package com.nannoq.tools.auth.services;

import com.nannoq.tools.auth.AuthGlobals;
import com.nannoq.tools.auth.models.VerifyResult;
import com.nannoq.tools.auth.utils.Authorization;
import com.nannoq.tools.auth.utils.Authorizer;
import com.nannoq.tools.repository.repository.redis.RedisUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.IncorrectClaimException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.MissingClaimException;
import io.jsonwebtoken.PrematureJwtException;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.vertx.codegen.annotations.Fluent;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.redis.RedisClient;
import io.vertx.redis.RedisTransaction;
import io.vertx.serviceproxy.ServiceException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
import java.util.List;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:com/nannoq/tools/auth/services/VerificationServiceImpl.class */
public class VerificationServiceImpl implements VerificationService {
    private static final Logger logger = LoggerFactory.getLogger(VerificationServiceImpl.class.getSimpleName());
    private static String KEY_ALGORITHM = "HmacSHA512";
    private final String ISSUER;
    private final String AUDIENCE;
    private final Vertx vertx;
    private final SecretKey SIGNING_KEY;
    private final String domainIdentifier;
    private final RedisClient redisClient;
    private final Authorizer authorizer;
    private final Supplier<Future<List<String>>> userIdsSupplier;
    private final boolean dev;

    public VerificationServiceImpl(Vertx vertx, JsonObject jsonObject, @Nonnull String str, Authorizer authorizer, Supplier<Future<List<String>>> supplier) throws NoSuchAlgorithmException, InvalidKeyException {
        this(vertx, jsonObject, str, authorizer, supplier, false);
    }

    public VerificationServiceImpl(Vertx vertx, JsonObject jsonObject, @Nonnull String str, Authorizer authorizer, Supplier<Future<List<String>>> supplier, boolean z) throws InvalidKeyException, NoSuchAlgorithmException {
        this.vertx = vertx;
        this.SIGNING_KEY = new SecretKeySpec(DatatypeConverter.parseHexBinary(str), KEY_ALGORITHM);
        this.domainIdentifier = jsonObject.getString("domainIdentifier");
        this.userIdsSupplier = supplier;
        this.redisClient = RedisUtils.getRedisClient(vertx, jsonObject);
        this.authorizer = authorizer;
        this.ISSUER = jsonObject.getString("authJWTIssuer");
        this.AUDIENCE = jsonObject.getString("authJWTAudience");
        this.dev = z;
        initializeKey(KEY_ALGORITHM);
    }

    @Fluent
    private VerificationServiceImpl setKeyAlgorithm(String str) {
        KEY_ALGORITHM = str;
        return this;
    }

    @Fluent
    public VerificationServiceImpl withKeyAlgorithm(String str) {
        return setKeyAlgorithm(str);
    }

    private void initializeKey(String str) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac.getInstance(str).init(this.SIGNING_KEY);
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    @Fluent
    public VerificationService verifyJWT(@Nonnull String str, @Nonnull Authorization authorization, @Nonnull Handler<AsyncResult<VerifyResult>> handler) {
        verifyToken(str, asyncResult -> {
            if (asyncResult.failed()) {
                logger.error("ERROR JWT: " + asyncResult.cause());
                handler.handle(ServiceException.fail(401, "ERROR: " + asyncResult.cause()));
                return;
            }
            Jws<Claims> jws = (Jws) asyncResult.result();
            try {
                if (!authorization.validate()) {
                    logger.error("Invalid Authorization Field: " + Json.encodePrettily(authorization));
                    notAuthorized(handler);
                } else if (authorization.getDomainIdentifier().equals(AuthGlobals.VALIDATION_REQUEST)) {
                    returnAuth(jws, handler);
                } else if (this.authorizer.isAsync()) {
                    verifyAuthorization(jws, authorization, asyncResult -> {
                        authResult(jws, handler, asyncResult.succeeded());
                    });
                } else {
                    authResult(jws, handler, verifyAuthorization(jws, authorization));
                }
            } catch (IllegalAccessException e) {
                handler.handle(ServiceException.fail(401, "Not authorized for this resource, invalid AuthTypeToken!"));
            }
        });
        return this;
    }

    private void authResult(Jws<Claims> jws, Handler<AsyncResult<VerifyResult>> handler, boolean z) {
        if (z) {
            returnAuth(jws, handler);
        } else {
            notAuthorized(handler);
        }
    }

    private void notAuthorized(Handler<AsyncResult<VerifyResult>> handler) {
        handler.handle(ServiceException.fail(401, "Not authorized for this resource!"));
    }

