package org.skr.auth.controller;

import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.skr.auth.service.JwtPrincipalProvider;
import org.skr.common.exception.AuthException;
import org.skr.common.exception.ErrorInfo;
import org.skr.common.util.JsonUtil;
import org.skr.common.util.JwtUtil;
import org.skr.security.JwtPrincipal;
import org.skr.security.SkrSecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/auth"})
@RestController
/* loaded from: input_file:org/skr/auth/controller/AuthController.class */
public class AuthController {
    public static final String EXTRA_PARAM_PREFIX = "auth_";

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private JwtPrincipalProvider jwtPrincipalProvider;

    @Autowired
    private SkrSecurityProperties skrSecurityProperties;

    @PostMapping({"/login"})
    @ResponseBody
    public Map<String, Object> loginByUsernamePassword(@RequestParam String str, @RequestParam String str2, HttpServletRequest httpServletRequest) {
        try {
            if (!this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(str, str2)).isAuthenticated()) {
                throw new AuthException(ErrorInfo.NOT_AUTHENTICATED.msgArgs(new Object[]{str}));
            }
            JwtPrincipal loadJwtPrincipal = this.jwtPrincipalProvider.loadJwtPrincipal(str, resolveAuthExtraParams(httpServletRequest));
            return Map.ofEntries(Map.entry(this.skrSecurityProperties.getAccessToken().getHeader(), this.skrSecurityProperties.getAccessToken().getPrefix() + JwtUtil.encode(JsonUtil.toJson(loadJwtPrincipal), this.skrSecurityProperties.getAccessToken().getExpiration(), this.skrSecurityProperties.getAccessToken().getSecret())), Map.entry(this.skrSecurityProperties.getRefreshToken().getHeader(), this.skrSecurityProperties.getRefreshToken().getPrefix() + JwtUtil.encode(loadJwtPrincipal.getUsername(), this.skrSecurityProperties.getRefreshToken().getExpiration(), this.skrSecurityProperties.getRefreshToken().getSecret())), Map.entry("loginToken", JwtUtil.encode(loadJwtPrincipal.getUsername(), this.skrSecurityProperties.getLoginToken().getExpiration(), this.skrSecurityProperties.getLoginToken().getSecret())), Map.entry("principal", loadJwtPrincipal));
        } catch (BadCredentialsException e) {
            throw new AuthException(ErrorInfo.NOT_AUTHENTICATED.msgArgs(new Object[]{str}));
        }
    }

    @PostMapping({"/login-by-token"})
    @ResponseBody
    public Map<String, Object> loginByToken(@RequestParam String str, HttpServletRequest httpServletRequest) {
        try {
            String str2 = (String) Optional.of(str).map(str3 -> {
                return JwtUtil.decode(str3, this.skrSecurityProperties.getLoginToken().getSecret());
            }).orElse(null);
            if (str2 == null) {
                throw new AuthException(ErrorInfo.AUTHENTICATION_REQUIRED);
            }
            JwtPrincipal loadJwtPrincipal = this.jwtPrincipalProvider.loadJwtPrincipal(str2, resolveAuthExtraParams(httpServletRequest));
            return Map.ofEntries(Map.entry(this.skrSecurityProperties.getAccessToken().getHeader(), this.skrSecurityProperties.getAccessToken().getPrefix() + JwtUtil.encode(JsonUtil.toJson(loadJwtPrincipal), this.skrSecurityProperties.getAccessToken().getExpiration(), this.skrSecurityProperties.getAccessToken().getSecret())), Map.entry(this.skrSecurityProperties.getRefreshToken().getHeader(), this.skrSecurityProperties.getRefreshToken().getPrefix() + JwtUtil.encode(loadJwtPrincipal.getUsername(), this.skrSecurityProperties.getRefreshToken().getExpiration(), this.skrSecurityProperties.getRefreshToken().getSecret())), Map.entry("principal", loadJwtPrincipal));
        } catch (Exception e) {
            throw new AuthException(ErrorInfo.AUTHENTICATION_REQUIRED);
        } catch (JWTVerificationException e2) {
            throw new AuthException(ErrorInfo.REFRESH_TOKEN_BROKEN);
        } catch (TokenExpiredException e3) {
            throw new AuthException(ErrorInfo.REFRESH_TOKEN_EXPIRED);
        }
    }

    @PostMapping({"/refresh-token"})
    @ResponseBody
    public Map<String, Object> refreshToken(@RequestParam String str, HttpServletRequest httpServletRequest) {
        String prefix = this.skrSecurityProperties.getRefreshToken().getPrefix();
        String secret = this.skrSecurityProperties.getRefreshToken().getSecret();
        try {
            String str2 = (String) Optional.of(str).map(str3 -> {
                return str3.replace(prefix, "");
            }).map(str4 -> {
                return JwtUtil.decode(str4, secret);
            }).orElse(null);
            if (str2 == null) {
                throw new AuthException(ErrorInfo.AUTHENTICATION_REQUIRED);
            }
            JwtPrincipal loadJwtPrincipal = this.jwtPrincipalProvider.loadJwtPrincipal(str2, resolveAuthExtraParams(httpServletRequest));
            Map<String, Object> ofEntries = Map.ofEntries(Map.entry(this.skrSecurityProperties.getAccessToken().getHeader(), this.skrSecurityProperties.getAccessToken().getPrefix() + JwtUtil.encode(JsonUtil.toJson(loadJwtPrincipal), this.skrSecurityProperties.getAccessToken().getExpiration(), this.skrSecurityProperties.getAccessToken().getSecret())));
            if (this.skrSecurityProperties.isRenewRefreshToken()) {
                ofEntries.put(this.skrSecurityProperties.getRefreshToken().getHeader(), this.skrSecurityProperties.getRefreshToken().getPrefix() + JwtUtil.encode(loadJwtPrincipal.getUsername(), this.skrSecurityProperties.getRefreshToken().getExpiration(), this.skrSecurityProperties.getRefreshToken().getSecret()));
                ofEntries.put("principal", loadJwtPrincipal);
            }
            return ofEntries;
        } catch (Exception e) {
            throw new AuthException(ErrorInfo.AUTHENTICATION_REQUIRED);
        } catch (JWTVerificationException e2) {
            throw new AuthException(ErrorInfo.REFRESH_TOKEN_BROKEN);
        } catch (TokenExpiredException e3) {
            throw new AuthException(ErrorInfo.REFRESH_TOKEN_EXPIRED);
        }
    }

    private Map<String, Object> resolveAuthExtraParams(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (str.startsWith(EXTRA_PARAM_PREFIX)) {
                hashMap.put(str.replace(EXTRA_PARAM_PREFIX, ""), httpServletRequest.getParameter(str));
            }
        }
        return hashMap;
    }
}
