package io.mosaicboot.core.user.service;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.mosaicboot.core.auth.config.MosaicAuthProperties;
import io.mosaicboot.core.auth.oauth2.OAuth2AccessTokenRepository;
import io.mosaicboot.core.domain.user.Authentication;
import io.mosaicboot.core.repository.AuthenticationRepositoryBase;
import io.mosaicboot.core.user.model.OAuth2AccessTokenJson;
import io.mosaicboot.core.user.model.OAuth2RefreshTokenJson;
import io.mosaicboot.core.util.ServerSideCrypto;
import java.time.Clock;
import java.time.Instant;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.security.oauth2.client.ClientAuthorizationException;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
import org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.stereotype.Service;

/* compiled from: MosaicOAuth2TokenService.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��\u008a\u0001\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0010\t\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\b\u0017\u0018��2\u00020\u0001B1\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\n\u0010\u0006\u001a\u0006\u0012\u0002\b\u00030\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b¢\u0006\u0002\u0010\fJ\"\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u00192\b\b\u0002\u0010\u001b\u001a\u00020\u001cH\u0016J\u0018\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020 2\u0006\u0010!\u001a\u00020\"H\u0012J\u0017\u0010#\u001a\u00020$2\b\u0010%\u001a\u0004\u0018\u00010&H\u0016¢\u0006\u0002\u0010'J \u0010(\u001a\u00020)2\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u00192\u0006\u0010\u001f\u001a\u00020 H\u0016J \u0010*\u001a\u00020)2\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u00192\u0006\u0010+\u001a\u00020\u0017H\u0016J\f\u0010,\u001a\u00020-*\u00020\u0017H\u0016J\f\u0010,\u001a\u00020.*\u00020/H\u0016R\u000e\u0010\r\u001a\u00020\u000eX\u0092\u000e¢\u0006\u0002\n��R\u0012\u0010\u0006\u001a\u0006\u0012\u0002\b\u00030\u0007X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u000bX\u0092\u0004¢\u0006\u0002\n��R\u0016\u0010\u000f\u001a\n \u0011*\u0004\u0018\u00010\u00100\u0010X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\tX\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0092\u0004¢\u0006\u0002\n��R\u0014\u0010\u0012\u001a\u00020\u0013X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\u0014\u0010\u0015¨\u00060"}, d2 = {"Lio/mosaicboot/core/user/service/MosaicOAuth2TokenService;", "", "mosaicAuthProperties", "Lio/mosaicboot/core/auth/config/MosaicAuthProperties;", "objectMapper", "Lcom/fasterxml/jackson/databind/ObjectMapper;", "authenticationRepository", "Lio/mosaicboot/core/repository/AuthenticationRepositoryBase;", "oAuth2AccessTokenRepository", "Lio/mosaicboot/core/auth/oauth2/OAuth2AccessTokenRepository;", "clientRegistrationRepository", "Lorg/springframework/security/oauth2/client/registration/ClientRegistrationRepository;", "(Lio/mosaicboot/core/auth/config/MosaicAuthProperties;Lcom/fasterxml/jackson/databind/ObjectMapper;Lio/mosaicboot/core/repository/AuthenticationRepositoryBase;Lio/mosaicboot/core/auth/oauth2/OAuth2AccessTokenRepository;Lorg/springframework/security/oauth2/client/registration/ClientRegistrationRepository;)V", "accessTokenResponseClient", "Lorg/springframework/security/oauth2/client/endpoint/RestClientRefreshTokenTokenResponseClient;", "clock", "Ljava/time/Clock;", "kotlin.jvm.PlatformType", "serverSideCrypto", "Lio/mosaicboot/core/util/ServerSideCrypto;", "getServerSideCrypto", "()Lio/mosaicboot/core/util/ServerSideCrypto;", "getAccessToken", "Lio/mosaicboot/core/user/model/OAuth2AccessTokenJson;", "userId", "", "authenticationId", "requireRemaining", "", "getTokenResponse", "Lorg/springframework/security/oauth2/core/endpoint/OAuth2AccessTokenResponse;", "authorizedClient", "Lorg/springframework/security/oauth2/client/OAuth2AuthorizedClient;", "refreshTokenGrantRequest", "Lorg/springframework/security/oauth2/client/endpoint/OAuth2RefreshTokenGrantRequest;", "isNeedRefresh", "", "expiresAt", "", "(Ljava/lang/Long;)Z", "update", "", "updateAccessToken", "accessTokenJson", "toToken", "Lorg/springframework/security/oauth2/core/OAuth2AccessToken;", "Lorg/springframework/security/oauth2/core/OAuth2RefreshToken;", "Lio/mosaicboot/core/user/model/OAuth2RefreshTokenJson;", "mosaic-boot-core"})
@Service
@SourceDebugExtension({"SMAP\nMosaicOAuth2TokenService.kt\nKotlin\n*S Kotlin\n*F\n+ 1 MosaicOAuth2TokenService.kt\nio/mosaicboot/core/user/service/MosaicOAuth2TokenService\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,201:1\n1#2:202\n*E\n"})
/* loaded from: input_file:io/mosaicboot/core/user/service/MosaicOAuth2TokenService.class */
public class MosaicOAuth2TokenService {

