package inc.yukawa.chain.security.jwt.token.json;

import inc.yukawa.chain.security.domain.AccessToken;
import inc.yukawa.chain.security.jwt.config.JwtSettings;
import inc.yukawa.chain.security.jwt.token.JwsAccessToken;
import inc.yukawa.chain.security.jwt.token.JwsTokenFactory;
import inc.yukawa.chain.security.jwt.token.JwsTokenRevoker;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import reactor.core.publisher.Mono;

@Component("security.JwtTokenFactory")
/* loaded from: input_file:inc/yukawa/chain/security/jwt/token/json/JsonWebTokenFactory.class */
public class JsonWebTokenFactory extends JsonWebTokenReader implements JwsTokenFactory<Authentication, JwsAccessToken> {
    private static final Logger log = LoggerFactory.getLogger(JsonWebTokenFactory.class);
    private final JwtSettings settings;
    private final JwsTokenRevoker revocationHandler;

    public JsonWebTokenFactory(JwtSettings jwtSettings, @Autowired(required = false) JwsTokenRevoker jwsTokenRevoker) {
        super(jwtSettings.getSigningKey());
        this.settings = jwtSettings;
        this.revocationHandler = jwsTokenRevoker;
    }

    /* JADX WARN: Type inference failed for: r1v20, types: [java.time.ZonedDateTime] */
    /* JADX WARN: Type inference failed for: r1v3, types: [java.time.ZonedDateTime] */
    public JsonWebAccessToken createRefreshToken(Authentication authentication) {
        LocalDateTime now = LocalDateTime.now();
        Claims id = Jwts.claims().setSubject(authentication.getName()).setIssuedAt(Date.from(now.atZone(ZoneId.systemDefault()).toInstant())).setId(UUID.randomUUID().toString());
        if (this.settings.getRefreshTokenExpMinutes().intValue() >= 0) {
            id.setExpiration(Date.from(now.plusMinutes(this.settings.getRefreshTokenExpMinutes().intValue()).atZone(ZoneId.systemDefault()).toInstant()));
        }
        if (this.settings.getTokenIssuer() != null) {
            id.setIssuer(this.settings.getTokenIssuer());
        }
        id.put("scope", Collections.singletonList(this.settings.getRefreshTokenRole()));
        if (authentication.getDetails() != null) {
            id.put("details", authentication.getDetails());
        }
        return new JsonWebAccessToken(Jwts.builder().setClaims(id).signWith(this.settings.getSignatureAlg(), this.settings.getSigningKey()).compact(), id);
    }

    @Override // inc.yukawa.chain.security.jwt.token.JwsTokenFactory
    public Mono<AccessToken> validateRefreshTokenAsync(String str) {
        return Mono.just(parseToken(str)).cast(AccessToken.class).filter(accessToken -> {
            return accessToken.getRoles().contains(this.settings.getRefreshTokenRole());
        }).switchIfEmpty(Mono.error(new InsufficientAuthenticationException(this.settings.getRefreshTokenRole()))).filterWhen(accessToken2 -> {
            log.debug("validateRefreshTokenAsync: subject = " + accessToken2.getSubject());
            return this.revocationHandler != null ? this.revocationHandler.isRevokedAsync((AccessToken<?>) accessToken2).map(bool -> {
                return Boolean.valueOf(!bool.booleanValue());
            }) : Mono.just(true);
        }).switchIfEmpty(Mono.error(new AccountExpiredException("Refresh token revoked"))).doOnSuccessOrError((accessToken3, th) -> {
            log.info("validateRefreshTokenAsync: tok : " + accessToken3 + " /  " + th);
        });
    }

    @Override // inc.yukawa.chain.security.jwt.token.JwsTokenFactory
    public Mono<Jws<Claims>> validateRefreshAsync(String str) {
        Jws<Claims> m7parseClaims = super.m7parseClaims(str);
        List list = (List) ((Claims) m7parseClaims.getBody()).get("scope", List.class);
        if (list == null || !list.contains(this.settings.getRefreshTokenRole())) {
            throw new InsufficientAuthenticationException(this.settings.getRefreshTokenRole());
        }
        return this.revocationHandler != null ? this.revocationHandler.isRevokedAsync((Claims) m7parseClaims.getBody()).map(bool -> {
            if (bool.booleanValue()) {
                throw new AccountExpiredException("Refresh token revoked");
            }
            return m7parseClaims;
        }) : Mono.just(m7parseClaims);
    }

    public AccessToken<?> validateRefresh(String str) {
        AccessToken<?> parseToken = super.parseToken(str);
        List roles = parseToken.getRoles();
        if (roles == null || !roles.contains(this.settings.getRefreshTokenRole())) {
            throw new InsufficientAuthenticationException(this.settings.getRefreshTokenRole());
        }
        if (this.revocationHandler == null || !this.revocationHandler.isRevoked(parseToken)) {
            return parseToken;
        }
        throw new AccountExpiredException("Refresh token revoked");
    }

    /* renamed from: revokeRefresh, reason: merged with bridge method [inline-methods] */
    public Jws<Claims> m5revokeRefresh(String str) {
        Jws<Claims> m7parseClaims = super.m7parseClaims(str);
        if (this.revocationHandler != null) {
            this.revocationHandler.revoke((Claims) m7parseClaims.getBody());
        }
        return m7parseClaims;
    }

    public void revokeAllBefore(Instant instant) {
        if (this.revocationHandler != null) {
            this.revocationHandler.revokeAllBefore(instant);
        }
    }

    /* JADX WARN: Type inference failed for: r1v3, types: [java.time.ZonedDateTime] */
    /* JADX WARN: Type inference failed for: r1v8, types: [java.time.ZonedDateTime] */
    public JsonWebAccessToken createAccessToken(Authentication authentication) {
        LocalDateTime now = LocalDateTime.now();
        Claims expiration = Jwts.claims().setSubject(authentication.getName()).setIssuedAt(Date.from(now.atZone(ZoneId.systemDefault()).toInstant())).setExpiration(Date.from(now.plusMinutes(this.settings.getTokenExpirationMinutes().intValue()).atZone(ZoneId.systemDefault()).toInstant()));
        if (this.settings.getTokenIssuer() != null) {
            expiration.setIssuer(this.settings.getTokenIssuer());
        }
        expiration.put("scope", convertAuthorities(authentication));
        if (authentication.getDetails() != null) {
            expiration.put("details", authentication.getDetails());
        }
        return new JsonWebAccessToken(Jwts.builder().setClaims(expiration).signWith(this.settings.getSignatureAlg(), this.settings.getSigningKey()).compact(), expiration);
    }

    /* JADX WARN: Type inference failed for: r1v2, types: [java.time.ZonedDateTime] */
    /* renamed from: createSystemToken, reason: merged with bridge method [inline-methods] */
    public JsonWebAccessToken m6createSystemToken(String str, String... strArr) {
        Claims issuedAt = Jwts.claims().setSubject(str).setIssuedAt(Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant()));
        if (this.settings.getTokenIssuer() != null) {
            issuedAt.setIssuer(this.settings.getTokenIssuer());
        }
        issuedAt.put("scope", Arrays.asList(strArr));
        return new JsonWebAccessToken(Jwts.builder().setClaims(issuedAt).signWith(this.settings.getSignatureAlg(), this.settings.getSigningKey()).compact(), issuedAt);
    }

    protected List<String> convertAuthorities(Authentication authentication) {
        return (List) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toList());
    }

    public String toString() {
        return getClass().getSimpleName() + "{settings=" + this.settings + ", revocationHandler=" + this.revocationHandler + "} " + super.toString();
    }
}
