package icu.takeneko.appwebterminal.support.http.plugins;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.Payload;
import icu.takeneko.appwebterminal.AppWebTerminal;
import icu.takeneko.appwebterminal.support.AENetworkSupport;
import icu.takeneko.appwebterminal.util.QueryJWTAuthKt;
import icu.takeneko.appwebterminal.util.QueryParamJWTAuthenticationProvider;
import io.ktor.server.application.Application;
import io.ktor.server.application.ApplicationPluginKt;
import io.ktor.server.auth.Authentication;
import io.ktor.server.auth.AuthenticationConfig;
import io.ktor.server.auth.jwt.JWTAuthKt;
import io.ktor.server.auth.jwt.JWTAuthenticationProvider;
import io.ktor.util.CryptoKt;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:appwebterminal-1.2.2.jar:icu/takeneko/appwebterminal/support/http/plugins/SecurityKt.class
 */
/* compiled from: Security.kt */
@Metadata(mv = {2, 0, 0}, k = 2, xi = 48, d1 = {"��0\n��\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\u001a\n\u0010\f\u001a\u00020\r*\u00020\u000e\u001a\u000e\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012\"\u000e\u0010��\u001a\u00020\u0001X\u0086T¢\u0006\u0002\n��\"\u0011\u0010\u0002\u001a\u00020\u0001¢\u0006\b\n��\u001a\u0004\b\u0003\u0010\u0004\"\u0018\u0010\u0005\u001a\n \u0007*\u0004\u0018\u00010\u00060\u0006X\u0082\u0004¢\u0006\u0004\n\u0002\u0010\b\"\u0018\u0010\t\u001a\n \u0007*\u0004\u0018\u00010\n0\nX\u0082\u0004¢\u0006\u0004\n\u0002\u0010\u000b¨\u0006\u0013"}, d2 = {"jwtAudience", "", "jwtSecret", "getJwtSecret", "()Ljava/lang/String;", "logger", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "Lorg/slf4j/Logger;", "jwtVerifier", "Lcom/auth0/jwt/JWTVerifier;", "Lcom/auth0/jwt/JWTVerifier;", "configureSecurity", "", "Lio/ktor/server/application/Application;", "validateJwt", "", "payload", "Lcom/auth0/jwt/interfaces/Payload;", AppWebTerminal.MOD_ID})
/* loaded from: input_file:icu/takeneko/appwebterminal/support/http/plugins/SecurityKt.class */
public final class SecurityKt {

    @NotNull
    private static final String jwtSecret = CryptoKt.generateNonce();
    private static final Logger logger = LoggerFactory.getLogger("configureSecurity");

    @NotNull
    public static final String jwtAudience = "WebTerminalFrontend";
    private static final JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(jwtSecret)).withAudience(jwtAudience).withIssuer("AppliedWebTerminal").build();

    @NotNull
    public static final String getJwtSecret() {
        return jwtSecret;
    }

    public static final void configureSecurity(@NotNull Application application) {
        Intrinsics.checkNotNullParameter(application, "<this>");
        logger.info("Using " + jwtSecret + " as JWT secret.");
        ApplicationPluginKt.install(application, Authentication.Companion, SecurityKt::configureSecurity$lambda$2);
    }

    public static final boolean validateJwt(@NotNull Payload payload) {
        boolean z;
        Intrinsics.checkNotNullParameter(payload, "payload");
        Claim claim = payload.getClaim("uuid");
        Claim claim2 = payload.getClaim("nonce");
        if (claim.isNull() || claim2.isNull()) {
            return false;
        }
        try {
            UUID fromString = UUID.fromString(claim.asString());
            String asString = claim2.asString();
            AENetworkSupport aENetworkSupport = AENetworkSupport.INSTANCE;
            Intrinsics.checkNotNull(fromString);
            Intrinsics.checkNotNull(asString);
            z = aENetworkSupport.validateNonce(fromString, asString);
        } catch (IllegalArgumentException e) {
            logger.warn("Could not validate jwt token: ", e);
            z = false;
        }
        return z;
    }

    private static final Unit configureSecurity$lambda$2$lambda$0(JWTAuthenticationProvider.Config config) {
        Intrinsics.checkNotNullParameter(config, "$this$jwt");
        config.setRealm("AppliedWebTerminal");
        JWTVerifier jWTVerifier = jwtVerifier;
        Intrinsics.checkNotNullExpressionValue(jWTVerifier, "jwtVerifier");
        config.verifier(jWTVerifier);
        config.validate(new SecurityKt$configureSecurity$1$1$1(null));
        config.challenge(new SecurityKt$configureSecurity$1$1$2(null));
        return Unit.INSTANCE;
    }

    private static final Unit configureSecurity$lambda$2$lambda$1(QueryParamJWTAuthenticationProvider.Config config) {
        Intrinsics.checkNotNullParameter(config, "$this$queryJwt");
        JWTVerifier build = JWT.require(Algorithm.HMAC256(jwtSecret)).withAudience(jwtAudience).withIssuer("AppliedWebTerminal").build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        config.verifier(build);
        config.validate(new SecurityKt$configureSecurity$1$2$1(null));
        config.challenge(new SecurityKt$configureSecurity$1$2$2(null));
        return Unit.INSTANCE;
    }

    private static final Unit configureSecurity$lambda$2(AuthenticationConfig authenticationConfig) {
        Intrinsics.checkNotNullParameter(authenticationConfig, "$this$install");
        JWTAuthKt.jwt(authenticationConfig, "jwt", SecurityKt::configureSecurity$lambda$2$lambda$0);
        QueryJWTAuthKt.queryJwt(authenticationConfig, "query_jwt", SecurityKt::configureSecurity$lambda$2$lambda$1);
        return Unit.INSTANCE;
    }
}
