package org.eclipse.hono.deviceregistry.file;

import io.opentracing.Span;
import io.opentracing.noop.NoopSpan;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Promise;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.json.DecodeException;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.hono.auth.HonoPasswordEncoder;
import org.eclipse.hono.deviceregistry.service.credentials.AbstractCredentialsManagementService;
import org.eclipse.hono.deviceregistry.service.device.DeviceKey;
import org.eclipse.hono.deviceregistry.util.DeviceRegistryUtils;
import org.eclipse.hono.service.Lifecycle;
import org.eclipse.hono.service.credentials.CredentialsService;
import org.eclipse.hono.service.management.OperationResult;
import org.eclipse.hono.service.management.Result;
import org.eclipse.hono.service.management.credentials.CommonCredential;
import org.eclipse.hono.tracing.TracingHelper;
import org.eclipse.hono.util.CacheDirective;
import org.eclipse.hono.util.CredentialsResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/eclipse/hono/deviceregistry/file/FileBasedCredentialsService.class */
public final class FileBasedCredentialsService extends AbstractCredentialsManagementService implements CredentialsService, Lifecycle {
    public static final String ARRAY_CREDENTIALS = "credentials";
    public static final String FIELD_TENANT = "tenant";
    private static final Logger LOG = LoggerFactory.getLogger(FileBasedCredentialsService.class);
    private final Map<String, Map<String, JsonArray>> credentials;
    private final Map<String, Map<String, String>> versions;
    private AtomicBoolean running;
    private AtomicBoolean dirty;
    private FileBasedCredentialsConfigProperties config;

    @Autowired
    public FileBasedCredentialsService(Vertx vertx, FileBasedCredentialsConfigProperties fileBasedCredentialsConfigProperties, HonoPasswordEncoder honoPasswordEncoder) {
        super(vertx, honoPasswordEncoder, fileBasedCredentialsConfigProperties.getMaxBcryptIterations(), fileBasedCredentialsConfigProperties.getHashAlgorithmsWhitelist());
        this.credentials = new ConcurrentHashMap();
        this.versions = new ConcurrentHashMap();
        this.running = new AtomicBoolean(false);
        this.dirty = new AtomicBoolean(false);
        this.config = fileBasedCredentialsConfigProperties;
    }

    public FileBasedCredentialsConfigProperties getConfig() {
        return this.config;
    }

    private Future<Void> checkFileExists(boolean z) {
        Promise promise = Promise.promise();
        if (getConfig().getFilename() == null) {
            promise.fail("no filename set");
        } else if (this.vertx.fileSystem().existsBlocking(getConfig().getFilename())) {
            promise.complete();
        } else if (z) {
            this.vertx.fileSystem().createFile(getConfig().getFilename(), promise);
        } else {
            LOG.debug("no such file [{}]", getConfig().getFilename());
            promise.complete();
        }
        return promise.future();
    }

    public Future<Void> start() {
        Promise promise = Promise.promise();
        if (this.running.compareAndSet(false, true)) {
            if (!getConfig().isModificationEnabled()) {
                LOG.info("modification of credentials has been disabled");
            }
            if (getConfig().getFilename() == null) {
                LOG.debug("credentials filename is not set, no credentials will be loaded");
                promise.complete();
            } else {
                checkFileExists(getConfig().isSaveToFile()).compose(r3 -> {
                    return loadCredentials();
                }).onSuccess(r6 -> {
                    if (!getConfig().isSaveToFile()) {
                        LOG.info("persistence is disabled, will not save credentials to file");
                    } else {
                        LOG.info("saving credentials to file every 3 seconds");
                        this.vertx.setPeriodic(3000L, l -> {
                            saveToFile();
                        });
                    }
                }).onFailure(th -> {
                    LOG.error("failed to start up service", th);
                    this.running.set(false);
                }).onComplete(promise);
            }
        } else {
            promise.complete();
        }
        return promise.future();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Future<Void> loadCredentials() {
        if (getConfig().getFilename() == null || getConfig().isStartEmpty()) {
            LOG.info("Either filename is null or empty start is set, won't load any credentials");
            return Future.succeededFuture();
        }
        Promise promise = Promise.promise();
        LOG.debug("trying to load credentials from file {}", getConfig().getFilename());
        this.vertx.fileSystem().readFile(getConfig().getFilename(), promise);
        return promise.future().compose(this::addAll).recover(th -> {
            LOG.debug("cannot load credentials from file [{}]: {}", getConfig().getFilename(), th.getMessage());
            return Future.succeededFuture();
        });
    }

