package org.thingsboard.server.service.mail;

import com.fasterxml.jackson.databind.node.ObjectNode;
import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
import com.google.api.client.auth.oauth2.RefreshTokenRequest;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
import org.thingsboard.server.common.data.AdminSettings;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.mail.MailOauth2Provider;
import org.thingsboard.server.dao.settings.AdminSettingsService;
import org.thingsboard.server.queue.util.TbCoreComponent;

@TbCoreComponent
@Service
/* loaded from: input_file:org/thingsboard/server/service/mail/RefreshTokenExpCheckService.class */
public class RefreshTokenExpCheckService {
    private static final Logger log = LoggerFactory.getLogger(RefreshTokenExpCheckService.class);
    public static final int AZURE_DEFAULT_REFRESH_TOKEN_LIFETIME_IN_DAYS = 90;
    private final AdminSettingsService adminSettingsService;

    @Scheduled(initialDelayString = "#{T(org.apache.commons.lang3.RandomUtils).nextLong(0, ${mail.oauth2.refreshTokenCheckingInterval})}", fixedDelayString = "${mail.oauth2.refreshTokenCheckingInterval}", timeUnit = TimeUnit.SECONDS)
    public void check() throws IOException {
        AdminSettings findAdminSettingsByKey = this.adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, "mail");
        if (findAdminSettingsByKey != null && findAdminSettingsByKey.getJsonValue().has("enableOauth2") && findAdminSettingsByKey.getJsonValue().get("enableOauth2").asBoolean()) {
            ObjectNode jsonValue = findAdminSettingsByKey.getJsonValue();
            if (MailOauth2Provider.OFFICE_365.name().equals(jsonValue.get("providerId").asText()) && jsonValue.has("refreshToken") && jsonValue.has("refreshTokenExpires")) {
                try {
                    long longValue = jsonValue.get("refreshTokenExpires").longValue() - System.currentTimeMillis();
                    if (longValue < 0) {
                        jsonValue.put("tokenGenerated", false);
                        jsonValue.remove("refreshToken");
                        jsonValue.remove("refreshTokenExpires");
                        this.adminSettingsService.saveAdminSettings(TenantId.SYS_TENANT_ID, findAdminSettingsByKey);
                    } else if (longValue < 604800000) {
                        log.info("Trying to refresh refresh token.");
                        String asText = jsonValue.get("clientId").asText();
                        String asText2 = jsonValue.get("clientSecret").asText();
                        jsonValue.put("refreshToken", new RefreshTokenRequest(new NetHttpTransport(), new GsonFactory(), new GenericUrl(jsonValue.get("tokenUri").asText()), jsonValue.get("refreshToken").asText()).setClientAuthentication(new ClientParametersAuthentication(asText, asText2)).execute().getRefreshToken());
                        jsonValue.put("refreshTokenExpires", Instant.now().plus((TemporalAmount) Duration.ofDays(90L)).toEpochMilli());
                        this.adminSettingsService.saveAdminSettings(TenantId.SYS_TENANT_ID, findAdminSettingsByKey);
                    }
                } catch (Exception e) {
                    log.error("Error occurred while checking token", e);
                }
            }
        }
    }

    @ConstructorProperties({"adminSettingsService"})
    public RefreshTokenExpCheckService(AdminSettingsService adminSettingsService) {
        this.adminSettingsService = adminSettingsService;
    }
}
