAuthorityManagedObjectSource jwtAuthorityManagedObjectSource = JwtAuthorityManagedObjectSource.this;
            if (i == null || !jwtAuthorityManagedObjectSource.identityClass.isAssignableFrom(i.getClass())) {
                throw new RefreshTokenException(new IllegalArgumentException("Identity was " + (i != null ? i.getClass().getName() : "null") + " but required to be " + jwtAuthorityManagedObjectSource.identityClass.getName()));
            }
            return (RefreshToken) jwtAuthorityManagedObjectSource.createToken(i, jwtAuthorityManagedObjectSource.refreshTokenExpirationPeriod, jwtAuthorityManagedObjectSource.jwtRefreshKeys, (httpStatus, exc) -> {
                return httpStatus != null ? new RefreshTokenException(httpStatus, exc) : new RefreshTokenException(exc);
            }, (str, jwtRefreshKey, j) -> {
                JwtRefreshKeyImpl jwtRefreshKeyImpl = (JwtRefreshKeyImpl) jwtRefreshKey;
                return new RefreshToken(JwtAuthorityManagedObjectSource.encrypt(jwtRefreshKey.getKey(), jwtRefreshKeyImpl.initVectorBytes, jwtRefreshKeyImpl.startSaltBytes, jwtRefreshKeyImpl.laceBytes, jwtRefreshKeyImpl.endSaltBytes, str, jwtAuthorityManagedObjectSource.refreshTokenCipherFactory), j);
            });
        }

        @Override // net.officefloor.web.jwt.authority.JwtAuthority
        public I decodeRefreshToken(String str) {
            String decrypt;
            JwtAuthorityManagedObjectSource jwtAuthorityManagedObjectSource = JwtAuthorityManagedObjectSource.this;
            try {
                for (JwtRefreshKey jwtRefreshKey : (JwtRefreshKey[]) jwtAuthorityManagedObjectSource.jwtRefreshKeys.getState(jwtAuthorityManagedObjectSource.keyLoadWaitTime, TimeUnit.SECONDS)) {
                    try {
                        JwtRefreshKeyImpl jwtRefreshKeyImpl = (JwtRefreshKeyImpl) jwtRefreshKey;
                        decrypt = JwtAuthorityManagedObjectSource.decrypt(jwtRefreshKey.getKey(), jwtRefreshKeyImpl.initVectorBytes, jwtRefreshKeyImpl.startSaltBytes, jwtRefreshKeyImpl.laceBytes, jwtRefreshKeyImpl.endSaltBytes, str, jwtAuthorityManagedObjectSource.refreshTokenCipherFactory);
                    } catch (Exception e) {
                    }
                    if (decrypt != null) {
                        return (I) JwtAuthorityManagedObjectSource.mapper.readValue(decrypt, jwtAuthorityManagedObjectSource.identityJavaType);
                    }
                }
                throw new RefreshTokenException(HttpStatus.UNAUTHORIZED, new IllegalArgumentException("Unable to decode refresh token"));
            } catch (TimeoutException e2) {
                throw new RefreshTokenException(HttpStatus.SERVICE_UNAVAILABLE, e2);
            }
        }

        @Override // net.officefloor.web.jwt.authority.JwtAuthority
        public void reloadRefreshKeys() {
            JwtAuthorityManagedObjectSource.this.jwtRefreshKeys.clear();
            JwtAuthorityManagedObjectSource.this.jwtRefreshKeys.poll();
        }

        @Override // net.officefloor.web.jwt.authority.JwtAuthority
        public AccessToken createAccessToken(Object obj) {
            JwtAuthorityManagedObjectSource jwtAuthorityManagedObjectSource = JwtAuthorityManagedObjectSource.this;
            return (AccessToken) jwtAuthorityManagedObjectSource.createToken(obj, jwtAuthorityManagedObjectSource.accessTokenExpirationPeriod, jwtAuthorityManagedObjectSource.jwtAccessKeys, (httpStatus, exc) -> {
                return httpStatus != null ? new AccessTokenException(httpStatus, exc) : new AccessTokenException(exc);
            }, (str, jwtAccessKey, j) -> {
                return new AccessToken(Jwts.builder().signWith(jwtAccessKey.getPrivateKey()).setPayload(str).compact(), j);
            });
        }

