package org.eclipse.hono.authentication.file;

import io.vertx.core.Future;
import io.vertx.core.Promise;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import java.io.FileNotFoundException;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.hono.auth.Activity;
import org.eclipse.hono.auth.Authorities;
import org.eclipse.hono.auth.AuthoritiesImpl;
import org.eclipse.hono.auth.HonoUser;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.service.auth.AbstractHonoAuthenticationService;
import org.eclipse.hono.service.auth.AuthTokenFactory;
import org.eclipse.hono.util.AuthenticationConstants;

/* loaded from: input_file:org/eclipse/hono/authentication/file/FileBasedAuthenticationService.class */
public final class FileBasedAuthenticationService extends AbstractHonoAuthenticationService<FileBasedAuthenticationServiceConfigProperties> {
    private static final String FIELD_USERS = "users";
    private static final String FIELD_ROLES = "roles";
    private static final String FIELD_OPERATION = "operation";
    private static final String FIELD_RESOURCE = "resource";
    private static final String FIELD_ACTIVITIES = "activities";
    private static final String FIELD_AUTHORITIES = "authorities";
    private static final String FIELD_MECHANISM = "mechanism";
    private static final String UNAUTHORIZED = "unauthorized";
    private static final String PREFIX_FILE_RESOURCE = "file://";
    private final Map<String, Authorities> roles = new HashMap();
    private final Map<String, JsonObject> users = new HashMap();
    private AuthTokenFactory tokenFactory;

    public String[] getSupportedSaslMechanisms() {
        return (String[]) Optional.ofNullable((FileBasedAuthenticationServiceConfigProperties) getConfig()).map(fileBasedAuthenticationServiceConfigProperties -> {
            return (String[]) fileBasedAuthenticationServiceConfigProperties.getSupportedSaslMechanisms().toArray(new String[0]);
        }).orElse(DEFAULT_SASL_MECHANISMS);
    }

    public void setTokenFactory(AuthTokenFactory authTokenFactory) {
        this.tokenFactory = (AuthTokenFactory) Objects.requireNonNull(authTokenFactory);
    }

    protected void doStart(Promise<Void> promise) {
        if (this.tokenFactory == null) {
            promise.fail("token factory must be set");
        } else {
            loadPermissions().onSuccess(r6 -> {
                if (this.log.isInfoEnabled()) {
                    this.log.info("starting {} with support for SASL mechanisms: {}", getClass().getSimpleName(), (String) ((FileBasedAuthenticationServiceConfigProperties) getConfig()).getSupportedSaslMechanisms().stream().collect(Collectors.joining(", ")));
                }
            }).onComplete(promise);
        }
    }

    private Future<Void> loadPermissions() {
        String permissionsPath = ((FileBasedAuthenticationServiceConfigProperties) getConfig()).getPermissionsPath();
        return permissionsPath == null ? Future.failedFuture(new IllegalStateException("permissions path is not set")) : load(permissionsPath).compose(this::parsePermissions).onFailure(th -> {
            this.log.error("cannot load permissions from path [{}]", permissionsPath, th);
        });
    }

    private Future<JsonObject> load(String str) {
        String substring = str.toLowerCase().startsWith(PREFIX_FILE_RESOURCE) ? str.substring(PREFIX_FILE_RESOURCE.length()) : str;
        String str2 = substring;
        return getVertx().fileSystem().exists(substring).compose(bool -> {
            if (!bool.booleanValue()) {
                return Future.failedFuture(new FileNotFoundException("no such file: " + str2));
            }
            this.log.info("loading permissions from resource [{}]", str2);
            return getVertx().fileSystem().readFile(str2);
        }).map(JsonObject::new);
    }

    private Future<Void> parsePermissions(JsonObject jsonObject) {
        Optional.ofNullable(jsonObject.getJsonObject(FIELD_ROLES)).ifPresent(this::parseRoles);
        Optional.ofNullable(jsonObject.getJsonObject(FIELD_USERS)).ifPresent(this::parseUsers);
        return Future.succeededFuture();
    }

    private void parseRoles(JsonObject jsonObject) {
        jsonObject.stream().filter(entry -> {
            return entry.getValue() instanceof JsonArray;
        }).forEach(entry2 -> {
            String str = (String) entry2.getKey();
            JsonArray jsonArray = (JsonArray) entry2.getValue();
            this.log.debug("adding role [{}] with {} authorities", str, Integer.valueOf(jsonArray.size()));
            this.roles.put(str, toAuthorities(jsonArray));
        });
    }

