package tech.aroma.authentication.service.operations;

import com.google.common.base.Strings;
import javax.inject.Inject;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tech.aroma.data.TokenRepository;
import tech.aroma.thrift.assertions.AromaAssertions;
import tech.aroma.thrift.authentication.AuthenticationToken;
import tech.aroma.thrift.authentication.TokenStatus;
import tech.aroma.thrift.authentication.service.VerifyTokenRequest;
import tech.aroma.thrift.authentication.service.VerifyTokenResponse;
import tech.aroma.thrift.exceptions.InvalidTokenException;
import tech.aroma.thrift.exceptions.OperationFailedException;
import tech.aroma.thrift.functions.TimeFunctions;
import tech.sirwellington.alchemy.annotations.access.Internal;
import tech.sirwellington.alchemy.arguments.AlchemyAssertion;
import tech.sirwellington.alchemy.arguments.Arguments;
import tech.sirwellington.alchemy.arguments.FailedAssertionException;
import tech.sirwellington.alchemy.arguments.assertions.Assertions;
import tech.sirwellington.alchemy.arguments.assertions.StringAssertions;
import tech.sirwellington.alchemy.thrift.operations.ThriftOperation;

@Internal
/* loaded from: input_file:tech/aroma/authentication/service/operations/VerifyTokenOperation.class */
final class VerifyTokenOperation implements ThriftOperation<VerifyTokenRequest, VerifyTokenResponse> {
    private static final Logger LOG = LoggerFactory.getLogger(VerifyTokenOperation.class);
    private final TokenRepository repository;

    @Inject
    VerifyTokenOperation(TokenRepository tokenRepository) {
        Arguments.checkThat(tokenRepository).is(Assertions.notNull());
        this.repository = tokenRepository;
    }

    public VerifyTokenResponse process(VerifyTokenRequest verifyTokenRequest) throws TException {
        LOG.debug("Received request to verify an  token: {}", verifyTokenRequest);
        AromaAssertions.checkRequestNotNull(verifyTokenRequest);
        String str = verifyTokenRequest.tokenId;
        Arguments.checkThat(str).throwing(AromaAssertions.withMessage("missing tokenId")).is(StringAssertions.nonEmptyString());
        AuthenticationToken token = this.repository.getToken(str);
        Arguments.checkThat(token).throwing(InvalidTokenException.class).usingMessage("Token is expired").is(notExpired());
        if (expirationDateHasPassed(token)) {
            saveAsExpired(token);
            throw new InvalidTokenException("Token has expired.");
        }
        if (shouldCheckAgainstOwner(verifyTokenRequest)) {
            ensureTokenAndOwnerMatch(str, verifyTokenRequest.ownerId);
        }
        return new VerifyTokenResponse();
    }

    private boolean shouldCheckAgainstOwner(VerifyTokenRequest verifyTokenRequest) {
        return verifyTokenRequest.isSetOwnerId() && !Strings.isNullOrEmpty(verifyTokenRequest.ownerId);
    }

    private void ensureTokenAndOwnerMatch(String str, String str2) throws OperationFailedException, InvalidTokenException {
        if (!tryDetermineMatch(str, str2)) {
            throw new InvalidTokenException();
        }
    }

    private boolean tryDetermineMatch(String str, String str2) throws OperationFailedException {
        try {
            return this.repository.doesTokenBelongTo(str, str2);
        } catch (Exception e) {
            throw new OperationFailedException("Could not read token repository: " + e.getMessage());
        }
    }

    private AlchemyAssertion<AuthenticationToken> notExpired() {
        return authenticationToken -> {
            if (authenticationToken.status == TokenStatus.EXPIRED) {
                throw new FailedAssertionException("Token has expired");
            }
        };
    }

    private void saveAsExpired(AuthenticationToken authenticationToken) throws TException {
        authenticationToken.setStatus(TokenStatus.EXPIRED);
        this.repository.saveToken(authenticationToken);
    }

    private boolean expirationDateHasPassed(AuthenticationToken authenticationToken) {
        return TimeFunctions.isInThePast(authenticationToken.timeOfExpiration);
    }
}
