package inc.yukawa.chain.security.service;

import inc.yukawa.chain.base.core.domain.result.EditResult;
import inc.yukawa.chain.base.core.event.EventProducer;
import inc.yukawa.chain.base.mono.dao.MonoLoadDao;
import inc.yukawa.chain.security.domain.AccessToken;
import inc.yukawa.chain.security.domain.Account;
import inc.yukawa.chain.security.domain.Credentials;
import inc.yukawa.chain.security.domain.TokenRequest;
import inc.yukawa.chain.security.event.AccessEvent;
import inc.yukawa.chain.security.jwt.token.JwsAccessToken;
import inc.yukawa.chain.security.jwt.token.json.JsonWebAuthenticationToken;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import java.time.Instant;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.Assert;
import reactor.core.publisher.Mono;

/* loaded from: input_file:inc/yukawa/chain/security/service/TokenAuthService.class */
public class TokenAuthService implements AuthAspect<Mono<Map<String, Object>>> {
    private static final Logger log = LoggerFactory.getLogger(TokenAuthService.class);
    protected final ReactiveUserDetailsService userDetailsService;
    protected final TokenFactory<Authentication, JwsAccessToken, Jws<Claims>> tokenFactory;
    protected final PasswordEncoder passwordEncoder;

    @Autowired(required = false)
    protected EventProducer<String, AccessToken> eventProducer;

    @Autowired
    protected MonoLoadDao<String, Account> loadDao;

    @Autowired
    protected ReactiveAuthenticationManager authManager;

    @Autowired
    public TokenAuthService(ReactiveUserDetailsService reactiveUserDetailsService, TokenFactory<Authentication, JwsAccessToken, Jws<Claims>> tokenFactory, PasswordEncoder passwordEncoder) {
        this.userDetailsService = reactiveUserDetailsService;
        this.tokenFactory = tokenFactory;
        this.passwordEncoder = passwordEncoder;
    }

    /* renamed from: login, reason: merged with bridge method [inline-methods] */
    public Mono<Map<String, Object>> m6login(Credentials credentials) {
        log.debug("====================");
        String username = credentials.getUsername();
        return loadAccount(username).map(account -> {
            log.debug("login: {} {}", username, account);
            if (!hasAccess(credentials, account)) {
                log.debug("login: {} failed - invalid password or status", username);
                fireEvent("auth:denied", username, null);
                throw new BadCredentialsException(username);
            }
            Map<String, Object> buildDetails = buildDetails(credentials, account);
            log.debug("login: {} details {}", credentials.getUsername(), buildDetails);
            JsonWebAuthenticationToken jsonWebAuthenticationToken = new JsonWebAuthenticationToken(account.getUsername(), (Object) null, buildDetails, (List) findRoles(credentials, account).stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
            AccessToken<?> accessToken = (AccessToken) this.tokenFactory.createAccessToken(jsonWebAuthenticationToken);
            AccessToken<?> accessToken2 = (AccessToken) this.tokenFactory.createRefreshToken(jsonWebAuthenticationToken);
            fireEvent("auth:authenticated", username, accessToken);
            return buildTokenMap(accessToken, accessToken2, account);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Mono<Account> loadAccount(String str) {
        return this.loadDao.load(str).switchIfEmpty(Mono.error(new UsernameNotFoundException(str)));
    }

    protected Set<String> findRoles(Credentials credentials, Account account) {
        HashSet hashSet = new HashSet(account.getRoles());
        if (!hashSet.isEmpty()) {
            hashSet.add("ROLE_AUTH");
        }
        return hashSet;
    }

    protected Map<String, Object> buildDetails(Credentials credentials, Account account) {
        return account.getDetails();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void fireEvent(String str, String str2, AccessToken<?> accessToken) {
        if (this.eventProducer != null) {
            this.eventProducer.fireAndForget(new AccessEvent(str, accessToken), str2, (String) null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasAccess(Credentials credentials, Account account) {
        return hasAccess(account) && this.passwordEncoder.matches(credentials.getPassword(), account.getPassword());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasAccess(Account account) {
        return account.isEnabled() && account.isAccountNonExpired() && account.isAccountNonLocked() && account.isCredentialsNonExpired();
    }

