package org.eclipse.hono.service.auth.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.eclipse.hono.auth.Activity;
import org.eclipse.hono.auth.Authorities;
import org.eclipse.hono.auth.AuthoritiesImpl;
import org.eclipse.hono.auth.HonoUser;
import org.eclipse.hono.service.auth.AbstractHonoAuthenticationService;
import org.eclipse.hono.service.auth.AuthTokenHelper;
import org.eclipse.hono.service.auth.AuthenticationConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Profile;
import org.springframework.core.io.Resource;
import org.springframework.stereotype.Service;

@Profile({"authentication-impl"})
@Service
/* loaded from: input_file:org/eclipse/hono/service/auth/impl/FileBasedAuthenticationService.class */
public final class FileBasedAuthenticationService extends AbstractHonoAuthenticationService<AuthenticationServerConfigProperties> {
    private static final String FIELD_USERS = "users";
    private static final String FIELD_ROLES = "roles";
    private static final String FIELD_OPERATION = "operation";
    private static final String FIELD_RESOURCE = "resource";
    private static final String FIELD_ACTIVITIES = "activities";
    private static final String FIELD_AUTHORITIES = "authorities";
    private static final String FIELD_MECHANISM = "mechanism";
    private static final Map<String, Authorities> roles = new HashMap();
    private static final Map<String, JsonObject> users = new HashMap();
    private AuthTokenHelper tokenFactory;

    @Autowired
    public void setConfig(AuthenticationServerConfigProperties authenticationServerConfigProperties) {
        setSpecificConfig(authenticationServerConfigProperties);
    }

    @Autowired
    @Qualifier("signing")
    public final void setTokenFactory(AuthTokenHelper authTokenHelper) {
        this.tokenFactory = (AuthTokenHelper) Objects.requireNonNull(authTokenHelper);
    }

    protected void doStart(Future<Void> future) {
        if (this.tokenFactory == null) {
            future.fail("token factory must be set");
            return;
        }
        try {
            loadPermissions();
            future.complete();
        } catch (IOException e) {
            this.log.error("cannot load permissions from resource {}", ((AuthenticationServerConfigProperties) getConfig()).getPermissionsPath(), e);
            future.fail(e);
        }
    }

    void loadPermissions() throws IOException {
        if (((AuthenticationServerConfigProperties) getConfig()).getPermissionsPath() == null) {
            throw new IllegalStateException("permissions resource is not set");
        }
        if (!((AuthenticationServerConfigProperties) getConfig()).getPermissionsPath().isReadable()) {
            throw new FileNotFoundException("permissions resource does not exist");
        }
        this.log.info("loading permissions from resource {}", ((AuthenticationServerConfigProperties) getConfig()).getPermissionsPath().getURI().toString());
        StringBuilder sb = new StringBuilder();
        load(((AuthenticationServerConfigProperties) getConfig()).getPermissionsPath(), sb);
        parsePermissions(new JsonObject(sb.toString()));
    }

    private void load(Resource resource, StringBuilder sb) throws IOException {
        char[] cArr = new char[4096];
        InputStreamReader inputStreamReader = new InputStreamReader(resource.getInputStream(), StandardCharsets.UTF_8);
        Throwable th = null;
        while (true) {
            try {
                try {
                    int read = inputStreamReader.read(cArr);
                    if (read <= 0) {
                        break;
                    } else {
                        sb.append(cArr, 0, read);
                    }
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (Throwable th3) {
                if (inputStreamReader != null) {
                    if (th != null) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                throw th3;
            }
        }
        if (inputStreamReader != null) {
            if (0 == 0) {
                inputStreamReader.close();
                return;
            }
            try {
                inputStreamReader.close();
            } catch (Throwable th5) {
                th.addSuppressed(th5);
            }
        }
    }

    private void parsePermissions(JsonObject jsonObject) {
        Objects.requireNonNull(jsonObject);
        parseRoles(jsonObject.getJsonObject(FIELD_ROLES, new JsonObject()));
        parseUsers(jsonObject.getJsonObject(FIELD_USERS, new JsonObject()));
    }

    private void parseRoles(JsonObject jsonObject) {
        jsonObject.stream().filter(entry -> {
            return entry.getValue() instanceof JsonArray;
        }).forEach(entry2 -> {
            String str = (String) entry2.getKey();
            JsonArray jsonArray = (JsonArray) entry2.getValue();
            this.log.debug("adding role [{}] with {} authorities", str, Integer.valueOf(jsonArray.size()));
            roles.put(str, toAuthorities(jsonArray));
        });
    }

    private void parseUsers(JsonObject jsonObject) {
        jsonObject.stream().filter(entry -> {
            return entry.getValue() instanceof JsonObject;
        }).forEach(entry2 -> {
            String str = (String) entry2.getKey();
            JsonObject jsonObject2 = (JsonObject) entry2.getValue();
            this.log.debug("adding user [{}]", str);
            users.put(str, jsonObject2);
        });
    }

    private JsonObject getUser(String str, String str2) {
        JsonObject jsonObject = users.get(str);
        if (jsonObject == null || !str2.equals(jsonObject.getString(FIELD_MECHANISM))) {
            return null;
        }
        return jsonObject;
    }

