package io.gravitee.am.gateway.handler.common.webauthn;

import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.gateway.handler.common.certificate.CertificateManager;
import io.gravitee.am.gateway.handler.common.jwt.JWTService;
import io.gravitee.am.gateway.handler.common.user.UserService;
import io.gravitee.am.model.User;
import io.gravitee.am.service.exception.UserNotFoundException;
import io.reactivex.rxjava3.core.Single;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/webauthn/WebAuthnCookieService.class */
public class WebAuthnCookieService implements InitializingBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(WebAuthnCookieService.class);
    private static final String DEFAULT_COOKIE_NAME = "GRAVITEE_AM_DEVICE_RECOGNITION";
    private static final long DEFAULT_SESSION_TIMEOUT = 31536000000L;
    static final String USER_ID = "userId";

    @Value("${passwordless.rememberDevice.cookie.name:GRAVITEE_AM_DEVICE_RECOGNITION}")
    private String rememberDeviceCookieName;

    @Value("${passwordless.rememberDevice.cookie.timeout:31536000000}")
    private long rememberDeviceCookieTimeout;

    @Autowired
    private JWTService jwtService;

    @Autowired
    private CertificateManager certificateManager;

    @Autowired
    private UserService userService;

    public void afterPropertiesSet() throws Exception {
    }

    public Single<String> generateRememberDeviceCookieValue(User user) {
        JWT jwt = new JWT();
        jwt.setIat(System.currentTimeMillis() / 1000);
        jwt.put(USER_ID, user.getId());
        return this.jwtService.encode(jwt, this.certificateManager.defaultCertificateProvider());
    }

    public Single<String> extractUserIdFromRememberDeviceCookieValue(String str) {
        return decodeAndVerify(str).map(jwt -> {
            return (String) jwt.get(USER_ID);
        }).doOnError(th -> {
            LOGGER.error("An error has occurred when parsing WebAuthn cookie {}", str, th);
        });
    }

    public Single<User> extractUserFromRememberDeviceCookieValue(String str) {
        return decodeAndVerify(str).flatMap(jwt -> {
            return this.userService.findById((String) jwt.get(USER_ID)).switchIfEmpty(Single.error(new UserNotFoundException((String) jwt.get(USER_ID))));
        });
    }

    private Single<JWT> decodeAndVerify(String str) {
        return this.jwtService.decodeAndVerify(str, this.certificateManager.defaultCertificateProvider(), JWTService.TokenType.SESSION);
    }

    @Generated
    public String getRememberDeviceCookieName() {
        return this.rememberDeviceCookieName;
    }

    @Generated
    public long getRememberDeviceCookieTimeout() {
        return this.rememberDeviceCookieTimeout;
    }
}
