package net.savantly.sprout.security;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.stream.Collectors;
import net.savantly.sprout.autoconfigure.properties.SproutConfigurationProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:net/savantly/sprout/security/TokenProvider.class */
public class TokenProvider implements InitializingBean {
    private final Logger log = LoggerFactory.getLogger(TokenProvider.class);
    private static final String AUTHORITIES_KEY = "auth";
    private Key key;
    private long tokenValidityInMilliseconds;
    private long tokenValidityInMillisecondsForRememberMe;
    private final SproutConfigurationProperties sproutProperties;

    public TokenProvider(SproutConfigurationProperties sproutConfigurationProperties) {
        this.sproutProperties = sproutConfigurationProperties;
    }

    public void afterPropertiesSet() throws Exception {
        byte[] bArr;
        String secret = this.sproutProperties.getSecurity().getAuthentication().getJwt().getSecret();
        if (StringUtils.isEmpty(secret)) {
            this.log.debug("Using a Base64-encoded JWT secret key");
            bArr = (byte[]) Decoders.BASE64.decode(this.sproutProperties.getSecurity().getAuthentication().getJwt().getBase64Secret());
        } else {
            this.log.warn("The JWT key used is not Base64 encoded. Use the application property `sprout.security.authentication.jwt.base64-secret` for better security");
            bArr = secret.getBytes(StandardCharsets.UTF_8);
        }
        this.key = Keys.hmacShaKeyFor(bArr);
        this.tokenValidityInMilliseconds = 1000 * this.sproutProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSeconds();
        this.tokenValidityInMillisecondsForRememberMe = 1000 * this.sproutProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSecondsForRememberMe();
    }

    public String createToken(Authentication authentication, boolean z) {
        String str = (String) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.joining(","));
        long time = new Date().getTime();
        return Jwts.builder().setSubject(authentication.getName()).claim(AUTHORITIES_KEY, str).signWith(this.key, SignatureAlgorithm.HS512).setExpiration(z ? new Date(time + this.tokenValidityInMillisecondsForRememberMe) : new Date(time + this.tokenValidityInMilliseconds)).compact();
    }

    public Authentication getAuthentication(String str) {
        Claims claims = (Claims) Jwts.parser().setSigningKey(this.key).parseClaimsJws(str).getBody();
        Collection collection = (Collection) Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(",")).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
        return new UsernamePasswordAuthenticationToken(new User(claims.getSubject(), "", collection), str, collection);
    }

    public boolean validateToken(String str) {
        try {
            Jwts.parser().setSigningKey(this.key).parseClaimsJws(str);
            return true;
        } catch (JwtException | IllegalArgumentException e) {
            this.log.info("Invalid JWT token.");
            this.log.trace("Invalid JWT token trace.", e);
            return false;
        }
    }
}
