package org.squashtest.tm.service.internal.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.SecureDigestAlgorithm;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import net.sf.jasperreports.engine.xml.JRXmlConstants;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Service;
import org.squashtest.tm.domain.users.ApiToken;
import org.squashtest.tm.domain.users.ApiTokenPermission;
import org.squashtest.tm.service.RestApiJwtSecretKeyManager;
import org.squashtest.tm.service.internal.repository.ApiTokenDao;
import org.squashtest.tm.service.jwt.JwtTokenService;

@Service
/* loaded from: input_file:WEB-INF/lib/tm.service-7.1.0.RC1.jar:org/squashtest/tm/service/internal/jwt/JwtTokenServiceImpl.class */
public class JwtTokenServiceImpl implements JwtTokenService {
    public static final String INVALID_TOKEN = "Invalid token";

    @Inject
    private ApiTokenDao apiTokenDao;

    @Override // org.squashtest.tm.service.jwt.JwtTokenService
    public String generateJwt(String str, String str2, Date date, Date date2, String str3, String str4) {
        return Jwts.builder().mo2200subject(str).claim(JRXmlConstants.ATTRIBUTE_uuid, str2).claim("permissions", str3).mo2193issuedAt(date2).mo2197expiration(date).signWith((JwtBuilder) RestApiJwtSecretKeyManager.getRestApiJwtSecretKey(str4), (SecureDigestAlgorithm<? super JwtBuilder, ?>) Jwts.SIG.HS512).compact();
    }

    @Override // org.squashtest.tm.service.jwt.JwtTokenService
    public String getUserIdFromToken(String str, String str2) {
        return Jwts.parser().verifyWith(RestApiJwtSecretKeyManager.getRestApiJwtSecretKey(str2)).build().parseSignedClaims(str).getPayload().getSubject();
    }

    @Override // org.squashtest.tm.service.jwt.JwtTokenService
    public boolean validateApiToken(List<String> list, String str, String str2, HttpServletRequest httpServletRequest) {
        try {
            Claims payload = Jwts.parser().verifyWith(RestApiJwtSecretKeyManager.getRestApiJwtSecretKey(str2)).build().parseSignedClaims(str).getPayload();
            String str3 = (String) payload.get("permissions", String.class);
            String str4 = (String) payload.get(JRXmlConstants.ATTRIBUTE_uuid, String.class);
            String subject = payload.getSubject();
            if (str3 == null || str4 == null || subject == null) {
                throw new BadCredentialsException(INVALID_TOKEN);
            }
            if (!isTokenValid(throwNotExistOrSetLastUsage(this.apiTokenDao.findByUuid(str4)), str3, payload.getExpiration(), subject)) {
                throw new BadCredentialsException(INVALID_TOKEN);
            }
            if (list.stream().anyMatch(str5 -> {
                return httpServletRequest.getServletPath().endsWith(str5);
            }) || ApiTokenPermission.valueOf(str3).getAllowedMethods().contains(httpServletRequest.getMethod())) {
                return true;
            }
            throw new BadCredentialsException(INVALID_TOKEN);
        } catch (JwtException | IllegalArgumentException e) {
            throw new BadCredentialsException(INVALID_TOKEN, e);
        }
    }

    private ApiToken throwNotExistOrSetLastUsage(Optional<ApiToken> optional) {
        if (optional.isEmpty()) {
            throw new BadCredentialsException(INVALID_TOKEN);
        }
        ApiToken apiToken = optional.get();
        apiToken.setLastUsage(new Date());
        this.apiTokenDao.saveAndFlush(apiToken);
        return apiToken;
    }

    private static boolean isTokenValid(ApiToken apiToken, String str, Date date, String str2) {
        return Objects.equals(apiToken.getPermissions(), str) && Objects.equals(apiToken.getExpiryDate(), LocalDateTime.ofInstant(date.toInstant(), ZoneOffset.UTC).format(DateTimeFormatter.ISO_DATE)) && Objects.equals(apiToken.getUser().getId().toString(), str2) && new Date().before(date);
    }
}
