package org.eclipse.hono.deviceregistry;

import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import io.opentracing.Span;
import io.opentracing.noop.NoopSpan;
import io.vertx.core.AbstractVerticle;
import io.vertx.core.AsyncResult;
import io.vertx.core.Context;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.json.DecodeException;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Stream;
import org.eclipse.hono.auth.BCryptHelper;
import org.eclipse.hono.auth.HonoPasswordEncoder;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.service.credentials.CredentialsService;
import org.eclipse.hono.service.management.OperationResult;
import org.eclipse.hono.service.management.Result;
import org.eclipse.hono.service.management.credentials.CommonCredential;
import org.eclipse.hono.service.management.credentials.CredentialsManagementService;
import org.eclipse.hono.service.management.credentials.PasswordSecret;
import org.eclipse.hono.tracing.TracingHelper;
import org.eclipse.hono.util.CacheDirective;
import org.eclipse.hono.util.CredentialsResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Repository;

@ConditionalOnProperty(name = {"hono.app.type"}, havingValue = "file", matchIfMissing = true)
@Repository
@Qualifier("serviceImpl")
/* loaded from: input_file:org/eclipse/hono/deviceregistry/FileBasedCredentialsService.class */
public final class FileBasedCredentialsService extends AbstractVerticle implements CredentialsManagementService, CredentialsService {
    public static final String ARRAY_CREDENTIALS = "credentials";
    public static final String FIELD_TENANT = "tenant";
    private static final Logger log = LoggerFactory.getLogger(FileBasedCredentialsService.class);
    private final Map<String, Map<String, JsonArray>> credentials = new HashMap();
    private final Map<String, Map<String, String>> versions = new HashMap();
    private boolean running = false;
    private boolean dirty = false;
    private FileBasedCredentialsConfigProperties config;
    private HonoPasswordEncoder passwordEncoder;

    @Autowired
    public void setConfig(FileBasedCredentialsConfigProperties fileBasedCredentialsConfigProperties) {
        this.config = fileBasedCredentialsConfigProperties;
    }

    @Autowired
    public void setPasswordEncoder(HonoPasswordEncoder honoPasswordEncoder) {
        this.passwordEncoder = honoPasswordEncoder;
    }

    public FileBasedCredentialsConfigProperties getConfig() {
        return this.config;
    }

    private Future<Void> checkFileExists(boolean z) {
        Future<Void> future = Future.future();
        if (getConfig().getFilename() == null) {
            future.fail("no filename set");
        } else if (this.vertx.fileSystem().existsBlocking(getConfig().getFilename())) {
            future.complete();
        } else if (z) {
            this.vertx.fileSystem().createFile(getConfig().getFilename(), future);
        } else {
            log.debug("no such file [{}]", getConfig().getFilename());
            future.complete();
        }
        return future;
    }

    public void init(Vertx vertx, Context context) {
        super.init(vertx, context);
        Json.mapper.registerModule(new JavaTimeModule());
    }

    public void start(Future<Void> future) {
        if (this.running) {
            future.complete();
            return;
        }
        Json.mapper.registerModule(new JavaTimeModule());
        if (!getConfig().isModificationEnabled()) {
            log.info("modification of credentials has been disabled");
        }
        if (getConfig().getFilename() != null) {
            checkFileExists(getConfig().isSaveToFile()).compose(r3 -> {
                return loadCredentials();
            }).compose(r6 -> {
                if (getConfig().isSaveToFile()) {
                    log.info("saving credentials to file every 3 seconds");
                    this.vertx.setPeriodic(3000L, l -> {
                        saveToFile();
                    });
                } else {
                    log.info("persistence is disabled, will not save credentials to file");
                }
                this.running = true;
                return Future.succeededFuture();
            }).mapEmpty().setHandler(future);
            return;
        }
        log.debug("credentials filename is not set, no credentials will be loaded");
        this.running = true;
        future.complete();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Future<Void> loadCredentials() {
        if (getConfig().getFilename() == null || getConfig().isStartEmpty()) {
            log.info("Either filename is null or empty start is set, won't load any credentials");
            return Future.succeededFuture();
        }
        Future future = Future.future();
        log.debug("trying to load credentials from file {}", getConfig().getFilename());
        this.vertx.fileSystem().readFile(getConfig().getFilename(), future);
        return future.compose(this::addAll).recover(th -> {
            log.debug("cannot load credentials from file [{}]: {}", getConfig().getFilename(), th.getMessage());
            return Future.succeededFuture();
        });
    }

