package net.orivis.auth.service;

import java.util.Date;
import java.util.Objects;
import net.orivis.auth.client.entity.UserData;
import net.orivis.auth.entity.RefreshToken;
import net.orivis.auth.exception.RefreshTokenException;
import net.orivis.auth.repository.RefreshTokenRepository;
import net.orivis.shared.annotations.DataRetrieverDescription;
import net.orivis.shared.annotations.DeleteStrategy;
import net.orivis.shared.config.WebContext;
import net.orivis.shared.exceptions.ItemNotFoundException;
import net.orivis.shared.postgres.service.PaginationService;
import net.orivis.shared.scopes.model.ScopeModel;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;

@DataRetrieverDescription(model = RefreshToken.class, form = RefreshToken.class, repo = RefreshTokenRepository.class)
@Service
@DeleteStrategy(2)
/* loaded from: input_file:net/orivis/auth/service/RefreshTokenService.class */
public class RefreshTokenService extends PaginationService<RefreshToken> {
    public RefreshTokenService(WebContext webContext) {
        super(webContext);
    }

    public RefreshToken findByToken(String str) {
        if (str == null) {
            throw new ItemNotFoundException("global.refresh.token.cannot_be_null_in_request");
        }
        return (RefreshToken) getRepository().filteredOne(getFilterImpl().eq("refreshToken", str).and(getNotDeletedQuery())).orElseThrow(() -> {
            return new ItemNotFoundException(str);
        });
    }

    public void validateRefreshToken(RefreshToken refreshToken, ScopeModel scopeModel) {
        if (refreshToken == null) {
            throw new RefreshTokenException("refresh_token.null", HttpStatus.UNAUTHORIZED);
        }
        if (scopeModel == null || !Objects.equals(scopeModel.getRefreshSecretKey(), refreshToken.getScope().getRefreshSecretKey())) {
            throw new RefreshTokenException("refresh_token.incorrect.scope", HttpStatus.UNAUTHORIZED);
        }
        if (!Boolean.TRUE.equals(refreshToken.getActive())) {
            throw new RefreshTokenException("refresh_token.inactive", HttpStatus.UNAUTHORIZED);
        }
        if (refreshToken.getClosed() != null) {
            throw new RefreshTokenException("refresh_token.closed", HttpStatus.UNAUTHORIZED);
        }
        if (refreshToken.getDue() != null && new Date().after(refreshToken.getDue())) {
            throw new RefreshTokenException("refresh_token.expired", HttpStatus.UNAUTHORIZED);
        }
        ProfilePageService profilePageService = (ProfilePageService) getBean(ProfilePageService.class);
        if (Boolean.TRUE.equals(((UserData) profilePageService.filteredFirst(profilePageService.getFilterImpl().id(refreshToken.getUserDataId()).and(profilePageService.getNotDeletedQuery())).orElseThrow(() -> {
            return new RefreshTokenException("refresh_token.user.inactive", HttpStatus.UNAUTHORIZED);
        })).getBlocked())) {
            throw new RefreshTokenException("refresh_token.user.inactive", HttpStatus.UNAUTHORIZED);
        }
    }
}