        @Override // net.officefloor.web.jwt.authority.JwtAuthority
        public void reloadAccessKeys() {
            JwtAuthorityManagedObjectSource.this.jwtAccessKeys.clear();
            JwtAuthorityManagedObjectSource.this.jwtAccessKeys.poll();
        }

        @Override // net.officefloor.web.jwt.authority.JwtAuthority
        public JwtValidateKey[] getActiveJwtValidateKeys() {
            JwtAuthorityManagedObjectSource jwtAuthorityManagedObjectSource = JwtAuthorityManagedObjectSource.this;
            try {
                JwtAccessKey[] jwtAccessKeyArr = (JwtAccessKey[]) jwtAuthorityManagedObjectSource.jwtAccessKeys.getState(jwtAuthorityManagedObjectSource.keyLoadWaitTime, TimeUnit.SECONDS);
                JwtValidateKey[] jwtValidateKeyArr = new JwtValidateKey[jwtAccessKeyArr.length];
                for (int i = 0; i < jwtValidateKeyArr.length; i++) {
                    JwtAccessKey jwtAccessKey = jwtAccessKeyArr[i];
                    jwtValidateKeyArr[i] = new JwtValidateKey(jwtAccessKey.getStartTime(), jwtAccessKey.getExpireTime(), jwtAccessKey.getPublicKey());
                }
                return jwtValidateKeyArr;
            } catch (TimeoutException e) {
                throw new ValidateKeysException(HttpStatus.SERVICE_UNAVAILABLE, e);
            }
        }
    }

    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$JwtRefreshCollectorImpl.class */
    private class JwtRefreshCollectorImpl implements JwtRefreshKeyCollector {
        private final StatePollContext<JwtRefreshKey[]> pollContext;

        public JwtRefreshCollectorImpl(StatePollContext<JwtRefreshKey[]> statePollContext) {
            this.pollContext = statePollContext;
        }

        @Override // net.officefloor.web.jwt.authority.JwtRefreshKeyCollector
        public void setKeys(JwtRefreshKey... jwtRefreshKeyArr) {
            this.pollContext.setNextState(jwtRefreshKeyArr, -1L, (TimeUnit) null);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$JwtRefreshKeyImpl.class */
    public static class JwtRefreshKeyImpl implements JwtRefreshKey {
        private final long startTime;
        private final long expireTime;
        private final String initVector;
        private final byte[] initVectorBytes;
        private final String startSalt;
        private final byte[] startSaltBytes;
        private final String lace;
        private final byte[] laceBytes;
        private final String endSalt;
        private final byte[] endSaltBytes;
        private final Key key;

        private static byte[] bytes(String str) {
            if (str != null) {
                return str.getBytes(JwtAuthorityManagedObjectSource.UTF8);
            }
            return null;
        }

        private JwtRefreshKeyImpl(JwtRefreshKey jwtRefreshKey) {
            this(jwtRefreshKey.getStartTime(), jwtRefreshKey.getExpireTime(), jwtRefreshKey.getInitVector(), jwtRefreshKey.getStartSalt(), jwtRefreshKey.getLace(), jwtRefreshKey.getEndSalt(), jwtRefreshKey.getKey());
        }

        private JwtRefreshKeyImpl(long j, long j2, String str, String str2, String str3, String str4, Key key) {
            this.startTime = j;
            this.expireTime = j2;
            this.initVector = str;
            this.initVectorBytes = bytes(str);
            this.startSalt = str2;
            this.startSaltBytes = bytes(str2);
            this.lace = str3;
            this.laceBytes = bytes(str3);
            this.endSalt = str4;
            this.endSaltBytes = bytes(str4);
            this.key = key;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isValid() {
            return (this.startTime > 0) & (this.expireTime > this.startTime) & (this.initVector != null) & (this.initVector.length() > 0) & (this.startSalt != null) & (this.startSalt.length() > 0) & (this.lace != null) & (this.lace.length() > 0) & (this.endSalt != null) & (this.endSalt.length() > 0) & (this.key != null);
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtAuthorityKey
        public long getStartTime() {
            return this.startTime;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtAuthorityKey
        public long getExpireTime() {
            return this.expireTime;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtRefreshKey
        public String getInitVector() {
            return this.initVector;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtRefreshKey
        public String getStartSalt() {
            return this.startSalt;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtRefreshKey
        public String getLace() {
            return this.lace;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtRefreshKey
        public String getEndSalt() {
            return this.endSalt;
        }

