package io.rocketbase.commons.security;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.rocketbase.commons.config.JwtProperties;
import io.rocketbase.commons.converter.AppUserConverter;
import io.rocketbase.commons.dto.authentication.JwtTokenBundle;
import io.rocketbase.commons.model.AppUserEntity;
import io.rocketbase.commons.model.AppUserToken;
import io.rocketbase.commons.model.SimpleAppUserToken;
import io.rocketbase.commons.util.RolesAuthoritiesConverter;
import java.io.Serializable;
import java.time.Instant;
import java.time.ZoneOffset;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:io/rocketbase/commons/security/JwtTokenService.class */
public class JwtTokenService implements Serializable {
    private static final Logger log = LoggerFactory.getLogger(JwtTokenService.class);
    public static final String REFRESH_TOKEN = "REFRESH_TOKEN";
    public static final String ROLES_KEY = "scopes";
    public static final String USER_ID_KEY = "user_id";
    public static final String FIRST_NAME_KEY = "given_name";
    public static final String LAST_NAME_KEY = "family_name";
    public static final String EMAIL_KEY = "email";
    public static final String AVATAR_KEY = "picture";
    public static final String KEY_VALUE_PREFIX = "kv_";
    final JwtProperties jwtProperties;
    final CustomAuthoritiesProvider customAuthoritiesProvider;

    public String getUsernameFromToken(String str) {
        return (String) getClaimFromToken(str, (v0) -> {
            return v0.getSubject();
        });
    }

    public Collection<GrantedAuthority> getAuthoritiesFromToken(String str) {
        List list = (List) getAllClaimsFromToken(str).getOrDefault(ROLES_KEY, Collections.emptyList());
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new SimpleGrantedAuthority(String.valueOf(it.next())));
        }
        return arrayList;
    }

    public Instant getIssuedAtDateFromToken(String str) {
        return Instant.ofEpochMilli(((Date) getClaimFromToken(str, (v0) -> {
            return v0.getIssuedAt();
        })).getTime());
    }

    public Instant getExpirationDateFromToken(String str) {
        return Instant.ofEpochMilli(((Date) getClaimFromToken(str, (v0) -> {
            return v0.getExpiration();
        })).getTime());
    }

    public <T> T getClaimFromToken(String str, Function<Claims, T> function) {
        return function.apply(getAllClaimsFromToken(str));
    }

    private Claims getAllClaimsFromToken(String str) {
        return (Claims) Jwts.parser().setSigningKey(this.jwtProperties.getSecret()).parseClaimsJws(str).getBody();
    }

    public AppUserToken parseToken(String str) {
        Claims allClaimsFromToken = getAllClaimsFromToken(str);
        HashMap hashMap = null;
        for (String str2 : allClaimsFromToken.keySet()) {
            if (str2.startsWith(KEY_VALUE_PREFIX)) {
                if (hashMap == null) {
                    hashMap = new HashMap();
                }
                hashMap.put(str2.replaceAll("^kv_", ""), allClaimsFromToken.get(str2, String.class));
            }
        }
        return SimpleAppUserToken.builder().id((String) allClaimsFromToken.get(USER_ID_KEY, String.class)).username(allClaimsFromToken.getSubject()).firstName((String) allClaimsFromToken.get(FIRST_NAME_KEY, String.class)).lastName((String) allClaimsFromToken.get(LAST_NAME_KEY, String.class)).email((String) allClaimsFromToken.get(EMAIL_KEY, String.class)).avatar((String) allClaimsFromToken.get(AVATAR_KEY, String.class)).roles((List) allClaimsFromToken.getOrDefault(ROLES_KEY, Collections.emptyList())).keyValueMap(hashMap).build();
    }

    public JwtTokenBundle generateTokenBundle(AppUserToken appUserToken) {
        Instant now = Instant.now();
        return new JwtTokenBundle(generateAccessToken(now, appUserToken), prepareBuilder(now, this.jwtProperties.getRefreshTokenExpiration(), appUserToken.getUsername()).claim(USER_ID_KEY, appUserToken.getId()).claim(ROLES_KEY, Arrays.asList(REFRESH_TOKEN)).compact());
    }

    public String generateAccessToken(AppUserToken appUserToken) {
        return generateAccessToken(Instant.now(), appUserToken);
    }

    protected String generateAccessToken(Instant instant, AppUserToken appUserToken) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(RolesAuthoritiesConverter.convert(appUserToken.getRoles()));
        arrayList.addAll(this.customAuthoritiesProvider.getExtraTokenAuthorities(appUserToken));
        JwtBuilder claim = prepareBuilder(instant, this.jwtProperties.getAccessTokenExpiration(), appUserToken.getUsername()).claim(ROLES_KEY, RolesAuthoritiesConverter.convertToDtos(arrayList)).claim(USER_ID_KEY, appUserToken.getId()).claim(FIRST_NAME_KEY, appUserToken.getFirstName()).claim(LAST_NAME_KEY, appUserToken.getLastName()).claim(EMAIL_KEY, appUserToken.getEmail()).claim(AVATAR_KEY, appUserToken.getAvatar());
        Map<String, String> filterInvisibleKeys = AppUserConverter.filterInvisibleKeys(appUserToken.getKeyValues());
        if (filterInvisibleKeys != null) {
            for (Map.Entry<String, String> entry : filterInvisibleKeys.entrySet()) {
                claim.claim(KEY_VALUE_PREFIX + entry.getKey(), entry.getValue());
            }
        }
        return claim.compact();
    }

    private JwtBuilder prepareBuilder(Instant instant, long j, String str) {
        return Jwts.builder().setIssuedAt(convert(instant)).setExpiration(convert(instant.plusSeconds(j * 60))).signWith(SignatureAlgorithm.HS512, this.jwtProperties.getSecret()).setSubject(str);
    }

    private Date convert(Instant instant) {
        return Date.from(instant.atZone(ZoneOffset.UTC).toInstant());
    }

    public Boolean validateToken(String str, String str2, Instant instant) {
        try {
            getAllClaimsFromToken(str);
            if (!getUsernameFromToken(str).equals(str2)) {
                if (log.isTraceEnabled()) {
                    log.trace("token username differs");
                }
                return false;
            }
            if (instant == null) {
                return true;
            }
            boolean isBefore = instant.isBefore(getIssuedAtDateFromToken(str));
            if (log.isTraceEnabled() && !isBefore) {
                log.trace("token is issued {} before lastTokenInvalidation {}", getIssuedAtDateFromToken(str), instant);
            }
            return Boolean.valueOf(isBefore);
        } catch (JwtException e) {
            if (log.isTraceEnabled()) {
                log.trace("token is invalid", e);
            }
            return false;
        }
    }

    public Boolean validateToken(String str, AppUserEntity appUserEntity) {
        return validateToken(str, appUserEntity.getUsername(), appUserEntity.getLastTokenInvalidation());
    }

    public JwtTokenService(JwtProperties jwtProperties, CustomAuthoritiesProvider customAuthoritiesProvider) {
        this.jwtProperties = jwtProperties;
        this.customAuthoritiesProvider = customAuthoritiesProvider;
    }
}
