package io.nats.bridge.admin;

import io.micrometer.core.annotation.Timed;
import io.micrometer.core.instrument.Counter;
import io.micrometer.core.instrument.MeterRegistry;
import io.nats.bridge.admin.models.logins.Login;
import io.nats.bridge.admin.models.logins.LoginRequest;
import io.nats.bridge.admin.models.logins.TokenResponse;
import io.nats.bridge.admin.util.EncryptUtils;
import io.nats.bridge.admin.util.JwtUtils;
import io.swagger.annotations.ApiImplicitParam;
import java.util.Map;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;

/* compiled from: Controllers.kt */
@RequestMapping({"/api/v1/login"})
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��B\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010$\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0017\u0018��2\u00020\u0001B)\u0012\b\b\u0001\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0001\u0010\u0004\u001a\u00020\u0003\u0012\u0006\u0010\u0005\u001a\u00020\u0006\u0012\u0006\u0010\u0007\u001a\u00020\b¢\u0006\u0002\u0010\tJ$\u0010\u0010\u001a\u00020\u00112\u0012\u0010\u0012\u001a\u000e\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\u00030\u00132\u0006\u0010\u0014\u001a\u00020\u0015H\u0016J(\u0010\u0016\u001a\u00020\u00112\u0014\b\u0001\u0010\u0012\u001a\u000e\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\u00030\u00132\b\b\u0001\u0010\u0014\u001a\u00020\u0015H\u0017R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u000bX\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��R\u0016\u0010\f\u001a\n \u000e*\u0004\u0018\u00010\r0\rX\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0006X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u000f\u001a\u00020\u000bX\u0092\u0004¢\u0006\u0002\n��¨\u0006\u0017"}, d2 = {"Lio/nats/bridge/admin/LoginController;", "", "adminSecretKey", "", "jwtAlgorithm", "longRepo", "Lio/nats/bridge/admin/LoginRepo;", "registry", "Lio/micrometer/core/instrument/MeterRegistry;", "(Ljava/lang/String;Ljava/lang/String;Lio/nats/bridge/admin/LoginRepo;Lio/micrometer/core/instrument/MeterRegistry;)V", "generateTokenCount", "Lio/micrometer/core/instrument/Counter;", "logger", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "tokenErrorCount", "doGenerateToken", "Lio/nats/bridge/admin/models/logins/TokenResponse;", "headers", "", "tokenRequest", "Lio/nats/bridge/admin/models/logins/LoginRequest;", "generateToken", "nats-bridge-admin"})
@RestController
/* loaded from: input_file:io/nats/bridge/admin/LoginController.class */
public class LoginController {
    private final Logger logger;
    private final Counter generateTokenCount;
    private final Counter tokenErrorCount;
    private final String adminSecretKey;
    private final String jwtAlgorithm;
    private final LoginRepo longRepo;

    @PostMapping({"/generateToken"})
    @Timed
    @ApiImplicitParam(name = "Content-Type", value = "application/json", dataType = "string", paramType = "header")
    @NotNull
    public TokenResponse generateToken(@RequestHeader @NotNull Map<String, String> map, @RequestBody @NotNull LoginRequest loginRequest) {
        Intrinsics.checkParameterIsNotNull(map, "headers");
        Intrinsics.checkParameterIsNotNull(loginRequest, "tokenRequest");
        return doGenerateToken(map, loginRequest);
    }

    @NotNull
    public TokenResponse doGenerateToken(@NotNull Map<String, String> map, @NotNull LoginRequest loginRequest) {
        String decrypt;
        Intrinsics.checkParameterIsNotNull(map, "headers");
        Intrinsics.checkParameterIsNotNull(loginRequest, "tokenRequest");
        Login loadLogin = this.longRepo.loadLogin(loginRequest);
        if (loadLogin == null) {
            this.tokenErrorCount.increment();
            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Login not found");
        }
        if (StringsKt.startsWith$default(loadLogin.getSecret(), "pk-", false, 2, (Object) null)) {
            decrypt = loadLogin.getSecret();
        } else {
            this.logger.warn("Read auth Login that was not encrypted");
            decrypt = EncryptUtils.INSTANCE.createEncrypt(loadLogin.genKey(this.adminSecretKey)).decrypt(loadLogin.getSecret());
        }
        if (!Intrinsics.areEqual(loginRequest.getSecret(), decrypt)) {
            this.tokenErrorCount.increment();
            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Bad Token Request");
        }
        String generateToken = JwtUtils.INSTANCE.generateToken("LOGIN_TOKEN", loadLogin.genToken().toMap(), this.adminSecretKey + this.adminSecretKey, this.jwtAlgorithm);
        this.generateTokenCount.increment();
        return new TokenResponse(generateToken, loadLogin.getPublicKey(), loadLogin.getSubject());
    }

    public LoginController(@Value("${security.secretKey}") @NotNull String str, @Value("${jwt.algo}") @NotNull String str2, @NotNull LoginRepo loginRepo, @NotNull MeterRegistry meterRegistry) {
        Intrinsics.checkParameterIsNotNull(str, "adminSecretKey");
        Intrinsics.checkParameterIsNotNull(str2, "jwtAlgorithm");
        Intrinsics.checkParameterIsNotNull(loginRepo, "longRepo");
        Intrinsics.checkParameterIsNotNull(meterRegistry, "registry");
        this.adminSecretKey = str;
        this.jwtAlgorithm = str2;
        this.longRepo = loginRepo;
        this.logger = LoggerFactory.getLogger(getClass());
        Counter counter = meterRegistry.counter("token_count", new String[]{"module", "security"});
        Intrinsics.checkExpressionValueIsNotNull(counter, "registry.counter(\"token_…t\", \"module\", \"security\")");
        this.generateTokenCount = counter;
        Counter counter2 = meterRegistry.counter("token_error", new String[]{"module", "security"});
        Intrinsics.checkExpressionValueIsNotNull(counter2, "registry.counter(\"token_…r\", \"module\", \"security\")");
        this.tokenErrorCount = counter2;
    }
}
