package org.genesys.blocks.tokenauth.service.impl;

import java.time.Instant;
import java.util.List;
import java.util.UUID;
import lombok.NonNull;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.tokenauth.model.ApiToken;
import org.genesys.blocks.tokenauth.persistence.ApiTokenPersistence;
import org.genesys.blocks.tokenauth.service.ApiTokenService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:org/genesys/blocks/tokenauth/service/impl/ApiTokenServiceImpl.class */
public class ApiTokenServiceImpl implements ApiTokenService {
    private static final Logger log;

    @Value("${apitoken.salt:hellothere}")
    private String tokenSalt;

    @Autowired
    private ApiTokenPersistence apiTokenPersistence;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // org.genesys.blocks.tokenauth.service.ApiTokenService
    @Cacheable(cacheNames = {"api.tokenauth.encoded"}, key = "#token", unless = "#result == null")
    public String encodeToken(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        log.debug("Encoding token {}", str);
        return Base64.encodeBase64String(DigestUtils.sha256(this.tokenSalt.concat(str)));
    }

    @Override // org.genesys.blocks.tokenauth.service.ApiTokenService
    @PostAuthorize("hasRole('ADMINISTRATOR') || returnObject.sid.id == principal.id")
    @Transactional(readOnly = true)
    public ApiToken loadById(Long l) {
        return (ApiToken) this.apiTokenPersistence.findById(l).orElse(null);
    }

    @Override // org.genesys.blocks.tokenauth.service.ApiTokenService
    @Transactional(readOnly = true)
    @Cacheable(cacheNames = {"api.tokenauth.tokens"}, key = "#encodedToken", unless = "#result == null")
    public ApiToken getToken(String str) {
        log.debug("Loading token from database {}", str);
        return this.apiTokenPersistence.findByToken(str).orElse(null);
    }

    @Override // org.genesys.blocks.tokenauth.service.ApiTokenService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') || (hasRole('VETTEDUSER') && #sid.id == principal.id)")
    public List<ApiToken> listTokensForSid(AclSid aclSid) {
        return this.apiTokenPersistence.findAllBySid(aclSid);
    }

    @Override // org.genesys.blocks.tokenauth.service.ApiTokenService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR')")
    public Page<ApiToken> listTokens(Pageable pageable) {
        return this.apiTokenPersistence.findAll(pageable);
    }

    @Override // org.genesys.blocks.tokenauth.service.ApiTokenService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR') || (hasRole('VETTEDUSER') && #sid.id == principal.id)")
    public ApiToken createToken(AclSid aclSid, String str, Instant instant) {
        ApiToken apiToken = new ApiToken();
        apiToken.setSid(aclSid);
        apiToken.setExpires(instant);
        apiToken.setLabel(str);
        String str2 = null;
        for (int i = 0; i < 10; i++) {
            str2 = UUID.randomUUID().toString();
            apiToken.setToken(encodeToken(str2));
            if (this.apiTokenPersistence.findByToken(apiToken.getToken()).isEmpty()) {
                break;
            }
            log.info("Token already exists, generating a new one");
        }
        ApiToken apiToken2 = (ApiToken) this.apiTokenPersistence.save(apiToken);
        apiToken2.setToken(str2);
        log.info("Created a new token for {} with label={} expires={}", new Object[]{apiToken.getSid().getSid(), apiToken.getLabel(), apiToken.getExpires()});
        return apiToken2;
    }

    @Override // org.genesys.blocks.tokenauth.service.ApiTokenService
    @PostAuthorize("hasRole('ADMINISTRATOR') || (hasRole('VETTEDUSER') && returnObject.sid.id == principal.id)")
    @Transactional
    @CacheEvict(cacheNames = {"api.tokenauth.tokens"}, key = "#result.token", condition = "#result != null")
    public ApiToken remove(ApiToken apiToken) {
        if (!$assertionsDisabled && (apiToken == null || apiToken.getId() == null)) {
            throw new AssertionError();
        }
        ApiToken apiToken2 = (ApiToken) this.apiTokenPersistence.findById(apiToken.getId()).orElse(null);
        if (apiToken2 == null) {
            return null;
        }
        log.info("Deleting token for {} with label={}", apiToken2.getSid().getSid(), apiToken2.getLabel());
        this.apiTokenPersistence.delete(apiToken2);
        return apiToken2;
    }

    @Override // org.genesys.blocks.tokenauth.service.ApiTokenService
    @PostAuthorize("hasRole('ADMINISTRATOR') || (hasRole('VETTEDUSER') && returnObject.sid.id == principal.id)")
    @Transactional
    @CacheEvict(cacheNames = {"api.tokenauth.tokens"}, key = "#result.token", condition = "#result != null")
    public ApiToken update(ApiToken apiToken) {
        ApiToken apiToken2 = (ApiToken) this.apiTokenPersistence.findById(apiToken.getId()).orElse(null);
        if (apiToken2 == null) {
            return null;
        }
        log.info("Updating token for {} with label={}", apiToken2.getSid().getSid(), apiToken2.getLabel());
        apiToken2.apply(apiToken);
        return (ApiToken) this.apiTokenPersistence.save(apiToken2);
    }

    static {
        $assertionsDisabled = !ApiTokenServiceImpl.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(ApiTokenServiceImpl.class);
    }
}
