package net.creeperhost.blockshot.repack.net.creeperhost.minetogether.session;

import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Base64;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:net/creeperhost/blockshot/repack/net/creeperhost/minetogether/session/JWebToken.class */
public class JWebToken {
    private final UUID uuid;
    private final String username;
    private final String uuidHash;
    private final long issued;
    private final long expiry;
    private final String payloadString;
    private final String signature;
    private static final Gson GSON = new Gson();
    private static final String JWT_HEADER = "{\"alg\":\"ES256\",\"typ\":\"JWT\"}";
    private static final String JWT_HEADER_ENCODED = base64Encode(JWT_HEADER);
    private static final long EXPIRY = TimeUnit.HOURS.toMillis(18);
    private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();

    public JWebToken(UUID uuid, String str, PrivateKey privateKey) {
        this(uuid, str, privateKey, EXPIRY);
    }

    public JWebToken(UUID uuid, String str, PrivateKey privateKey, long j) {
        this.uuid = uuid;
        this.username = str;
        this.uuidHash = hashBytes("SHA-256", uuid.toString().getBytes(StandardCharsets.UTF_8));
        this.issued = System.currentTimeMillis();
        this.expiry = this.issued + j;
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("sub", uuid.toString());
        jsonObject.addProperty("usn", str);
        jsonObject.addProperty("sha", this.uuidHash);
        jsonObject.addProperty("iat", Long.valueOf(this.issued));
        jsonObject.addProperty("exp", Long.valueOf(this.expiry));
        this.payloadString = jsonObject.toString();
        this.signature = signPayload(this.payloadString, privateKey);
    }

    private JWebToken(UUID uuid, String str, String str2, long j, long j2, String str3, String str4) {
        this.uuid = uuid;
        this.username = str;
        this.uuidHash = str2;
        this.issued = j;
        this.expiry = j2;
        this.payloadString = str3;
        this.signature = str4;
    }

    @Nullable
    public static JWebToken tryParse(String str) {
        try {
            return parse(str);
        } catch (InvalidJWebToken e) {
            return null;
        }
    }

    public static JWebToken parse(String str) throws InvalidJWebToken {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new InvalidJWebToken("Invalid JWT format.");
        }
        if (!split[0].equals(JWT_HEADER_ENCODED)) {
            throw new InvalidJWebToken("Incorrect JWT header.");
        }
        String str2 = split[1];
        if (str2.isEmpty()) {
            throw new InvalidJWebToken("Payload is empty.");
        }
        String base64Decode = base64Decode(str2);
        try {
            JsonObject jsonObject = (JsonObject) GSON.fromJson(base64Decode, JsonObject.class);
            JsonElement jsonElement = jsonObject.get("sub");
            if (jsonElement == null || !jsonElement.isJsonPrimitive()) {
                throw new InvalidJWebToken("Payload is missing subject field.");
            }
            String asString = jsonElement.getAsString();
            JsonElement jsonElement2 = jsonObject.get("usn");
            if (jsonElement2 == null || !jsonElement.isJsonPrimitive()) {
                throw new InvalidJWebToken("Payload is missing username field.");
            }
            String asString2 = jsonElement2.getAsString();
            JsonElement jsonElement3 = jsonObject.get("sha");
            if (jsonElement3 == null || !jsonElement.isJsonPrimitive()) {
                throw new InvalidJWebToken("Payload is missing uuidHash field.");
            }
            String asString3 = jsonElement3.getAsString();
            JsonElement jsonElement4 = jsonObject.get("iat");
            if (jsonElement4 == null || !jsonElement4.isJsonPrimitive()) {
                throw new InvalidJWebToken("Payload is missing issued at field.");
            }
            long asLong = jsonElement4.getAsLong();
            JsonElement jsonElement5 = jsonObject.get("exp");
            if (jsonElement5 == null || !jsonElement5.isJsonPrimitive()) {
                throw new InvalidJWebToken("Payload is missing expiry field.");
            }
            return new JWebToken(UUID.fromString(asString), asString2, asString3, asLong, jsonElement5.getAsLong(), base64Decode, split[2]);
        } catch (JsonParseException e) {
            throw new InvalidJWebToken("Payload is not valid json.", e);
        }
    }

    public UUID getUuid() {
        return this.uuid;
    }

    public String getUsername() {
        return this.username;
    }

    public String getUuidHash() {
        return this.uuidHash;
    }

    public long getIssued() {
        return this.issued;
    }

    public long getExpiry() {
        return this.expiry;
    }

    public boolean isSignatureValid(PublicKey publicKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initVerify(publicKey);
            signature.update(this.payloadString.getBytes(StandardCharsets.UTF_8));
            return signature.verify(base64DecodeBytes(this.signature));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            return false;
        }
    }

    public boolean isExpired() {
        return isExpiredAt(System.currentTimeMillis());
    }

    public boolean isExpiredAt(long j) {
        return j > this.expiry;
    }

    public boolean isValid(PublicKey publicKey) {
        return !isExpired() && isSignatureValid(publicKey);
    }

    public String toString() {
        return JWT_HEADER_ENCODED + "." + base64Encode(this.payloadString) + "." + this.signature;
    }

    public static boolean isValid(PublicKey publicKey, String str) {
        try {
            return parse(str).isValid(publicKey);
        } catch (InvalidJWebToken e) {
            return false;
        }
    }

    private static String base64Encode(String str) {
        return base64Encode(str.getBytes(StandardCharsets.UTF_8));
    }

    private static String base64Encode(byte[] bArr) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private static byte[] base64DecodeBytes(String str) {
        return Base64.getUrlDecoder().decode(str);
    }

    private static String base64Decode(String str) {
        return new String(base64DecodeBytes(str), StandardCharsets.UTF_8);
    }

    private static String signPayload(String str, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return base64Encode(signature.sign());
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new RuntimeException("Failed to sign data.", e);
        }
    }

    private static String hashBytes(String str, byte[] bArr) {
        try {
            return bytesToHex(MessageDigest.getInstance(str).digest(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Failed to hash data.", e);
        }
    }

    private static String bytesToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = HEX_ARRAY[i2 >>> 4];
            cArr[(i * 2) + 1] = HEX_ARRAY[i2 & 15];
        }
        return new String(cArr);
    }
}
