package org.apache.syncope.core.provisioning.java.data;

import com.fasterxml.uuid.Generators;
import com.fasterxml.uuid.impl.RandomBasedGenerator;
import java.util.Date;
import java.util.Map;
import javax.annotation.Resource;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.cxf.rs.security.jose.common.JoseType;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.syncope.common.lib.to.AccessTokenTO;
import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
import org.apache.syncope.core.persistence.api.dao.ConfDAO;
import org.apache.syncope.core.persistence.api.entity.AccessToken;
import org.apache.syncope.core.persistence.api.entity.EntityFactory;
import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder;
import org.apache.syncope.core.spring.BeanUtils;
import org.apache.syncope.core.spring.security.DefaultCredentialChecker;
import org.apache.syncope.core.spring.security.jws.AccessTokenJwsSignatureProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.class */
public class AccessTokenDataBinderImpl implements AccessTokenDataBinder {
    private static final RandomBasedGenerator UUID_GENERATOR = Generators.randomBasedGenerator();

    @Resource(name = "adminUser")
    private String adminUser;

    @Resource(name = "jwtIssuer")
    private String jwtIssuer;

    @Autowired
    private AccessTokenJwsSignatureProvider jwsSignatureProvider;

    @Autowired
    private AccessTokenDAO accessTokenDAO;

    @Autowired
    private ConfDAO confDAO;

    @Autowired
    private EntityFactory entityFactory;

    @Autowired
    private DefaultCredentialChecker credentialChecker;

    public Pair<String, Date> generateJWT(String str, String str2, long j, Map<String, Object> map) {
        this.credentialChecker.checkIsDefaultJWSKeyInUse();
        long time = new Date().getTime() / 1000;
        long j2 = time + (60 * j);
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setTokenId(str);
        jwtClaims.setSubject(str2);
        jwtClaims.setIssuedAt(Long.valueOf(time));
        jwtClaims.setIssuer(this.jwtIssuer);
        jwtClaims.setExpiryTime(Long.valueOf(j2));
        jwtClaims.setNotBefore(Long.valueOf(time));
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            jwtClaims.setClaim(entry.getKey(), entry.getValue());
        }
        return Pair.of(new JwsJwtCompactProducer(new JwtToken(new JwsHeaders(JoseType.JWT, this.jwsSignatureProvider.getAlgorithm()), jwtClaims)).signWith(this.jwsSignatureProvider), new Date(j2 * 1000));
    }

    private AccessToken replace(String str, Map<String, Object> map, byte[] bArr, AccessToken accessToken) {
        Pair<String, Date> generateJWT = generateJWT(accessToken.getKey(), str, ((Long) this.confDAO.find("jwt.lifetime.minutes", 120L)).longValue(), map);
        accessToken.setBody((String) generateJWT.getLeft());
        accessToken.setExpiryTime((Date) generateJWT.getRight());
        accessToken.setOwner(str);
        if (!this.adminUser.equals(accessToken.getOwner())) {
            accessToken.setAuthorities(bArr);
        }
        return this.accessTokenDAO.save(accessToken);
    }

    public Pair<String, Date> create(String str, Map<String, Object> map, byte[] bArr, boolean z) {
        AccessToken findByOwner = this.accessTokenDAO.findByOwner(str);
        if (findByOwner == null) {
            AccessToken accessToken = (AccessToken) this.entityFactory.newEntity(AccessToken.class);
            accessToken.setKey(UUID_GENERATOR.generate().toString());
            findByOwner = replace(str, map, bArr, accessToken);
        } else if (z) {
            findByOwner = replace(str, map, bArr, findByOwner);
        }
        return Pair.of(findByOwner.getBody(), findByOwner.getExpiryTime());
    }

    public Pair<String, Date> update(AccessToken accessToken, byte[] bArr) {
        JwsJwtCompactConsumer jwsJwtCompactConsumer = new JwsJwtCompactConsumer(accessToken.getBody());
        this.credentialChecker.checkIsDefaultJWSKeyInUse();
        long time = (new Date().getTime() / 1000) + (60 * ((Long) this.confDAO.find("jwt.lifetime.minutes", 120L)).longValue());
        jwsJwtCompactConsumer.getJwtClaims().setExpiryTime(Long.valueOf(time));
        Date date = new Date(time * 1000);
        String signWith = new JwsJwtCompactProducer(new JwtToken(new JwsHeaders(JoseType.JWT, this.jwsSignatureProvider.getAlgorithm()), jwsJwtCompactConsumer.getJwtClaims())).signWith(this.jwsSignatureProvider);
        accessToken.setBody(signWith);
        accessToken.setExpiryTime(date);
        if (!this.adminUser.equals(accessToken.getOwner())) {
            accessToken.setAuthorities(bArr);
        }
        this.accessTokenDAO.save(accessToken);
        return Pair.of(signWith, date);
    }

    public AccessTokenTO getAccessTokenTO(AccessToken accessToken) {
        AccessTokenTO accessTokenTO = new AccessTokenTO();
        BeanUtils.copyProperties(accessToken, accessTokenTO);
        return accessTokenTO;
    }
}