        @Override // net.officefloor.web.jwt.authority.repository.JwtRefreshKey
        public Key getKey() {
            return this.key;
        }
    }

    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$RetrieveKeysDependencies.class */
    private enum RetrieveKeysDependencies {
        COLLECTOR,
        JWT_AUTHORITY_REPOSITORY
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$TimeWindow.class */
    public static class TimeWindow {
        private Long nbf;
        private Long exp;

        protected TimeWindow() {
        }

        public void setNbf(Long l) {
            this.nbf = l;
        }

        public void setExp(Long l) {
            this.exp = l;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:net/officefloor/web/jwt/authority/JwtAuthorityManagedObjectSource$Tokeniser.class */
    public interface Tokeniser<K extends JwtAuthorityKey, J> {
        J tokenise(String str, K k, long j) throws Exception;
    }

    public static String randomString(int i, int i2) {
        ThreadLocalRandom current = ThreadLocalRandom.current();
        int nextInt = i == i2 ? i2 : i + current.nextInt(i2 - i);
        int i3 = 1;
        while (true) {
            byte[] bArr = new byte[nextInt * i3];
            current.nextBytes(bArr);
            String encodeToString = Base64.getUrlEncoder().encodeToString(bArr);
            if (encodeToString.length() >= nextInt) {
                return encodeToString.substring(0, nextInt);
            }
            i3++;
        }
    }

    public static String encrypt(Key key, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, String str, CipherFactory cipherFactory) throws Exception {
        byte[] bytes = str.getBytes(UTF8);
        byte[] bArr5 = new byte[bArr2.length + (bytes.length * 2) + bArr4.length];
        System.arraycopy(bArr2, 0, bArr5, 0, bArr2.length);
        for (int i = 0; i < bytes.length; i++) {
            byte b = bArr3[i % bArr3.length];
            int length = bArr2.length + (i * 2);
            bArr5[length] = b;
            bArr5[length + 1] = bytes[i];
        }
        System.arraycopy(bArr4, 0, bArr5, bArr2.length + (bytes.length * 2), bArr4.length);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher createCipher = cipherFactory.createCipher();
        createCipher.init(1, key, ivParameterSpec);
        return Base64.getUrlEncoder().encodeToString(createCipher.doFinal(bArr5));
    }

    public static String decrypt(Key key, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, String str, CipherFactory cipherFactory) throws Exception {
        byte[] decode = Base64.getUrlDecoder().decode(str);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher createCipher = cipherFactory.createCipher();
        createCipher.init(2, key, ivParameterSpec);
        byte[] doFinal = createCipher.doFinal(decode);
        if (bArr2.length + bArr4.length > doFinal.length) {
            return null;
        }
        for (int i = 0; i < bArr2.length; i++) {
            if (doFinal[i] != bArr2[i]) {
                return null;
            }
        }
        int length = doFinal.length - bArr4.length;
        for (int i2 = 0; i2 < bArr4.length; i2++) {
            if (doFinal[length + i2] != bArr4[i2]) {
                return null;
            }
        }
        int length2 = ((doFinal.length - bArr2.length) - bArr4.length) / 2;
        byte[] bArr5 = new byte[length2];
        for (int i3 = 0; i3 < length2; i3++) {
            byte b = bArr3[i3 % bArr3.length];
            int length3 = bArr2.length + (i3 * 2);
            if (doFinal[length3] != b) {
                return null;
            }
            bArr5[i3] = doFinal[length3 + 1];
        }
        return new String(bArr5, UTF8);
    }

