package tech.corefinance.common.service;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.core.io.ResourceLoader;
import org.springframework.stereotype.Service;
import tech.corefinance.common.config.JwtConfiguration;
import tech.corefinance.common.context.TenantContext;
import tech.corefinance.common.dto.BasicUserDto;
import tech.corefinance.common.dto.JwtTokenDto;
import tech.corefinance.common.enums.CommonConstants;
import tech.corefinance.common.ex.ServiceProcessingException;

@ConditionalOnProperty(prefix = "tech.corefinance.security.jwt.enabled", name = {"common"}, matchIfMissing = true, havingValue = "true")
@Service
/* loaded from: input_file:tech/corefinance/common/service/JwtServiceImpl.class */
public class JwtServiceImpl implements JwtService {
    private static final Logger log = LoggerFactory.getLogger(JwtServiceImpl.class);
    private static final String KEY_ALGORITHM = "RSA";
    private RSAPublicKey publicKey;
    private RSAPrivateKey privateKey;
    private Algorithm algorithmRS;
    private JWTVerifier verifier;

    @Autowired
    private JwtConfiguration jwtConfiguration;

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired(required = false)
    private List<JwtVerifyAddOn> jwtVerifyAddOns;

    public JwtServiceImpl(@Value("${tech.corefinance.security.public-key}") String str, @Value("${tech.corefinance.security.private-key:}") String str2, @Autowired ResourceLoader resourceLoader) throws GeneralSecurityException, IOException {
        log.debug("Creating JwtServiceImpl with key algorithm [{}]", KEY_ALGORITHM);
        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
        log.debug("Loading public key [{}]", str);
        this.publicKey = (RSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(resourceLoader.getResource(str).getInputStream().readAllBytes()));
        if (StringUtils.isBlank(str2)) {
            log.debug("Skipped private key!");
        } else {
            log.debug("Loading private key [{}]", str2);
            this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(resourceLoader.getResource(str2).getInputStream().readAllBytes()));
        }
        this.algorithmRS = Algorithm.RSA256(this.publicKey, this.privateKey);
        log.debug("Creating JWT verifier...");
        this.verifier = JWT.require(this.algorithmRS).withIssuer("auth0").build();
        log.debug("Creating JwtServiceImpl done!");
    }

    @Override // tech.corefinance.common.service.JwtService
    public JwtConfiguration getJwtConfiguration() {
        return this.jwtConfiguration;
    }

    @Override // tech.corefinance.common.service.JwtService
    public String sign(Map<String, Serializable> map) {
        JWTCreator.Builder withIssuer = JWT.create().withIssuer("auth0");
        for (Map.Entry<String, Serializable> entry : map.entrySet()) {
            addClaim(withIssuer, entry.getKey(), entry.getValue());
        }
        withIssuer.withIssuedAt(new Date());
        withIssuer.withExpiresAt(new Date(System.currentTimeMillis() + (this.jwtConfiguration.getExpiration() * 1000)));
        return withIssuer.sign(this.algorithmRS);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void addClaim(JWTCreator.Builder builder, String str, Serializable serializable) {
        if (serializable == 0) {
            builder.withClaim(str, (String) null);
            return;
        }
        Class<?> cls = serializable.getClass();
        if (String.class.isAssignableFrom(cls) || UUID.class.isAssignableFrom(cls)) {
            builder.withClaim(str, serializable.toString());
            return;
        }
        if (Integer.class.isAssignableFrom(cls)) {
            builder.withClaim(str, (Integer) serializable);
            return;
        }
        if (Boolean.class.isAssignableFrom(cls)) {
            builder.withClaim(str, (Boolean) serializable);
            return;
        }
        if (Double.class.isAssignableFrom(cls)) {
            builder.withClaim(str, (Double) serializable);
            return;
        }
        if (Long.class.isAssignableFrom(cls)) {
            builder.withClaim(str, (Long) serializable);
            return;
        }
        if (Date.class.isAssignableFrom(cls)) {
            builder.withClaim(str, (Date) serializable);
            return;
        }
        if (String[].class.isAssignableFrom(cls)) {
            builder.withArrayClaim(str, (String[]) serializable);
            return;
        }
        if (Integer[].class.isAssignableFrom(cls)) {
            builder.withArrayClaim(str, (Integer[]) serializable);
            return;
        }
        if (int[].class.isAssignableFrom(cls)) {
            int[] iArr = (int[]) serializable;
            Integer[] numArr = new Integer[iArr.length];
            for (int i = 0; i < iArr.length; i++) {
                numArr[i] = Integer.valueOf(iArr[i]);
            }
            builder.withArrayClaim(str, numArr);
            return;
        }
        if (Long[].class.isAssignableFrom(cls)) {
            builder.withArrayClaim(str, (Long[]) serializable);
            return;
        }
        if (long[].class.isAssignableFrom(cls)) {
            long[] jArr = (long[]) serializable;
            Long[] lArr = new Long[jArr.length];
            for (int i2 = 0; i2 < jArr.length; i2++) {
                lArr[i2] = Long.valueOf(jArr[i2]);
            }
            builder.withArrayClaim(str, lArr);
            return;
        }
        if (List.class.isAssignableFrom(cls)) {
            log.debug("List value to sign {}", serializable);
            builder.withClaim(str, (List) serializable);
            return;
        }
        if (Collection.class.isAssignableFrom(cls)) {
            log.debug("Collection value to sign {}", serializable);
            builder.withClaim(str, (List) ((Collection) serializable).stream().collect(Collectors.toList()));
        } else if (Map.class.isAssignableFrom(cls)) {
            log.debug("Map value to sign {}", serializable);
            builder.withClaim(str, (Map) serializable);
        } else if (Enum.class.isAssignableFrom(cls)) {
            builder.withClaim(str, ((Enum) serializable).name());
        }
    }