    private Future<Void> addAll(Buffer buffer) {
        Future<Void> future = Future.future();
        try {
            int i = 0;
            JsonArray jsonArray = buffer.toJsonArray();
            log.debug("trying to load credentials for {} tenants", Integer.valueOf(jsonArray.size()));
            Iterator it = jsonArray.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (JsonObject.class.isInstance(next)) {
                    i += addCredentialsForTenant((JsonObject) next);
                }
            }
            log.info("successfully loaded {} credentials from file [{}]", Integer.valueOf(i), getConfig().getFilename());
            future.complete();
        } catch (DecodeException e) {
            log.warn("cannot read malformed JSON from credentials file [{}]", getConfig().getFilename());
            future.fail(e);
        }
        return future;
    }

    int addCredentialsForTenant(JsonObject jsonObject) {
        int i = 0;
        String string = jsonObject.getString("tenant");
        HashMap hashMap = new HashMap();
        Iterator it = jsonObject.getJsonArray(ARRAY_CREDENTIALS).iterator();
        while (it.hasNext()) {
            JsonObject jsonObject2 = (JsonObject) it.next();
            JsonArray jsonArray = hashMap.containsKey(jsonObject2.getString("auth-id")) ? (JsonArray) hashMap.get(jsonObject2.getString("auth-id")) : new JsonArray();
            jsonArray.add(jsonObject2);
            hashMap.put(jsonObject2.getString("auth-id"), jsonArray);
            i++;
        }
        this.credentials.put(string, hashMap);
        return i;
    }

    public void stop(Future<Void> future) {
        if (this.running) {
            saveToFile().compose(r5 -> {
                this.running = false;
                future.complete();
            }, future);
        } else {
            future.complete();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Future<Void> saveToFile() {
        if (!getConfig().isSaveToFile()) {
            return Future.succeededFuture();
        }
        if (this.dirty) {
            return checkFileExists(true).compose(r6 -> {
                AtomicInteger atomicInteger = new AtomicInteger();
                JsonArray jsonArray = new JsonArray();
                for (Map.Entry<String, Map<String, JsonArray>> entry : this.credentials.entrySet()) {
                    JsonArray jsonArray2 = new JsonArray();
                    Iterator<JsonArray> it = entry.getValue().values().iterator();
                    while (it.hasNext()) {
                        jsonArray2.addAll(it.next().copy());
                        atomicInteger.incrementAndGet();
                    }
                    jsonArray.add(new JsonObject().put("tenant", entry.getKey()).put(ARRAY_CREDENTIALS, jsonArray2));
                }
                Future future = Future.future();
                this.vertx.fileSystem().writeFile(getConfig().getFilename(), Buffer.buffer(jsonArray.encodePrettily(), StandardCharsets.UTF_8.name()), future);
                return future.map(r7 -> {
                    this.dirty = false;
                    log.trace("successfully wrote {} credentials to file {}", Integer.valueOf(atomicInteger.get()), getConfig().getFilename());
                    return (Void) null;
                }).otherwise(th -> {
                    log.warn("could not write credentials to file {}", getConfig().getFilename(), th);
                    return (Void) null;
                });
            });
        }
        log.trace("credentials registry does not need to be persisted");
        return Future.succeededFuture();
    }

    public void get(String str, String str2, String str3, Span span, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        get(str, str2, str3, null, span, handler);
    }

    public void get(String str, String str2, String str3, JsonObject jsonObject, Span span, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        Objects.requireNonNull(handler);
        JsonObject singleCredentials = getSingleCredentials(str, str3, str2, jsonObject, span);
        if (singleCredentials == null) {
            handler.handle(Future.succeededFuture(CredentialsResult.from(404)));
        } else {
            handler.handle(Future.succeededFuture(CredentialsResult.from(200, singleCredentials.copy(), getCacheDirective(str2))));
        }
    }

    private void findCredentialsForDevice(JsonArray jsonArray, String str, JsonArray jsonArray2) {
        Iterator it = jsonArray.iterator();
        while (it.hasNext()) {
            Object next = it.next();
            if (next instanceof JsonObject) {
                JsonObject jsonObject = (JsonObject) next;
                if (str.equals(getTypesafeValueForField(String.class, jsonObject, "device-id"))) {
                    jsonArray2.add(jsonObject.copy());
                }
            }
        }
    }