    private Authorities toAuthorities(JsonArray jsonArray) {
        AuthoritiesImpl authoritiesImpl = new AuthoritiesImpl();
        Stream stream = jsonArray.stream();
        Class<JsonObject> cls = JsonObject.class;
        Objects.requireNonNull(JsonObject.class);
        Stream filter = stream.filter(cls::isInstance);
        Class<JsonObject> cls2 = JsonObject.class;
        Objects.requireNonNull(JsonObject.class);
        filter.map(cls2::cast).forEach(jsonObject -> {
            JsonArray jsonArray2 = jsonObject.getJsonArray(FIELD_ACTIVITIES, new JsonArray());
            String string = jsonObject.getString(FIELD_RESOURCE);
            String string2 = jsonObject.getString(FIELD_OPERATION);
            if (string != null) {
                Stream stream2 = jsonArray2.stream();
                Class<String> cls3 = String.class;
                Objects.requireNonNull(String.class);
                Stream filter2 = stream2.filter(cls3::isInstance);
                Class<String> cls4 = String.class;
                Objects.requireNonNull(String.class);
                authoritiesImpl.addResource(string, (Activity[]) ((List) filter2.map(cls4::cast).map(Activity::valueOf).collect(Collectors.toList())).toArray(i -> {
                    return new Activity[i];
                }));
                return;
            }
            if (string2 == null) {
                throw new IllegalArgumentException("malformed authorities");
            }
            String[] split = string2.split(":", 2);
            if (split.length == 2) {
                authoritiesImpl.addOperation(split[0], split[1]);
            } else {
                this.log.debug("ignoring malformed operation spec [{}], operation name missing", string2);
            }
        });
        return authoritiesImpl;
    }

    private void parseUsers(JsonObject jsonObject) {
        jsonObject.stream().filter(entry -> {
            return entry.getValue() instanceof JsonObject;
        }).forEach(entry2 -> {
            String str = (String) entry2.getKey();
            JsonObject jsonObject2 = (JsonObject) entry2.getValue();
            this.log.debug("adding user [{}]", str);
            this.users.put(str, jsonObject2);
        });
    }

    private JsonObject getUser(String str, String str2) {
        JsonObject jsonObject = this.users.get(str);
        if (jsonObject == null || !str2.equals(jsonObject.getString(FIELD_MECHANISM))) {
            return null;
        }
        return jsonObject;
    }

    private Authorities getAuthorities(JsonObject jsonObject) {
        AuthoritiesImpl authoritiesImpl = new AuthoritiesImpl();
        jsonObject.getJsonArray(FIELD_AUTHORITIES).forEach(obj -> {
            Authorities authorities = this.roles.get((String) obj);
            if (authorities != null) {
                authoritiesImpl.addAll(authorities);
            }
        });
        return authoritiesImpl;
    }

    private boolean hasAuthority(JsonObject jsonObject, String str) {
        return jsonObject.getJsonArray(FIELD_AUTHORITIES, new JsonArray()).contains(str);
    }

    private boolean isAuthorizedToImpersonate(JsonObject jsonObject) {
        return hasAuthority(jsonObject, "hono-component");
    }

    public Future<HonoUser> verifyPlain(String str, String str2, String str3) {
        if (str2 == null || str2.isEmpty()) {
            return Future.failedFuture(new ClientErrorException(400, "missing username"));
        }
        if (str3 == null || str3.isEmpty()) {
            return Future.failedFuture(new ClientErrorException(400, "missing password"));
        }
        JsonObject user = getUser(str2, "PLAIN");
        if (user == null) {
            this.log.debug("no such user [{}]", str2);
            return Future.failedFuture(new ClientErrorException(401, UNAUTHORIZED));
        }
        if (str3.equals(user.getString("password"))) {
            return verify(str2, user, str);
        }
        this.log.debug("password mismatch");
        return Future.failedFuture(new ClientErrorException(401, UNAUTHORIZED));
    }

    public Future<HonoUser> verifyExternal(String str, String str2) {
        if (str2 == null || str2.isEmpty()) {
            return Future.failedFuture(new ClientErrorException(400, "missing subject DN"));
        }
        String commonName = AuthenticationConstants.getCommonName(str2);
        if (commonName == null) {
            return Future.failedFuture(new ClientErrorException(400, "could not determine authorization ID for subject DN"));
        }
        JsonObject user = getUser(commonName, "EXTERNAL");
        return user == null ? Future.failedFuture(new ClientErrorException(401, UNAUTHORIZED)) : verify(commonName, user, str);
    }

    private Future<HonoUser> verify(String str, JsonObject jsonObject, String str2) {
        JsonObject jsonObject2 = jsonObject;
        String str3 = str;
        if (str2 != null && !str2.isEmpty() && isAuthorizedToImpersonate(jsonObject)) {
            JsonObject jsonObject3 = this.users.get(str2);
            if (jsonObject3 != null) {
                jsonObject2 = jsonObject3;
                str3 = str2;
                this.log.debug("granting authorization id specified by client");
            } else {
                this.log.debug("no user found for authorization id provided by client, granting authentication id instead");
            }
        }
        final Authorities authorities = getAuthorities(jsonObject2);
        final String str4 = str3;
        final Instant plus = Instant.now().plus((TemporalAmount) this.tokenFactory.getTokenLifetime());
        final String createToken = this.tokenFactory.createToken(str4, authorities);
        return Future.succeededFuture(new HonoUser() { // from class: org.eclipse.hono.authentication.file.FileBasedAuthenticationService.1
            public String getName() {
                return str4;
            }

            public String getToken() {
                return createToken;
            }

            public Authorities getAuthorities() {
                return authorities;
            }

            public boolean isExpired() {
                return !Instant.now().isBefore(plus);
            }

            public Instant getExpirationTime() {
                return plus;
            }
        });
    }
}