    private Future<Void> addAll(Buffer buffer) {
        Promise promise = Promise.promise();
        try {
            int i = 0;
            JsonArray jsonArray = buffer.toJsonArray();
            LOG.debug("trying to load credentials for {} tenants", Integer.valueOf(jsonArray.size()));
            Iterator it = jsonArray.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (JsonObject.class.isInstance(next)) {
                    i += addCredentialsForTenant((JsonObject) next);
                }
            }
            LOG.info("successfully loaded {} credentials from file [{}]", Integer.valueOf(i), getConfig().getFilename());
            promise.complete();
        } catch (DecodeException e) {
            LOG.warn("cannot read malformed JSON from credentials file [{}]", getConfig().getFilename());
            promise.fail(e);
        }
        return promise.future();
    }

    int addCredentialsForTenant(JsonObject jsonObject) {
        int i = 0;
        String string = jsonObject.getString(FIELD_TENANT);
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        Iterator it = jsonObject.getJsonArray(ARRAY_CREDENTIALS).iterator();
        while (it.hasNext()) {
            JsonObject jsonObject2 = (JsonObject) it.next();
            JsonArray jsonArray = concurrentHashMap.containsKey(jsonObject2.getString("auth-id")) ? (JsonArray) concurrentHashMap.get(jsonObject2.getString("auth-id")) : new JsonArray();
            jsonArray.add(jsonObject2);
            concurrentHashMap.put(jsonObject2.getString("auth-id"), jsonArray);
            i++;
        }
        this.credentials.put(string, concurrentHashMap);
        return i;
    }

    public Future<Void> stop() {
        Promise promise = Promise.promise();
        if (this.running.compareAndSet(true, false)) {
            saveToFile().onComplete(promise);
        } else {
            promise.complete();
        }
        return promise.future();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Future<Void> saveToFile() {
        if (!getConfig().isSaveToFile()) {
            return Future.succeededFuture();
        }
        if (this.dirty.get()) {
            return checkFileExists(true).compose(r6 -> {
                AtomicInteger atomicInteger = new AtomicInteger();
                JsonArray jsonArray = new JsonArray();
                for (Map.Entry<String, Map<String, JsonArray>> entry : this.credentials.entrySet()) {
                    JsonArray jsonArray2 = new JsonArray();
                    Iterator<JsonArray> it = entry.getValue().values().iterator();
                    while (it.hasNext()) {
                        jsonArray2.addAll(it.next().copy());
                        atomicInteger.incrementAndGet();
                    }
                    jsonArray.add(new JsonObject().put(FIELD_TENANT, entry.getKey()).put(ARRAY_CREDENTIALS, jsonArray2));
                }
                Promise promise = Promise.promise();
                this.vertx.fileSystem().writeFile(getConfig().getFilename(), Buffer.buffer(jsonArray.encodePrettily(), StandardCharsets.UTF_8.name()), promise);
                return promise.future().map(r7 -> {
                    this.dirty.set(false);
                    LOG.trace("successfully wrote {} credentials to file {}", Integer.valueOf(atomicInteger.get()), getConfig().getFilename());
                    return (Void) null;
                }).otherwise(th -> {
                    LOG.warn("could not write credentials to file {}", getConfig().getFilename(), th);
                    return (Void) null;
                });
            });
        }
        LOG.trace("credentials registry does not need to be persisted");
        return Future.succeededFuture();
    }

    public Future<CredentialsResult<JsonObject>> get(String str, String str2, String str3, Span span) {
        return get(str, str2, str3, null, span);
    }

    public Future<CredentialsResult<JsonObject>> get(String str, String str2, String str3, JsonObject jsonObject, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        JsonObject singleCredentials = getSingleCredentials(str, str3, str2, jsonObject, span);
        return singleCredentials == null ? Future.succeededFuture(CredentialsResult.from(404)) : Future.succeededFuture(CredentialsResult.from(200, singleCredentials.copy(), getCacheDirective(str2)));
    }

    private List<JsonObject> findCredentialsForDevice(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        getCredentialsForTenant(str).entrySet().forEach(entry -> {
            Stream stream = ((JsonArray) entry.getValue()).stream();
            Class<JsonObject> cls = JsonObject.class;
            Objects.requireNonNull(JsonObject.class);
            Stream filter = stream.filter(cls::isInstance);
            Class<JsonObject> cls2 = JsonObject.class;
            Objects.requireNonNull(JsonObject.class);
            Stream map = filter.map(cls2::cast).filter(jsonObject -> {
                return str2.equals(getTypesafeValueForField(String.class, jsonObject, "device-id"));
            }).map((v0) -> {
                return v0.copy();
            });
            Objects.requireNonNull(arrayList);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        });
        return arrayList;
    }

