package com.backed.datatronic.security.jwt;

import com.backed.datatronic.app.user.usuario.exception.UsuarioNotFoundException;
import com.backed.datatronic.app.user.usuario.repository.UsuarioPermisosRepository;
import com.backed.datatronic.app.user.usuario.repository.UsuarioRepositorio;
import com.backed.datatronic.security.JWTService;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.Resource;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/com/backed/datatronic/security/jwt/JWTServiceImpl.class */
public class JWTServiceImpl implements JWTService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JWTServiceImpl.class);
    private final UsuarioRepositorio usuarioRepositorio;

    @Value("classpath:jwtKeys/private_key.pem")
    private Resource llavePrivada;

    @Value("classpath:jwtKeys/public_key.pem")
    private Resource llavePublica;
    private final UsuarioPermisosRepository usuarioPermisosRepository;

    @Override // com.backed.datatronic.security.JWTService
    public String generarJWT(Integer num, String str, Collection<? extends GrantedAuthority> collection, UserDetails userDetails) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
        log.info("Generando Token");
        RSASSASigner rSASSASigner = new RSASSASigner(cargarLlavePrivada(this.llavePrivada));
        Date date = new Date();
        String str2 = (String) collection.stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.joining(StringUtils.SPACE));
        String obtenerDistribuidorSiAplica = obtenerDistribuidorSiAplica(num, str2);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), new JWTClaimsSet.Builder().subject(str).claim("roles", str2).claim("idusuario", num).claim("distribuidor", obtenerDistribuidorSiAplica).claim("idSucursal", obtenerSucursalSiAplica(num, str2)).issueTime(date).expirationTime(new Date(date.getTime() + DateUtils.MILLIS_PER_DAY)).build());
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }

    private String obtenerDistribuidorSiAplica(Integer num, String str) {
        return "DISTRIBUIDOR".equals(str) ? this.usuarioRepositorio.findByIdAndStatusTrue(num).orElseThrow(() -> {
            return new UsuarioNotFoundException("Usuario no encontrado");
        }).getDistribuidores().getNombre() : "";
    }

    private Integer obtenerSucursalSiAplica(Integer num, String str) {
        if ("DISTRIBUIDOR".equals(str) || "ADMIN".equals(str)) {
            return null;
        }
        return this.usuarioRepositorio.findByIdAndStatusTrue(num).orElseThrow(() -> {
            return new UsuarioNotFoundException("Usuario no encontrado");
        }).getSucursal().getId();
    }

    @Override // com.backed.datatronic.security.JWTService
    public JWTClaimsSet verificarToken(String str, UserDetails userDetails) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, ParseException, JOSEException {
        log.info("Verificando Token");
        PublicKey cargarLlavepublica = cargarLlavepublica(this.llavePublica);
        SignedJWT parse = SignedJWT.parse(str);
        if (!parse.verify(new RSASSAVerifier((RSAPublicKey) cargarLlavepublica))) {
            log.error("Firma de token no valida");
            throw new JOSEException("Firma de token no valida");
        }
        JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
        if (jWTClaimsSet.getExpirationTime().before(new Date())) {
            log.error("Token expirado");
            throw new JOSEException("Token expirado");
        }
        if (jWTClaimsSet.getSubject().equals(userDetails.getUsername())) {
            return jWTClaimsSet;
        }
        log.error("Token no corresponde al usuario");
        throw new JOSEException("Token no corresponde al usuario");
    }

    @Override // com.backed.datatronic.security.JWTService
    public String nombredelSubject(String str) throws ParseException {
        return SignedJWT.parse(str).getJWTClaimsSet().getSubject();
    }

    @Override // com.backed.datatronic.security.JWTService
    public Collection<? extends GrantedAuthority> getAuthorities(String str) throws ParseException {
        Long l = (Long) SignedJWT.parse(str).getJWTClaimsSet().getClaim("idusuario");
        if (l == null) {
            return Collections.emptyList();
        }
        List<String> findOnlyPerfilesNameByUsuarioId = this.usuarioPermisosRepository.findOnlyPerfilesNameByUsuarioId(l);
        return findOnlyPerfilesNameByUsuarioId.isEmpty() ? Collections.emptyList() : new ArrayList(findOnlyPerfilesNameByUsuarioId.stream().map(str2 -> {
            return new SimpleGrantedAuthority("ROLE_" + str2);
        }).toList());
    }

    private PrivateKey cargarLlavePrivada(Resource resource) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(new String(Files.readAllBytes(Paths.get(resource.getURI())), StandardCharsets.UTF_8).replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s", ""))));
    }

    private PublicKey cargarLlavepublica(Resource resource) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(new String(Files.readAllBytes(Paths.get(resource.getURI())), StandardCharsets.UTF_8).replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replaceAll("\\s", ""))));
    }

    public JWTServiceImpl(UsuarioRepositorio usuarioRepositorio, UsuarioPermisosRepository usuarioPermisosRepository) {
        this.usuarioRepositorio = usuarioRepositorio;
        this.usuarioPermisosRepository = usuarioPermisosRepository;
    }
}
