package play.api.mvc;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.JwtParserBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.PrematureJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.jackson.io.JacksonDeserializer;
import io.jsonwebtoken.jackson.io.JacksonSerializer;
import io.jsonwebtoken.lang.Classes;
import io.jsonwebtoken.security.SignatureException;
import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import play.api.Logger;
import play.api.MarkerContext$;
import play.api.MarkerContexts$SecurityMarkerContext$;
import play.api.Mode;
import play.api.Mode$Dev$;
import play.api.http.JWTConfiguration;
import play.api.http.SecretConfiguration;
import play.api.mvc.JWTCookieDataCodec;
import play.libs.Scala;
import scala.$less$colon$less$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some$;
import scala.Tuple2;
import scala.collection.immutable.Map;
import scala.jdk.CollectionConverters$;
import scala.runtime.ScalaRunTime$;
import scala.util.control.NonFatal$;

/* compiled from: Cookie.scala */
/* loaded from: input_file:play/api/mvc/JWTCookieDataCodec.class */
public interface JWTCookieDataCodec extends CookieDataCodec {

    /* compiled from: Cookie.scala */
    /* loaded from: input_file:play/api/mvc/JWTCookieDataCodec$JWTFormatter.class */
    public static class JWTFormatter {
        private final JWTConfiguration jwtConfiguration;
        public final Clock play$api$mvc$JWTCookieDataCodec$JWTFormatter$$clock;
        private final io.jsonwebtoken.Clock jwtClock = new io.jsonwebtoken.Clock(this) { // from class: play.api.mvc.JWTCookieDataCodec$JWTFormatter$$anon$3
            private final /* synthetic */ JWTCookieDataCodec.JWTFormatter $outer;

            {
                if (this == null) {
                    throw new NullPointerException();
                }
                this.$outer = this;
            }

            public Date now() {
                return Date.from(this.$outer.play$api$mvc$JWTCookieDataCodec$JWTFormatter$$clock.instant());
            }
        };
        private final SignatureAlgorithm signatureAlgorithm;
        private final SecretKey secretKey;
        private final JwtParser jwtParser;

        public JWTFormatter(SecretConfiguration secretConfiguration, JWTConfiguration jWTConfiguration, Clock clock) {
            this.jwtConfiguration = jWTConfiguration;
            this.play$api$mvc$JWTCookieDataCodec$JWTFormatter$$clock = clock;
            this.signatureAlgorithm = SignatureAlgorithm.forName(jWTConfiguration.signatureAlgorithm());
            this.secretKey = new SecretKeySpec(secretConfiguration.secret().getBytes(StandardCharsets.UTF_8), this.signatureAlgorithm.getJcaName());
            this.jwtParser = ((JwtParserBuilder) Classes.newInstance("io.jsonwebtoken.impl.DefaultJwtParserBuilder")).setClock(this.jwtClock).setSigningKey(this.secretKey).setAllowedClockSkewSeconds(jWTConfiguration.clockSkew().toSeconds()).deserializeJsonWith(new JacksonDeserializer(JWTCookieDataCodec$.play$api$mvc$JWTCookieDataCodec$$$objectMapper)).build();
        }

        public Map<String, Object> parse(String str) {
            Jws jws;
            try {
                jws = this.jwtParser.parseClaimsJws(str);
            } catch (NoSuchMethodError unused) {
                jws = (Jws) JwtParser.class.getDeclaredMethod("parseClaimsJws", CharSequence.class).invoke(this.jwtParser, str);
            }
            Jws jws2 = jws;
            String algorithm = jws2.getHeader().getAlgorithm();
            String signatureAlgorithm = this.jwtConfiguration.signatureAlgorithm();
            if (algorithm != null ? algorithm.equals(signatureAlgorithm) : signatureAlgorithm == null) {
                return CollectionConverters$.MODULE$.MapHasAsScala((java.util.Map) jws2.getBody()).asScala().toMap($less$colon$less$.MODULE$.refl());
            }
            throw new IllegalStateException("Invalid header algorithm " + algorithm + " in JWT " + ((Claims) jws2.getBody()).getId());
        }

        public String format(Map<String, Object> map) {
            JwtBuilder serializeToJsonWith = Jwts.builder().serializeToJsonWith(new JacksonSerializer(JWTCookieDataCodec$.play$api$mvc$JWTCookieDataCodec$$$objectMapper));
            Date now = this.jwtClock.now();
            map.foreach((v1) -> {
                return JWTCookieDataCodec$.play$api$mvc$JWTCookieDataCodec$JWTFormatter$$_$format$$anonfun$1(r1, v1);
            });
            this.jwtConfiguration.expiresAfter().map((v2) -> {
                return JWTCookieDataCodec$.play$api$mvc$JWTCookieDataCodec$JWTFormatter$$_$format$$anonfun$2(r1, r2, v2);
            });
            try {
                serializeToJsonWith.setNotBefore(now);
            } catch (NoSuchMethodError unused) {
                JwtBuilder.class.getDeclaredMethod("notBefore", Date.class).invoke(serializeToJsonWith, now);
            }
            try {
                serializeToJsonWith.setIssuedAt(now);
            } catch (NoSuchMethodError unused2) {
                JwtBuilder.class.getDeclaredMethod("issuedAt", Date.class).invoke(serializeToJsonWith, now);
            }
            return serializeToJsonWith.signWith(this.secretKey, this.signatureAlgorithm).compact();
        }
    }

