package com.metamug.mason.service;

import com.metamug.mason.dao.AuthDAO;
import com.metamug.mason.entity.auth.JWebToken;
import com.metamug.mason.exception.MasonError;
import com.metamug.mason.exception.MasonException;
import com.metamug.mason.tag.ResourceTagHandler;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import javax.servlet.jsp.JspException;
import javax.sql.DataSource;
import org.json.JSONObject;

/* loaded from: input_file:com/metamug/mason/service/AuthService.class */
public class AuthService {
    private AuthDAO dao;

    public AuthService(DataSource dataSource) {
        this.dao = new AuthDAO(dataSource);
    }

    public AuthService(AuthDAO authDAO) {
        this.dao = authDAO;
    }

    public String validateBasic(String str, String str2, String str3) throws JspException {
        String[] split = new String(Base64.getDecoder().decode(str.replaceFirst("Basic ", "").getBytes())).split(":");
        String str4 = split[0];
        String str5 = split[1];
        if (split.length < 2 || str4.isEmpty() || str5.isEmpty()) {
            throw new JspException(ResourceTagHandler.ACCESS_DENIED, new MasonException(MasonError.ROLE_ACCESS_DENIED));
        }
        JSONObject validateBasic = this.dao.validateBasic(str4, str5, str2, str3);
        switch (validateBasic.getInt(AuthDAO.STATUS)) {
            case 0:
                throw new JspException(ResourceTagHandler.ACCESS_DENIED, new MasonException(MasonError.INCORRECT_ROLE_AUTHENTICATION));
            case 1:
                return validateBasic.getString("user_id");
            default:
                throw new JspException(ResourceTagHandler.ACCESS_FORBIDDEN, new MasonException(MasonError.ROLE_ACCESS_DENIED));
        }
    }

    public String validateBearer(String str, String str2) throws JspException {
        try {
            JWebToken jWebToken = new JWebToken(str);
            if (!jWebToken.isValid()) {
                throw new JspException(ResourceTagHandler.ACCESS_DENIED, new MasonException(MasonError.BEARER_TOKEN_MISMATCH));
            }
            if (jWebToken.getAudience().contains("'" + str2 + "'")) {
                throw new JspException(ResourceTagHandler.ACCESS_FORBIDDEN, new MasonException(MasonError.BEARER_TOKEN_MISMATCH));
            }
            return jWebToken.getSubject();
        } catch (NoSuchAlgorithmException e) {
            throw new JspException(ResourceTagHandler.ACCESS_DENIED, new MasonException(MasonError.BEARER_TOKEN_MISMATCH));
        }
    }
}
