package io.corbel.iam.service;

import io.corbel.iam.model.Client;
import io.corbel.iam.repository.ClientRepository;
import io.corbel.lib.token.TokenInfo;
import io.corbel.lib.token.factory.TokenFactory;
import io.corbel.lib.token.model.TokenType;
import java.time.Clock;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Optional;

/* loaded from: input_file:io/corbel/iam/service/DefaultMailResetPasswordService.class */
public class DefaultMailResetPasswordService implements MailResetPasswordService {
    private final EventsService eventsService;
    private final ScopeService scopeService;
    private final TokenFactory tokenFactory;
    private final ClientRepository clientRepository;
    private final String resetPasswordTokenScope;
    private final Clock clock;
    private final long defaultTokenDurationInSeconds;
    private final String defaultNotificationId;
    private final String defaultResetUrl;

    public DefaultMailResetPasswordService(EventsService eventsService, ScopeService scopeService, TokenFactory tokenFactory, ClientRepository clientRepository, String str, Clock clock, long j, String str2, String str3) {
        this.eventsService = eventsService;
        this.scopeService = scopeService;
        this.tokenFactory = tokenFactory;
        this.clientRepository = clientRepository;
        this.resetPasswordTokenScope = str;
        this.clock = clock;
        this.defaultTokenDurationInSeconds = j;
        this.defaultNotificationId = str2;
        this.defaultResetUrl = str3;
    }

    @Override // io.corbel.iam.service.MailResetPasswordService
    public void sendMailResetPassword(String str, String str2, String str3, String str4) {
        Optional.ofNullable(this.clientRepository.findOne(str)).ifPresent(client -> {
            sendMailResetPasswordEvent((String) Optional.ofNullable(client.getResetNotificationId()).orElse(this.defaultNotificationId), client, str2, str3, str4);
        });
    }

    private void sendMailResetPasswordEvent(String str, Client client, String str2, String str3, String str4) {
        String createEmailResetPasswordToken = createEmailResetPasswordToken(client.getId(), str2, str4);
        setTokenScope(createEmailResetPasswordToken, client.getId(), str2, str4);
        String replace = ((String) Optional.ofNullable(client.getResetUrl()).orElse(this.defaultResetUrl)).replace("{token}", createEmailResetPasswordToken);
        HashMap hashMap = new HashMap();
        hashMap.put("clientUrl", replace);
        this.eventsService.sendNotificationEvent(str, str3, hashMap);
    }

    private String createEmailResetPasswordToken(String str, String str2, String str3) {
        return this.tokenFactory.createToken(TokenInfo.newBuilder().setType(TokenType.TOKEN).setOneUseToken(true).setUserId(str2).setClientId(str).setDomainId(str3).build(), this.defaultTokenDurationInSeconds, new String[0]).getAccessToken();
    }

    private void setTokenScope(String str, String str2, String str3, String str4) {
        long epochMilli = this.clock.instant().plus(this.defaultTokenDurationInSeconds, (TemporalUnit) ChronoUnit.SECONDS).toEpochMilli();
        HashSet hashSet = new HashSet();
        hashSet.add(this.resetPasswordTokenScope);
        this.scopeService.publishAuthorizationRules(str, epochMilli, this.scopeService.fillScopes(this.scopeService.expandScopes(hashSet), str3, str2, str4));
    }
}
