package eu.dnetlib.simplesso;

import com.google.gson.Gson;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:eu/dnetlib/simplesso/SimpleSSOAuthenticator.class */
public class SimpleSSOAuthenticator {
    private static final Log log = LogFactory.getLog(SimpleSSOAuthenticator.class);
    private SimpleSSOCertificate certificate;
    private String algo;

    /* loaded from: input_file:eu/dnetlib/simplesso/SimpleSSOAuthenticator$AuthPayload.class */
    public static class AuthPayload {
        private String uid;
        private String email;
        private List<String> roles;

        public String getUid() {
            return this.uid;
        }

        public void setUid(String str) {
            this.uid = str;
        }

        public String getEmail() {
            return this.email;
        }

        public void setEmail(String str) {
            this.email = str;
        }

        public List<String> getRoles() {
            return this.roles;
        }

        public void setRoles(List<String> list) {
            this.roles = list;
        }
    }

    /* loaded from: input_file:eu/dnetlib/simplesso/SimpleSSOAuthenticator$AuthToken.class */
    public static class AuthToken {
        private String payload;
        private String signature;

        public String getSignature() {
            return this.signature;
        }

        public void setSignature(String str) {
            this.signature = str;
        }

        public String getPayload() {
            return this.payload;
        }

        public void setPayload(String str) {
            this.payload = str;
        }
    }

    protected AuthPayload decodeToken(String str) {
        String decodeBase64 = decodeBase64(str);
        Gson gson = new Gson();
        AuthToken authToken = (AuthToken) gson.fromJson(decodeBase64, AuthToken.class);
        checkSignature(authToken.getPayload(), authToken.getSignature());
        return (AuthPayload) gson.fromJson(authToken.getPayload(), AuthPayload.class);
    }

    private void checkSignature(String str, String str2) {
        try {
            log.info("checking signature " + str + " with sig: " + str2);
            Signature signature = Signature.getInstance(this.algo);
            signature.initVerify(this.certificate.getKeyPair());
            signature.update(str.getBytes());
            if (!signature.verify(rawDecodeBase64(str2))) {
                throw new IllegalArgumentException("doesn't validate signature, token forged");
            }
            log.info("Signature verified !!!");
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("problem verifying singnature", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalArgumentException("problem verifying singnature", e2);
        } catch (SignatureException e3) {
            throw new IllegalArgumentException("problem verifying singnature", e3);
        }
    }

    private byte[] rawDecodeBase64(String str) {
        return Base64.decodeBase64(str.getBytes());
    }

    private String decodeBase64(String str) {
        return new String(Base64.decodeBase64(str.getBytes()));
    }

    public SimpleSSOCertificate getCertificate() {
        return this.certificate;
    }

    @Required
    public void setCertificate(SimpleSSOCertificate simpleSSOCertificate) {
        this.certificate = simpleSSOCertificate;
    }

    public String getAlgo() {
        return this.algo;
    }

    @Required
    public void setAlgo(String str) {
        this.algo = str;
    }
}
