package io.gitlab.clockystarters.clockyclockysecuritystarter;

import io.gitlab.clockystarters.clockyclockysecuritystarter.model.JwtAuthentication;
import io.gitlab.clockystarters.clockyclockysecuritystarter.model.Role;
import io.gitlab.clockystarters.clockyclockysecuritystarter.model.User;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gitlab/clockystarters/clockyclockysecuritystarter/JwtProvider.class */
public class JwtProvider {
    private static final Logger log = LoggerFactory.getLogger(JwtProvider.class);
    private final SecretKey jwtAccessSecret;
    private final SecretKey jwtRefreshSecret;

    public JwtProvider(@Value("${jwt.secret.access}") String str, @Value("${jwt.secret.refresh}") String str2) {
        this.jwtAccessSecret = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(str));
        this.jwtRefreshSecret = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(str2));
    }

    public Map<String, String> getTokens(@NonNull User user) {
        if (user == null) {
            throw new NullPointerException("user is marked non-null but is null");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("accessToken", generateAccessToken(user));
        hashMap.put("refreshToken", generateRefreshToken(user));
        return hashMap;
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.time.ZonedDateTime] */
    public String generateAccessToken(@NonNull User user) {
        if (user == null) {
            throw new NullPointerException("user is marked non-null but is null");
        }
        return Jwts.builder().setSubject(user.getEmail()).setExpiration(Date.from(LocalDateTime.now().plusMinutes(5L).atZone(ZoneId.systemDefault()).toInstant())).signWith(this.jwtAccessSecret).claim("roles", user.getRoles()).claim("email", user.getEmail()).compact();
    }

    public JwtAuthentication generate(Claims claims) {
        JwtAuthentication jwtAuthentication = new JwtAuthentication();
        jwtAuthentication.setRoles((Set) ((List) claims.get("roles", List.class)).stream().map(Role::valueOf).collect(Collectors.toSet()));
        jwtAuthentication.setEmail(claims.getSubject());
        return jwtAuthentication;
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.time.ZonedDateTime] */
    public String generateRefreshToken(@NonNull User user) {
        if (user == null) {
            throw new NullPointerException("user is marked non-null but is null");
        }
        return Jwts.builder().setSubject(user.getEmail()).setExpiration(Date.from(LocalDateTime.now().plusDays(30L).atZone(ZoneId.systemDefault()).toInstant())).signWith(this.jwtRefreshSecret).compact();
    }

    public boolean validateAccessToken(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("accessToken is marked non-null but is null");
        }
        return validateToken(str, this.jwtAccessSecret);
    }

    public boolean validateRefreshToken(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("refreshToken is marked non-null but is null");
        }
        return validateToken(str, this.jwtRefreshSecret);
    }

    private boolean validateToken(@NonNull String str, @NonNull Key key) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        if (key == null) {
            throw new NullPointerException("secret is marked non-null but is null");
        }
        try {
            Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(str);
            return true;
        } catch (MalformedJwtException e) {
            log.error("Malformed jwt", e);
            return false;
        } catch (UnsupportedJwtException e2) {
            log.error("Unsupported jwt", e2);
            return false;
        } catch (ExpiredJwtException e3) {
            log.error("Token expired", e3);
            return false;
        } catch (SignatureException e4) {
            log.error("Invalid signature", e4);
            return false;
        } catch (Exception e5) {
            log.error("invalid token", e5);
            return false;
        }
    }

    public Claims getAccessClaims(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        return getClaims(str, this.jwtAccessSecret);
    }

    public Claims getRefreshClaims(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        return getClaims(str, this.jwtRefreshSecret);
    }

    private Claims getClaims(@NonNull String str, @NonNull Key key) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        if (key == null) {
            throw new NullPointerException("secret is marked non-null but is null");
        }
        return (Claims) Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(str).getBody();
    }
}
