package org.thingsboard.server.service.security.auth.jwt;

import java.util.UUID;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.thingsboard.server.common.data.Customer;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.common.data.security.UserCredentials;
import org.thingsboard.server.dao.customer.CustomerService;
import org.thingsboard.server.dao.user.UserService;
import org.thingsboard.server.service.security.auth.RefreshAuthenticationToken;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.UserPrincipal;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
import org.thingsboard.server.service.security.model.token.RawAccessJwtToken;

@Component
/* loaded from: input_file:org/thingsboard/server/service/security/auth/jwt/RefreshTokenAuthenticationProvider.class */
public class RefreshTokenAuthenticationProvider implements AuthenticationProvider {
    private final JwtTokenFactory tokenFactory;
    private final UserService userService;
    private final CustomerService customerService;

    @Autowired
    public RefreshTokenAuthenticationProvider(UserService userService, CustomerService customerService, JwtTokenFactory jwtTokenFactory) {
        this.userService = userService;
        this.customerService = customerService;
        this.tokenFactory = jwtTokenFactory;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.notNull(authentication, "No authentication data provided");
        SecurityUser parseRefreshToken = this.tokenFactory.parseRefreshToken((RawAccessJwtToken) authentication.getCredentials());
        UserPrincipal userPrincipal = parseRefreshToken.getUserPrincipal();
        return new RefreshAuthenticationToken(userPrincipal.getType() == UserPrincipal.Type.USER_NAME ? authenticateByUserId((UserId) parseRefreshToken.getId()) : authenticateByPublicId(userPrincipal.getValue()));
    }

    private SecurityUser authenticateByUserId(UserId userId) {
        TenantId tenantId = new TenantId(EntityId.NULL_UUID);
        User findUserById = this.userService.findUserById(tenantId, userId);
        if (findUserById == null) {
            throw new UsernameNotFoundException("User not found by refresh token");
        }
        UserCredentials findUserCredentialsByUserId = this.userService.findUserCredentialsByUserId(tenantId, findUserById.getId());
        if (findUserCredentialsByUserId == null) {
            throw new UsernameNotFoundException("User credentials not found");
        }
        if (!findUserCredentialsByUserId.isEnabled()) {
            throw new DisabledException("User is not active");
        }
        if (findUserById.getAuthority() == null) {
            throw new InsufficientAuthenticationException("User has no authority assigned");
        }
        return new SecurityUser(findUserById, findUserCredentialsByUserId.isEnabled(), new UserPrincipal(UserPrincipal.Type.USER_NAME, findUserById.getEmail()));
    }

    private SecurityUser authenticateByPublicId(String str) {
        try {
            Customer findCustomerById = this.customerService.findCustomerById(new TenantId(EntityId.NULL_UUID), new CustomerId(UUID.fromString(str)));
            if (findCustomerById == null) {
                throw new UsernameNotFoundException("Public entity not found by refresh token");
            }
            if (!findCustomerById.isPublic()) {
                throw new BadCredentialsException("Refresh token is not valid");
            }
            User user = new User(new UserId(EntityId.NULL_UUID));
            user.setTenantId(findCustomerById.getTenantId());
            user.setCustomerId(findCustomerById.getId());
            user.setEmail(str);
            user.setAuthority(Authority.CUSTOMER_USER);
            user.setFirstName("Public");
            user.setLastName("Public");
            return new SecurityUser(user, true, new UserPrincipal(UserPrincipal.Type.PUBLIC_ID, str));
        } catch (Exception e) {
            throw new BadCredentialsException("Refresh token is not valid");
        }
    }

    public boolean supports(Class<?> cls) {
        return RefreshAuthenticationToken.class.isAssignableFrom(cls);
    }
}