    @NotNull
    private final MosaicAuthProperties mosaicAuthProperties;

    @NotNull
    private final ObjectMapper objectMapper;

    @NotNull
    private final AuthenticationRepositoryBase<?> authenticationRepository;

    @NotNull
    private final OAuth2AccessTokenRepository oAuth2AccessTokenRepository;

    @NotNull
    private final ClientRegistrationRepository clientRegistrationRepository;

    @NotNull
    private final ServerSideCrypto serverSideCrypto;
    private final Clock clock;

    @NotNull
    private RestClientRefreshTokenTokenResponseClient accessTokenResponseClient;

    public MosaicOAuth2TokenService(@NotNull MosaicAuthProperties mosaicAuthProperties, @NotNull ObjectMapper objectMapper, @NotNull AuthenticationRepositoryBase<?> authenticationRepositoryBase, @NotNull OAuth2AccessTokenRepository oAuth2AccessTokenRepository, @NotNull ClientRegistrationRepository clientRegistrationRepository) {
        Intrinsics.checkNotNullParameter(mosaicAuthProperties, "mosaicAuthProperties");
        Intrinsics.checkNotNullParameter(objectMapper, "objectMapper");
        Intrinsics.checkNotNullParameter(authenticationRepositoryBase, "authenticationRepository");
        Intrinsics.checkNotNullParameter(oAuth2AccessTokenRepository, "oAuth2AccessTokenRepository");
        Intrinsics.checkNotNullParameter(clientRegistrationRepository, "clientRegistrationRepository");
        this.mosaicAuthProperties = mosaicAuthProperties;
        this.objectMapper = objectMapper;
        this.authenticationRepository = authenticationRepositoryBase;
        this.oAuth2AccessTokenRepository = oAuth2AccessTokenRepository;
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.serverSideCrypto = new ServerSideCrypto(this.mosaicAuthProperties.getJwe(), this.objectMapper);
        this.clock = Clock.systemUTC();
        this.accessTokenResponseClient = new RestClientRefreshTokenTokenResponseClient();
    }

    @NotNull
    public ServerSideCrypto getServerSideCrypto() {
        return this.serverSideCrypto;
    }

    public void update(@NotNull String str, @NotNull String str2, @NotNull OAuth2AuthorizedClient oAuth2AuthorizedClient) {
        Intrinsics.checkNotNullParameter(str, "userId");
        Intrinsics.checkNotNullParameter(str2, "authenticationId");
        Intrinsics.checkNotNullParameter(oAuth2AuthorizedClient, "authorizedClient");
        Authentication authentication = (Authentication) this.authenticationRepository.findById(str2).get();
        if (!Intrinsics.areEqual(authentication.getUserId(), str)) {
            throw new IllegalArgumentException("wrong userId");
        }
        OAuth2RefreshToken refreshToken = oAuth2AuthorizedClient.getRefreshToken();
        if (refreshToken != null) {
            authentication.setCredential(getServerSideCrypto().encrypt(OAuth2RefreshTokenJson.Companion.copyFrom(refreshToken)));
            Instant instant = this.clock.instant();
            Intrinsics.checkNotNullExpressionValue(instant, "instant(...)");
            authentication.setUpdatedAt(instant);
            AuthenticationRepositoryBase<?> authenticationRepositoryBase = this.authenticationRepository;
            Intrinsics.checkNotNull(authentication);
            authenticationRepositoryBase.saveEntity(authentication);
        }
        OAuth2AccessTokenJson.Companion companion = OAuth2AccessTokenJson.Companion;
        OAuth2AccessToken accessToken = oAuth2AuthorizedClient.getAccessToken();
        Intrinsics.checkNotNullExpressionValue(accessToken, "getAccessToken(...)");
        updateAccessToken(str, str2, companion.copyFrom(accessToken));
    }