    Logger play$api$mvc$JWTCookieDataCodec$$logger();

    void play$api$mvc$JWTCookieDataCodec$_setter_$play$api$mvc$JWTCookieDataCodec$$logger_$eq(Logger logger);

    SecretConfiguration secretConfiguration();

    JWTConfiguration jwtConfiguration();

    default JWTFormatter play$api$mvc$JWTCookieDataCodec$$formatter() {
        return new JWTFormatter(secretConfiguration(), jwtConfiguration(), clock());
    }

    @Override // play.api.mvc.CookieDataCodec, play.api.mvc.FallbackCookieDataCodec
    default String encode(Map<String, String> map) {
        return play$api$mvc$JWTCookieDataCodec$$formatter().format((Map) Predef$.MODULE$.Map().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc(jwtConfiguration().dataClaim()), Jwts.claims(Scala.asJava((scala.collection.Map) map)))})));
    }

    @Override // play.api.mvc.CookieDataCodec, play.api.mvc.FallbackCookieDataCodec
    default Map<String, String> decode(String str) {
        try {
            return CollectionConverters$.MODULE$.MapHasAsScala((java.util.Map) play$api$mvc$JWTCookieDataCodec$$formatter().parse(str).apply(jwtConfiguration().dataClaim())).asScala().view().mapValues(obj -> {
                return obj.toString();
            }).toMap($less$colon$less$.MODULE$.refl());
        } catch (PrematureJwtException e) {
            String id = e.getClaims().getId();
            play$api$mvc$JWTCookieDataCodec$$logger().warn(() -> {
                return decode$$anonfun$6(r1, r2);
            }, MarkerContexts$SecurityMarkerContext$.MODULE$);
            return Predef$.MODULE$.Map().empty();
        } catch (ExpiredJwtException e2) {
            String id2 = e2.getClaims().getId();
            play$api$mvc$JWTCookieDataCodec$$logger().warn(() -> {
                return decode$$anonfun$7(r1, r2);
            }, MarkerContexts$SecurityMarkerContext$.MODULE$);
            return Predef$.MODULE$.Map().empty();
        } catch (SignatureException e3) {
            play$api$mvc$JWTCookieDataCodec$$logger().warn(() -> {
                return decode$$anonfun$8(r1);
            }, MarkerContexts$SecurityMarkerContext$.MODULE$);
            play$api$mvc$JWTCookieDataCodec$$logger().forMode(ScalaRunTime$.MODULE$.wrapRefArray(new Mode[]{Mode$Dev$.MODULE$})).info(JWTCookieDataCodec::decode$$anonfun$9, MarkerContext$.MODULE$.NoMarker());
            return Predef$.MODULE$.Map().empty();
        } catch (IllegalStateException e4) {
            play$api$mvc$JWTCookieDataCodec$$logger().error(() -> {
                return decode$$anonfun$5(r1);
            }, MarkerContext$.MODULE$.NoMarker());
            return Predef$.MODULE$.Map().empty();
        } catch (Throwable th) {
            if (th != null) {
                Option unapply = NonFatal$.MODULE$.unapply(th);
                if (!unapply.isEmpty()) {
                    Throwable th2 = (Throwable) unapply.get();
                    play$api$mvc$JWTCookieDataCodec$$logger().warn(() -> {
                        return decode$$anonfun$10(r1);
                    }, () -> {
                        return decode$$anonfun$11(r2);
                    }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                    return Predef$.MODULE$.Map().empty();
                }
            }
            throw th;
        }
    }

    default Option<String> uniqueId() {
        return Some$.MODULE$.apply(JWTCookieDataCodec$JWTIDGenerator$.MODULE$.generateId());
    }

    default Clock clock() {
        return Clock.systemUTC();
    }

    private static String decode$$anonfun$5(IllegalStateException illegalStateException) {
        return illegalStateException.getMessage();
    }

    private static String decode$$anonfun$6(String str, PrematureJwtException prematureJwtException) {
        return "decode: premature JWT found! id = " + str + ", message = " + prematureJwtException.getMessage();
    }

    private static String decode$$anonfun$7(String str, ExpiredJwtException expiredJwtException) {
        return "decode: expired JWT found! id = " + str + ", message = " + expiredJwtException.getMessage();
    }

    private static String decode$$anonfun$8(SignatureException signatureException) {
        return "decode: cookie has invalid signature! message = " + signatureException.getMessage();
    }

    private static String decode$$anonfun$9() {
        return "The JWT signature in the cookie does not match the locally computed signature with the server. This usually indicates the browser has a leftover cookie from another Play application, so clearing cookies may resolve this error message.";
    }

    private static String decode$$anonfun$10(Throwable th) {
        return "decode: could not decode JWT: " + th.getMessage();
    }

    private static Throwable decode$$anonfun$11(Throwable th) {
        return th;
    }
}
