package net.gdface.facelog;

import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.primitives.Bytes;
import gu.simplemq.redis.JedisPoolLazy;
import gu.simplemq.redis.JedisUtils;
import gu.simplemq.redis.RedisFactory;
import gu.simplemq.redis.RedisTable;
import java.nio.ByteBuffer;
import java.util.concurrent.TimeUnit;
import net.gdface.facelog.CommonConstant;
import net.gdface.facelog.ServiceSecurityException;
import net.gdface.facelog.Token;
import net.gdface.facelog.db.DeviceBean;
import net.gdface.facelog.db.exception.ObjectRetrievalException;
import net.gdface.facelog.db.exception.RuntimeDaoException;
import net.gdface.utils.FaceUtilits;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/gdface/facelog/TokenMangement.class */
public class TokenMangement implements ServiceConstant {
    private static final String ACK_PREFIX = "ack_";
    private final DaoManagement dao;
    private final CryptographGenerator cg;
    private RedisTable<Integer> cmdSnTable;
    private RedisTable<Integer> ackChannelTable;
    private final boolean rejectZero = CONFIG.getBoolean("token.person.rejectZero");
    private final boolean validateDeviceToken = CONFIG.getBoolean("token.device.validate");
    private final boolean validatePersonToken = CONFIG.getBoolean("token.person.validate");
    private final int personTokenExpire = CONFIG.getInt("token.person.expire");
    private final RedisTable<Token> deviceTokenTable = RedisFactory.getTable(TABLE_DEVICE_TOKEN, JedisPoolLazy.getDefaultInstance());
    private final RedisTable<Token> personTokenTable = RedisFactory.getTable(TABLE_PERSON_TOKEN, JedisPoolLazy.getDefaultInstance());

    /* loaded from: input_file:net/gdface/facelog/TokenMangement$Enable.class */
    enum Enable {
        ALL,
        PERSON_ONLY,
        DEVICE_ONLY,
        ROOT_ONLY;

        boolean isValid(TokenMangement tokenMangement, Token token) {
            TokenOp.VALIDATE.asContextTokenOp();
            switch (this) {
                case PERSON_ONLY:
                    return tokenMangement.isValidPersonToken(token) || tokenMangement.isValidRootToken(token);
                case DEVICE_ONLY:
                    return tokenMangement.isValidDeviceToken(token);
                case ROOT_ONLY:
                    return tokenMangement.isValidRootToken(token);
                case ALL:
                    return tokenMangement.isValidPersonToken(token) || tokenMangement.isValidDeviceToken(token) || tokenMangement.isValidRootToken(token);
                default:
                    return false;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void check(TokenMangement tokenMangement, Token token) throws ServiceSecurityException {
            if (isValid(tokenMangement, token)) {
                return;
            }
            StringBuffer stringBuffer = new StringBuffer("INVALID TOKEN");
            if (null != token) {
                switch (this) {
                    case PERSON_ONLY:
                        stringBuffer.append(",Person Token required");
                        break;
                    case DEVICE_ONLY:
                        stringBuffer.append(",Device Token required");
                        break;
                    case ROOT_ONLY:
                        stringBuffer.append(",root Token required");
                        break;
                }
            } else {
                stringBuffer.append(",null token");
            }
            throw new ServiceSecurityException(stringBuffer.toString()).setType(ServiceSecurityException.SecurityExceptionType.INVALID_TOKEN);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenMangement(DaoManagement daoManagement) {
        this.dao = (DaoManagement) Preconditions.checkNotNull(daoManagement, "dao is null");
        this.cg = this.dao.getCryptographGenerator();
        this.deviceTokenTable.setKeyHelper(Token.KEY_HELPER);
        this.personTokenTable.setKeyHelper(Token.KEY_HELPER);
        this.personTokenTable.setExpire(this.personTokenExpire, TimeUnit.MINUTES);
        this.cmdSnTable = RedisFactory.getTable(TABLE_CMD_SN, JedisPoolLazy.getDefaultInstance());
        this.ackChannelTable = RedisFactory.getTable(TABLE_ACK_CHANNEL, JedisPoolLazy.getDefaultInstance());
        this.cmdSnTable.setExpire(CONFIG.getInt("token.cmd.serialNo.expire"), TimeUnit.SECONDS);
        this.ackChannelTable.setExpire(CONFIG.getInt("token.cmd.ackChannel.expire"), TimeUnit.SECONDS);
        GlobalConfig.logTokenParameters();
    }