    protected static <T> T getTypesafeValueForField(Class<T> cls, JsonObject jsonObject, String str) {
        Objects.requireNonNull(cls);
        Objects.requireNonNull(jsonObject);
        Objects.requireNonNull(str);
        Object value = jsonObject.getValue(str);
        if (cls.isInstance(value)) {
            return cls.cast(value);
        }
        return null;
    }

    private JsonObject getSingleCredentials(String str, String str2, String str3, JsonObject jsonObject, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        Map<String, JsonArray> map = this.credentials.get(str);
        if (map == null) {
            TracingHelper.logError(span, "no credentials found for tenant");
            return null;
        }
        JsonArray jsonArray = map.get(str2);
        if (jsonArray == null) {
            TracingHelper.logError(span, "no credentials found for auth-id");
            return null;
        }
        Iterator it = jsonArray.iterator();
        while (it.hasNext()) {
            JsonObject jsonObject2 = (JsonObject) it.next();
            if (str3.equals(jsonObject2.getString("type")) && !Boolean.FALSE.equals(jsonObject2.getBoolean("enabled", true))) {
                if (jsonObject != null && !jsonObject.isEmpty()) {
                    JsonObject jsonObject3 = jsonObject2.getJsonObject("ext", new JsonObject());
                    if (!jsonObject.stream().filter(entry -> {
                        return entry.getValue() != null;
                    }).allMatch(entry2 -> {
                        Object value = jsonObject3.getValue((String) entry2.getKey());
                        LOG.debug("comparing client context property [name: {}, value: {}] to value on record: {}", new Object[]{entry2.getKey(), entry2.getValue(), value});
                        if (value == null) {
                            return true;
                        }
                        return entry2.getValue().equals(value);
                    })) {
                    }
                }
                JsonObject copy = jsonObject2.copy();
                Stream stream = copy.getJsonArray("secrets", new JsonArray()).stream();
                Class<JsonObject> cls = JsonObject.class;
                Objects.requireNonNull(JsonObject.class);
                Stream filter = stream.filter(cls::isInstance);
                Class<JsonObject> cls2 = JsonObject.class;
                Objects.requireNonNull(JsonObject.class);
                copy.put("secrets", (JsonArray) filter.map(cls2::cast).filter(jsonObject4 -> {
                    return jsonObject4.getBoolean("enabled", true).booleanValue();
                }).collect(JsonArray::new, (v0, v1) -> {
                    v0.add(v1);
                }, (v0, v1) -> {
                    v0.addAll(v1);
                }));
                return copy;
            }
        }
        if (jsonObject != null) {
            TracingHelper.logError(span, "no credentials found with matching type and client context");
            return null;
        }
        TracingHelper.logError(span, "no credentials found with matching type");
        return null;
    }

    protected Future<OperationResult<Void>> processUpdateCredentials(DeviceKey deviceKey, Optional<String> optional, List<CommonCredential> list, Span span) {
        return Future.succeededFuture(set(deviceKey.getTenantId(), deviceKey.getDeviceId(), optional, span, list));
    }