    protected static <T> T getTypesafeValueForField(Class<T> cls, JsonObject jsonObject, String str) {
        Objects.requireNonNull(cls);
        Objects.requireNonNull(jsonObject);
        Objects.requireNonNull(str);
        Object value = jsonObject.getValue(str);
        if (cls.isInstance(value)) {
            return cls.cast(value);
        }
        return null;
    }

    private JsonObject getSingleCredentials(String str, String str2, String str3, JsonObject jsonObject, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        Map<String, JsonArray> map = this.credentials.get(str);
        if (map == null) {
            TracingHelper.logError(span, "no credentials found for tenant");
            return null;
        }
        JsonArray jsonArray = map.get(str2);
        if (jsonArray == null) {
            TracingHelper.logError(span, "no credentials found for auth-id");
            return null;
        }
        Iterator it = jsonArray.iterator();
        while (it.hasNext()) {
            JsonObject jsonObject2 = (JsonObject) it.next();
            if (str3.equals(jsonObject2.getString("type")) && !Boolean.FALSE.equals(jsonObject2.getBoolean("enabled", true))) {
                if (jsonObject != null) {
                    AtomicBoolean atomicBoolean = new AtomicBoolean(true);
                    jsonObject.forEach(entry -> {
                        if (!jsonObject2.containsKey((String) entry.getKey())) {
                            atomicBoolean.set(false);
                        } else {
                            if (jsonObject2.getString((String) entry.getKey()).equals(entry.getValue())) {
                                return;
                            }
                            atomicBoolean.set(false);
                        }
                    });
                    if (!atomicBoolean.get()) {
                        continue;
                    }
                }
                JsonObject copy = jsonObject2.copy();
                JsonArray jsonArray2 = copy.getJsonArray("secrets");
                Iterator it2 = jsonArray2.iterator();
                while (it2.hasNext()) {
                    Object next = it2.next();
                    if (next instanceof JsonObject) {
                        if (Boolean.FALSE.equals(((JsonObject) next).getBoolean("enabled", true))) {
                            it2.remove();
                        }
                    } else {
                        it2.remove();
                    }
                }
                if (!jsonArray2.isEmpty()) {
                    return copy;
                }
            }
        }
        if (jsonObject != null) {
            TracingHelper.logError(span, "no credentials found with matching type and client context");
            return null;
        }
        TracingHelper.logError(span, "no credentials found with matching type");
        return null;
    }

    public void set(String str, String str2, Optional<String> optional, List<CommonCredential> list, Span span, Handler<AsyncResult<OperationResult<Void>>> handler) {
        handler.handle(Future.succeededFuture(set(str, str2, optional, span, list)));
    }

