package org.squashtest.tm.service.internal.user;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.text.SimpleDateFormat;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.time.LocalTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.util.Base64;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.squashtest.tm.domain.users.ApiToken;
import org.squashtest.tm.domain.users.ApiTokenPermission;
import org.squashtest.tm.domain.users.User;
import org.squashtest.tm.exception.JwtTokenImpossibleExtractionException;
import org.squashtest.tm.exception.apitoken.UnauthorizedApiTokenCreationException;
import org.squashtest.tm.exception.apitoken.WrongExpiryDateException;
import org.squashtest.tm.security.UserContextHolder;
import org.squashtest.tm.service.internal.dto.ApiTokenDto;
import org.squashtest.tm.service.internal.repository.ApiTokenDao;
import org.squashtest.tm.service.jwt.JwtTokenService;
import org.squashtest.tm.service.security.Authorizations;
import org.squashtest.tm.service.user.ApiTokenService;
import org.squashtest.tm.service.user.UserAccountService;

@Transactional
@Service
/* loaded from: input_file:org/squashtest/tm/service/internal/user/ApiTokenServiceImpl.class */
public class ApiTokenServiceImpl implements ApiTokenService {
    private final UserAccountService userAccountService;
    private final ApiTokenDao apiTokenDao;
    private final JwtTokenService jwtTokenService;

    @Value("${squash.rest-api.jwt.secret:#{null}}")
    private String jwtSecret;

    @PersistenceContext
    EntityManager entityManager;

    public ApiTokenServiceImpl(UserAccountService userAccountService, ApiTokenDao apiTokenDao, JwtTokenService jwtTokenService) {
        this.userAccountService = userAccountService;
        this.apiTokenDao = apiTokenDao;
        this.jwtTokenService = jwtTokenService;
    }

    @Override // org.squashtest.tm.service.user.ApiTokenService
    public ApiTokenDto generateApiToken(String str, Date date, String str2) {
        checkExpiryDateConformity(date);
        return doGenerateApiToken(str, date, str2, this.userAccountService.findCurrentUser());
    }

    @Override // org.squashtest.tm.service.user.ApiTokenService
    @PreAuthorize(Authorizations.HAS_ROLE_ADMIN)
    public ApiTokenDto generateApiTokenForTestAutoServerUser(long j, String str, Date date, String str2) {
        User user = (User) this.entityManager.find(User.class, Long.valueOf(j));
        if (!"squashtest.authz.group.tm.TestAutomationServer".equals(user.getGroup().getQualifiedName())) {
            throw new UnauthorizedApiTokenCreationException();
        }
        checkExpiryDateConformity(date);
        return doGenerateApiToken(str, date, str2, user);
    }

    private static void checkExpiryDateConformity(Date date) {
        if (isDateAfterOneYearFromToday(date)) {
            throw new WrongExpiryDateException("Expiry date cannot be set later one year from today.");
        }
        if (isDateBeforeTomorrow(date)) {
            throw new WrongExpiryDateException("Expiry date cannot be set before tomorrow.");
        }
    }

    private ApiTokenDto doGenerateApiToken(String str, Date date, String str2, User user) {
        ApiToken persistApiToken = persistApiToken(user, UUID.randomUUID().toString(), str, date, str2);
        return new ApiTokenDto(persistApiToken, this.jwtTokenService.generateJwt(persistApiToken.getUser().getId().toString(), persistApiToken.getUuid(), parseDateAtMidnightInUtc(persistApiToken), persistApiToken.getCreatedOn(), ApiTokenPermission.valueOf(str2).name(), this.jwtSecret));
    }

    private static boolean isDateAfterOneYearFromToday(Date date) {
        return date.toInstant().atZone(ZoneId.systemDefault()).toLocalDate().isAfter(LocalDate.now().plusYears(1L));
    }

    private static boolean isDateBeforeTomorrow(Date date) {
        return date.toInstant().atZone(ZoneId.systemDefault()).toLocalDate().isBefore(LocalDate.now().plusDays(1L));
    }

    private static Date parseDateAtMidnightInUtc(ApiToken apiToken) {
        return Date.from(LocalDateTime.of(LocalDate.parse(apiToken.getExpiryDate()), LocalTime.MIDNIGHT).toInstant(ZoneOffset.UTC));
    }

    @Override // org.squashtest.tm.service.user.ApiTokenService
    public void deleteApiToken(long j) {
        this.apiTokenDao.deleteById(Long.valueOf(j));
    }

    @Override // org.squashtest.tm.service.user.ApiTokenService
    public void selfDestroyApiToken(String str) {
        this.apiTokenDao.deleteByUuid(extractUuidFromJwtToken(str));
    }

    private String extractUuidFromJwtToken(String str) {
        String[] split = str.split("\\.");
        if (split.length < 2) {
            throw new IllegalArgumentException("Invalid JWT token");
        }
        String str2 = new String(Base64.getUrlDecoder().decode(split[1]));
        try {
            return ((Map) new ObjectMapper().readValue(str2, new TypeReference<Map<String, Object>>() { // from class: org.squashtest.tm.service.internal.user.ApiTokenServiceImpl.1
            })).get("uuid").toString();
        } catch (JsonProcessingException e) {
            throw new JwtTokenImpossibleExtractionException(e);
        }
    }

    private ApiToken persistApiToken(User user, String str, String str2, Date date, String str3) {
        return (ApiToken) this.apiTokenDao.save(new ApiToken(str, user, str2, new Date(), UserContextHolder.getUsername(), new SimpleDateFormat("yyyy-MM-dd").format(date), ApiTokenPermission.valueOf(str3).name()));
    }
}
