package com.github.euler.api.security;

import ch.qos.logback.core.net.ssl.SSL;
import com.github.euler.api.APIConfiguration;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigException;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Base64;
import java.util.Date;
import javax.annotation.PostConstruct;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/http-api-0.4.2.jar:com/github/euler/api/security/SecurityServiceImpl.class */
public class SecurityServiceImpl implements SecurityService {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SecurityServiceImpl.class);
    private final APIConfiguration config;
    private byte[] secret;
    private Duration tokenMaxAge;

    @Autowired
    public SecurityServiceImpl(APIConfiguration aPIConfiguration) {
        this.config = aPIConfiguration;
    }

    @PostConstruct
    public void postConstruct() throws IOException {
        Config config = this.config.getConfig().getConfig("euler.security");
        if (config.hasPath("secret-file")) {
            FileInputStream fileInputStream = new FileInputStream(config.getString("secret-file"));
            try {
                this.secret = Base64.getMimeDecoder().decode(IOUtils.toString(fileInputStream, "utf-8"));
                fileInputStream.close();
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } else {
            try {
                this.secret = Base64.getDecoder().decode(config.getString("secret"));
            } catch (ConfigException.Missing e) {
                LOGGER.warn("Secret configuration not found. Generating one.");
                renewSecret();
            }
        }
        this.tokenMaxAge = config.getDuration("token-max-age");
    }

    @Override // com.github.euler.api.security.SecurityService
    public void renewSecret() {
        try {
            byte[] bArr = new byte[512];
            SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM).nextBytes(bArr);
            this.secret = bArr;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.github.euler.api.security.SecurityService
    public Date calculateExpirationFromNow() {
        return new Date(System.currentTimeMillis() + this.tokenMaxAge.toMillis());
    }

    @Override // com.github.euler.api.security.SecurityService
    public byte[] getSecret() {
        return this.secret;
    }

    @Override // com.github.euler.api.security.SecurityService
    public Duration getTokenMaxAge() {
        return this.tokenMaxAge;
    }
}