    private OperationResult<Void> set(String str, String str2, Optional<String> optional, Span span, List<CommonCredential> list) {
        String resourceVersion = getResourceVersion(str, str2);
        if (!checkResourceVersion(resourceVersion, optional)) {
            TracingHelper.logError(span, "resource version mismatch");
            return OperationResult.empty(412);
        }
        Map<String, JsonArray> credentialsForTenant = getCredentialsForTenant(str);
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        for (CommonCredential commonCredential : list) {
            JsonObject mapFrom = JsonObject.mapFrom(commonCredential);
            mapFrom.put("device-id", str2);
            String type = commonCredential.getType();
            String authId = commonCredential.getAuthId();
            Stream stream = getCredentialsForAuthId(credentialsForTenant, authId).stream();
            Class<JsonObject> cls = JsonObject.class;
            Objects.requireNonNull(JsonObject.class);
            Stream filter = stream.filter(cls::isInstance);
            Class<JsonObject> cls2 = JsonObject.class;
            Objects.requireNonNull(JsonObject.class);
            JsonObject jsonObject = (JsonObject) filter.map(cls2::cast).filter(jsonObject2 -> {
                return type.equals(jsonObject2.getString("type"));
            }).findAny().orElse(null);
            if (jsonObject != null) {
                if (!str2.equals(jsonObject.getString("device-id"))) {
                    TracingHelper.logError(span, "auth-id already in use with another device of the tenant");
                    return OperationResult.empty(409);
                }
                if (!this.config.isModificationEnabled()) {
                    TracingHelper.logError(span, "modification is disabled for the Credentials service");
                    return OperationResult.empty(403);
                }
                JsonArray jsonArray = jsonObject.getJsonArray("secrets", new JsonArray());
                Iterator it = mapFrom.getJsonArray("secrets", new JsonArray()).iterator();
                while (it.hasNext()) {
                    JsonObject jsonObject3 = (JsonObject) it.next();
                    String string = jsonObject3.getString("id");
                    if (string != null) {
                        Stream stream2 = jsonArray.stream();
                        Class<JsonObject> cls3 = JsonObject.class;
                        Objects.requireNonNull(JsonObject.class);
                        Stream filter2 = stream2.filter(cls3::isInstance);
                        Class<JsonObject> cls4 = JsonObject.class;
                        Objects.requireNonNull(JsonObject.class);
                        JsonObject jsonObject4 = (JsonObject) filter2.map(cls4::cast).filter(jsonObject5 -> {
                            return string.equals(jsonObject5.getString("id"));
                        }).findAny().orElse(null);
                        if (jsonObject4 == null) {
                            TracingHelper.logError(span, "no secret with given ID found for credentials");
                            return OperationResult.empty(400);
                        }
                        mergeSecretProperties(type, jsonObject4, jsonObject3);
                    }
                }
            }
            if (!hasUniqueSecretIds(mapFrom)) {
                TracingHelper.logError(span, "secret IDs must be unique within each credentials object");
                LOG.debug("secret IDs must be unique within each credentials object");
                return OperationResult.empty(400);
            }
            ((JsonArray) concurrentHashMap.computeIfAbsent(authId, str3 -> {
                return new JsonArray();
            })).add(mapFrom);
            this.dirty.set(true);
        }
        Optional.ofNullable(resourceVersion).ifPresent(str4 -> {
            removeAllForDevice(str, str2, span);
        });
        credentialsForTenant.putAll(concurrentHashMap);
        String uniqueIdentifier = DeviceRegistryUtils.getUniqueIdentifier();
        setResourceVersion(str, str2, uniqueIdentifier);
        return OperationResult.ok(204, (Object) null, Optional.empty(), Optional.of(uniqueIdentifier));
    }

    private boolean hasUniqueSecretIds(JsonObject jsonObject) {
        JsonArray jsonArray = jsonObject.getJsonArray("secrets", new JsonArray());
        Stream stream = jsonArray.stream();
        Class<JsonObject> cls = JsonObject.class;
        Objects.requireNonNull(JsonObject.class);
        return stream.map(cls::cast).map(jsonObject2 -> {
            String string = jsonObject2.getString("id");
            if (string != null) {
                return string;
            }
            String uniqueIdentifier = DeviceRegistryUtils.getUniqueIdentifier();
            jsonObject2.put("id", uniqueIdentifier);
            return uniqueIdentifier;
        }).distinct().count() == ((long) jsonArray.size());
    }

    protected Future<OperationResult<List<CommonCredential>>> processReadCredentials(DeviceKey deviceKey, Span span) {
        Objects.requireNonNull(deviceKey);
        Objects.requireNonNull(span);
        String tenantId = deviceKey.getTenantId();
        String deviceId = deviceKey.getDeviceId();
        String resourceVersion = getResourceVersion(tenantId, deviceId);
        return resourceVersion == null ? Future.succeededFuture(OperationResult.ok(404, (Object) null, Optional.of(CacheDirective.noCacheDirective()), Optional.empty())) : Future.succeededFuture(OperationResult.ok(200, (List) findCredentialsForDevice(tenantId, deviceId).stream().map(jsonObject -> {
            jsonObject.remove("device-id");
            return (CommonCredential) jsonObject.mapTo(CommonCredential.class);
        }).collect(Collectors.toList()), Optional.empty(), Optional.of(resourceVersion)));
    }

    public void remove(String str, String str2, Span span, Handler<AsyncResult<Result<Void>>> handler) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(handler);
        LOG.debug("removing credentials for device [tenant-id: {}, device-id: {}]", str, str2);
        Promise promise = Promise.promise();
        if (this.config.isModificationEnabled()) {
            setResourceVersion(str, str2, null);
            removeAllForDevice(str, str2, span);
            promise.complete(Result.from(204));
        } else {
            TracingHelper.logError(span, "modification is disabled for the Credentials service");
            promise.complete(OperationResult.empty(403));
        }
        handler.handle(promise.future());
    }

