package io.vertx.ext.auth.oauth2.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.AbstractUser;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.oauth2.AccessToken;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.regex.Pattern;

/* loaded from: input_file:io/vertx/ext/auth/oauth2/impl/AccessTokenImpl.class */
public class AccessTokenImpl extends AbstractUser implements AccessToken {
    private static final Logger log = LoggerFactory.getLogger(AccessTokenImpl.class);
    private static final JsonObject EMPTY_JSON = new JsonObject();
    private static final JsonArray EMPTY_ARRAY = new JsonArray();
    private OAuth2AuthProviderImpl provider;
    private JsonObject token;
    private JsonObject content;

    public AccessTokenImpl() {
        log.info("You are probably serializing the OAuth2 User, OAuth2 tokens are supposed to be used in stateless servers!");
    }

    public AccessTokenImpl(OAuth2AuthProviderImpl oAuth2AuthProviderImpl, JsonObject jsonObject) {
        this.provider = oAuth2AuthProviderImpl;
        init(jsonObject);
    }

    private void init(JsonObject jsonObject) {
        Long valueOf;
        Long valueOf2;
        if (jsonObject.containsKey("expires_in")) {
            jsonObject = jsonObject.copy();
            try {
                valueOf2 = jsonObject.getLong("expires_in");
            } catch (ClassCastException e) {
                valueOf2 = Long.valueOf(jsonObject.getString("expires_in"));
            }
            jsonObject.put("expires_at", Long.valueOf(System.currentTimeMillis() + (1000 * valueOf2.longValue())));
        }
        this.token = jsonObject;
        this.content = null;
        if (this.provider.getConfig().isJwtToken() && jsonObject.containsKey("access_token")) {
            this.content = this.provider.decode(jsonObject.getString("access_token"));
        }
        clearCache();
        if (this.token.containsKey("scope")) {
            Collections.addAll(this.cachedPermissions, this.token.getString("scope", "").split(Pattern.quote(this.provider.getScopeSeparator())));
        }
        if (this.token.containsKey("exp")) {
            try {
                valueOf = this.token.getLong("exp");
            } catch (ClassCastException e2) {
                valueOf = Long.valueOf(this.token.getString("exp"));
            }
            this.token.put("expires_at", Long.valueOf(1000 * valueOf.longValue()));
        }
        moveProperty("exp");
        moveProperty("iat");
        moveProperty("nbf");
        moveProperty("sub");
        moveProperty("aud");
        moveProperty("iss");
        moveProperty("jti");
        moveProperty("permissions");
        moveProperty("resource_access");
        moveProperty("realm_access");
    }

    private void moveProperty(String str) {
        if (this.token.containsKey(str)) {
            if (this.content == null) {
                this.content = new JsonObject();
            }
            this.content.put(str, this.token.remove(str));
        }
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public boolean expired() {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.token.containsKey("expires_at") && this.token.getLong("expires_at", 0L).longValue() < currentTimeMillis) {
            return true;
        }
        long currentTimeMillis2 = System.currentTimeMillis() / 1000;
        if (this.content == null) {
            return false;
        }
        if (this.content.containsKey("exp") && currentTimeMillis2 >= this.content.getLong("exp").longValue()) {
            return true;
        }
        if (!this.content.containsKey("iat") || this.content.getLong("iat").longValue() <= currentTimeMillis2) {
            return this.content.containsKey("nbf") && this.content.getLong("nbf").longValue() > currentTimeMillis2;
        }
        return true;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessTokenImpl refresh(Handler<AsyncResult<Void>> handler) {
        OAuth2API.api(this.provider, HttpMethod.POST, this.provider.getConfig().getTokenPath(), new JsonObject().put("grant_type", "refresh_token").put("refresh_token", this.token.getString("refresh_token")), asyncResult -> {
            if (!asyncResult.succeeded()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
            } else {
                init((JsonObject) asyncResult.result());
                handler.handle(Future.succeededFuture());
            }
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessTokenImpl revoke(String str, Handler<AsyncResult<Void>> handler) {
        String string = this.token.getString(str);
        if (string != null) {
            OAuth2API.api(this.provider, HttpMethod.POST, this.provider.getConfig().getRevocationPath(), new JsonObject().put("token", string).put("token_type_hint", str), asyncResult -> {
                if (!asyncResult.succeeded()) {
                    handler.handle(Future.failedFuture(asyncResult.cause()));
                    return;
                }
                this.token.remove(str);
                if ("access_token".equals(str)) {
                    this.content = null;
                }
                handler.handle(Future.succeededFuture());
            });
        } else {
            handler.handle(Future.failedFuture("Invalid token: " + str));
        }
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessTokenImpl logout(Handler<AsyncResult<Void>> handler) {
        OAuth2API.api(this.provider, HttpMethod.POST, this.provider.getConfig().getLogoutPath(), new JsonObject().put("access_token", this.token.getString("access_token")).put("refresh_token", this.token.getString("refresh_token")), asyncResult -> {
            if (!asyncResult.succeeded()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            this.token = null;
            this.content = null;
            handler.handle(Future.succeededFuture());
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessToken introspect(Handler<AsyncResult<Void>> handler) {
        OAuth2API.api(this.provider, HttpMethod.POST, this.provider.getConfig().getIntrospectionPath(), new JsonObject().put("token", this.token.getString("access_token")).put("authorizationHeaderOnly", true), asyncResult -> {
            if (!asyncResult.succeeded()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            try {
                JsonObject jsonObject = (JsonObject) asyncResult.result();
                if (jsonObject.containsKey("active") && !jsonObject.getBoolean("active", false).booleanValue()) {
                    handler.handle(Future.failedFuture("Inactive Token"));
                    return;
                }
                if (jsonObject.containsKey("client_id") && !jsonObject.getString("client_id", "").equals(this.provider.getConfig().getClientID())) {
                    handler.handle(Future.failedFuture("Wrong client_id"));
                    return;
                }
                try {
                    init(this.token.mergeIn(jsonObject));
                } catch (RuntimeException e) {
                    handler.handle(Future.failedFuture(e));
                }
                if (expired()) {
                    handler.handle(Future.failedFuture("Expired token"));
                } else {
                    handler.handle(Future.succeededFuture());
                }
            } catch (RuntimeException e2) {
                handler.handle(Future.failedFuture(e2));
            }
        });
        return this;
    }