    private <K extends JwtAuthorityKey> K[] loadKeysForCoverage(JwtAuthorityRepository jwtAuthorityRepository, long j, int i, long j2, JwtAuthorityKeyRetriever<K> jwtAuthorityKeyRetriever, JwtAuthorityKeySaver<K> jwtAuthorityKeySaver, JwtAuthorityKeyFactory<K> jwtAuthorityKeyFactory) throws Exception {
        long longValue = ((Long) this.timeInSeconds.getTime()).longValue();
        long j3 = longValue - j;
        JwtAuthorityKey[] retrieveKeys = jwtAuthorityKeyRetriever.retrieveKeys(j3, jwtAuthorityRepository);
        long j4 = j * i;
        long j5 = (((longValue - j4) + j2) - j4) + j2;
        if (calculateKeyCoverageUntil(longValue, j5, retrieveKeys) <= j5) {
            ArrayList arrayList = new ArrayList(1);
            jwtAuthorityRepository.doClusterCriticalSection(jwtAuthorityRepository2 -> {
                JwtAuthorityKey[] retrieveKeys2 = jwtAuthorityKeyRetriever.retrieveKeys(j3, jwtAuthorityRepository2);
                long calculateKeyCoverageUntil = calculateKeyCoverageUntil(longValue, j5, retrieveKeys2);
                while (true) {
                    long j6 = calculateKeyCoverageUntil;
                    if (j6 >= j5) {
                        jwtAuthorityKeySaver.saveKeys(arrayList, jwtAuthorityRepository2);
                        return;
                    }
                    JwtAuthorityKey createJwtAuthorityKey = jwtAuthorityKeyFactory.createJwtAuthorityKey(j6 - j4);
                    arrayList.add(createJwtAuthorityKey);
                    retrieveKeys2 = (JwtAuthorityKey[]) Arrays.copyOf(retrieveKeys2, retrieveKeys2.length + 1);
                    retrieveKeys2[retrieveKeys2.length - 1] = createJwtAuthorityKey;
                    calculateKeyCoverageUntil = calculateKeyCoverageUntil(j6, j5, retrieveKeys2);
                }
            });
            retrieveKeys = (JwtAuthorityKey[]) Arrays.copyOf(retrieveKeys, retrieveKeys.length + arrayList.size());
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                retrieveKeys[(retrieveKeys.length - arrayList.size()) + i2] = (JwtAuthorityKey) arrayList.get(i2);
            }
        }
        return (K[]) retrieveKeys;
    }

    private long calculateKeyCoverageUntil(long j, long j2, JwtAuthorityKey[] jwtAuthorityKeyArr) {
        long j3;
        long j4 = j;
        do {
            long j5 = j4;
            j3 = j4;
            for (JwtAuthorityKey jwtAuthorityKey : jwtAuthorityKeyArr) {
                if (jwtAuthorityKey.getStartTime() <= j5 && jwtAuthorityKey.getExpireTime() > j4) {
                    j4 = jwtAuthorityKey.getExpireTime();
                }
            }
            if (j4 > j2) {
                break;
            }
        } while (j3 != j4);
        return j4;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public <J, K extends JwtAuthorityKey, T extends Exception> J createToken(Object obj, long j, StatePoller<K[], ?> statePoller, BiFunction<HttpStatus, Exception, T> biFunction, Tokeniser<K, J> tokeniser) throws Exception {
        long j2;
        try {
            String trim = mapper.writeValueAsString(obj).trim();
            int lastIndexOf = trim.lastIndexOf(125);
            if (lastIndexOf != trim.length() - 1) {
                throw biFunction.apply(null, new IllegalArgumentException("Must be JSON object (start end with {}) - but was " + trim));
            }
            try {
                TimeWindow timeWindow = (TimeWindow) mapper.readValue(trim, timeWindowJavaType);
                long longValue = ((Long) this.timeInSeconds.getTime()).longValue();
                long j3 = longValue;
                if (timeWindow.nbf != null) {
                    j3 = timeWindow.nbf.longValue();
                }
                if (timeWindow.exp != null) {
                    j2 = timeWindow.exp.longValue();
                } else {
                    j2 = longValue + j;
                    trim = trim.substring(0, lastIndexOf) + ",\"exp\":" + j2 + "}";
                }
                if (j3 > j2) {
                    throw biFunction.apply(null, new IllegalArgumentException("nbf (" + j3 + ") must not be after exp (" + j2 + ")"));
                }
                try {
                    K k = null;
                    long j4 = j2 + (2 * (j2 - j3));
                    for (JwtRefreshKey jwtRefreshKey : (JwtAuthorityKey[]) statePoller.getState(this.keyLoadWaitTime, TimeUnit.SECONDS)) {
                        if (jwtRefreshKey.getStartTime() <= j3 && jwtRefreshKey.getExpireTime() >= j4 && (k == null || k.getExpireTime() >= jwtRefreshKey.getExpireTime())) {
                            k = jwtRefreshKey;
                        }
                    }
                    if (k != null) {
                        try {
                            return tokeniser.tokenise(trim, k, j2);
                        } catch (Exception e) {
                            throw biFunction.apply(null, e);
                        }
                    }
                    statePoller.poll();
                    throw biFunction.apply(null, new IllegalStateException("No key available for encoding (nbf: " + dateTimeFormatter.format(Instant.ofEpochSecond(j3).atZone(ZoneId.systemDefault())) + ", exp: " + dateTimeFormatter.format(Instant.ofEpochSecond(j2).atZone(ZoneId.systemDefault())) + ")"));
                } catch (TimeoutException e2) {
                    throw biFunction.apply(HttpStatus.SERVICE_UNAVAILABLE, e2);
                }
            } catch (Exception e3) {
                throw biFunction.apply(null, e3);
            }
        } catch (Exception e4) {
            throw new AccessTokenException(e4);
        }
    }