    private void removeAllForDevice(String str, String str2, Span span) {
        Iterator<JsonArray> it = getCredentialsForTenant(str).values().iterator();
        while (it.hasNext()) {
            Iterator it2 = it.next().iterator();
            while (it2.hasNext()) {
                Object next = it2.next();
                if ((next instanceof JsonObject) && str2.equals(((JsonObject) next).getString("device-id"))) {
                    it2.remove();
                    this.dirty.set(true);
                }
            }
        }
    }

    private boolean checkResourceVersion(String str, Optional<String> optional) {
        if (optional.isEmpty()) {
            return true;
        }
        if (str == null) {
            return false;
        }
        return str.equals(optional.get());
    }

    private String getResourceVersion(String str, String str2) {
        return this.versions.computeIfAbsent(str, str3 -> {
            return new ConcurrentHashMap();
        }).get(str2);
    }

    private String setResourceVersion(String str, String str2, String str3) {
        if (str3 != null) {
            this.versions.computeIfAbsent(str, str4 -> {
                return new ConcurrentHashMap();
            }).put(str2, str3);
        } else {
            this.versions.getOrDefault(str, new ConcurrentHashMap()).remove(str2);
        }
        return str3;
    }

    public Future<CredentialsResult<JsonObject>> get(String str, String str2, String str3) {
        return get(str, str2, str3, (Span) NoopSpan.INSTANCE);
    }

    public Future<CredentialsResult<JsonObject>> get(String str, String str2, String str3, JsonObject jsonObject) {
        return get(str, str2, str3, jsonObject, NoopSpan.INSTANCE);
    }

    private Map<String, JsonArray> getCredentialsForTenant(String str) {
        return this.credentials.computeIfAbsent(str, str2 -> {
            return new ConcurrentHashMap();
        });
    }

    private JsonArray getCredentialsForAuthId(Map<String, JsonArray> map, String str) {
        return map.computeIfAbsent(str, str2 -> {
            return new JsonArray();
        });
    }

    private CacheDirective getCacheDirective(String str) {
        if (getConfig().getCacheMaxAge() <= 0) {
            return CacheDirective.noCacheDirective();
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -558916037:
                if (str.equals("hashed-password")) {
                    z = false;
                    break;
                }
                break;
            case 1355437579:
                if (str.equals("x509-cert")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                return CacheDirective.maxAgeDirective(getConfig().getCacheMaxAge());
            default:
                return CacheDirective.noCacheDirective();
        }
    }

    public void clear() {
        this.credentials.clear();
        this.dirty.set(true);
    }

    public String toString() {
        return String.format("%s[filename=%s]", FileBasedCredentialsService.class.getSimpleName(), getConfig().getFilename());
    }

    private static void mergeSecretProperties(String str, JsonObject jsonObject, JsonObject jsonObject2) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -558916037:
                if (str.equals("hashed-password")) {
                    z = false;
                    break;
                }
                break;
            case 111304:
                if (str.equals("psk")) {
                    z = true;
                    break;
                }
                break;
            case 1355437579:
                if (str.equals("x509-cert")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                copyPasswordSecretProperties(jsonObject, jsonObject2);
                return;
            case true:
                if (jsonObject2.containsKey("key")) {
                    return;
                }
                Optional.ofNullable(jsonObject.getString("key")).ifPresent(str2 -> {
                    jsonObject2.put("key", str2);
                });
                return;
            case true:
            default:
                return;
        }
    }

    private static void copyPasswordSecretProperties(JsonObject jsonObject, JsonObject jsonObject2) {
        if (!jsonObject2.containsKey("id") || jsonObject2.containsKey("hash-function") || jsonObject2.containsKey("pwd-hash") || jsonObject2.containsKey("pwd-plain") || jsonObject2.containsKey("salt")) {
            return;
        }
        Optional.ofNullable(jsonObject.getString("hash-function")).ifPresent(str -> {
            jsonObject2.put("hash-function", str);
        });
        Optional.ofNullable(jsonObject.getString("pwd-hash")).ifPresent(str2 -> {
            jsonObject2.put("pwd-hash", str2);
        });
        Optional.ofNullable(jsonObject.getString("salt")).ifPresent(str3 -> {
            jsonObject2.put("salt", str3);
        });
    }
}
