package io.rocketbase.commons.security;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.rocketbase.commons.config.JwtConfiguration;
import io.rocketbase.commons.dto.authentication.JwtTokenBundle;
import io.rocketbase.commons.model.AppUser;
import java.io.Serializable;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/rocketbase/commons/security/JwtTokenService.class */
public class JwtTokenService implements Serializable {
    private static final Logger log = LoggerFactory.getLogger(JwtTokenService.class);
    public static final String REFRESH_TOKEN = "REFRESH_TOKEN";

    @Resource
    JwtConfiguration jwtConfiguration;

    public String getUsernameFromToken(String str) {
        return (String) getClaimFromToken(str, (v0) -> {
            return v0.getSubject();
        });
    }

    public Collection<? extends GrantedAuthority> getAuthoritiesFromToken(String str) {
        List list = (List) getAllClaimsFromToken(str).getOrDefault("scopes", Collections.emptyList());
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new SimpleGrantedAuthority(String.format("ROLE_%s", String.valueOf(it.next()))));
        }
        return arrayList;
    }

    public LocalDateTime getIssuedAtDateFromToken(String str) {
        return LocalDateTime.ofInstant(((Date) getClaimFromToken(str, (v0) -> {
            return v0.getIssuedAt();
        })).toInstant(), ZoneOffset.UTC);
    }

    public LocalDateTime getExpirationDateFromToken(String str) {
        return LocalDateTime.ofInstant(((Date) getClaimFromToken(str, (v0) -> {
            return v0.getExpiration();
        })).toInstant(), ZoneOffset.UTC);
    }

    public <T> T getClaimFromToken(String str, Function<Claims, T> function) {
        return function.apply(getAllClaimsFromToken(str));
    }

    private Claims getAllClaimsFromToken(String str) {
        return (Claims) Jwts.parser().setSigningKey(this.jwtConfiguration.getSecret()).parseClaimsJws(str).getBody();
    }

    public JwtTokenBundle generateTokenBundle(AppUser appUser) {
        LocalDateTime now = LocalDateTime.now(ZoneOffset.UTC);
        return new JwtTokenBundle(generateAccessToken(now, appUser), prepareBuilder(now, this.jwtConfiguration.getRefreshTokenExpiration(), appUser.getUsername()).claim("scopes", Arrays.asList(REFRESH_TOKEN)).compact());
    }

    public String generateAccessToken(AppUser appUser) {
        return generateAccessToken(LocalDateTime.now(ZoneOffset.UTC), appUser);
    }

    protected String generateAccessToken(LocalDateTime localDateTime, AppUser appUser) {
        return prepareBuilder(localDateTime, this.jwtConfiguration.getAccessTokenExpiration(), appUser.getUsername()).claim("scopes", appUser.getRoles()).compact();
    }

    private JwtBuilder prepareBuilder(LocalDateTime localDateTime, long j, String str) {
        return Jwts.builder().setIssuedAt(convert(localDateTime)).setExpiration(convert(localDateTime.plusMinutes(j))).signWith(SignatureAlgorithm.HS512, this.jwtConfiguration.getSecret()).setSubject(str);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.time.ZonedDateTime] */
    private Date convert(LocalDateTime localDateTime) {
        return Date.from(localDateTime.atZone((ZoneId) ZoneOffset.UTC).toInstant());
    }

    public Boolean validateToken(String str, AppUser appUser) {
        try {
            getAllClaimsFromToken(str);
            if (!getUsernameFromToken(str).equals(appUser.getUsername())) {
                if (log.isTraceEnabled()) {
                    log.trace("token username differs");
                }
                return false;
            }
            if (appUser.getLastTokenInvalidation() == null) {
                return true;
            }
            boolean isBefore = appUser.getLastTokenInvalidation().isBefore(getIssuedAtDateFromToken(str));
            if (log.isTraceEnabled() && !isBefore) {
                log.trace("token is issued {} before lastTokenInvalidation {}", getIssuedAtDateFromToken(str), appUser.getLastTokenInvalidation());
            }
            return Boolean.valueOf(isBefore);
        } catch (JwtException e) {
            if (log.isTraceEnabled()) {
                log.trace("token is invalid", e);
            }
            return false;
        }
    }
}