    protected void loadSpecification(AbstractAsyncManagedObjectSource.SpecificationContext specificationContext) {
        specificationContext.addProperty(PROPERTY_IDENTITY_CLASS, "Identity Class");
    }

    protected void loadMetaData(AbstractAsyncManagedObjectSource.MetaDataContext<None, Flows> metaDataContext) throws Exception {
        ManagedObjectSourceContext managedObjectSourceContext = metaDataContext.getManagedObjectSourceContext();
        this.identityClass = managedObjectSourceContext.loadClass(managedObjectSourceContext.getProperty(PROPERTY_IDENTITY_CLASS));
        this.identityJavaType = mapper.constructType(this.identityClass);
        if (!mapper.canSerialize(this.identityClass)) {
            throw new IllegalStateException("Unable to serialize " + this.identityClass.getName());
        }
        if (!mapper.canDeserialize(this.identityJavaType)) {
            throw new IllegalStateException("Unable to deserialize " + this.identityClass.getName());
        }
        this.accessTokenExpirationPeriod = Long.parseLong(managedObjectSourceContext.getProperty(PROPERTY_ACCESS_TOKEN_EXPIRATION_PERIOD, String.valueOf(DEFAULT_ACCESS_TOKEN_EXPIRATION_PERIOD)));
        this.accessKeyExpirationPeriod = Long.parseLong(managedObjectSourceContext.getProperty(PROPERTY_ACCESS_KEY_EXPIRATION_PERIOD, String.valueOf(DEFAULT_ACCESS_KEY_EXPIRATION_PERIOD)));
        this.accessKeyOverlapPeriods = Integer.parseInt(managedObjectSourceContext.getProperty(PROPERTY_ACCESS_KEY_OVERLAP_PERIODS, String.valueOf(3)));
        this.refreshTokenExpirationPeriod = Long.parseLong(managedObjectSourceContext.getProperty(PROPERTY_REFRESH_TOKEN_EXPIRATION_PERIOD, String.valueOf(DEFAULT_REFRESH_TOKEN_EXPIRATION_PERIOD)));
        this.refreshKeyExpirationPeriod = Long.parseLong(managedObjectSourceContext.getProperty(PROPERTY_REFRESH_KEY_EXPIRATION_PERIOD, String.valueOf(DEFAULT_REFRESH_KEY_EXPIRATION_PERIOD)));
        this.refreshKeyOverlapPeriods = Integer.parseInt(managedObjectSourceContext.getProperty(PROPERTY_REFRESH_KEY_OVERLAP_PERIODS, String.valueOf(3)));
        this.keyLoadWaitTime = Long.parseLong(managedObjectSourceContext.getProperty(PROPERTY_KEY_LOAD_WAIT_TIME, String.valueOf(3)));
        this.accessTokenKeyFactory = (AsynchronousKeyFactory) managedObjectSourceContext.loadClass(managedObjectSourceContext.getProperty(PROPERTY_ACCESS_TOKEN_KEY_FACTORY, DEFAULT_ACCESS_TOKEN_KEY_FACTORY)).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        this.refreshTokenCipherFactory = (CipherFactory) managedObjectSourceContext.loadClass(managedObjectSourceContext.getProperty(PROPERTY_REFRESH_TOKEN_CIPHER_FACTORY, DEFAULT_REFRESH_TOKEN_CIPHER_FACTORY)).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        this.refreshTokenKeyFactory = (SynchronousKeyFactory) managedObjectSourceContext.loadClass(managedObjectSourceContext.getProperty(PROPERTY_REFRESH_TOKEN_KEY_FACTORY, DEFAULT_REFRESH_TOKEN_KEY_FACTORY)).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        long j = this.accessKeyOverlapPeriods * this.accessTokenExpirationPeriod;
        long j2 = 2 * j;
        if (this.accessKeyExpirationPeriod <= j2) {
            throw new IllegalArgumentException(JwtAccessKey.class.getSimpleName() + " expiration period (" + this.accessKeyExpirationPeriod + " seconds) is below overlap period ((" + this.accessTokenExpirationPeriod + " seconds period * " + this.accessKeyOverlapPeriods + " periods = " + j + " seconds) * 2 for overlap start/end = " + j2 + " seconds)");
        }
        long j3 = this.refreshKeyOverlapPeriods * this.refreshTokenExpirationPeriod;
        long j4 = 2 * j3;
        if (this.refreshKeyExpirationPeriod <= j4) {
            throw new IllegalArgumentException(JwtRefreshKey.class.getSimpleName() + " expiration period (" + this.refreshKeyExpirationPeriod + " seconds) is below overlap period ((" + this.refreshTokenExpirationPeriod + " seconds period * " + this.refreshKeyOverlapPeriods + " periods = " + j3 + " seconds) * 2 for overlap start/end = " + j4 + " seconds)");
        }
        metaDataContext.setObjectClass(JwtAuthority.class);
        metaDataContext.setManagedObjectClass(JwtAuthorityManagedObject.class);
        metaDataContext.addFlow(Flows.RETRIEVE_ENCODE_KEYS, JwtAccessKeyCollector.class);
        metaDataContext.addFlow(Flows.RETRIEVE_REFRESH_KEYS, JwtRefreshKeyCollector.class);
        this.timeInSeconds = managedObjectSourceContext.getClock(l -> {
            return l;
        });
        ManagedObjectFunctionDependency addFunctionDependency = managedObjectSourceContext.addFunctionDependency(JwtAuthorityRepository.class.getSimpleName(), JwtAuthorityRepository.class);
        JwksKeyParser[] loadJwksKeyParsers = JwksSectionSource.loadJwksKeyParsers(managedObjectSourceContext);
        this.retrieveKeysContextFactory = l2 -> {
            return new JwtAuthorityRepository.RetrieveKeysContext() { // from class: net.officefloor.web.jwt.authority.JwtAuthorityManagedObjectSource.1
                @Override // net.officefloor.web.jwt.authority.repository.JwtAuthorityRepository.RetrieveKeysContext
                public long getActiveAfter() {
                    return l2.longValue();
                }