    public void updateAccessToken(@NotNull String str, @NotNull String str2, @NotNull OAuth2AccessTokenJson oAuth2AccessTokenJson) {
        Instant instant;
        Intrinsics.checkNotNullParameter(str, "userId");
        Intrinsics.checkNotNullParameter(str2, "authenticationId");
        Intrinsics.checkNotNullParameter(oAuth2AccessTokenJson, "accessTokenJson");
        OAuth2AccessTokenRepository oAuth2AccessTokenRepository = this.oAuth2AccessTokenRepository;
        String str3 = str;
        String str4 = str2;
        Long expiresAt = oAuth2AccessTokenJson.getExpiresAt();
        if (expiresAt != null) {
            oAuth2AccessTokenRepository = oAuth2AccessTokenRepository;
            str3 = str3;
            str4 = str4;
            instant = Instant.ofEpochSecond(expiresAt.longValue());
        } else {
            instant = null;
        }
        oAuth2AccessTokenRepository.update(str3, str4, instant, getServerSideCrypto().encrypt(oAuth2AccessTokenJson));
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x005f, code lost:
    
        if (r0 == null) goto L17;
     */
    @org.jetbrains.annotations.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public io.mosaicboot.core.user.model.OAuth2AccessTokenJson getAccessToken(@org.jetbrains.annotations.NotNull java.lang.String r9, @org.jetbrains.annotations.NotNull java.lang.String r10, int r11) {
        /*
            Method dump skipped, instructions count: 499
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.mosaicboot.core.user.service.MosaicOAuth2TokenService.getAccessToken(java.lang.String, java.lang.String, int):io.mosaicboot.core.user.model.OAuth2AccessTokenJson");
    }

    public static /* synthetic */ OAuth2AccessTokenJson getAccessToken$default(MosaicOAuth2TokenService mosaicOAuth2TokenService, String str, String str2, int i, int i2, Object obj) {
        if (obj != null) {
            throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: getAccessToken");
        }
        if ((i2 & 4) != 0) {
            i = 180;
        }
        return mosaicOAuth2TokenService.getAccessToken(str, str2, i);
    }

    private OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizedClient oAuth2AuthorizedClient, OAuth2RefreshTokenGrantRequest oAuth2RefreshTokenGrantRequest) {
        try {
            OAuth2AccessTokenResponse tokenResponse = this.accessTokenResponseClient.getTokenResponse(oAuth2RefreshTokenGrantRequest);
            Intrinsics.checkNotNullExpressionValue(tokenResponse, "getTokenResponse(...)");
            return tokenResponse;
        } catch (OAuth2AuthorizationException e) {
            throw new ClientAuthorizationException(e.getError(), oAuth2AuthorizedClient.getClientRegistration().getRegistrationId(), e);
        }
    }

    public boolean isNeedRefresh(@Nullable Long l) {
        return l != null && l.longValue() - this.clock.instant().getEpochSecond() <= 300;
    }

    @NotNull
    public OAuth2AccessToken toToken(@NotNull OAuth2AccessTokenJson oAuth2AccessTokenJson) {
        Instant instant;
        Instant instant2;
        Intrinsics.checkNotNullParameter(oAuth2AccessTokenJson, "<this>");
        OAuth2AccessToken.TokenType tokenType = OAuth2AccessToken.TokenType.BEARER;
        String value = oAuth2AccessTokenJson.getValue();
        Long issuedAt = oAuth2AccessTokenJson.getIssuedAt();
        if (issuedAt != null) {
            tokenType = tokenType;
            value = value;
            instant = Instant.ofEpochSecond(issuedAt.longValue());
        } else {
            instant = null;
        }
        Long expiresAt = oAuth2AccessTokenJson.getExpiresAt();
        if (expiresAt != null) {
            tokenType = tokenType;
            value = value;
            instant = instant;
            instant2 = Instant.ofEpochSecond(expiresAt.longValue());
        } else {
            instant2 = null;
        }
        return new OAuth2AccessToken(tokenType, value, instant, instant2, oAuth2AccessTokenJson.getScopes());
    }

    @NotNull
    public OAuth2RefreshToken toToken(@NotNull OAuth2RefreshTokenJson oAuth2RefreshTokenJson) {
        Instant instant;
        Instant instant2;
        Intrinsics.checkNotNullParameter(oAuth2RefreshTokenJson, "<this>");
        String value = oAuth2RefreshTokenJson.getValue();
        Long issuedAt = oAuth2RefreshTokenJson.getIssuedAt();
        if (issuedAt != null) {
            value = value;
            instant = Instant.ofEpochSecond(issuedAt.longValue());
        } else {
            instant = null;
        }
        Long expiresAt = oAuth2RefreshTokenJson.getExpiresAt();
        if (expiresAt != null) {
            value = value;
            instant = instant;
            instant2 = Instant.ofEpochSecond(expiresAt.longValue());
        } else {
            instant2 = null;
        }
        return new OAuth2RefreshToken(value, instant, instant2);
    }
}
