package de.qfm.erp.service.service.route.impl;

import com.google.common.collect.ImmutableSet;
import de.qfm.erp.common.response.user.JWTTokenResponse;
import de.qfm.erp.common.response.user.UserCommon;
import de.qfm.erp.service.helper.UserHelper;
import de.qfm.erp.service.model.exception.request.JwtTokenException;
import de.qfm.erp.service.model.exception.response.ResourceNotFoundException;
import de.qfm.erp.service.model.internal.authentication.JwtToken;
import de.qfm.erp.service.model.internal.fieldname.EField;
import de.qfm.erp.service.model.internal.fieldname.FieldNamesFactory;
import de.qfm.erp.service.model.jpa.user.User;
import de.qfm.erp.service.service.handler.UserHandler;
import de.qfm.erp.service.service.mapper.JwtTokenMapper;
import de.qfm.erp.service.service.mapper.UserMapper;
import de.qfm.erp.service.service.route.AuthenticationRoute;
import de.qfm.erp.service.service.security.AuthenticationHelper;
import de.qfm.erp.service.service.security.JwtTokenProvider;
import io.jsonwebtoken.Claims;
import jakarta.servlet.http.HttpServletRequest;
import java.time.Clock;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Nonnull;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:BOOT-INF/classes/de/qfm/erp/service/service/route/impl/AuthenticationRouteImpl.class */
public class AuthenticationRouteImpl implements AuthenticationRoute {
    private static final Set<String> UNTOUCH_PASSWORD_USER_NAMES = ImmutableSet.of("admin", "sync");
    private final AuthenticationHelper authenticationHelper;
    private final UserHandler userHandler;
    private final UserMapper userMapper;
    private final JwtTokenProvider jwtTokenProvider;
    private final AuthenticationManager authenticationManager;
    private final JwtTokenMapper jwtTokenMapper;
    private static final String BCRYPT_PREFIX = "{bcrypt_12}";

    @Override // de.qfm.erp.service.service.route.AuthenticationRoute
    @Transactional
    @Nonnull
    public JWTTokenResponse signIn(@NonNull String str, @NonNull String str2) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("password is marked non-null but is null");
        }
        String lowerCase = StringUtils.lowerCase(str);
        String decodePassword = this.authenticationHelper.decodePassword(str2);
        Optional<User> byNameNotFailing = this.userHandler.byNameNotFailing(str);
        this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(str, (StringUtils.startsWith((String) byNameNotFailing.map((v0) -> {
            return v0.getPassword();
        }).orElse(""), BCRYPT_PREFIX) || UNTOUCH_PASSWORD_USER_NAMES.contains(lowerCase)) ? decodePassword : StringUtils.upperCase(decodePassword)));
        if (byNameNotFailing.isEmpty()) {
            throw ResourceNotFoundException.of(User.class.getSimpleName(), FieldNamesFactory.simpleFieldName(EField.USER__NAME), str);
        }
        User user = byNameNotFailing.get();
        if (Objects.equals(user.getAllowedToLogin(), Boolean.TRUE)) {
            return this.jwtTokenMapper.map(this.jwtTokenProvider.signInToken(str, UserHelper.allRoles(user)));
        }
        throw new DisabledException(String.format("User %s is disabled", user.getUsername()));
    }

    @Override // de.qfm.erp.service.service.route.AuthenticationRoute
    @Transactional
    @Nonnull
    public UserCommon whoAmI(@NonNull HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new NullPointerException("req is marked non-null but is null");
        }
        return this.userMapper.mapUser(this.userHandler.userGetBucket(this.userHandler.byNameFailing(this.jwtTokenProvider.getUsername(this.jwtTokenProvider.resolveToken(httpServletRequest)))));
    }

    @Override // de.qfm.erp.service.service.route.AuthenticationRoute
    @Transactional
    @Nonnull
    public JWTTokenResponse refresh(@NonNull HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new NullPointerException("req is marked non-null but is null");
        }
        String resolveToken = this.jwtTokenProvider.resolveToken(httpServletRequest);
        Claims claims = this.jwtTokenProvider.claims(resolveToken);
        Date issuedAt = claims.getIssuedAt();
        Date expiration = claims.getExpiration();
        if (Date.from(Instant.now(Clock.systemUTC())).compareTo(expiration) >= 0) {
            throw new JwtTokenException("Refresh Token Expired");
        }
        JwtToken.JwtTokenPart of = JwtToken.JwtTokenPart.of(LocalDateTime.ofInstant(issuedAt.toInstant(), ZoneOffset.UTC), LocalDateTime.ofInstant(expiration.toInstant(), ZoneOffset.UTC), resolveToken);
        String username = this.jwtTokenProvider.getUsername(resolveToken);
        return this.jwtTokenMapper.map(this.jwtTokenProvider.refreshToken(of, username, UserHelper.allRoles(this.userHandler.byNameFailing(username))));
    }

    public AuthenticationRouteImpl(AuthenticationHelper authenticationHelper, UserHandler userHandler, UserMapper userMapper, JwtTokenProvider jwtTokenProvider, AuthenticationManager authenticationManager, JwtTokenMapper jwtTokenMapper) {
        this.authenticationHelper = authenticationHelper;
        this.userHandler = userHandler;
        this.userMapper = userMapper;
        this.jwtTokenProvider = jwtTokenProvider;
        this.authenticationManager = authenticationManager;
        this.jwtTokenMapper = jwtTokenMapper;
    }
}