    private OperationResult<Void> set(String str, String str2, Optional<String> optional, Span span, List<CommonCredential> list) {
        if (!checkResourceVersion(str, str2, optional)) {
            TracingHelper.logError(span, "Resource version mismatch");
            return OperationResult.empty(412);
        }
        String uuid = UUID.randomUUID().toString();
        setResourceVersion(str, str2, uuid);
        try {
            removeAllForDevice(str, str2, span);
            Map<String, JsonArray> createOrGetCredentialsForTenant = createOrGetCredentialsForTenant(str);
            for (CommonCredential commonCredential : list) {
                try {
                    checkCredential(commonCredential);
                    String authId = commonCredential.getAuthId();
                    JsonObject mapFrom = JsonObject.mapFrom(commonCredential);
                    String string = mapFrom.getString("type");
                    JsonArray createOrGetAuthIdCredentials = createOrGetAuthIdCredentials(authId, createOrGetCredentialsForTenant);
                    Stream stream = createOrGetAuthIdCredentials.stream();
                    Class<JsonObject> cls = JsonObject.class;
                    Objects.requireNonNull(JsonObject.class);
                    Stream filter = stream.filter(cls::isInstance);
                    Class<JsonObject> cls2 = JsonObject.class;
                    Objects.requireNonNull(JsonObject.class);
                    JsonObject jsonObject = (JsonObject) filter.map(cls2::cast).filter(jsonObject2 -> {
                        return string.equals(jsonObject2.getString("type"));
                    }).findAny().orElse(null);
                    if (jsonObject == null) {
                        jsonObject = new JsonObject();
                        jsonObject.put("auth-id", authId);
                        jsonObject.put("device-id", str2);
                        jsonObject.put("type", string);
                        jsonObject.put("enabled", commonCredential.getEnabled());
                        jsonObject.put("ext", commonCredential.getExtensions());
                        createOrGetAuthIdCredentials.add(jsonObject);
                    }
                    if (!str2.equals(jsonObject.getString("device-id"))) {
                        TracingHelper.logError(span, "Auth-id already used for another device");
                        return OperationResult.empty(409);
                    }
                    this.dirty = true;
                    JsonArray jsonArray = jsonObject.getJsonArray("secrets");
                    if (jsonArray == null) {
                        jsonArray = new JsonArray();
                        jsonObject.put("secrets", jsonArray);
                    }
                    jsonArray.addAll(mapFrom.getJsonArray("secrets"));
                    createOrGetCredentialsForTenant.put(authId, createOrGetAuthIdCredentials);
                } catch (IllegalStateException e) {
                    TracingHelper.logError(span, e);
                    log.debug("Failed to validate credentials", e);
                    return OperationResult.empty(400);
                }
            }
            return OperationResult.ok(204, (Object) null, Optional.empty(), Optional.of(uuid));
        } catch (ClientErrorException e2) {
            TracingHelper.logError(span, e2);
            return OperationResult.empty(e2.getErrorCode());
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x0078 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0018 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void checkCredential(org.eclipse.hono.service.management.credentials.CommonCredential r4) {
        /*
            r3 = this;
            r0 = r4
            r0.checkValidity()
            r0 = r4
            boolean r0 = r0 instanceof org.eclipse.hono.service.management.credentials.PasswordCredential
            if (r0 == 0) goto L8a
            r0 = r4
            org.eclipse.hono.service.management.credentials.PasswordCredential r0 = (org.eclipse.hono.service.management.credentials.PasswordCredential) r0
            java.util.List r0 = r0.getSecrets()
            java.util.Iterator r0 = r0.iterator()
            r5 = r0
        L18:
            r0 = r5
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto L8a
            r0 = r5
            java.lang.Object r0 = r0.next()
            org.eclipse.hono.service.management.credentials.PasswordSecret r0 = (org.eclipse.hono.service.management.credentials.PasswordSecret) r0
            r6 = r0
            r0 = r6
            r1 = r3
            org.eclipse.hono.auth.HonoPasswordEncoder r1 = r1.passwordEncoder
            org.eclipse.hono.service.management.credentials.PasswordSecret r0 = r0.encode(r1)
            r0 = r6
            r0.checkValidity()
            r0 = r6
            java.lang.String r0 = r0.getHashFunction()
            r7 = r0
            r0 = -1
            r8 = r0
            r0 = r7
            int r0 = r0.hashCode()
            switch(r0) {
                case -1394365876: goto L58;
                default: goto L65;
            }
        L58:
            r0 = r7
            java.lang.String r1 = "bcrypt"
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L65
            r0 = 0
            r8 = r0
        L65:
            r0 = r8
            switch(r0) {
                case 0: goto L78;
                default: goto L87;
            }
        L78:
            r0 = r6
            java.lang.String r0 = r0.getPasswordHash()
            r9 = r0
            r0 = r3
            r1 = r9
            r0.verifyBcryptPasswordHash(r1)
            goto L87
        L87:
            goto L18
        L8a:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.hono.deviceregistry.FileBasedCredentialsService.checkCredential(org.eclipse.hono.service.management.credentials.CommonCredential):void");
    }

    protected void verifyBcryptPasswordHash(String str) {
        Objects.requireNonNull(str);
        if (BCryptHelper.getIterations(str) > getMaxBcryptIterations()) {
            throw new IllegalStateException("password hash uses too many iterations, max is " + getMaxBcryptIterations());
        }
    }

    private void checkHashedPassword(PasswordSecret passwordSecret) {
        if (passwordSecret.getHashFunction() == null) {
            throw new IllegalStateException("missing/invalid hash function");
        }
        if (passwordSecret.getPasswordHash() == null) {
            throw new IllegalStateException("missing/invalid password hash");
        }
    }

    private void removeAllForDevice(String str, String str2, Span span) {
        boolean isModificationEnabled = getConfig().isModificationEnabled();
        Iterator<JsonArray> it = createOrGetCredentialsForTenant(str).values().iterator();
        while (it.hasNext()) {
            Iterator it2 = it.next().iterator();
            while (it2.hasNext()) {
                Object next = it2.next();
                if ((next instanceof JsonObject) && str2.equals(((JsonObject) next).getString("device-id"))) {
                    if (!isModificationEnabled) {
                        TracingHelper.logError(span, "Modification is disabled for the Credentials service.");
                        throw new ClientErrorException(403);
                    }
                    it2.remove();
                    this.dirty = true;
                }
            }
        }
    }

