package io.github.sevenparadigms.abac.security.auth.encrypt;

import io.github.sevenparadigms.abac.Constants;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.jackson.io.JacksonDeserializer;
import io.jsonwebtoken.security.SignatureException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Stream;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.streams.jdk8.StreamsKt;
import kotlin.text.Charsets;
import org.apache.commons.lang3.ObjectUtils;
import org.jetbrains.annotations.NotNull;
import org.sevenparadigms.kotlin.common.LogExtensionsKt;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;

/* compiled from: JwtTokenProvider.kt */
@Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��$\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u000b\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0017\u0018�� \u00172\u00020\u0001:\u0001\u0017B\u0005¢\u0006\u0002\u0010\u0002J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0004H\u0016J\u0010\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0004H\u0016J\u0010\u0010\u0015\u001a\u00020\u00042\u0006\u0010\u0016\u001a\u00020\u0010H\u0016R\u001e\u0010\u0003\u001a\u00020\u00048\u0016@\u0016X\u0097.¢\u0006\u000e\n��\u001a\u0004\b\u0005\u0010\u0006\"\u0004\b\u0007\u0010\bR\u001e\u0010\t\u001a\u00020\u00048\u0016@\u0016X\u0097.¢\u0006\u000e\n��\u001a\u0004\b\n\u0010\u0006\"\u0004\b\u000b\u0010\bR\u001e\u0010\f\u001a\u00020\u00048\u0016@\u0016X\u0097.¢\u0006\u000e\n��\u001a\u0004\b\r\u0010\u0006\"\u0004\b\u000e\u0010\b¨\u0006\u0018"}, d2 = {"Lio/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider;", "", "()V", "expiration", "", "getExpiration", "()Ljava/lang/String;", "setExpiration", "(Ljava/lang/String;)V", "pubkey", "getPubkey", "setPubkey", "seckey", "getSeckey", "setSeckey", "getAuthentication", "Lorg/springframework/security/core/Authentication;", "authorizeKey", "getClaims", "Lio/jsonwebtoken/Claims;", "authToken", "getToken", "authentication", "Companion", "reactive-spring-abac-security"})
@Component
/* loaded from: input_file:io/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider.class */
public class JwtTokenProvider {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @Value("${spring.security.secret}")
    public String seckey;

    @Value("${spring.security.public}")
    public String pubkey;

    @Value("${spring.security.expiration}")
    public String expiration;

    /* compiled from: JwtTokenProvider.kt */
    @Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��\u0018\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u0006H\u0007¨\u0006\u0007"}, d2 = {"Lio/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider$Companion;", "", "()V", "getPrincipal", "Lorg/springframework/security/core/userdetails/User;", "authToken", "", "reactive-spring-abac-security"})
    /* loaded from: input_file:io/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        @JvmStatic
        @NotNull
        public final User getPrincipal(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "authToken");
            Object obj = ((Claims) Jwts.parserBuilder().deserializeJsonWith(new JacksonDeserializer(MapsKt.mutableMapOf(new Pair[]{TuplesKt.to("user", User.class)}))).build().parseClaimsJwt(str).getBody()).get("user", User.class);
            Intrinsics.checkNotNullExpressionValue(obj, "parserBuilder()\n        …\"user\", User::class.java)");
            return (User) obj;
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @NotNull
    public String getSeckey() {
        String str = this.seckey;
        if (str != null) {
            return str;
        }
        Intrinsics.throwUninitializedPropertyAccessException("seckey");
        return null;
    }

    public void setSeckey(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.seckey = str;
    }

    @NotNull
    public String getPubkey() {
        String str = this.pubkey;
        if (str != null) {
            return str;
        }
        Intrinsics.throwUninitializedPropertyAccessException("pubkey");
        return null;
    }

    public void setPubkey(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.pubkey = str;
    }

    @NotNull
    public String getExpiration() {
        String str = this.expiration;
        if (str != null) {
            return str;
        }
        Intrinsics.throwUninitializedPropertyAccessException("expiration");
        return null;
    }

    public void setExpiration(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.expiration = str;
    }

