package de.qfm.erp.service.service.security;

import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Streams;
import com.google.common.hash.Hashing;
import de.leancoders.common.helper.DateTimeHelper;
import de.qfm.erp.common.websocket.request.RequestMessage;
import de.qfm.erp.service.configuration.ApplicationConfig;
import de.qfm.erp.service.helper.UserHelper;
import de.qfm.erp.service.model.exception.request.JwtTokenException;
import de.qfm.erp.service.model.internal.authentication.JwtToken;
import de.qfm.erp.service.model.jpa.user.Role;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import jakarta.servlet.http.HttpServletRequest;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;
import org.apache.naming.ResourceRef;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/de/qfm/erp/service/service/security/JwtTokenProvider.class */
public class JwtTokenProvider {
    private final ApplicationConfig applicationConfig;
    private final UserDetailsService userDetailsService;
    public static final Joiner AUTH_JOINER = Joiner.on("|");

    @Nonnull
    public JwtToken signInToken(@NonNull String str, @NonNull Iterable<Role> iterable) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        if (iterable == null) {
            throw new NullPointerException("roles is marked non-null but is null");
        }
        JwtToken.JwtTokenPart createAccessToken = createAccessToken(str, iterable);
        return JwtToken.builder().withAccessToken(createAccessToken).withRefreshToken(createRefreshToken(str)).build();
    }

    @Nonnull
    public JwtToken refreshToken(@NonNull JwtToken.JwtTokenPart jwtTokenPart, @NonNull String str, @NonNull Iterable<Role> iterable) {
        if (jwtTokenPart == null) {
            throw new NullPointerException("refreshToken is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        if (iterable == null) {
            throw new NullPointerException("roles is marked non-null but is null");
        }
        return JwtToken.builder().withAccessToken(createAccessToken(str, iterable)).withRefreshToken(jwtTokenPart).build();
    }

    @Nonnull
    private JwtToken.JwtTokenPart createAccessToken(@NonNull String str, @NonNull Iterable<Role> iterable) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        if (iterable == null) {
            throw new NullPointerException("roles is marked non-null but is null");
        }
        String claimAuth = claimAuth(iterable);
        Claims subject = Jwts.claims().setSubject(str);
        subject.put(ResourceRef.AUTH, claimAuth);
        long accessTokenValidityInSeconds = this.applicationConfig.getAccessTokenValidityInSeconds();
        String secretKey = this.applicationConfig.getSecretKey();
        LocalDateTime truncate = DateTimeHelper.truncate(DateTimeHelper.now());
        LocalDateTime truncate2 = DateTimeHelper.truncate(truncate.plus(accessTokenValidityInSeconds, (TemporalUnit) ChronoUnit.SECONDS));
        Date from = Date.from(truncate.toInstant(ZoneOffset.UTC));
        return JwtToken.JwtTokenPart.of(truncate, truncate2, Jwts.builder().setId(UUID.randomUUID().toString()).setClaims(subject).setIssuedAt(from).setExpiration(Date.from(truncate2.toInstant(ZoneOffset.UTC))).signWith(SignatureAlgorithm.HS256, secretKey).compact());
    }

    @Nonnull
    private JwtToken.JwtTokenPart createRefreshToken(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        Claims subject = Jwts.claims().setSubject(str);
        subject.put(ResourceRef.AUTH, ImmutableList.of(new SimpleGrantedAuthority("ROLE_REFRESH_TOKEN")));
        long refreshTokenValidityInSeconds = this.applicationConfig.getRefreshTokenValidityInSeconds();
        String secretKey = this.applicationConfig.getSecretKey();
        LocalDateTime truncate = DateTimeHelper.truncate(DateTimeHelper.now());
        LocalDateTime truncate2 = DateTimeHelper.truncate(truncate.plus(refreshTokenValidityInSeconds, (TemporalUnit) ChronoUnit.SECONDS));
        Date from = Date.from(truncate.toInstant(ZoneOffset.UTC));
        return JwtToken.JwtTokenPart.of(truncate, truncate2, Jwts.builder().setId(UUID.randomUUID().toString()).setClaims(subject).setIssuedAt(from).setExpiration(Date.from(truncate2.toInstant(ZoneOffset.UTC))).signWith(SignatureAlgorithm.HS256, secretKey).compact());
    }

    @Nonnull
    public Authentication getAuthentication(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(getUsername(str));
        return new UsernamePasswordAuthenticationToken(loadUserByUsername, "", loadUserByUsername.getAuthorities());
    }

    @Nonnull
    public String getUsername(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        return claims(str).getSubject();
    }

    @Nonnull
    public Claims claims(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        return Jwts.parser().setSigningKey(this.applicationConfig.getSecretKey()).parseClaimsJws(str).getBody();
    }

    @Nullable
    public String resolveToken(@NonNull HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new NullPointerException("req is marked non-null but is null");
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Bearer ")) {
            return null;
        }
        return header.substring(7);
    }

    @Nullable
    public String resolveToken(@NonNull RequestMessage requestMessage) {
        if (requestMessage == null) {
            throw new NullPointerException("message is marked non-null but is null");
        }
        String authorization = requestMessage.getAuthorization();
        if (authorization == null || !authorization.startsWith("Bearer ")) {
            return null;
        }
        return authorization.substring(7);
    }

    public boolean authenticate(@NonNull RequestMessage requestMessage) {
        if (requestMessage == null) {
            throw new NullPointerException("requestMessage is marked non-null but is null");
        }
        return authenticate(resolveToken(requestMessage));
    }

    public boolean authenticate(@Nullable String str) {
        if (str == null || !validateToken(str)) {
            SecurityContextHolder.clearContext();
            return false;
        }
        SecurityContextHolder.getContext().setAuthentication(getAuthentication(str));
        return true;
    }

    public boolean validateToken(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        try {
            Jwts.parser().setSigningKey(this.applicationConfig.getSecretKey()).parseClaimsJws(str);
            return true;
        } catch (JwtException | IllegalArgumentException e) {
            throw new JwtTokenException("Expired or invalid JWT token");
        }
    }

    @Nonnull
    private String claimAuth(@NonNull Iterable<Role> iterable) {
        if (iterable == null) {
            throw new NullPointerException("roles is marked non-null but is null");
        }
        return Hashing.sha256().hashString(AUTH_JOINER.join(ImmutableList.sortedCopyOf((Iterable) Streams.stream(UserHelper.grantedAuthorities(iterable)).map((v0) -> {
            return v0.getAuthority();
        }).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).collect(Collectors.toList()))), StandardCharsets.UTF_8).toString();
    }

    public JwtTokenProvider(ApplicationConfig applicationConfig, UserDetailsService userDetailsService) {
        this.applicationConfig = applicationConfig;
        this.userDetailsService = userDetailsService;
    }
}