                /* JADX WARN: Removed duplicated region for block: B:21:0x00e0 A[Catch: Exception -> 0x0114, TryCatch #0 {Exception -> 0x0114, blocks: (B:5:0x002d, B:6:0x0047, B:8:0x0051, B:10:0x0062, B:11:0x0069, B:12:0x008d, B:13:0x00a8, B:16:0x00b8, B:20:0x00c7, B:21:0x00e0, B:24:0x0100, B:27:0x010a), top: B:4:0x002d }] */
                /* JADX WARN: Removed duplicated region for block: B:24:0x0100 A[Catch: Exception -> 0x0114, TryCatch #0 {Exception -> 0x0114, blocks: (B:5:0x002d, B:6:0x0047, B:8:0x0051, B:10:0x0062, B:11:0x0069, B:12:0x008d, B:13:0x00a8, B:16:0x00b8, B:20:0x00c7, B:21:0x00e0, B:24:0x0100, B:27:0x010a), top: B:4:0x002d }] */
                @Override // net.officefloor.web.jwt.authority.repository.JwtAuthorityRepository.RetrieveKeysContext
                /*
                    Code decompiled incorrectly, please refer to instructions dump.
                    To view partially-correct add '--show-bad-code' argument
                */
                public java.security.Key deserialise(java.lang.String r5) {
                    /*
                        Method dump skipped, instructions count: 299
                        To view this dump add '--comments-level debug' option
                    */
                    throw new UnsupportedOperationException("Method not decompiled: net.officefloor.web.jwt.authority.JwtAuthorityManagedObjectSource.AnonymousClass1.deserialise(java.lang.String):java.security.Key");
                }
            };
        };
        final JwksKeyWriter<?>[] loadJwksKeyWriters = JwksPublishSectionSource.loadJwksKeyWriters(managedObjectSourceContext);
        this.saveKeysContext = new JwtAuthorityRepository.SaveKeysContext() { // from class: net.officefloor.web.jwt.authority.JwtAuthorityManagedObjectSource.2
            @Override // net.officefloor.web.jwt.authority.repository.JwtAuthorityRepository.SaveKeysContext
            public String serialise(Key key) {
                try {
                    String writeKey = JwksPublishSectionSource.writeKey(key, loadJwksKeyWriters);
                    if (writeKey == null) {
                        throw new IllegalArgumentException("No " + JwksKeyWriter.class.getSimpleName() + " available for key (algorithm " + key.getAlgorithm() + ", format " + key.getFormat() + ", type " + key.getClass().getName() + ")");
                    }
                    return writeKey;
                } catch (Exception e) {
                    throw new IllegalArgumentException(e);
                }
            }
        };
        int initVectorSize = this.refreshTokenCipherFactory.getInitVectorSize();
        ManagedObjectFunctionBuilder addManagedFunction = managedObjectSourceContext.addManagedFunction(Flows.RETRIEVE_ENCODE_KEYS.name(), () -> {
            return managedFunctionContext -> {
                ((JwtAccessKeyCollector) managedFunctionContext.getObject(RetrieveKeysDependencies.COLLECTOR)).setKeys((JwtAccessKey[]) loadKeysForCoverage((JwtAuthorityRepository) managedFunctionContext.getObject(RetrieveKeysDependencies.JWT_AUTHORITY_REPOSITORY), this.accessTokenExpirationPeriod, this.accessKeyOverlapPeriods, this.accessKeyExpirationPeriod, (j5, jwtAuthorityRepository) -> {
                    return (JwtAccessKey[]) jwtAuthorityRepository.retrieveJwtAccessKeys(this.retrieveKeysContextFactory.apply(Long.valueOf(j5))).stream().map(jwtAccessKey -> {