    @Override // tech.corefinance.common.service.JwtService
    public DecodedJWT verfiy(String str, String str2, String str3) {
        log.debug("Verifying token [{}] with device [{}] and IP [{}]", new Object[]{str, str2, str3});
        DecodedJWT verify = this.verifier.verify(str);
        log.debug("Decoded JWT [{}]", verify);
        if (!str2.equalsIgnoreCase(verify.getClaim(CommonConstants.ATTRIBUTE_NAME_DEVICE_ID).asString())) {
            throw new JWTVerificationException("Device ID miss matched in token and request!!");
        }
        if (!str3.equalsIgnoreCase(verify.getClaim(CommonConstants.ATTRIBUTE_NAME_IP_ADDRESS).asString())) {
            throw new JWTVerificationException("IP Address miss matched in token and request!!");
        }
        String tenantId = TenantContext.getInstance().getTenantId();
        String asString = verify.getClaim("tenantId").asString();
        if (StringUtils.isNotBlank(tenantId) && StringUtils.isNotBlank(asString) && !asString.equalsIgnoreCase(tenantId)) {
            throw new JWTVerificationException("Cross tenant requested!!");
        }
        return verify;
    }

    @Override // tech.corefinance.common.service.JwtService
    public String extractIpAddress(HttpServletRequest httpServletRequest) throws UnknownHostException {
        String header = httpServletRequest.getHeader(CommonConstants.EXTERNAL_IP_ADDRESS);
        return StringUtils.isBlank(header) ? httpServletRequest.getRemoteAddr() : header;
    }

    @Override // tech.corefinance.common.service.JwtService
    public Map<String, JwtTokenDto> retreiveTokenFromRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        log.debug("Retrieving data from request");
        String header = httpServletRequest.getHeader(CommonConstants.DEVICE_ID);
        String extractIpAddress = extractIpAddress(httpServletRequest);
        log.debug("Device ID [{}] with ip address [{}]", header, extractIpAddress);
        String header2 = httpServletRequest.getHeader("Authorization");
        log.debug("authorization in header [{}]", header2);
        HashMap hashMap = new HashMap();
        if (header2 != null) {
            if (header2.length() <= CommonConstants.BEARER_PREFIX.length()) {
                log.error("Invalid bearer token found!!! [{}]", header2);
            } else {
                String substring = header2.substring(CommonConstants.BEARER_PREFIX.length());
                JwtTokenDto jwtTokenDto = (JwtTokenDto) this.objectMapper.readValue(new String(Base64.getDecoder().decode(verfiy(substring, header, extractIpAddress).getPayload().getBytes()), StandardCharsets.UTF_8), JwtTokenDto.class);
                jwtTokenDto.setOriginalToken(substring);
                log.debug("Decoded token [{}]", jwtTokenDto);
                JwtTokenDto additionalJwtVerifyStep = additionalJwtVerifyStep(jwtTokenDto, substring, header, extractIpAddress);
                log.debug("Completed add on verify!");
                if (additionalJwtVerifyStep != null) {
                    hashMap.put(header2, additionalJwtVerifyStep);
                } else {
                    log.error("Token fail the validation!");
                }
            }
        }
        return hashMap;
    }

