package pl.sparkbit.security.util;

import com.google.common.collect.ImmutableMap;
import java.beans.ConstructorProperties;
import java.time.Clock;
import java.time.Duration;
import java.time.temporal.TemporalAmount;
import java.util.Map;
import java.util.Optional;
import javax.annotation.PostConstruct;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.sparkbit.commons.util.IdGenerator;
import pl.sparkbit.security.config.SecurityProperties;
import pl.sparkbit.security.dao.SecurityChallengeDao;
import pl.sparkbit.security.domain.SecurityChallenge;
import pl.sparkbit.security.domain.SecurityChallengeType;
import pl.sparkbit.security.exception.NoValidTokenFoundException;

/* loaded from: input_file:pl/sparkbit/security/util/SecurityChallengesImpl.class */
public class SecurityChallengesImpl implements SecurityChallenges {
    private static final Logger log = LoggerFactory.getLogger(SecurityChallengesImpl.class);
    private final IdGenerator idGenerator;
    private final Clock clock;
    private final SecurityChallengeDao securityChallengeDao;
    private final SecureRandomStringGenerator secureRandomStringGenerator;
    private final SecurityProperties configuration;
    private Map<SecurityChallengeType, Duration> validityTimes;

    @PostConstruct
    public void setup() {
        this.validityTimes = ImmutableMap.of(SecurityChallengeType.PASSWORD_RESET, this.configuration.getPasswordReset().getChallengeValidity(), SecurityChallengeType.SET_NEW_PASSWORD, this.configuration.getPasswordReset().getChallengeValidity(), SecurityChallengeType.EMAIL_VERIFICATION, this.configuration.getEmailVerification().getChallengeValidity(), SecurityChallengeType.EXTRA_AUTHN_CHECK, this.configuration.getExtraAuthnCheck().getChallengeValidity());
    }

    @Override // pl.sparkbit.security.util.SecurityChallenges
    public SecurityChallenge createAndInsertChallenge(String str, SecurityChallengeType securityChallengeType) {
        String generate = this.idGenerator.generate();
        String generateChallengeToken = generateChallengeToken();
        SecurityChallenge build = SecurityChallenge.builder().id(generate).userId(str).type(securityChallengeType).token(generateChallengeToken).expirationTimestamp(this.clock.instant().plus((TemporalAmount) this.validityTimes.get(securityChallengeType))).build();
        this.securityChallengeDao.deleteChallenge(str, securityChallengeType);
        this.securityChallengeDao.insertChallenge(build);
        return build;
    }

    @Override // pl.sparkbit.security.util.SecurityChallenges
    public SecurityChallenge finishChallenge(String str, SecurityChallengeType securityChallengeType) {
        Optional<SecurityChallenge> selectChallengeByTokenAndType = this.securityChallengeDao.selectChallengeByTokenAndType(str, securityChallengeType);
        if (!selectChallengeByTokenAndType.isPresent()) {
            log.debug("Security challenge with token {} not found", str);
            throw new NoValidTokenFoundException("Valid token not found", NoValidTokenFoundException.FailureReason.TOKEN_NOT_FOUND);
        }
        SecurityChallenge securityChallenge = selectChallengeByTokenAndType.get();
        if (securityChallenge.getExpirationTimestamp().isBefore(this.clock.instant())) {
            log.debug("Security challenge with token {} expired on {}", str, Long.valueOf(securityChallenge.getExpirationTimestamp().toEpochMilli()));
            throw new NoValidTokenFoundException("Valid token not found", NoValidTokenFoundException.FailureReason.TOKEN_EXPIRED);
        }
        this.securityChallengeDao.deleteChallenge(securityChallenge.getId());
        return securityChallenge;
    }

    private String generateChallengeToken() {
        return this.secureRandomStringGenerator.randomString(this.configuration.getChallengeToken().getLength().intValue(), this.configuration.getChallengeToken().getAllowedCharacters());
    }

    @ConstructorProperties({"idGenerator", "clock", "securityChallengeDao", "secureRandomStringGenerator", "configuration"})
    public SecurityChallengesImpl(IdGenerator idGenerator, Clock clock, SecurityChallengeDao securityChallengeDao, SecureRandomStringGenerator secureRandomStringGenerator, SecurityProperties securityProperties) {
        this.idGenerator = idGenerator;
        this.clock = clock;
        this.securityChallengeDao = securityChallengeDao;
        this.secureRandomStringGenerator = secureRandomStringGenerator;
        this.configuration = securityProperties;
    }
}