                        return new JwtAccessKeyImpl(jwtAccessKey);
                    }).filter(jwtAccessKeyImpl -> {
                        return jwtAccessKeyImpl.isValid();
                    }).toArray(i -> {
                        return new JwtAccessKey[i];
                    });
                }, (list, jwtAuthorityRepository2) -> {
                    jwtAuthorityRepository2.saveJwtAccessKeys(this.saveKeysContext, (JwtAccessKey[]) list.toArray(new JwtAccessKey[list.size()]));
                }, j6 -> {
                    long j6 = j6 + this.accessKeyExpirationPeriod;
                    KeyPair createAsynchronousKeyPair = this.accessTokenKeyFactory.createAsynchronousKeyPair();
                    return new JwtAccessKeyImpl(j6, j6, createAsynchronousKeyPair.getPrivate(), createAsynchronousKeyPair.getPublic());
                }));
                return null;
            };
        });
        addManagedFunction.linkParameter(RetrieveKeysDependencies.COLLECTOR, JwtAccessKeyCollector.class);
        addManagedFunction.linkObject(RetrieveKeysDependencies.JWT_AUTHORITY_REPOSITORY, addFunctionDependency);
        managedObjectSourceContext.getFlow(Flows.RETRIEVE_ENCODE_KEYS).linkFunction(Flows.RETRIEVE_ENCODE_KEYS.name());
        ManagedObjectFunctionBuilder addManagedFunction2 = managedObjectSourceContext.addManagedFunction(Flows.RETRIEVE_REFRESH_KEYS.name(), () -> {
            return managedFunctionContext -> {
                ((JwtRefreshKeyCollector) managedFunctionContext.getObject(RetrieveKeysDependencies.COLLECTOR)).setKeys((JwtRefreshKey[]) loadKeysForCoverage((JwtAuthorityRepository) managedFunctionContext.getObject(RetrieveKeysDependencies.JWT_AUTHORITY_REPOSITORY), this.refreshTokenExpirationPeriod, this.refreshKeyOverlapPeriods, this.refreshKeyExpirationPeriod, (j5, jwtAuthorityRepository) -> {
                    return (JwtRefreshKey[]) jwtAuthorityRepository.retrieveJwtRefreshKeys(this.retrieveKeysContextFactory.apply(Long.valueOf(j5))).stream().map(jwtRefreshKey -> {
                        return new JwtRefreshKeyImpl(jwtRefreshKey);
                    }).filter(jwtRefreshKeyImpl -> {
                        return jwtRefreshKeyImpl.isValid();
                    }).toArray(i -> {
                        return new JwtRefreshKey[i];
                    });
                }, (list, jwtAuthorityRepository2) -> {
                    jwtAuthorityRepository2.saveJwtRefreshKeys(this.saveKeysContext, (JwtRefreshKey[]) list.toArray(new JwtRefreshKey[list.size()]));
                }, j6 -> {
                    return new JwtRefreshKeyImpl(j6, j6 + this.refreshKeyExpirationPeriod, randomString(initVectorSize, initVectorSize), randomString(5, 25), randomString(80, 100), randomString(5, 25), this.refreshTokenKeyFactory.createSynchronousKey());
                }));
                return null;
            };
        });
        addManagedFunction2.linkParameter(RetrieveKeysDependencies.COLLECTOR, JwtRefreshKeyCollector.class);
        addManagedFunction2.linkObject(RetrieveKeysDependencies.JWT_AUTHORITY_REPOSITORY, addFunctionDependency);
        managedObjectSourceContext.getFlow(Flows.RETRIEVE_REFRESH_KEYS).linkFunction(Flows.RETRIEVE_REFRESH_KEYS.name());
    }

