package systems.dennis.auth.client.utils;

import de.taimos.totp.TOTP;
import jakarta.servlet.http.HttpServletRequest;
import java.lang.reflect.Field;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import systems.dennis.auth.client.LoginPassword;
import systems.dennis.auth.client.entity.UserData;
import systems.dennis.auth.client.required.TokenProviderClient;
import systems.dennis.auth.exception.SubscriptionNotExistsException;
import systems.dennis.auth.repository.LoginPasswordRepo;
import systems.dennis.auth.repository.UserDataRepository;
import systems.dennis.auth.responses.Auth2FactorEnabled;
import systems.dennis.auth.role_validator.entity.UserTokenDTO;
import systems.dennis.auth.service.LoginPasswordService;
import systems.dennis.shared.annotations.security.ISecurityUtils;
import systems.dennis.shared.config.WebContext;
import systems.dennis.shared.entity.TokenData;
import systems.dennis.shared.exceptions.AccessDeniedException;
import systems.dennis.shared.exceptions.AuthorizationNotFoundException;
import systems.dennis.shared.exceptions.ItemNotFoundException;
import systems.dennis.shared.utils.ApplicationContext;
import systems.dennis.shared.utils.bean_copier.BeanCopier;

@Service
/* loaded from: input_file:systems/dennis/auth/client/utils/SecurityUtils.class */
public class SecurityUtils implements ISecurityUtils<Long> {
    private static final Logger log = LoggerFactory.getLogger(SecurityUtils.class);

    @Autowired
    private TokenProviderClient provider;

    @Autowired
    private AuthenticationService service;

    @Autowired
    HttpServletRequest request;

    private SecurityUtils() {
    }

    public static String mask(String str) {
        if (str == null || str.length() < 2) {
            return "***********";
        }
        String repeat = "*".repeat(str.length() / 2);
        return repeat + str.substring(repeat.length());
    }

    public boolean isAdmin() {
        try {
            return get().getRoleList().contains("ROLE_ADMIN");
        } catch (Exception e) {
            return false;
        }
    }

    public boolean hasRole(String str) {
        return this.service.hasRole(str);
    }

    public String getUserLanguage() {
        return get().getUserData().getPreferredLanguage();
    }

    public void removeLocalAuthorization() {
        this.service.logout();
    }

    public UserTokenDTO get() throws AuthorizationNotFoundException {
        return tokenFromHeader();
    }

    /* renamed from: getUserDataId, reason: merged with bridge method [inline-methods] */
    public Long m7getUserDataId() {
        return get().getUserData().getId();
    }

    public void checkSubscription(List<String> list) {
        List<String> purchases = get().getUserData().getPurchases();
        if (purchases == null || purchases.isEmpty()) {
            throw new SubscriptionNotExistsException();
        }
        Iterator<String> it = purchases.iterator();
        while (it.hasNext()) {
            if (list.contains(it.next())) {
                return;
            }
        }
        throw new SubscriptionNotExistsException();
    }

    public UserTokenDTO tokenFromHeader() throws AuthorizationNotFoundException {
        return this.provider.getAuthentication(getTokenFromRequest());
    }

    public String generateSecretKey() {
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        return new Base32().encodeToString(bArr);
    }

    public Auth2FactorEnabled get2factorBarCodeForUser(LoginPasswordService loginPasswordService) {
        LoginPassword loginData = getLoginData(loginPasswordService);
        String str = (String) Optional.ofNullable(loginData.getTwoFactorCode()).orElseGet(this::generateSecretKey);
        if (loginData.getTwoFactorCode() == null) {
            loginData.setTwoFactorCode(str);
            loginPasswordService.save(loginData);
        }
        String googleAuthenticatorBarCode = getGoogleAuthenticatorBarCode(str, loginData.getLogin(), "dennis.systems");
        Auth2FactorEnabled auth2FactorEnabled = new Auth2FactorEnabled();
        auth2FactorEnabled.setCode(googleAuthenticatorBarCode);
        auth2FactorEnabled.setEnabled(Boolean.valueOf(loginData.getTwoFactor() == null ? false : loginData.getTwoFactor().booleanValue()));
        return auth2FactorEnabled;
    }

