package net.nemerosa.ontrack.service.security;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.time.Duration;
import java.time.LocalDateTime;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import net.nemerosa.ontrack.common.Time;
import net.nemerosa.ontrack.model.security.Account;
import net.nemerosa.ontrack.model.security.AccountManagement;
import net.nemerosa.ontrack.model.security.AccountService;
import net.nemerosa.ontrack.model.security.OntrackAuthenticatedUser;
import net.nemerosa.ontrack.model.security.SecurityService;
import net.nemerosa.ontrack.model.structure.ID;
import net.nemerosa.ontrack.model.structure.Token;
import net.nemerosa.ontrack.model.structure.TokenAccount;
import net.nemerosa.ontrack.model.structure.TokenGenerator;
import net.nemerosa.ontrack.model.structure.TokensService;
import net.nemerosa.ontrack.model.support.OntrackConfigProperties;
import net.nemerosa.ontrack.repository.TokensRepository;
import net.nemerosa.ontrack.service.labels.LabelProviderJobSettingsProviderKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

/* compiled from: TokensServiceImpl.kt */
@Transactional
@Metadata(mv = {1, 4, 2}, bv = {1, LabelProviderJobSettingsProviderKt.DEFAULT_LABEL_PROVIDER_JOB_PER_PROJECT, 3}, k = 1, d1 = {"��d\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\b\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0002\n��\b\u0017\u0018��2\u00020\u0001B-\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b¢\u0006\u0002\u0010\fJ\u0012\u0010\u0015\u001a\u0004\u0018\u00010\u00162\u0006\u0010\u0017\u001a\u00020\u000fH\u0016J\b\u0010\u0018\u001a\u00020\u0012H\u0016J\"\u0010\u0019\u001a\u00020\u00122\u0006\u0010\u001a\u001a\u00020\u001b2\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d2\u0006\u0010\u001e\u001a\u00020\u0010H\u0016J\u0012\u0010\u001f\u001a\u0004\u0018\u00010\u00122\u0006\u0010\u001a\u001a\u00020\u001bH\u0016J\u0012\u0010\u001f\u001a\u0004\u0018\u00010\u00122\u0006\u0010 \u001a\u00020!H\u0016J\u0010\u0010\"\u001a\u00020\u00102\u0006\u0010\u0017\u001a\u00020\u000fH\u0012J\u0010\u0010#\u001a\u00020\u00102\u0006\u0010\u0017\u001a\u00020\u000fH\u0016J\b\u0010$\u001a\u00020\u001bH\u0016J\b\u0010%\u001a\u00020&H\u0016J\u0010\u0010%\u001a\u00020&2\u0006\u0010\u001a\u001a\u00020\u001bH\u0016R\u000e\u0010\n\u001a\u00020\u000bX\u0092\u0004¢\u0006\u0002\n��R\u001a\u0010\r\u001a\u000e\u0012\u0004\u0012\u00020\u000f\u0012\u0004\u0012\u00020\u00100\u000eX\u0092\u0004¢\u0006\u0002\n��R\u0016\u0010\u0011\u001a\u0004\u0018\u00010\u00128VX\u0096\u0004¢\u0006\u0006\u001a\u0004\b\u0013\u0010\u0014R\u000e\u0010\b\u001a\u00020\tX\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��¨\u0006'"}, d2 = {"Lnet/nemerosa/ontrack/service/security/TokensServiceImpl;", "Lnet/nemerosa/ontrack/model/structure/TokensService;", "tokensRepository", "Lnet/nemerosa/ontrack/repository/TokensRepository;", "securityService", "Lnet/nemerosa/ontrack/model/security/SecurityService;", "tokenGenerator", "Lnet/nemerosa/ontrack/model/structure/TokenGenerator;", "ontrackConfigProperties", "Lnet/nemerosa/ontrack/model/support/OntrackConfigProperties;", "accountService", "Lnet/nemerosa/ontrack/model/security/AccountService;", "(Lnet/nemerosa/ontrack/repository/TokensRepository;Lnet/nemerosa/ontrack/model/security/SecurityService;Lnet/nemerosa/ontrack/model/structure/TokenGenerator;Lnet/nemerosa/ontrack/model/support/OntrackConfigProperties;Lnet/nemerosa/ontrack/model/security/AccountService;)V", "cache", "Lcom/github/benmanes/caffeine/cache/Cache;", "", "", "currentToken", "Lnet/nemerosa/ontrack/model/structure/Token;", "getCurrentToken", "()Lnet/nemerosa/ontrack/model/structure/Token;", "findAccountByToken", "Lnet/nemerosa/ontrack/model/structure/TokenAccount;", "token", "generateNewToken", "generateToken", "accountId", "", "validity", "Ljava/time/Duration;", "forceUnlimited", "getToken", "account", "Lnet/nemerosa/ontrack/model/security/Account;", "internalValidityCheck", "isValid", "revokeAll", "revokeToken", "", "ontrack-service"})
@Service
/* loaded from: input_file:net/nemerosa/ontrack/service/security/TokensServiceImpl.class */
public class TokensServiceImpl implements TokensService {
    private final Cache<String, Boolean> cache;
    private final TokensRepository tokensRepository;
    private final SecurityService securityService;
    private final TokenGenerator tokenGenerator;
    private final OntrackConfigProperties ontrackConfigProperties;
    private final AccountService accountService;

    @Nullable
    public Token getCurrentToken() {
        OntrackAuthenticatedUser currentAccount = this.securityService.getCurrentAccount();
        Account account = currentAccount != null ? currentAccount.getAccount() : null;
        if (account != null) {
            return this.tokensRepository.getForAccount(account);
        }
        return null;
    }

