package com.epam.ta.reportportal.auth;

import com.epam.ta.reportportal.auth.util.AuthUtils;
import com.epam.ta.reportportal.commons.ReportPortalUser;
import com.epam.ta.reportportal.core.configs.rabbit.ReportingConfiguration;
import com.epam.ta.reportportal.dao.ApiKeyRepository;
import com.epam.ta.reportportal.dao.UserRepository;
import com.epam.ta.reportportal.entity.user.ApiKey;
import com.epam.ta.reportportal.ws.rabbit.MessageHeaders;
import com.google.common.collect.Maps;
import java.time.LocalDate;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
@Component("combinedTokenStore")
/* loaded from: input_file:com/epam/ta/reportportal/auth/CombinedTokenStore.class */
public class CombinedTokenStore extends JwtTokenStore {

    @Autowired
    private ApiKeyRepository apiKeyRepository;

    @Autowired
    private UserRepository userRepository;

    @Autowired
    public CombinedTokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
        super(jwtAccessTokenConverter);
    }

    public OAuth2Authentication readAuthentication(OAuth2AccessToken oAuth2AccessToken) {
        try {
            return super.readAuthentication(oAuth2AccessToken);
        } catch (InvalidTokenException e) {
            return readAuthentication(oAuth2AccessToken.getValue());
        }
    }

    @Transactional
    public OAuth2Authentication readAuthentication(String str) {
        try {
            return super.readAuthentication(str);
        } catch (InvalidTokenException e) {
            String printHexBinary = DatatypeConverter.printHexBinary(DigestUtils.sha3_256(str));
            ApiKey findByHash = this.apiKeyRepository.findByHash(printHexBinary);
            if (findByHash == null) {
                return null;
            }
            Optional findReportPortalUser = this.userRepository.findReportPortalUser(findByHash.getUserId());
            if (!findReportPortalUser.isPresent()) {
                return null;
            }
            LocalDate now = LocalDate.now();
            if (findByHash.getLastUsedAt() == null || !findByHash.getLastUsedAt().equals(now)) {
                this.apiKeyRepository.updateLastUsedAt(findByHash.getId(), printHexBinary, now);
            }
            return getAuthentication(getUserWithAuthorities((ReportPortalUser) findReportPortalUser.get()));
        }
    }

    @Transactional
    public OAuth2AccessToken readAccessToken(String str) {
        try {
            return super.readAccessToken(str);
        } catch (InvalidTokenException e) {
            if (!ApiKeyUtils.validateToken(str)) {
                return null;
            }
            DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken(str);
            defaultOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() + ReportingConfiguration.DEAD_LETTER_DELAY_MILLIS));
            String printHexBinary = DatatypeConverter.printHexBinary(DigestUtils.sha3_256(str));
            ApiKey findByHash = this.apiKeyRepository.findByHash(printHexBinary);
            if (findByHash != null) {
                LocalDate now = LocalDate.now();
                if (findByHash.getLastUsedAt() == null || !findByHash.getLastUsedAt().equals(now)) {
                    this.apiKeyRepository.updateLastUsedAt(findByHash.getId(), printHexBinary, now);
                }
            }
            return defaultOAuth2AccessToken;
        }
    }

    private OAuth2Authentication getAuthentication(ReportPortalUser reportPortalUser) {
        HashMap hashMap = new HashMap();
        hashMap.put(MessageHeaders.USERNAME, reportPortalUser.getUsername());
        hashMap.put("client_id", ReportPortalClient.api.name());
        HashSet hashSet = new HashSet();
        hashSet.add(new SimpleGrantedAuthority(reportPortalUser.getUserRole().getAuthority()));
        OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(new OAuth2Request(hashMap, ReportPortalClient.api.name(), hashSet, true, Collections.singleton(ReportPortalClient.api.name()), Collections.emptySet(), (String) null, Collections.emptySet(), (Map) null), new UsernamePasswordAuthenticationToken(reportPortalUser, (Object) null, hashSet));
        oAuth2Authentication.setAuthenticated(true);
        return oAuth2Authentication;
    }

    private ReportPortalUser getUserWithAuthorities(ReportPortalUser reportPortalUser) {
        return ReportPortalUser.userBuilder().withUserName(reportPortalUser.getUsername()).withPassword(reportPortalUser.getPassword()).withAuthorities(AuthUtils.AS_AUTHORITIES.apply(reportPortalUser.getUserRole())).withUserId(reportPortalUser.getUserId()).withUserRole(reportPortalUser.getUserRole()).withProjectDetails(Maps.newHashMapWithExpectedSize(1)).withEmail(reportPortalUser.getEmail()).build();
    }
}