    public LoginPassword getLoginData(LoginPasswordService loginPasswordService) {
        return loginPasswordService.findUserByLogin(get().getUserData().getLogin()).orElseThrow(() -> {
            return new AuthorizationNotFoundException("");
        });
    }

    public String getGoogleAuthenticatorBarCode(String str, String str2, String str3) {
        return "otpauth://totp/" + URLEncoder.encode(str3 + ":" + str2, StandardCharsets.UTF_8).replace("+", "%20") + "?secret=" + URLEncoder.encode(str, StandardCharsets.UTF_8).replace("+", "%20") + "&issuer=" + URLEncoder.encode(str3, StandardCharsets.UTF_8).replace("+", "%20");
    }

    public String getTOTPCode(LoginPasswordService loginPasswordService, String str) {
        LoginPassword orElseThrow = loginPasswordService.findUserByLogin(str).orElseThrow(() -> {
            return new AuthorizationNotFoundException(" No such user: " + str);
        });
        if (orElseThrow.getTwoFactor() == null || !orElseThrow.getTwoFactor().booleanValue()) {
            return null;
        }
        return TOTP.getOTP(Hex.encodeHexString(new Base32().decode(orElseThrow.getTwoFactorCode())));
    }

    public String getTOTPCode(LoginPassword loginPassword) {
        return TOTP.getOTP(Hex.encodeHexString(new Base32().decode(loginPassword.getTwoFactorCode())));
    }

    public TokenData getTokenFromRequest() throws AuthorizationNotFoundException {
        return this.service.getToken(this.request);
    }

    public TokenData getTokenOrThrow() throws AuthorizationNotFoundException, AuthorizationNotFoundException {
        TokenData tokenData = null;
        if (get() == null) {
            tokenData = getTokenFromRequest();
        }
        if (tokenData == null) {
            if (get() == null) {
                throw new AuthorizationNotFoundException("NO TOKEN PROVIDED");
            }
            get();
            tokenData = new TokenData(get().getScope(), get().getToken());
            if (tokenData == null) {
                throw new AuthorizationNotFoundException(" NO TOKEN PROVIDED");
            }
        }
        return tokenData;
    }

    public UserData userOrThrow() throws AuthorizationNotFoundException {
        return get().getUserData();
    }

    public List<String> roles() throws AuthorizationNotFoundException {
        return get().getRoleList();
    }

    public boolean roleExists(String... strArr) throws AuthorizationNotFoundException {
        for (String str : roles()) {
            for (String str2 : strArr) {
                if (str2.equalsIgnoreCase(str)) {
                    return true;
                }
            }
        }
        return false;
    }

    public void roleExistsOrThrow(String... strArr) throws AuthorizationNotFoundException {
        if (!roleExists(strArr)) {
            throw new AccessDeniedException("User has not required roles " + Arrays.toString(strArr));
        }
    }

    public boolean anyRole() {
        return !roles().isEmpty();
    }

    public void isMe(Long l) {
        if (!(m7getUserDataId().equals(l) || isAdmin())) {
            throw new AccessDeniedException("You cannot change this object");
        }
    }

    public TokenData getToken() {
        return getTokenFromRequest();
    }

    public void isMy(Object obj) {
        if (isAdmin()) {
            return;
        }
        try {
            if (Objects.equals(BeanCopier.readValue(obj, (Field) ApplicationContext.CREATED_FIELDS_MAP.get(obj.getClass())), get().getUserData())) {
            } else {
                throw new AccessDeniedException("You have no access to this object");
            }
        } catch (AuthorizationNotFoundException e) {
            throw new AccessDeniedException("You have no access to this object");
        } catch (Exception e2) {
        }
    }

    public void isMePswrd(Long l, WebContext.LocalWebContext localWebContext) {
        if (l == null) {
            return;
        }
        isMe(((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).findByLogin(((LoginPassword) ((LoginPasswordRepo) localWebContext.getBean(LoginPasswordRepo.class)).findById(l).orElseThrow(() -> {
            return ItemNotFoundException.fromId(l);
        })).getLogin()).orElseThrow(() -> {
            return ItemNotFoundException.fromId(l);
        }).getId());
    }
}