    protected void doIsPermitted(String str, Handler<AsyncResult<Boolean>> handler) {
        if (expired()) {
            handler.handle(Future.failedFuture("Expired Token"));
            return;
        }
        if (!this.provider.getConfig().isJwtToken()) {
            handler.handle(Future.succeededFuture(false));
            return;
        }
        String[] split = str.split(":");
        if (split.length == 1) {
            handler.handle(Future.succeededFuture(Boolean.valueOf(hasApplicationRole(this.provider.getConfig().getClientID(), split[0]))));
        } else if ("realm".equals(split[0])) {
            handler.handle(Future.succeededFuture(Boolean.valueOf(hasRealmRole(split[1]))));
        } else {
            handler.handle(Future.succeededFuture(Boolean.valueOf(hasApplicationRole(split[0], split[1]))));
        }
    }

    private boolean hasApplicationRole(String str, String str2) {
        JsonObject jsonObject = this.content.getJsonObject("resource_access", EMPTY_JSON).getJsonObject(str);
        if (jsonObject == null) {
            return false;
        }
        return jsonObject.getJsonArray("roles", EMPTY_ARRAY).contains(str2);
    }

    private boolean hasRealmRole(String str) {
        return this.content.getJsonObject("realm_access", EMPTY_JSON).getJsonArray("roles", EMPTY_ARRAY).contains(str);
    }

    public JsonObject principal() {
        return this.token;
    }

    public void setAuthProvider(AuthProvider authProvider) {
        this.provider = (OAuth2AuthProviderImpl) authProvider;
    }

    public void writeToBuffer(Buffer buffer) {
        super.writeToBuffer(buffer);
        byte[] bytes = this.token.encode().getBytes(StandardCharsets.UTF_8);
        buffer.appendInt(bytes.length);
        buffer.appendBytes(bytes);
        byte[] bytes2 = this.content.encode().getBytes(StandardCharsets.UTF_8);
        buffer.appendInt(bytes2.length);
        buffer.appendBytes(bytes2);
    }

    public int readFromBuffer(int i, Buffer buffer) {
        int readFromBuffer = super.readFromBuffer(i, buffer);
        int i2 = buffer.getInt(readFromBuffer);
        int i3 = readFromBuffer + 4;
        this.token = new JsonObject(new String(buffer.getBytes(i3, i3 + i2), StandardCharsets.UTF_8));
        int i4 = i3 + i2;
        int i5 = buffer.getInt(i4);
        int i6 = i4 + 4;
        this.content = new JsonObject(new String(buffer.getBytes(i6, i6 + i5), StandardCharsets.UTF_8));
        return i6 + i5;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public /* bridge */ /* synthetic */ AccessToken logout(Handler handler) {
        return logout((Handler<AsyncResult<Void>>) handler);
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public /* bridge */ /* synthetic */ AccessToken revoke(String str, Handler handler) {
        return revoke(str, (Handler<AsyncResult<Void>>) handler);
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public /* bridge */ /* synthetic */ AccessToken refresh(Handler handler) {
        return refresh((Handler<AsyncResult<Void>>) handler);
    }
}