    @NotNull
    public Token generateNewToken() {
        final Account account;
        OntrackAuthenticatedUser currentAccount = this.securityService.getCurrentAccount();
        if (currentAccount == null || (account = currentAccount.getAccount()) == null) {
            throw ((Throwable) new TokenGenerationNoAccountException());
        }
        return (Token) this.securityService.asAdmin(new Function0<Token>() { // from class: net.nemerosa.ontrack.service.security.TokensServiceImpl$generateNewToken$1
            @NotNull
            public final Token invoke() {
                return TokensServiceImpl.this.generateToken(account.id(), null, false);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        });
    }

    @NotNull
    public Token generateToken(int i, @Nullable Duration duration, boolean z) {
        Duration duration2;
        this.securityService.checkGlobalFunction(AccountManagement.class);
        String generateToken = this.tokenGenerator.generateToken();
        Duration validity = this.ontrackConfigProperties.getSecurity().getTokens().getValidity();
        if (z) {
            duration2 = duration;
        } else {
            duration2 = duration;
            if (duration2 == null) {
                duration2 = validity;
            }
        }
        Token validFor = new Token(generateToken, Time.now(), (LocalDateTime) null).validFor(duration2);
        this.tokensRepository.save(i, generateToken, validFor.getCreation(), validFor.getValidUntil());
        return validFor;
    }

    public void revokeToken() {
        String invalidate;
        OntrackAuthenticatedUser currentAccount = this.securityService.getCurrentAccount();
        Account account = currentAccount != null ? currentAccount.getAccount() : null;
        if (account == null || (invalidate = this.tokensRepository.invalidate(account.id())) == null) {
            return;
        }
        this.cache.invalidate(invalidate);
    }

    @Nullable
    public Token getToken(@NotNull Account account) {
        Intrinsics.checkNotNullParameter(account, "account");
        this.securityService.checkGlobalFunction(AccountManagement.class);
        return this.tokensRepository.getForAccount(account);
    }

    @Nullable
    public Token getToken(int i) {
        Account account = this.accountService.getAccount(ID.Companion.of(i));
        Intrinsics.checkNotNullExpressionValue(account, "accountService.getAccount(ID.of(accountId))");
        return getToken(account);
    }

    public boolean isValid(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "token");
        if (!this.ontrackConfigProperties.getSecurity().getTokens().getCache().getEnabled()) {
            return internalValidityCheck(str);
        }
        Boolean bool = (Boolean) this.cache.getIfPresent(str);
        if (bool != null) {
            return bool.booleanValue();
        }
        boolean internalValidityCheck = internalValidityCheck(str);
        this.cache.put(str, Boolean.valueOf(internalValidityCheck));
        return internalValidityCheck;
    }

    private boolean internalValidityCheck(String str) {
        Pair findAccountByToken = this.tokensRepository.findAccountByToken(str);
        if (findAccountByToken != null) {
            return Token.isValid$default((Token) findAccountByToken.component2(), (LocalDateTime) null, 1, (Object) null);
        }
        return false;
    }

    @Nullable
    public TokenAccount findAccountByToken(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "token");
        Pair findAccountByToken = this.tokensRepository.findAccountByToken(str);
        if (findAccountByToken == null) {
            return null;
        }
        final int intValue = ((Number) findAccountByToken.component1()).intValue();
        Token token = (Token) findAccountByToken.component2();
        Object asAdmin = this.securityService.asAdmin(new Function0<Account>() { // from class: net.nemerosa.ontrack.service.security.TokensServiceImpl$findAccountByToken$$inlined$let$lambda$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            public final Account invoke() {
                AccountService accountService;
                accountService = this.accountService;
                return accountService.getAccount(ID.Companion.of(intValue));
            }
        });
        Intrinsics.checkNotNullExpressionValue(asAdmin, "securityService.asAdmin …d))\n                    }");
        return new TokenAccount((Account) asAdmin, token);
    }

    public int revokeAll() {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        this.cache.invalidateAll();
        return this.tokensRepository.revokeAll();
    }

    public void revokeToken(int i) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        String invalidate = this.tokensRepository.invalidate(i);
        if (invalidate != null) {
            this.cache.invalidate(invalidate);
        }
    }

    public TokensServiceImpl(@NotNull TokensRepository tokensRepository, @NotNull SecurityService securityService, @NotNull TokenGenerator tokenGenerator, @NotNull OntrackConfigProperties ontrackConfigProperties, @NotNull AccountService accountService) {
        Intrinsics.checkNotNullParameter(tokensRepository, "tokensRepository");
        Intrinsics.checkNotNullParameter(securityService, "securityService");
        Intrinsics.checkNotNullParameter(tokenGenerator, "tokenGenerator");
        Intrinsics.checkNotNullParameter(ontrackConfigProperties, "ontrackConfigProperties");
        Intrinsics.checkNotNullParameter(accountService, "accountService");
        this.tokensRepository = tokensRepository;
        this.securityService = securityService;
        this.tokenGenerator = tokenGenerator;
        this.ontrackConfigProperties = ontrackConfigProperties;
        this.accountService = accountService;
        Cache<String, Boolean> build = Caffeine.newBuilder().maximumSize(this.ontrackConfigProperties.getSecurity().getTokens().getCache().getMaxCount()).expireAfterAccess(this.ontrackConfigProperties.getSecurity().getTokens().getCache().getValidity()).build();
        Intrinsics.checkNotNullExpressionValue(build, "Caffeine.newBuilder()\n  …ity)\n            .build()");
        this.cache = build;
    }
}
