package io.preboot.auth.core.service;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import io.preboot.auth.api.exception.InvalidActivationTokenException;
import io.preboot.auth.api.exception.InvalidPasswordResetTokenException;
import io.preboot.auth.core.spring.AuthSecurityProperties;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.UUID;
import java.util.function.Function;
import javax.crypto.SecretKey;
import lombok.Generated;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:io/preboot/auth/core/service/JwtTokenService.class */
public class JwtTokenService {
    private final AuthSecurityProperties securityProperties;

    private SecretKey getSigningKey() {
        return Keys.hmacShaKeyFor(this.securityProperties.getJwtSecret().getBytes());
    }

    public String generateToken(UUID uuid) {
        return Jwts.builder().subject(uuid.toString()).issuedAt(new Date(System.currentTimeMillis())).signWith(getSigningKey(), Jwts.SIG.HS256).compact();
    }

    public UUID extractSessionId(String str) {
        return UUID.fromString((String) extractClaim(str, (v0) -> {
            return v0.getSubject();
        }));
    }

    public String generatePasswordResetToken(UUID uuid, int i) {
        return Jwts.builder().subject(uuid.toString()).claim("resetTokenVersion", Integer.valueOf(i)).issuedAt(new Date()).expiration(Date.from(Instant.now().plus(this.securityProperties.getPasswordResetTokenTimeoutInDays(), (TemporalUnit) ChronoUnit.DAYS))).signWith(getSigningKey()).compact();
    }

    private <T> T extractClaim(String str, Function<Claims, T> function) {
        return function.apply(extractAllClaims(str));
    }

    private Claims extractAllClaims(String str) {
        return (Claims) Jwts.parser().verifyWith(getSigningKey()).build().parseSignedClaims(str).getPayload();
    }

    public Claims validatePasswordResetToken(String str) {
        try {
            return (Claims) Jwts.parser().verifyWith(getSigningKey()).build().parseSignedClaims(str).getPayload();
        } catch (JwtException e) {
            throw new InvalidPasswordResetTokenException("Invalid or expired token");
        }
    }

    public String generateActivationToken(UUID uuid) {
        return Jwts.builder().subject(uuid.toString()).issuedAt(new Date()).expiration(Date.from(Instant.now().plus(this.securityProperties.getActivationTokenTimeoutInDays(), (TemporalUnit) ChronoUnit.DAYS))).signWith(getSigningKey()).compact();
    }

    public Claims validateActivationToken(String str) {
        try {
            return (Claims) Jwts.parser().verifyWith(getSigningKey()).build().parseSignedClaims(str).getPayload();
        } catch (JwtException e) {
            throw new InvalidActivationTokenException("Invalid or expired activation token");
        }
    }

    @Generated
    public JwtTokenService(AuthSecurityProperties authSecurityProperties) {
        this.securityProperties = authSecurityProperties;
    }
}