    @Override // tech.corefinance.common.service.JwtService
    public Map<String, Serializable> buildLoginDataMap(JwtTokenDto jwtTokenDto) throws JsonProcessingException {
        log.debug("Building login map data...");
        Map<String, Serializable> hashMap = new HashMap<>();
        Class<?> cls = jwtTokenDto.getClass();
        log.debug("Object class {}", cls);
        putFieldData(jwtTokenDto, cls, hashMap);
        log.debug("Put addition data to login token");
        jwtTokenDto.getAdditionalInfo().entrySet().forEach(entry -> {
            hashMap.put((String) entry.getKey(), (Serializable) entry.getValue());
        });
        log.info("Login token before add custom attributes [{}]", hashMap);
        hashMap.put("expiredIn", Long.valueOf(System.currentTimeMillis() + (this.jwtConfiguration.getExpiration() * 1000)));
        hashMap.put(CommonConstants.ATTRIBUTE_NAME_APP_VERSION, this.objectMapper.writeValueAsString(jwtTokenDto.getAppVersion()));
        log.debug("Original role in school {}", jwtTokenDto.getUserRoles());
        LinkedList linkedList = new LinkedList();
        linkedList.addAll((Collection) jwtTokenDto.getUserRoles().stream().map(userRoleDto -> {
            try {
                return this.objectMapper.writeValueAsString(userRoleDto);
            } catch (JsonProcessingException e) {
                throw new ServiceProcessingException("error_sign_login_token", (Throwable) e);
            }
        }).collect(Collectors.toList()));
        hashMap.put("userRoles", linkedList);
        log.info("Login token before sign {}", hashMap);
        return hashMap;
    }

    private void putFieldData(JwtTokenDto jwtTokenDto, Class<?> cls, Map<String, Serializable> map) {
        for (Field field : cls.getDeclaredFields()) {
            String name = field.getName();
            log.debug("Checking field [{}] is static [{}]", name, Boolean.valueOf(Modifier.isStatic(field.getModifiers())));
            if (!Modifier.isStatic(field.getModifiers())) {
                try {
                    log.debug("Getting field data....");
                    Object nestedProperty = PropertyUtils.getNestedProperty(jwtTokenDto, name);
                    log.debug("Field data [{}]", nestedProperty);
                    if (nestedProperty == null || !Serializable.class.isAssignableFrom(nestedProperty.getClass())) {
                        log.debug("Field data is not Serializable.");
                    } else {
                        log.debug("Put field data to sign map");
                        map.put(name, (Serializable) nestedProperty);
                    }
                } catch (ReflectiveOperationException e) {
                    throw new ServiceProcessingException("errors.server.invalid_jwt_field", e);
                }
            }
        }
        Class<? super Object> superclass = cls.getSuperclass();
        if (JwtTokenDto.class.isAssignableFrom(superclass)) {
            log.debug("Re-check parent fields [{}]", superclass);
            putFieldData(jwtTokenDto, superclass, map);
        }
    }

    @Override // tech.corefinance.common.service.JwtService
    public Map<String, Serializable> buildRefreshTokenDataMap(JwtTokenDto jwtTokenDto, String str) throws JsonProcessingException {
        HashMap hashMap = new HashMap();
        hashMap.put("loginId", jwtTokenDto.getLoginId());
        hashMap.put("userId", jwtTokenDto.getUserId());
        if (StringUtils.isBlank(str)) {
            throw new ServiceProcessingException("Login handling error!!!");
        }
        hashMap.put("loginToken", str);
        hashMap.put(CommonConstants.ATTRIBUTE_NAME_DEVICE_ID, jwtTokenDto.getDeviceId());
        hashMap.put(CommonConstants.ATTRIBUTE_NAME_IP_ADDRESS, jwtTokenDto.getLoginIpAddr());
        hashMap.put(CommonConstants.ATTRIBUTE_NAME_APP_PLATFORM, jwtTokenDto.getAppPlatform().name());
        hashMap.put(CommonConstants.ATTRIBUTE_NAME_APP_VERSION, this.objectMapper.writeValueAsString(jwtTokenDto.getAppVersion()));
        log.debug("Put addition data to refresh token");
        jwtTokenDto.getAdditionalInfo().entrySet().forEach(entry -> {
            hashMap.put((String) entry.getKey(), (Serializable) entry.getValue());
        });
        return hashMap;
    }

    protected JwtTokenDto additionalJwtVerifyStep(JwtTokenDto jwtTokenDto, String str, String str2, String str3) {
        if (this.jwtVerifyAddOns != null) {
            log.debug("Configured JWT verify addon {}", this.jwtVerifyAddOns);
            Iterator<JwtVerifyAddOn> it = this.jwtVerifyAddOns.iterator();
            while (it.hasNext()) {
                jwtTokenDto = it.next().additionalJwtVerify(jwtTokenDto, str, str2, str3);
                if (jwtTokenDto == null) {
                    return null;
                }
            }
        }
        return jwtTokenDto;
    }

    @Override // tech.corefinance.common.service.JwtService
    public BasicUserDto retrieveUserAsAttribute(JwtTokenDto jwtTokenDto) {
        if (jwtTokenDto == null) {
            return null;
        }
        BasicUserDto basicUserDto = new BasicUserDto();
        basicUserDto.setUserId(jwtTokenDto.getUserId());
        basicUserDto.setEmail(jwtTokenDto.getUserEmail());
        basicUserDto.setDisplayName(jwtTokenDto.getUserDisplayName());
        basicUserDto.setUsername(jwtTokenDto.getUsername());
        return basicUserDto;
    }
}
