package com.nannoq.tools.auth.services;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.nannoq.tools.auth.AuthGlobals;
import com.nannoq.tools.auth.models.AuthPackage;
import com.nannoq.tools.auth.models.TokenContainer;
import com.nannoq.tools.auth.models.UserProfile;
import com.nannoq.tools.auth.services.providers.FaceBookProvider;
import com.nannoq.tools.auth.services.providers.Google;
import com.nannoq.tools.auth.services.providers.InstaGram;
import com.nannoq.tools.auth.services.providers.utils.GoogleUser;
import com.nannoq.tools.auth.utils.AuthFutures;
import com.nannoq.tools.auth.utils.PermissionPack;
import com.nannoq.tools.repository.models.ModelUtils;
import com.nannoq.tools.repository.repository.redis.RedisUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.CompressionCodecs;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.vertx.codegen.annotations.Fluent;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.json.DecodeException;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.redis.RedisClient;
import io.vertx.redis.RedisTransaction;
import io.vertx.serviceproxy.ServiceException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.AbstractMap;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.digest.DigestUtils;

/* loaded from: input_file:com/nannoq/tools/auth/services/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl implements AuthenticationService {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationServiceImpl.class.getSimpleName());
    private static String KEY_ALGORITHM = "HmacSHA512";
    private final String CALLBACK_URL;
    private final String EMAIL_HASH_KEY_BASE;
    public static final String GOOGLE = "GOOGLE";
    public static final String FACEBOOK = "FACEBOOK";
    public static final String INSTAGRAM = "INSTAGRAM";
    static final String REFRESH_TOKEN_SPLITTER = "____";
    private final String ISSUER;
    private final String AUDIENCE;
    private final RedisClient redisClient;
    private final String domainIdentifier;
    private final SecretKey SIGNING_KEY;
    private int notBeforeTimeInMinutes = -5;
    private int idTokenExpirationInDays = 5;
    private int refreshTokenExpirationInDays = 30;
    private Function<PermissionPack, Map<String, Object>> setPermissionOnClaims;
    private final Google googleProvider;
    private final FaceBookProvider facebookProvider;
    private final InstaGram instaGramProvider;

    public AuthenticationServiceImpl(@Nonnull Vertx vertx, @Nonnull JsonObject jsonObject, @Nonnull Function<PermissionPack, Map<String, Object>> function, @Nonnull String str) throws InvalidKeyException, NoSuchAlgorithmException {
        this.redisClient = RedisUtils.getRedisClient(vertx, jsonObject);
        this.domainIdentifier = jsonObject.getString("domainIdentifier");
        this.setPermissionOnClaims = function;
        this.SIGNING_KEY = new SecretKeySpec(DatatypeConverter.parseHexBinary(str), KEY_ALGORITHM);
        List<String> list = jsonObject.getJsonArray("gcmIds").getList();
        this.EMAIL_HASH_KEY_BASE = jsonObject.getString("emailHashKeybase");
        this.CALLBACK_URL = jsonObject.getString("callBackRoot") + jsonObject.getString("callbackProviderUrl");
        this.ISSUER = jsonObject.getString("authJWTIssuer");
        this.AUDIENCE = jsonObject.getString("authJWTAudience");
        this.googleProvider = new Google(vertx, jsonObject);
        this.googleProvider.withClientIds(list);
        this.facebookProvider = new FaceBookProvider(vertx, jsonObject);
        this.instaGramProvider = new InstaGram(vertx, jsonObject, this.CALLBACK_URL);
        initializeKey(KEY_ALGORITHM);
    }

    @Fluent
    private AuthenticationServiceImpl setNotBeforeTimeInMinutes(int i) {
        this.notBeforeTimeInMinutes = i;
        return this;
    }

    @Fluent
    private AuthenticationServiceImpl setIdTokenExpirationInDays(int i) {
        this.idTokenExpirationInDays = i;
        return this;
    }