    private void returnAuth(Jws<Claims> jws, @Nonnull Handler<AsyncResult<VerifyResult>> handler) {
        VerifyResult verifyResult = new VerifyResult(((Claims) jws.getBody()).getSubject());
        logger.debug("User Auth: " + Json.encodePrettily(verifyResult));
        handler.handle(Future.succeededFuture(verifyResult));
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    @Fluent
    public VerificationServiceImpl verifyToken(@Nonnull String str, Handler<AsyncResult<Jws<Claims>>> handler) {
        this.vertx.executeBlocking(future -> {
            try {
                logger.debug("Verifying Token...");
                Jws parseClaimsJws = Jwts.parser().setSigningKey(this.SIGNING_KEY).requireIssuer(this.ISSUER).requireAudience(this.AUDIENCE).parseClaimsJws(str);
                logger.debug("Token parsed...");
                String subject = ((Claims) parseClaimsJws.getBody()).getSubject();
                String id = ((Claims) parseClaimsJws.getBody()).getId();
                String str2 = subject + AuthGlobals.VALID_JWT_REGISTRY_KEY;
                if (this.dev) {
                    logger.info("DEV ACCEPT");
                    handler.handle(Future.succeededFuture(parseClaimsJws));
                    future.complete(Future.succeededFuture());
                } else {
                    RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
                        redisClient.hget(str2, id, asyncResult -> {
                            if (asyncResult.failed()) {
                                handler.handle(ServiceException.fail(500, "Redis failure..."));
                                future.fail(asyncResult.cause());
                                logger.error("Failed to fetch from redis store...");
                                return;
                            }
                            String str3 = (String) asyncResult.result();
                            if (str3 == null || str3.length() <= 4 || !str3.contains("____")) {
                                failedVerify(future, handler, asyncResult, subject, id);
                            } else {
                                handler.handle(Future.succeededFuture(parseClaimsJws));
                                future.complete(Future.succeededFuture());
                            }
                        });
                    });
                }
            } catch (MissingClaimException | IncorrectClaimException | SignatureException | ExpiredJwtException | MalformedJwtException | PrematureJwtException | UnsupportedJwtException e) {
                handler.handle(ServiceException.fail(500, "Unknown error: " + e.getMessage()));
                future.fail(e);
            }
        }, false, asyncResult -> {
            logger.debug("Result: " + asyncResult.succeeded());
            if (asyncResult.failed()) {
                logger.error("Verification failed!", asyncResult.cause());
            }
        });
        return this;
    }

    private void failedVerify(Future<Object> future, Handler<AsyncResult<Jws<Claims>>> handler, AsyncResult<String> asyncResult, String str, String str2) {
        handler.handle(ServiceException.fail(401, "Invalid JWT..."));
        future.fail(asyncResult.cause());
        logger.error("Could not validate JWT! user: " + str + ", id: " + str2);
    }

    public boolean verifyAuthorization(Jws<Claims> jws, Authorization authorization) throws IllegalAccessException {
        return this.authorizer.authorize(jws, this.domainIdentifier, authorization);
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    @Fluent
    public VerificationServiceImpl verifyAuthorization(Jws<Claims> jws, Authorization authorization, Handler<AsyncResult<Boolean>> handler) throws IllegalAccessException {
        if (this.authorizer.isAsync()) {
            this.authorizer.authorize(jws, this.domainIdentifier, authorization, handler);
        } else if (this.authorizer.authorize(jws, this.domainIdentifier, authorization)) {
            handler.handle(Future.succeededFuture(Boolean.TRUE));
        } else {
            handler.handle(Future.failedFuture(new SecurityException("You are not authorized!")));
        }
        return this;
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    @Fluent
    public VerificationService revokeToken(@Nonnull String str, @Nonnull Handler<AsyncResult<Boolean>> handler) {
        verifyToken(str, asyncResult -> {
            if (asyncResult.failed()) {
                logger.error("Could not verify JWT for revoke...", asyncResult.cause());
                handler.handle(ServiceException.fail(401, "Could not verify JWT..."));
            } else {
                Jws jws = (Jws) asyncResult.result();
                doGarbageCollectionAfterRevoke(((Claims) jws.getBody()).getSubject() + AuthGlobals.VALID_JWT_REGISTRY_KEY, ((Claims) jws.getBody()).getId(), handler);
            }
        });
        return this;
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    @Fluent
    public VerificationService revokeUser(@Nonnull String str, @Nonnull Handler<AsyncResult<Boolean>> handler) {
        purgeJWTsOnUser(str + AuthGlobals.VALID_JWT_REGISTRY_KEY, handler);
        return this;
    }

    private void doGarbageCollectionAfterRevoke(String str, String str2, Handler<AsyncResult<Boolean>> handler) {
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            RedisTransaction transaction = redisClient.transaction();
            transaction.multi(asyncResult -> {
                transaction.hget(str, str2, asyncResult -> {
                    if (asyncResult.failed()) {
                        logger.error("Unable to delete refreshtoken for revoked JWT!");
                    } else {
                        transaction.del(((String) asyncResult.result()).split("____")[0], asyncResult -> {
                            if (asyncResult.failed()) {
                                logger.error("Del RefreshToken failed!", asyncResult.cause());
                            }
                        });
                        transaction.hdel(str, str2, asyncResult2 -> {
                            if (asyncResult2.failed()) {
                                logger.error("Del JwtValidity failed!", asyncResult2.cause());
                            }
                        });
                    }
                });
            });
            transaction.exec(asyncResult2 -> {
                if (!asyncResult2.failed()) {
                    handler.handle(Future.succeededFuture(Boolean.TRUE));
                } else {
                    logger.error("Failed Destroy transaction!", asyncResult2.cause());
                    handler.handle(ServiceException.fail(500, "Failed revoking old token..."));
                }
            });
        });
    }