    public void start(ManagedObjectExecuteContext<Flows> managedObjectExecuteContext) throws Exception {
        this.jwtAccessKeys = StatePoller.builder(JwtAccessKey[].class, Flows.RETRIEVE_ENCODE_KEYS, managedObjectExecuteContext, statePollContext -> {
            return new JwtAuthorityManagedObject();
        }).parameter(statePollContext2 -> {
            return new JwtAccesKeysCollectorImpl(statePollContext2);
        }).identifier("JWT Access Keys").defaultPollInterval(this.accessTokenExpirationPeriod, TimeUnit.SECONDS).build();
        this.jwtRefreshKeys = StatePoller.builder(JwtRefreshKey[].class, Flows.RETRIEVE_REFRESH_KEYS, managedObjectExecuteContext, statePollContext3 -> {
            return new JwtAuthorityManagedObject();
        }).parameter(statePollContext4 -> {
            return new JwtRefreshCollectorImpl(statePollContext4);
        }).identifier("JWT Refresh Keys").defaultPollInterval(this.refreshTokenExpirationPeriod, TimeUnit.SECONDS).build();
    }

    protected ManagedObject getManagedObject() throws Throwable {
        return new JwtAuthorityManagedObject();
    }

    static {
        if (!mapper.canDeserialize(timeWindowJavaType)) {
            throw new IllegalStateException("Unable to deserialize " + TimeWindow.class.getSimpleName());
        }
        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    }
}