    @Fluent
    private AuthenticationServiceImpl setRefreshTokenExpirationInDays(int i) {
        this.refreshTokenExpirationInDays = i;
        return this;
    }

    @Fluent
    private AuthenticationServiceImpl setKeyAlgorithm(String str) {
        KEY_ALGORITHM = str;
        return this;
    }

    @Fluent
    public AuthenticationServiceImpl withNotBeforeTimeInMinutes(int i) {
        return setNotBeforeTimeInMinutes(i);
    }

    @Fluent
    public AuthenticationServiceImpl withIdTokenExpirationInDays(int i) {
        return setIdTokenExpirationInDays(i);
    }

    @Fluent
    public AuthenticationServiceImpl withRefreshTokenExpirationInDays(int i) {
        return setRefreshTokenExpirationInDays(i);
    }

    @Fluent
    public AuthenticationServiceImpl withKeyAlgorithm(String str) {
        return setKeyAlgorithm(str);
    }

    private void initializeKey(String str) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac.getInstance(str).init(this.SIGNING_KEY);
    }

    @Override // com.nannoq.tools.auth.services.AuthenticationService
    @Fluent
    public AuthenticationService createJwtFromProvider(@Nonnull String str, @Nonnull String str2, @Nonnull Handler<AsyncResult<AuthPackage>> handler) {
        AsyncResult fail = ServiceException.fail(500, "Unable to parse Token: ");
        String upperCase = str2.toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -1479469166:
                if (upperCase.equals(INSTAGRAM)) {
                    z = 2;
                    break;
                }
                break;
            case 1279756998:
                if (upperCase.equals(FACEBOOK)) {
                    z = true;
                    break;
                }
                break;
            case 2108052025:
                if (upperCase.equals(GOOGLE)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.googleProvider.checkJWT(str, asyncResult -> {
                    if (!asyncResult.failed()) {
                        buildAuthPackage((GoogleIdToken.Payload) asyncResult.result(), asyncResult -> {
                            handler.handle(Future.succeededFuture(asyncResult.result()));
                        });
                    } else {
                        logger.error("Unable to process Google Token!", asyncResult.cause());
                        handler.handle(fail);
                    }
                });
                break;
            case true:
                this.facebookProvider.checkJWT(str, asyncResult2 -> {
                    if (!asyncResult2.failed()) {
                        buildAuthPackage((UserProfile) asyncResult2.result(), asyncResult2 -> {
                            handler.handle(Future.succeededFuture(asyncResult2.result()));
                        });
                    } else {
                        logger.error("Unable to process Facebook Token!", asyncResult2.cause());
                        handler.handle(fail);
                    }
                });
                break;
            case true:
                this.instaGramProvider.checkJWT(str, asyncResult3 -> {
                    if (!asyncResult3.failed()) {
                        buildAuthPackage((UserProfile) asyncResult3.result(), asyncResult3 -> {
                            handler.handle(Future.succeededFuture(asyncResult3.result()));
                        });
                    } else {
                        logger.error("Unable to process Instagram Token!", asyncResult3.cause());
                        handler.handle(fail);
                    }
                });
                break;
            default:
                logger.error("ERROR JwtGenerator: Unknown AuthProvider: " + str2);
                handler.handle(ServiceException.fail(400, "Unknown Provider..."));
                break;
        }
        return this;
    }

    private void buildAuthPackage(UserProfile userProfile, Handler<AsyncResult<AuthPackage>> handler) {
        String email;
        try {
            email = ModelUtils.hashString(userProfile.getEmail() + this.EMAIL_HASH_KEY_BASE);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            email = userProfile.getEmail();
        }
        userProfile.setUserId(email);
        doTokenCreation(userProfile, handler, createClaimsMap(userProfile), userProfile.getEmail());
    }

