package com.mapr.data.gateway.auth;

import com.mapr.data.gateway.Configs;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import java.util.Date;
import java.util.function.Function;
import org.ojai.Document;
import org.ojai.store.exceptions.AuthenticationException;
import org.ojai.store.exceptions.ExpiredTokenException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/data/gateway/auth/JwtAuthenticator.class */
public final class JwtAuthenticator extends BaseAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticator.class);
    private static final int NUM_SECS_IN_THIRTY_MINUTES = 1800;
    public static final String SCHEME = "bearer";
    private static final String DEFAULT_SIGNING_KEY = "bad_jwt_signing_key";
    private static String signingKey;
    private static Long tokenExpirationMillis;

    @Override // com.mapr.data.gateway.auth.Authenticator
    public void init(Document document) throws AuthenticationException {
        signingKey = Configs.getString(document, Configs.MAPR_DAG_AUTH_TOKEN_SECRET, DEFAULT_SIGNING_KEY);
        if (signingKey == DEFAULT_SIGNING_KEY) {
            log.warn("A signing key was not configured for JWT authenticator!!!! Using default!!!");
        }
        tokenExpirationMillis = Long.valueOf(Configs.getLong(document, Configs.MAPR_DAG_AUTH_TOKEN_EXPIRATION, 1800L) * 1000);
        log.info("JWT token expiration duration set to {}ms.", tokenExpirationMillis);
    }

    @Override // com.mapr.data.gateway.auth.Authenticator
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String token = authentication.getToken();
        if (token == null) {
            throw new AuthenticationException("A JWT token was not part of the authentication object.");
        }
        try {
            return UserInfo.builder().userName((String) getClaim((Claims) Jwts.parser().setSigningKey(signingKey).parseClaimsJws(token).getBody(), (v0) -> {
                return v0.getSubject();
            })).authenticated(true).build();
        } catch (UnsupportedJwtException | MalformedJwtException | SignatureException | IllegalArgumentException e) {
            throw new AuthenticationException("JWT verification failed! " + e.getMessage(), e);
        } catch (ExpiredJwtException e2) {
            throw new ExpiredTokenException("Expired JWT token!", e2);
        }
    }

    private <T> T getClaim(Claims claims, Function<Claims, T> function) {
        return function.apply(claims);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String generateToken(String str) {
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        return Jwts.builder().setSubject(str).setIssuedAt(date).setExpiration(new Date(currentTimeMillis + tokenExpirationMillis.longValue())).signWith(SignatureAlgorithm.HS512, signingKey).compact();
    }

    @Override // com.mapr.data.gateway.auth.Authenticator
    public String getScheme() {
        return SCHEME;
    }
}