    public void get(String str, String str2, Span span, Handler<AsyncResult<OperationResult<List<CommonCredential>>>> handler) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(handler);
        Map<String, JsonArray> map = this.credentials.get(str);
        if (map == null) {
            TracingHelper.logError(span, "No credentials found for tenant");
            handler.handle(Future.succeededFuture(OperationResult.ok(404, (Object) null, Optional.empty(), Optional.of(getOrCreateResourceVersion(str, str2)))));
            return;
        }
        JsonArray jsonArray = new JsonArray();
        Iterator<JsonArray> it = map.values().iterator();
        while (it.hasNext()) {
            findCredentialsForDevice(it.next(), str2, jsonArray);
        }
        if (jsonArray.isEmpty()) {
            TracingHelper.logError(span, "No credentials found for device");
            handler.handle(Future.succeededFuture(OperationResult.ok(404, (Object) null, Optional.empty(), Optional.of(getOrCreateResourceVersion(str, str2)))));
            return;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it2 = jsonArray.iterator();
        while (it2.hasNext()) {
            JsonObject jsonObject = (JsonObject) it2.next();
            jsonObject.remove("device-id");
            arrayList.add((CommonCredential) jsonObject.mapTo(CommonCredential.class));
        }
        handler.handle(Future.succeededFuture(OperationResult.ok(200, arrayList, Optional.empty(), Optional.of(getOrCreateResourceVersion(str, str2)))));
    }

    public void remove(String str, String str2, Span span, Handler<AsyncResult<Result<Void>>> handler) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(handler);
        log.debug("removing credentials for device [tenant-id: {}, device-id: {}]", str, str2);
        handler.handle(Future.succeededFuture(remove(str, str2, span)));
    }

    private Result<Void> remove(String str, String str2, Span span) {
        setResourceVersion(str, str2, null);
        try {
            removeAllForDevice(str, str2, span);
            return Result.from(204);
        } catch (ClientErrorException e) {
            TracingHelper.logError(span, e);
            return Result.from(e.getErrorCode());
        }
    }

    private boolean checkResourceVersion(String str, String str2, Optional<String> optional) {
        if (optional.isEmpty()) {
            return true;
        }
        String str3 = this.versions.getOrDefault(str, Collections.emptyMap()).get(str2);
        if (str3 == null) {
            return false;
        }
        return str3.equals(optional.get());
    }

    private String setResourceVersion(String str, String str2, String str3) {
        if (str3 != null) {
            this.versions.computeIfAbsent(str, str4 -> {
                return new HashMap();
            }).put(str2, str3);
        } else {
            this.versions.getOrDefault(str, Collections.emptyMap()).remove(str2);
        }
        return str3;
    }

    private String getOrCreateResourceVersion(String str, String str2) {
        return this.versions.computeIfAbsent(str, str3 -> {
            return new HashMap();
        }).computeIfAbsent(str2, str4 -> {
            return UUID.randomUUID().toString();
        });
    }

    public void get(String str, String str2, String str3, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        get(str, str2, str3, (Span) NoopSpan.INSTANCE, handler);
    }

    public void get(String str, String str2, String str3, JsonObject jsonObject, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        get(str, str2, str3, jsonObject, NoopSpan.INSTANCE, handler);
    }

    private Map<String, JsonArray> createOrGetCredentialsForTenant(String str) {
        return this.credentials.computeIfAbsent(str, str2 -> {
            return new HashMap();
        });
    }

    private JsonArray createOrGetAuthIdCredentials(String str, Map<String, JsonArray> map) {
        return map.computeIfAbsent(str, str2 -> {
            return new JsonArray();
        });
    }

    private CacheDirective getCacheDirective(String str) {
        if (getConfig().getCacheMaxAge() <= 0) {
            return CacheDirective.noCacheDirective();
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -558916037:
                if (str.equals("hashed-password")) {
                    z = false;
                    break;
                }
                break;
            case 1355437579:
                if (str.equals("x509-cert")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                return CacheDirective.maxAgeDirective(getConfig().getCacheMaxAge());
            default:
                return CacheDirective.noCacheDirective();
        }
    }

    public void clear() {
        this.dirty = true;
        this.credentials.clear();
    }

    public String toString() {
        return String.format("%s[filename=%s]", FileBasedCredentialsService.class.getSimpleName(), getConfig().getFilename());
    }

    protected int getMaxBcryptIterations() {
        return getConfig().getMaxBcryptIterations();
    }
}
