package org.openthinclient.api.rest.appliance;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.security.SecureRandom;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import org.openthinclient.service.common.home.impl.ApplianceConfiguration;

/* loaded from: input_file:BOOT-INF/lib/manager-console-web-api-2.3.5.jar:org/openthinclient/api/rest/appliance/TokenManager.class */
public class TokenManager {
    private final Algorithm algorithm;
    private final Duration expiry;

    public TokenManager(ApplianceConfiguration applianceConfiguration) {
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        this.algorithm = Algorithm.HMAC512(bArr);
        this.expiry = Duration.ofSeconds(applianceConfiguration.getNoVNCTicketExpirySeconds());
    }

    public String createToken(String str) {
        return JWT.create().withClaim("clientIp", str).withExpiresAt(Date.from(Instant.now().plus((TemporalAmount) this.expiry))).sign(this.algorithm);
    }

    public boolean validateToken(String str, String str2) {
        try {
            validateAndDecode(str);
            return true;
        } catch (JWTVerificationException e) {
            return false;
        }
    }

    public DecodedJWT validateAndDecode(String str) throws JWTVerificationException {
        return JWT.require(this.algorithm).acceptLeeway(1L).build().verify(str);
    }
}