    protected boolean hasAccess(Credentials credentials, UserDetails userDetails) {
        return userDetails.isEnabled() && userDetails.isAccountNonExpired() && userDetails.isAccountNonLocked() && userDetails.isCredentialsNonExpired() && this.passwordEncoder.matches(credentials.getPassword(), userDetails.getPassword());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Object> buildTokenMap(AccessToken<?> accessToken, AccessToken<?> accessToken2, Account account) {
        HashMap hashMap = new HashMap();
        hashMap.put("scope", accessToken.getRoles());
        if (accessToken.getExpiration() != null) {
            hashMap.put("expires_in", Long.valueOf(accessToken.getExpiration().getTime() - System.currentTimeMillis()));
            hashMap.put("access_expires", accessToken.getExpiration());
        }
        hashMap.put("access_token", accessToken.getToken());
        hashMap.put("details", accessToken.getDetails());
        if (account != null) {
            hashMap.put("username", account.getUsername());
        }
        hashMap.put("token_type", "Bearer");
        if (accessToken2 != null) {
            hashMap.put("refresh_token", accessToken2.getToken());
            hashMap.put("refresh_expires", accessToken2.getExpiration());
        }
        return hashMap;
    }

    public Mono<Instant> revokeAllTokens(Instant instant) {
        log.debug("revokeAllTokens: instant = {}", instant);
        this.tokenFactory.revokeAllBefore(instant);
        return Mono.justOrEmpty(instant);
    }

    public Mono<EditResult> revokeToken(String str) {
        return Mono.just(new EditResult("revokeToken", JwsAccessToken.class, ((Claims) ((Jws) this.tokenFactory.revokeRefresh(str)).getBody()).getId()));
    }

    /* renamed from: refresh, reason: merged with bridge method [inline-methods] */
    public Mono<Map<String, Object>> m5refresh(String str) {
        try {
            AccessToken validateRefresh = this.tokenFactory.validateRefresh(str);
            String subject = validateRefresh.getSubject();
            Credentials credentials = new Credentials(subject, (String) null, validateRefresh.getOrgId());
            log.debug("refreshToken for {}", credentials);
            return this.loadDao.load(subject).map(account -> {
                Map<String, Object> buildDetails = buildDetails(credentials, account);
                log.debug("refresh: {} details {}", subject, buildDetails);
                return buildTokenMap((JwsAccessToken) this.tokenFactory.createAccessToken(new JsonWebAuthenticationToken(account.getUsername(), (Object) null, buildDetails, (List) findRoles(credentials, account).stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()))), null, account);
            });
        } catch (AuthenticationException e) {
            log.info(e.getClass().getSimpleName() + " : " + e);
            return Mono.error(e);
        }
    }

    /* renamed from: decode, reason: merged with bridge method [inline-methods] */
    public Mono<Map<String, Object>> m7decode(String str) {
        return this.tokenFactory.parseTokenAsync(str).map(accessToken -> {
            Map<String, Object> buildTokenMap = buildTokenMap(accessToken, null, null);
            buildTokenMap.put("subject", accessToken.getSubject());
            buildTokenMap.put("details", accessToken.getDetails());
            buildTokenMap.put("id", accessToken.getId());
            buildTokenMap.remove("access_token");
            return buildTokenMap;
        });
    }

    /* renamed from: systemToken, reason: merged with bridge method [inline-methods] */
    public Mono<Map<String, Object>> m4systemToken(TokenRequest tokenRequest) {
        Assert.hasText(tokenRequest.getUsername(), "username");
        Assert.notNull(tokenRequest.getRoles(), "roles");
        HashMap hashMap = new HashMap();
        hashMap.put("orgId", tokenRequest.getOrgId());
        return Mono.just(buildTokenMap((AccessToken) this.tokenFactory.createSystemToken(tokenRequest.getUsername(), hashMap, (String[]) tokenRequest.getRoles().toArray(new String[0])), null, new Account(tokenRequest.getUsername())));
    }

    @Override // 
    /* renamed from: switchOrg, reason: merged with bridge method [inline-methods] */
    public Mono<Map<String, Object>> mo1switchOrg(String str) {
        throw new UnsupportedOperationException("TokenAuthService.switchOrg not supported");
    }
}