    private void buildAuthPackage(@Nonnull GoogleIdToken.Payload payload, Handler<AsyncResult<AuthPackage>> handler) {
        String email;
        HashMap hashMap = new HashMap();
        hashMap.put(AuthGlobals.JWT_CLAIMS_USER_EMAIL, payload.getEmail());
        hashMap.put(AuthGlobals.JWT_CLAIMS_NAME, payload.get(AuthGlobals.JWT_CLAIMS_NAME));
        hashMap.put(AuthGlobals.JWT_CLAIMS_GIVEN_NAME, payload.get("given_name"));
        hashMap.put(AuthGlobals.JWT_CLAIMS_FAMILY_NAME, payload.get("family_name"));
        hashMap.put(AuthGlobals.JWT_CLAIMS_EMAIL_VERIFIED, payload.get("email_verified"));
        GoogleUser googleUser = new GoogleUser(payload);
        try {
            email = ModelUtils.hashString(googleUser.getEmail() + this.EMAIL_HASH_KEY_BASE);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            email = googleUser.getEmail();
        }
        googleUser.setUserId(email);
        doTokenCreation(googleUser, handler, hashMap, payload.getEmail());
    }

    private void doTokenCreation(UserProfile userProfile, Handler<AsyncResult<AuthPackage>> handler, Map<String, Object> map, String str) {
        createTokenContainer(str, map, asyncResult -> {
            if (asyncResult.result() != null) {
                handler.handle(Future.succeededFuture(new AuthPackage((TokenContainer) asyncResult.result(), userProfile)));
            } else {
                logger.error("TokenContainer is null...", asyncResult.cause());
                handler.handle(ServiceException.fail(500, "TokenContainer is null..."));
            }
        });
    }

    private Map<String, Object> createClaimsMap(UserProfile userProfile) {
        HashMap hashMap = new HashMap();
        hashMap.put(AuthGlobals.JWT_CLAIMS_USER_EMAIL, userProfile.getEmail());
        hashMap.put(AuthGlobals.JWT_CLAIMS_NAME, userProfile.getName());
        hashMap.put(AuthGlobals.JWT_CLAIMS_GIVEN_NAME, userProfile.getGivenName());
        hashMap.put(AuthGlobals.JWT_CLAIMS_FAMILY_NAME, userProfile.getFamilyName());
        hashMap.put(AuthGlobals.JWT_CLAIMS_EMAIL_VERIFIED, Boolean.valueOf(userProfile.isEmailVerified()));
        return hashMap;
    }

    private void createTokenContainer(String str, Map<String, Object> map, Handler<AsyncResult<TokenContainer>> handler) {
        try {
            String hashString = ModelUtils.hashString(str + this.EMAIL_HASH_KEY_BASE);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(5, this.idTokenExpirationInDays);
            Calendar calendar3 = Calendar.getInstance();
            calendar3.add(12, this.notBeforeTimeInMinutes);
            String uuid = UUID.randomUUID().toString();
            map.put("id", uuid);
            Map<String, Object> generatePermissions = generatePermissions(hashString, map, AuthGlobals.GLOBAL_AUTHORIZATION);
            String createJwt = createJwt(hashString, uuid, generatePermissions, calendar.getTime(), calendar3.getTime(), calendar2.getTime());
            calendar2.add(5, this.refreshTokenExpirationInDays);
            String sha1Hex = DigestUtils.sha1Hex(hashString + UUID.randomUUID().toString());
            createTokenContainer(hashString, uuid, str, sha1Hex, generatePermissions, createJwt, sha1Hex + REFRESH_TOKEN_SPLITTER + calendar2.getTime().getTime(), handler);
        } catch (JwtException | IllegalArgumentException | NoSuchAlgorithmException e) {
            logger.error("Failed Token Container Creation!", e);
            handler.handle(ServiceException.fail(500, "" + e));
        }
    }

