package org.thingsboard.server.service.security.auth.jwt.settings;

import java.beans.ConstructorProperties;
import java.util.Base64;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.cluster.TbClusterService;
import org.thingsboard.server.common.data.AdminSettings;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
import org.thingsboard.server.common.data.security.model.JwtSettings;
import org.thingsboard.server.dao.settings.AdminSettingsService;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;

@Service
/* loaded from: input_file:org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsService.class */
public class DefaultJwtSettingsService implements JwtSettingsService {
    private static final Logger log = LoggerFactory.getLogger(DefaultJwtSettingsService.class);
    private final AdminSettingsService adminSettingsService;
    private final Optional<TbClusterService> tbClusterService;
    private final JwtSettingsValidator jwtSettingsValidator;
    private final Optional<JwtTokenFactory> jwtTokenFactory;
    private volatile JwtSettings jwtSettings = null;

    @Override // org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsService
    public JwtSettings saveJwtSettings(JwtSettings jwtSettings) {
        this.jwtSettingsValidator.validate(jwtSettings);
        AdminSettings mapJwtToAdminSettings = mapJwtToAdminSettings(jwtSettings);
        AdminSettings findAdminSettingsByKey = this.adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, JwtSettingsService.ADMIN_SETTINGS_JWT_KEY);
        if (findAdminSettingsByKey != null) {
            mapJwtToAdminSettings.setId(findAdminSettingsByKey.getId());
        }
        log.info("Saving new JWT admin settings. From this moment, the JWT parameters from YAML and ENV will be ignored");
        this.adminSettingsService.saveAdminSettings(TenantId.SYS_TENANT_ID, mapJwtToAdminSettings);
        this.tbClusterService.ifPresent(tbClusterService -> {
            tbClusterService.broadcastEntityStateChangeEvent(TenantId.SYS_TENANT_ID, TenantId.SYS_TENANT_ID, ComponentLifecycleEvent.UPDATED);
        });
        return reloadJwtSettings();
    }

    @Override // org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsService
    public JwtSettings reloadJwtSettings() {
        log.trace("Executing reloadJwtSettings");
        JwtSettings jwtSettings = getJwtSettings(true);
        this.jwtTokenFactory.ifPresent((v0) -> {
            v0.reload();
        });
        return jwtSettings;
    }

    @Override // org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsService
    public JwtSettings getJwtSettings() {
        log.trace("Executing getJwtSettings");
        return getJwtSettings(false);
    }

    public JwtSettings getJwtSettings(boolean z) {
        if (this.jwtSettings == null || z) {
            synchronized (this) {
                if (this.jwtSettings == null || z) {
                    this.jwtSettings = getJwtSettingsFromDb();
                }
            }
        }
        return this.jwtSettings;
    }

    private JwtSettings getJwtSettingsFromDb() {
        AdminSettings findAdminSettingsByKey = this.adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, JwtSettingsService.ADMIN_SETTINGS_JWT_KEY);
        if (findAdminSettingsByKey != null) {
            return mapAdminToJwtSettings(findAdminSettingsByKey);
        }
        return null;
    }

    private JwtSettings mapAdminToJwtSettings(AdminSettings adminSettings) {
        Objects.requireNonNull(adminSettings, "adminSettings for JWT is null");
        return (JwtSettings) JacksonUtil.treeToValue(adminSettings.getJsonValue(), JwtSettings.class);
    }

    private AdminSettings mapJwtToAdminSettings(JwtSettings jwtSettings) {
        Objects.requireNonNull(jwtSettings, "jwtSettings is null");
        AdminSettings adminSettings = new AdminSettings();
        adminSettings.setTenantId(TenantId.SYS_TENANT_ID);
        adminSettings.setKey(JwtSettingsService.ADMIN_SETTINGS_JWT_KEY);
        adminSettings.setJsonValue(JacksonUtil.valueToTree(jwtSettings));
        return adminSettings;
    }

    public static boolean isSigningKeyDefault(JwtSettings jwtSettings) {
        return JwtSettingsService.TOKEN_SIGNING_KEY_DEFAULT.equals(jwtSettings.getTokenSigningKey());
    }

    public static boolean validateKeyLength(String str) {
        return Base64.getDecoder().decode(str).length * 8 >= JwtTokenFactory.KEY_LENGTH;
    }

    @ConstructorProperties({"adminSettingsService", "tbClusterService", "jwtSettingsValidator", "jwtTokenFactory"})
    public DefaultJwtSettingsService(AdminSettingsService adminSettingsService, Optional<TbClusterService> optional, JwtSettingsValidator jwtSettingsValidator, Optional<JwtTokenFactory> optional2) {
        this.adminSettingsService = adminSettingsService;
        this.tbClusterService = optional;
        this.jwtSettingsValidator = jwtSettingsValidator;
        this.jwtTokenFactory = optional2;
    }
}