    private Authorities getAuthorities(JsonObject jsonObject) {
        AuthoritiesImpl authoritiesImpl = new AuthoritiesImpl();
        jsonObject.getJsonArray(FIELD_AUTHORITIES).forEach(obj -> {
            Authorities authorities = roles.get((String) obj);
            if (authorities != null) {
                authoritiesImpl.addAll(authorities);
            }
        });
        return authoritiesImpl;
    }

    private Authorities toAuthorities(JsonArray jsonArray) {
        AuthoritiesImpl authoritiesImpl = new AuthoritiesImpl();
        ((JsonArray) Objects.requireNonNull(jsonArray)).stream().filter(obj -> {
            return obj instanceof JsonObject;
        }).forEach(obj2 -> {
            JsonObject jsonObject = (JsonObject) obj2;
            JsonArray jsonArray2 = jsonObject.getJsonArray(FIELD_ACTIVITIES, new JsonArray());
            String string = jsonObject.getString(FIELD_RESOURCE);
            String string2 = jsonObject.getString(FIELD_OPERATION);
            if (string != null) {
                ArrayList arrayList = new ArrayList();
                jsonArray2.forEach(obj2 -> {
                    Activity valueOf = Activity.valueOf((String) obj2);
                    if (valueOf != null) {
                        arrayList.add(valueOf);
                    }
                });
                authoritiesImpl.addResource(string, (Activity[]) arrayList.toArray(new Activity[arrayList.size()]));
            } else {
                if (string2 == null) {
                    throw new IllegalArgumentException("malformed authorities");
                }
                String[] split = string2.split(":", 2);
                if (split.length == 2) {
                    authoritiesImpl.addOperation(split[0], split[1]);
                } else {
                    this.log.debug("ignoring malformed operation spec [{}], operation name missing", string2);
                }
            }
        });
        return authoritiesImpl;
    }

    private boolean hasAuthority(JsonObject jsonObject, String str) {
        return jsonObject.getJsonArray(FIELD_AUTHORITIES, new JsonArray()).contains(str);
    }

    private boolean isAuthorizedToImpersonate(JsonObject jsonObject) {
        return hasAuthority(jsonObject, "hono-component");
    }

    public void verifyPlain(String str, String str2, String str3, Handler<AsyncResult<HonoUser>> handler) {
        if (str2 == null || str2.isEmpty()) {
            handler.handle(Future.failedFuture("missing username"));
            return;
        }
        if (str3 == null || str3.isEmpty()) {
            handler.handle(Future.failedFuture("missing password"));
            return;
        }
        JsonObject user = getUser(str2, "PLAIN");
        if (user == null) {
            this.log.debug("no such user [{}]", str2);
            handler.handle(Future.failedFuture("unauthorized"));
        } else if (str3.equals(user.getString("password"))) {
            verify(str2, user, str, handler);
        } else {
            this.log.debug("password mismatch");
            handler.handle(Future.failedFuture("unauthorized"));
        }
    }

    public void verifyExternal(String str, String str2, Handler<AsyncResult<HonoUser>> handler) {
        if (str2 == null || str2.isEmpty()) {
            handler.handle(Future.failedFuture("missing subject DN"));
            return;
        }
        String commonName = AuthenticationConstants.getCommonName(str2);
        if (commonName == null) {
            handler.handle(Future.failedFuture("could not determine authorization ID for subject DN"));
            return;
        }
        JsonObject user = getUser(commonName, "EXTERNAL");
        if (user == null) {
            handler.handle(Future.failedFuture("unauthorized"));
        } else {
            verify(commonName, user, str, handler);
        }
    }

    private void verify(String str, JsonObject jsonObject, String str2, Handler<AsyncResult<HonoUser>> handler) {
        JsonObject jsonObject2 = jsonObject;
        String str3 = str;
        if (str2 != null && !str2.isEmpty() && isAuthorizedToImpersonate(jsonObject)) {
            JsonObject jsonObject3 = users.get(str2);
            if (jsonObject3 != null) {
                jsonObject2 = jsonObject3;
                str3 = str2;
                this.log.debug("granting authorization id specified by client");
            } else {
                this.log.debug("no user found for authorization id provided by client, granting authentication id instead");
            }
        }
        final Authorities authorities = getAuthorities(jsonObject2);
        final String str4 = str3;
        final Instant plus = Instant.now().plus((TemporalAmount) this.tokenFactory.getTokenLifetime());
        final String createToken = this.tokenFactory.createToken(str4, authorities);
        handler.handle(Future.succeededFuture(new HonoUser() { // from class: org.eclipse.hono.service.auth.impl.FileBasedAuthenticationService.1
            public String getName() {
                return str4;
            }

            public String getToken() {
                return createToken;
            }

            public Authorities getAuthorities() {
                return authorities;
            }

            public boolean isExpired() {
                return !Instant.now().isBefore(plus);
            }

            public Instant getExpirationTime() {
                return plus;
            }
        }));
    }
}