    private void createTokenContainer(String str, String str2, String str3, String str4, Map<String, Object> map, String str5, String str6, Handler<AsyncResult<TokenContainer>> handler) {
        String str7 = str + AuthGlobals.VALID_JWT_REGISTRY_KEY;
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            RedisTransaction transaction = redisClient.transaction();
            transaction.multi(asyncResult -> {
                transaction.hset(str7, str2, str6, asyncResult -> {
                    if (asyncResult.failed()) {
                        logger.error("Could not set valid jwt for: " + str3, asyncResult.cause());
                    } else {
                        transaction.set(str4, Json.encode(map), asyncResult -> {
                            if (asyncResult.failed()) {
                                logger.error("Could not store refreshtoken for: " + str3, asyncResult.cause());
                            }
                        });
                    }
                });
            });
            transaction.exec(asyncResult2 -> {
                if (asyncResult2.failed()) {
                    handler.handle(ServiceException.fail(500, "Could not set valid jwt for: " + str3));
                } else {
                    handler.handle(Future.succeededFuture(new TokenContainer(str5, str4)));
                }
            });
        });
    }

    private String createJwt(String str, String str2, Map<String, Object> map, Date date, Date date2, Date date3) throws IllegalArgumentException {
        return Jwts.builder().setClaims(map).setIssuer(this.ISSUER).setSubject(str).setAudience(this.AUDIENCE).setExpiration(date3).setNotBefore(date2).setIssuedAt(date).setId(str2).signWith(SignatureAlgorithm.HS512, this.SIGNING_KEY).compressWith(CompressionCodecs.DEFLATE).compact();
    }

    private String createJwt(String str, String str2, Jws<Claims> jws, Date date, Date date2, Date date3) throws IllegalArgumentException {
        return Jwts.builder().setClaims((Claims) jws.getBody()).setIssuer(this.ISSUER).setSubject(str).setAudience(this.AUDIENCE).setExpiration(date3).setNotBefore(date2).setIssuedAt(date).setId(str2).signWith(SignatureAlgorithm.HS512, this.SIGNING_KEY).compressWith(CompressionCodecs.DEFLATE).compact();
    }

    private Map<String, Object> generatePermissions(String str, Map<String, Object> map, String str2) {
        map.putIfAbsent(this.domainIdentifier, str);
        return this.setPermissionOnClaims.apply(new PermissionPack(str, map, str2));
    }

    @Override // com.nannoq.tools.auth.services.AuthenticationService
    @Fluent
    public AuthenticationService refresh(@Nonnull String str, @Nonnull Handler<AsyncResult<TokenContainer>> handler) {
        getTokenCache(str).compose(str2 -> {
            getClaims(str2).compose(map -> {
                String obj = map.get("id").toString();
                getTokenContainer(map).compose(tokenContainer -> {
                    deleteOld(map, str, obj, tokenContainer).compose(tokenContainer -> {
                        handler.handle(Future.succeededFuture(tokenContainer));
                    }, AuthFutures.authFail(handler));
                }, AuthFutures.authFail(handler));
            }, AuthFutures.authFail(handler));
        }, AuthFutures.authFail(handler));
        return this;
    }

    private Future<TokenContainer> deleteOld(Map<String, Object> map, String str, String str2, TokenContainer tokenContainer) {
        String str3;
        Future<TokenContainer> future = Future.future();
        String obj = map.get(AuthGlobals.JWT_CLAIMS_USER_EMAIL).toString();
        try {
            str3 = ModelUtils.hashString(obj + this.EMAIL_HASH_KEY_BASE);
        } catch (NoSuchAlgorithmException e) {
            logger.error("No Algorithm!", e);
            str3 = obj;
        }
        String str4 = str3;
        logger.debug("Purging: " + str4 + AuthGlobals.VALID_JWT_REGISTRY_KEY + " " + str2);
        String str5 = str4 + AuthGlobals.VALID_JWT_REGISTRY_KEY;
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            RedisTransaction transaction = redisClient.transaction();
            transaction.multi(asyncResult -> {
                transaction.del(str, asyncResult -> {
                    if (asyncResult.failed()) {
                        logger.debug("Del RefreshToken failed!");
                    }
                });
                transaction.hdel(str5, str2, asyncResult2 -> {
                    if (asyncResult2.failed()) {
                        logger.debug("Del JwtValidity failed!");
                    }
                });
            });
            transaction.exec(asyncResult2 -> {
                if (asyncResult2.failed()) {
                    future.fail(new InternalError("Unable to purge old refresh..."));
                } else {
                    logger.debug("Purged all remnants of old refresh...");
                    future.complete(tokenContainer);
                }
            });
        });
        return future;
    }

