package pl.edu.icm.jupiter.web.security;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.google.common.base.Joiner;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.util.Base64;
import java.util.Date;
import java.util.function.Consumer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:pl/edu/icm/jupiter/web/security/JwtTokenBuilder.class */
public class JwtTokenBuilder {

    @Autowired
    private RoleHierarchy roleHierarchy;

    @Value("${spring.security.jwt.audience}")
    private String audience;

    @Value("${spring.security.jwt.issuer}")
    private String issuer;

    @Value("${spring.security.jwt.token.refreshExpirationDays}")
    private int refreshTokenExpirationDays;

    @Value("${spring.security.jwt.token.expirationSeconds}")
    private int tokenExpirationSeconds;
    private final byte[] decodedSecret;

    public JwtTokenBuilder(@Value("${spring.security.jwt.secret}") String str) {
        this.decodedSecret = Base64.getDecoder().decode(str.getBytes());
    }

    public String createRefreshToken(Authentication authentication) {
        return buildToken(authentication, ZonedDateTime.now().plusDays(this.refreshTokenExpirationDays).toInstant(), builder -> {
            builder.withClaim("scope", Joiner.on(" ").join(this.roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities()).stream().map(grantedAuthority -> {
                return grantedAuthority.getAuthority();
            }).iterator()));
        });
    }

    public String createAuthToken(Authentication authentication) {
        return buildToken(authentication, ZonedDateTime.now().plusSeconds(this.tokenExpirationSeconds).toInstant(), null);
    }

    private String buildToken(Authentication authentication, Instant instant, Consumer<JWTCreator.Builder> consumer) {
        Date from = Date.from(instant);
        JWTCreator.Builder create = JWT.create();
        create.withAudience(new String[]{this.audience}).withIssuer(this.issuer).withIssuedAt(new Date()).withExpiresAt(from).withSubject(authentication.getName());
        if (consumer != null) {
            consumer.accept(create);
        }
        return create.sign(Algorithm.HMAC256(this.decodedSecret));
    }
}
