package cat.gencat.ctti.canigo.arch.security.rest.authentication.jwt;

import cat.gencat.ctti.canigo.arch.core.logging.EnabledLogLevelChecker;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;

/* loaded from: input_file:cat/gencat/ctti/canigo/arch/security/rest/authentication/jwt/JwtTokenHandler.class */
public class JwtTokenHandler implements EnabledLogLevelChecker {
    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
    public static final String SECRET_PASSWORD = "***";
    public static final String CLAIM_KEY_USERNAME = "sub";
    public static final String CLAIM_KEY_AUTHORITIES = "authorities";
    private String secret;
    private Long expiration;
    private boolean isInfoEnabled = true;
    private boolean isDebugEnabled = true;

    public UserDetails getUserFromToken(String str) {
        UserDetails userDetails;
        if (this.isDebugEnabled) {
            logger.debug("getUserFromToken");
        }
        try {
            Claims claimsFromToken = getClaimsFromToken(str);
            String str2 = (String) claimsFromToken.get(CLAIM_KEY_USERNAME, String.class);
            String str3 = (String) claimsFromToken.get(CLAIM_KEY_AUTHORITIES, String.class);
            logger.debug("user: " + str2);
            userDetails = buildUserDetails(str2, str3);
        } catch (Exception e) {
            logger.error("Error getting user from token. Token is invalid?", e);
            userDetails = null;
        }
        return userDetails;
    }

    public String getUsernameFromToken(String str) {
        String str2;
        try {
            str2 = getClaimsFromToken(str).getSubject();
        } catch (Exception e) {
            logger.error("Error getting userName from token. Token is invalid?", e);
            str2 = null;
        }
        return str2;
    }

    public Date getExpirationDateFromToken(String str) {
        Date date;
        try {
            date = getClaimsFromToken(str).getExpiration();
        } catch (Exception e) {
            logger.error("Error getting expiration date from token. Token is invalid?", e);
            date = null;
        }
        return date;
    }

    public String generateToken(UserDetails userDetails) {
        HashMap hashMap = new HashMap();
        hashMap.put(CLAIM_KEY_USERNAME, userDetails.getUsername());
        hashMap.put(CLAIM_KEY_AUTHORITIES, StringUtils.join(userDetails.getAuthorities(), ','));
        return generateToken(hashMap);
    }

    public String generateToken(Map<String, Object> map) {
        return Jwts.builder().setClaims(map).setExpiration(generateExpirationDate()).signWith(SignatureAlgorithm.HS512, this.secret).compact();
    }

    public Boolean canTokenBeRefreshed(String str) {
        return Boolean.valueOf(!isTokenExpired(str).booleanValue() || ignoreTokenExpiration().booleanValue());
    }

    public String refreshToken(String str) {
        String str2;
        try {
            str2 = generateToken((Map<String, Object>) getClaimsFromToken(str));
        } catch (Exception e) {
            logger.error("Error refreshing token. Token is invalid?", e);
            str2 = null;
        }
        return str2;
    }

    public Boolean validateToken(String str) {
        return Boolean.valueOf(!isTokenExpired(str).booleanValue());
    }

    protected Boolean ignoreTokenExpiration() {
        return false;
    }

    private Claims getClaimsFromToken(String str) {
        Claims claims;
        checkEnabledLogLevels(logger);
        try {
            claims = (Claims) Jwts.parser().setSigningKey(this.secret).parseClaimsJws(str).getBody();
        } catch (Exception e) {
            logger.error("Error getting claimsfrom token. Token is invalid?", e);
            claims = null;
        }
        return claims;
    }

    private Date generateExpirationDate() {
        return new Date(System.currentTimeMillis() + (this.expiration.longValue() * 1000));
    }

    private Boolean isTokenExpired(String str) {
        return Boolean.valueOf(getExpirationDateFromToken(str).before(new Date()));
    }

    private UserDetails buildUserDetails(String str, String str2) {
        return new User(str, SECRET_PASSWORD, Strings.isEmpty(str2) ? AuthorityUtils.NO_AUTHORITIES : AuthorityUtils.commaSeparatedStringToAuthorityList(str2));
    }

    @PostConstruct
    private void assertAfterPropertySet() {
        Assert.hasLength(this.secret, "Secret (jwt.secret property) for JWT must not be null or empty!");
        Assert.notNull(this.expiration, "expiration (jwt.expiration property) for JWT must not be null!");
        Assert.state(this.expiration.longValue() > 0, "expiration (jwt.expiration property) for JWT must not be less than 0!");
    }

    public String getSecret() {
        return this.secret;
    }

    public void setSecret(String str) {
        this.secret = str;
    }

    public Long getExpiration() {
        return this.expiration;
    }

    public void setExpiration(Long l) {
        this.expiration = l;
    }

    public void handleTokenValid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, User user, String str, JwtAuthenticationFilter jwtAuthenticationFilter) throws IOException, ServletException {
        if (this.isDebugEnabled) {
            logger.debug("user: " + user.getUsername());
        }
        if (this.isInfoEnabled) {
            logger.info("token is valid, the user is autheticate correctly! setter response jwtToken");
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, (Object) null, user.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        httpServletResponse.setHeader(jwtAuthenticationFilter.getTokenResponseHeaderName(), canTokenBeRefreshed(str).booleanValue() ? refreshToken(str) : str);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void handleTokenInvalid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, User user, String str, JwtAuthenticationFilter jwtAuthenticationFilter) throws IOException, ServletException {
        if (this.isInfoEnabled) {
            logger.info("token is invalid or missing!");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void handleAuthenticationSecurity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, User user, String str, Authentication authentication, JwtAuthenticationFilter jwtAuthenticationFilter) throws IOException, ServletException {
        if (this.isInfoEnabled) {
            logger.info("The user was previous authenticate!");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void handleAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str, JwtAuthenticationFilter jwtAuthenticationFilter) throws IOException, ServletException {
        if (this.isInfoEnabled) {
            logger.info("attemp to default authentication: call --> wtAuthenticationService.authenticate");
        }
        jwtAuthenticationFilter.getJwtAuthenticationService().authenticate(httpServletRequest, httpServletResponse);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void handleNoAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, JwtAuthenticationFilter jwtAuthenticationFilter) throws IOException, ServletException {
        if (this.isInfoEnabled) {
            logger.info("The request:" + httpServletRequest.getPathInfo() + " has not info for authentication.");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void checkEnabledLogLevels(Logger logger2) {
        this.isInfoEnabled = logger2.isInfoEnabled();
        this.isDebugEnabled = this.isInfoEnabled && logger2.isDebugEnabled();
    }
}