    private void purgeJWTsOnUser(String str, Handler<AsyncResult<Boolean>> handler) {
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            RedisTransaction transaction = redisClient.transaction();
            transaction.multi(asyncResult -> {
                transaction.hgetall(str, asyncResult -> {
                    if (asyncResult.failed()) {
                        logger.error("Unable to delete refreshtoken for revoked JWT!");
                        return;
                    }
                    if (asyncResult.result() == null) {
                        logger.debug("Token List is empty!");
                        return;
                    }
                    try {
                        Object result = asyncResult.result();
                        if (result.toString().equalsIgnoreCase("{}")) {
                            logger.debug("Empty object!");
                        } else {
                            new JsonObject(result.toString()).forEach(entry -> {
                                String str2 = (String) entry.getKey();
                                Object value = entry.getValue();
                                transaction.del(value.toString().split("____")[0], asyncResult -> {
                                    if (asyncResult.failed()) {
                                        logger.error("Failed invalidating: " + value, asyncResult.cause());
                                    }
                                });
                                transaction.hdel(str, str2, asyncResult2 -> {
                                    if (asyncResult2.failed()) {
                                        logger.error("Failed invalidating jwt: " + str2, asyncResult2.cause());
                                    }
                                });
                            });
                        }
                    } catch (Exception e) {
                        logger.error("Error performing revocation!", e);
                    }
                });
            });
            transaction.exec(asyncResult2 -> {
                if (!asyncResult2.failed()) {
                    handler.handle(Future.succeededFuture(Boolean.TRUE));
                } else {
                    logger.error("Failed Destroy transaction!", asyncResult2.cause());
                    handler.handle(ServiceException.fail(500, "Failed revoking all tokens..."));
                }
            });
        });
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    @Fluent
    public VerificationService verifyJWTValidity(@Nonnull Handler<AsyncResult<Boolean>> handler) {
        fetchUserIds(asyncResult -> {
            if (asyncResult.failed()) {
                logger.error("Could not read userids...", asyncResult.cause());
            } else {
                ((List) asyncResult.result()).forEach(str -> {
                    RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
                        String str = str + AuthGlobals.VALID_JWT_REGISTRY_KEY;
                        redisClient.hgetall(str, asyncResult -> {
                            if (asyncResult.failed()) {
                                logger.error("Could not read jwts for " + str, asyncResult.cause());
                            } else {
                                checkJwts((JsonObject) asyncResult.result(), str, str, redisClient);
                            }
                        });
                    });
                });
            }
        });
        return this;
    }

    private void fetchUserIds(Handler<AsyncResult<List<String>>> handler) {
        this.userIdsSupplier.get().setHandler(asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
            } else {
                handler.handle(Future.succeededFuture(asyncResult.result()));
            }
        });
    }

    private void checkJwts(JsonObject jsonObject, String str, String str2, RedisClient redisClient) {
        if (jsonObject != null) {
            jsonObject.forEach(entry -> {
                String str3 = (String) entry.getKey();
                Object value = entry.getValue();
                String[] split = value.toString().split("____");
                long parseLong = Long.parseLong(split[1]);
                Calendar calendar = Calendar.getInstance();
                calendar.setTimeInMillis(parseLong);
                if (calendar.before(Calendar.getInstance())) {
                    logger.debug("Invalidating outdated token: " + value);
                    redisClient.del(split[0], asyncResult -> {
                        if (asyncResult.failed()) {
                            logger.error("Failed invalidating: " + value, asyncResult.cause());
                        }
                    });
                    redisClient.hdel(str2, str3, asyncResult2 -> {
                        if (asyncResult2.failed()) {
                            logger.error("Failed invalidating jwt: " + str3, asyncResult2.cause());
                        }
                    });
                }
            });
        } else {
            logger.error("JWT List for " + str + " is null...", new NullPointerException("UserId is Null!"));
        }
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    public void close() {
        this.redisClient.close(asyncResult -> {
            logger.debug("Closed Redis for Service: " + asyncResult.succeeded());
        });
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    @Fluent
    public /* bridge */ /* synthetic */ VerificationService verifyAuthorization(Jws jws, Authorization authorization, Handler handler) throws IllegalAccessException {
        return verifyAuthorization((Jws<Claims>) jws, authorization, (Handler<AsyncResult<Boolean>>) handler);
    }

    @Override // com.nannoq.tools.auth.services.VerificationService
    @Fluent
    public /* bridge */ /* synthetic */ VerificationService verifyToken(@Nonnull String str, Handler handler) {
        return verifyToken(str, (Handler<AsyncResult<Jws<Claims>>>) handler);
    }
}
