package io.github.encryptorcode.iam.service;

import io.github.encryptorcode.iam.oauth.OAuthException;
import io.github.encryptorcode.iam.oauth.OauthStrategy;
import io.github.encryptorcode.iam.oauth.OauthToken;
import io.github.encryptorcode.iam.oauth.OauthUser;
import io.github.encryptorcode.iam.session.AuthSession;
import io.github.encryptorcode.iam.session.AuthSessionStorage;
import io.github.encryptorcode.iam.user.AuthUser;
import io.github.encryptorcode.iam.user.AuthUserService;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.chrono.ChronoZonedDateTime;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:io/github/encryptorcode/iam/service/AuthenticationService.class */
public class AuthenticationService<U extends AuthUser, S extends AuthSession<U>> {
    private static final String PACKAGE_NAME = AuthenticationService.class.getPackage().getName();
    private static final String REQUEST_USER_KEY = PACKAGE_NAME + ".user";
    private static final String REQUEST_SESSION_KEY = PACKAGE_NAME + ".session";
    private static final String SESSION_REDIRECT_KEY = PACKAGE_NAME + ".redirect";
    private static final String AUTH_COOKIE_NAME = "framework-auth";
    private static final String INDEX_PATH = "/";
    private AuthenticationHelper<U, S> helper;
    private AuthUserService<U> authUserService;
    private AuthSessionStorage<U, S> authSessionStorage;
    private Map<String, OauthStrategy> oauthStrategies = new HashMap();

    public AuthenticationService(AuthenticationHelper<U, S> authenticationHelper) {
        this.helper = authenticationHelper;
        this.authUserService = authenticationHelper.getUserService();
        this.authSessionStorage = authenticationHelper.getSessionStorage();
        for (OauthStrategy oauthStrategy : authenticationHelper.getOauthStrategies()) {
            this.oauthStrategies.put(oauthStrategy.getStrategyName(), oauthStrategy);
        }
    }

    public U getCurrentUser(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            return null;
        }
        return (U) httpServletRequest.getAttribute(REQUEST_USER_KEY);
    }

    public S getCurrentSession(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            return null;
        }
        return (S) httpServletRequest.getAttribute(REQUEST_SESSION_KEY);
    }

    public String getLoginRedirectPath(HttpServletRequest httpServletRequest, String str, String str2) {
        if (getCurrentUser(httpServletRequest) != null) {
            return str2 != null ? str2 : INDEX_PATH;
        }
        if (str == null) {
            String loginPagePath = this.helper.getLoginPagePath();
            if (loginPagePath == null) {
                throw new NullPointerException("Login view is not provided by helper " + this.helper.getClass());
            }
            return loginPagePath.contains("?") ? loginPagePath + "&redirect=" + URLEncoder.encode(str2) : loginPagePath + "?redirect=" + URLEncoder.encode(str2);
        }
        if (!this.oauthStrategies.containsKey(str)) {
            throw new NullPointerException("Invalid login strategy specified " + str);
        }
        OauthStrategy oauthStrategy = this.oauthStrategies.get(str);
        HttpSession session = httpServletRequest.getSession();
        if (str2 != null) {
            session.setAttribute(SESSION_REDIRECT_KEY, str2);
        }
        return oauthStrategy.getAuthenticationUrl(oauthStrategy.getStrategyName());
    }