    @NotNull
    public String getToken(@NotNull Authentication authentication) {
        Intrinsics.checkNotNullParameter(authentication, "authentication");
        Stream map = authentication.getAuthorities().stream().map(JwtTokenProvider::m19getToken$lambda0);
        Intrinsics.checkNotNullExpressionValue(map, "authentication.authoriti…hority -> obj.authority }");
        JwtBuilder claim = Jwts.builder().setSubject(authentication.getName()).claim(Constants.TOKEN_ROLES, StreamsKt.toList(map));
        byte[] bytes = (getSeckey() + getExpiration()).getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        String compact = claim.signWith(new SecretKeySpec(bytes, SignatureAlgorithm.HS512.getJcaName())).setExpiration(new Date(new Date().getTime() + (Long.parseLong(getExpiration()) * 1000))).compact();
        Intrinsics.checkNotNullExpressionValue(compact, "builder()\n            .s…))\n            .compact()");
        return compact;
    }

    @NotNull
    public Authentication getAuthentication(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "authorizeKey");
        Claims claims = getClaims(str);
        Object obj = claims.get(Constants.TOKEN_ROLES, Collection.class);
        Intrinsics.checkNotNullExpressionValue(obj, "claims.get(TOKEN_ROLES, …leCollection::class.java)");
        Iterable iterable = (Iterable) obj;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(iterable, 10));
        Iterator it = iterable.iterator();
        while (it.hasNext()) {
            arrayList.add(new SimpleGrantedAuthority(String.valueOf(it.next())));
        }
        List list = CollectionsKt.toList(arrayList);
        return new UsernamePasswordAuthenticationToken(new User(claims.getSubject(), "", list), claims, list);
    }

    @NotNull
    public Claims getClaims(@NotNull String str) {
        PublicKey generatePublic;
        Intrinsics.checkNotNullParameter(str, "authToken");
        try {
            if (ObjectUtils.isNotEmpty(getSeckey()) && ObjectUtils.isNotEmpty(getExpiration())) {
                byte[] bytes = (getSeckey() + getExpiration()).getBytes(Charsets.UTF_8);
                Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
                generatePublic = new SecretKeySpec(bytes, SignatureAlgorithm.HS512.getJcaName());
            } else {
                if (!ObjectUtils.isNotEmpty(getPubkey())) {
                    throw new RuntimeException("Property with public key[spring.security.public] not found");
                }
                generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(getPubkey())));
            }
            Object body = Jwts.parserBuilder().setSigningKey(generatePublic).build().parseClaimsJws(str).getBody();
            Intrinsics.checkNotNullExpressionValue(body, "parserBuilder()\n        …ClaimsJws(authToken).body");
            return (Claims) body;
        } catch (SignatureException e) {
            LogExtensionsKt.error(this, "Invalid JWT signature trace: {}", new Object[]{e});
            throw new BadCredentialsException("Invalid token");
        } catch (MalformedJwtException e2) {
            LogExtensionsKt.error(this, "Invalid JWT token trace: {}", new Object[]{e2});
            throw new BadCredentialsException("Invalid token");
        } catch (UnsupportedJwtException e3) {
            LogExtensionsKt.error(this, "Unsupported JWT token trace: {}", new Object[]{e3});
            throw new BadCredentialsException("Invalid token");
        } catch (IllegalArgumentException e4) {
            LogExtensionsKt.error(this, "JWT token compact of handler are invalid trace: {}", new Object[]{e4});
            throw new BadCredentialsException("Invalid token");
        } catch (ExpiredJwtException e5) {
            LogExtensionsKt.error(this, "Expired JWT token trace: {}", new Object[]{e5});
            throw new BadCredentialsException("Invalid token");
        }
    }

    /* renamed from: getToken$lambda-0, reason: not valid java name */
    private static final String m19getToken$lambda0(GrantedAuthority grantedAuthority) {
        Intrinsics.checkNotNullParameter(grantedAuthority, "obj");
        return grantedAuthority.getAuthority();
    }

    @JvmStatic
    @NotNull
    public static final User getPrincipal(@NotNull String str) {
        return Companion.getPrincipal(str);
    }
}