    private Future<Map<String, Object>> getClaims(String str) {
        Future<Map<String, Object>> future = Future.future();
        if (str == null) {
            future.fail(new ServiceException(500, "TokenCache cannot be null..."));
        } else {
            try {
                future.complete((Map) Json.decodeValue(str, Map.class));
            } catch (DecodeException e) {
                future.fail(e);
            }
        }
        return future;
    }

    private Future<TokenContainer> getTokenContainer(Map<String, Object> map) {
        Future<TokenContainer> future = Future.future();
        createTokenContainer(map.get(AuthGlobals.JWT_CLAIMS_USER_EMAIL).toString(), map, asyncResult -> {
            if (asyncResult.failed()) {
                future.fail(asyncResult.cause());
            } else {
                future.complete(asyncResult.result());
            }
        });
        return future;
    }

    private Future<String> getTokenCache(String str) {
        Future<String> future = Future.future();
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            redisClient.get(str, asyncResult -> {
                if (asyncResult.failed()) {
                    future.fail(asyncResult.cause());
                } else {
                    future.complete(asyncResult.result());
                }
            });
        });
        return future;
    }

    @Override // com.nannoq.tools.auth.services.AuthenticationService
    @Fluent
    public AuthenticationService switchToAssociatedDomain(String str, Jws<Claims> jws, Handler<AsyncResult<TokenContainer>> handler) {
        ((Claims) jws.getBody()).put(this.domainIdentifier, str);
        createTokenContainer(jws, handler);
        return this;
    }

    private void createTokenContainer(Jws<Claims> jws, Handler<AsyncResult<TokenContainer>> handler) {
        try {
            String obj = ((Claims) jws.getBody()).get(AuthGlobals.JWT_CLAIMS_USER_EMAIL).toString();
            String hashString = ModelUtils.hashString(obj + this.EMAIL_HASH_KEY_BASE);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(5, this.idTokenExpirationInDays);
            Calendar calendar3 = Calendar.getInstance();
            calendar3.add(12, this.notBeforeTimeInMinutes);
            String uuid = UUID.randomUUID().toString();
            ((Claims) jws.getBody()).put("id", uuid);
            String createJwt = createJwt(hashString, uuid, jws, calendar.getTime(), calendar3.getTime(), calendar2.getTime());
            calendar2.add(5, this.refreshTokenExpirationInDays);
            String sha1Hex = DigestUtils.sha1Hex(hashString + UUID.randomUUID().toString());
            createTokenContainer(hashString, uuid, obj, sha1Hex, (Map) ((Claims) jws.getBody()).entrySet().stream().map(entry -> {
                return new AbstractMap.SimpleEntry(entry.getKey(), entry.getValue());
            }).collect(Collectors.toConcurrentMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            })), createJwt, sha1Hex + REFRESH_TOKEN_SPLITTER + calendar2.getTime().getTime(), handler);
        } catch (JwtException | IllegalArgumentException | NoSuchAlgorithmException e) {
            logger.error("Failed Token Container Creation!", e);
            handler.handle(ServiceException.fail(500, "" + e));
        }
    }

    @Override // com.nannoq.tools.auth.services.AuthenticationService
    public void close() {
        this.redisClient.close(asyncResult -> {
            logger.debug("RedisClient closed for AuthenticationService: " + asyncResult.succeeded());
        });
    }
}