    public String login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws OAuthException {
        if (!this.oauthStrategies.containsKey(str)) {
            throw new NullPointerException("Invalid login strategy name specified " + str);
        }
        OauthStrategy oauthStrategy = this.oauthStrategies.get(str);
        if (httpServletRequest == null) {
            throw new NullPointerException("You call login only when the user sends a request");
        }
        OauthToken generateToken = oauthStrategy.generateToken(str2);
        OauthUser user = oauthStrategy.getUser(generateToken.getAccessToken());
        U userByEmail = this.authUserService.getUserByEmail(user.getEmail());
        if (userByEmail == null) {
            if (!this.helper.isUserAllowedSignUp(user)) {
                throw new OAuthException("User was not allowed to signUp.");
            }
            HashMap hashMap = new HashMap();
            hashMap.put(str, user.getOauthId());
            this.authUserService.createUser(user.getEmail(), user.getName(), user.getFullName(), hashMap, user.getProfileImage());
        } else {
            if (!this.helper.isUserAllowedLogin(userByEmail)) {
                throw new OAuthException("User was not allowed to login.");
            }
            if (userByEmail.getFullName() == null) {
                userByEmail.setFullName(user.getFullName());
            }
            if (userByEmail.getName() == null) {
                userByEmail.setName(user.getName());
            }
            if (userByEmail.getProfileImage() == null) {
                userByEmail.setProfileImage(user.getProfileImage());
            }
            if (userByEmail.getStrategyVsIdMap() == null) {
                userByEmail.setStrategyVsIdMap(new HashMap());
            }
            userByEmail.getStrategyVsIdMap().put(str, user.getOauthId());
            this.authUserService.updateUser(userByEmail);
        }
        String generateSessionIdentifier = generateSessionIdentifier();
        this.authSessionStorage.createSession(generateSessionIdentifier, str, generateToken, userByEmail);
        Cookie cookie = new Cookie(AUTH_COOKIE_NAME, generateSessionIdentifier);
        cookie.setPath(INDEX_PATH);
        cookie.setMaxAge(2592000);
        httpServletResponse.addCookie(cookie);
        HttpSession session = httpServletRequest.getSession();
        return session.getAttribute(SESSION_REDIRECT_KEY) != null ? (String) session.getAttribute(SESSION_REDIRECT_KEY) : INDEX_PATH;
    }

    public String logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws OAuthException {
        if (httpServletRequest == null) {
            throw new NullPointerException("You can logout only when the user sends a request");
        }
        Cookie authCookie = getAuthCookie(httpServletRequest);
        if (authCookie != null) {
            authCookie.setMaxAge(0);
            httpServletResponse.addCookie(authCookie);
            String value = authCookie.getValue();
            S currentSession = getCurrentSession(httpServletRequest);
            OauthStrategy oauthStrategy = this.oauthStrategies.get(currentSession.getOauthStrategy());
            if (oauthStrategy != null) {
                oauthStrategy.revokeToken(currentSession.getToken().getRefreshToken());
            }
            this.authSessionStorage.deleteSession(value);
        }
        return str != null ? str : INDEX_PATH;
    }

    public void processSession(HttpServletRequest httpServletRequest) throws OAuthException {
        String value;
        S session;
        if (httpServletRequest == null) {
            throw new NullPointerException("You process session only when the user sends a request");
        }
        Cookie authCookie = getAuthCookie(httpServletRequest);
        if (authCookie == null || (session = this.authSessionStorage.getSession((value = authCookie.getValue()))) == null) {
            return;
        }
        if (!this.oauthStrategies.containsKey(session.getOauthStrategy())) {
            throw new NullPointerException("Missing Oauth Strategy " + session.getOauthStrategy());
        }
        OauthStrategy oauthStrategy = this.oauthStrategies.get(session.getOauthStrategy());
        this.authSessionStorage.updateSessionAccessed(value);
        if (isTimePassed(session.getToken().getExpiryTime())) {
            OauthToken regenerateToken = oauthStrategy.regenerateToken(session.getToken().getRefreshToken());
            regenerateToken.setRefreshToken(session.getToken().getRefreshToken());
            this.authSessionStorage.updateSessionToken(value, regenerateToken);
        }
        httpServletRequest.setAttribute(REQUEST_USER_KEY, session.getUser());
        httpServletRequest.setAttribute(REQUEST_SESSION_KEY, session);
    }

    private String generateSessionIdentifier() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private Cookie getAuthCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        Cookie cookie = null;
        if (cookies != null) {
            for (Cookie cookie2 : cookies) {
                if (cookie2.getName().equals(AUTH_COOKIE_NAME)) {
                    cookie = cookie2;
                }
            }
        }
        return cookie;
    }

    private boolean isTimePassed(ZonedDateTime zonedDateTime) {
        return zonedDateTime.compareTo((ChronoZonedDateTime<?>) ZonedDateTime.now(ZoneId.of("GMT"))) <= 0;
    }

    public void deleteSession(S s) throws OAuthException {
        if (!this.oauthStrategies.containsKey(s.getOauthStrategy())) {
            throw new NullPointerException("Invalid login strategy name specified " + s.getOauthStrategy());
        }
        this.oauthStrategies.get(s.getOauthStrategy()).revokeToken(s.getToken().getRefreshToken());
    }
}