    protected static final boolean isValidMac(String str) {
        return !Strings.isNullOrEmpty(str) && str.matches("^[a-fA-F0-9]{12}$");
    }

    protected static final void checkValidMac(String str) throws ServiceSecurityException {
        if (!isValidMac(str)) {
            throw new ServiceSecurityException(String.format("INVALID MAC:%s ", str)).setType(ServiceSecurityException.SecurityExceptionType.INVALID_MAC);
        }
    }

    protected boolean isValidSerialNo(String str) {
        return true;
    }

    protected void checkNotOccupiedSerialNo(String str) throws ServiceSecurityException {
        DeviceBean daoGetDeviceByIndexSerialNo = null == str ? null : this.dao.daoGetDeviceByIndexSerialNo(str);
        if (null != daoGetDeviceByIndexSerialNo) {
            throw new ServiceSecurityException(String.format("serian no:%s be occupied by device ID[%d] MAC[%s]", str, daoGetDeviceByIndexSerialNo.getId(), daoGetDeviceByIndexSerialNo.getMac())).setType(ServiceSecurityException.SecurityExceptionType.OCCUPIED_SN).setDeviceID(daoGetDeviceByIndexSerialNo.getId());
        }
    }

    protected void checkValidSerialNo(String str) throws ServiceSecurityException {
        if (!isValidSerialNo(str)) {
            throw new ServiceSecurityException(String.format("INVALID serial number:%s", str)).setType(ServiceSecurityException.SecurityExceptionType.INVALID_SN);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isValidDeviceToken(Token token) {
        if (!this.validateDeviceToken) {
            return true;
        }
        if (null == token) {
            return false;
        }
        return token.equals(this.deviceTokenTable.get(Integer.toString(token.getId())));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isValidPersonToken(Token token) {
        if (!this.validatePersonToken) {
            return true;
        }
        if (null == token) {
            return false;
        }
        return token.equals(this.personTokenTable.get(Integer.toString(token.getId())));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isValidRootToken(Token token) {
        if (this.validatePersonToken) {
            return isValidPersonToken(token) && Token.TokenType.ROOT.equals(token.getType());
        }
        return true;
    }

    protected void checkValidDeviceId(Integer num) throws ServiceSecurityException {
        if (!this.dao.daoExistsDevice(num)) {
            throw new ServiceSecurityException(String.format("NOT EXISTS device %d", num)).setType(ServiceSecurityException.SecurityExceptionType.INVALID_DEVICE_ID);
        }
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [byte[], byte[][]] */
    private static Token makeToken(byte[] bArr) {
        ByteBuffer wrap = ByteBuffer.wrap(new byte[8]);
        wrap.asLongBuffer().put(System.nanoTime());
        ByteBuffer wrap2 = ByteBuffer.wrap(FaceUtilits.getMD5(Bytes.concat((byte[][]) new byte[]{(byte[]) Preconditions.checkNotNull(bArr), wrap.array()})));
        return new Token(wrap2.getLong(), wrap2.getLong()).asContextToken();
    }

    private static Token makeToken(Object... objArr) {
        Preconditions.checkArgument((null == objArr || 0 == objArr.length) ? false : true, "objs must not be null or empty");
        StringBuffer stringBuffer = new StringBuffer(64);
        for (Object obj : objArr) {
            stringBuffer.append(obj);
        }
        return makeToken(stringBuffer.toString().getBytes());
    }

    private static Token makeDeviceTokenOf(DeviceBean deviceBean) {
        Preconditions.checkArgument(null != deviceBean, "device is null");
        Preconditions.checkArgument((null == deviceBean.getId() || null == deviceBean.getMac() || null == deviceBean.getSerialNo()) ? false : true, "null device argument(id,mac,serialNo)");
        return makeToken(deviceBean.getId(), deviceBean.getMac(), deviceBean.getSerialNo()).asDeviceToken(deviceBean.getId().intValue());
    }

    private static Token makePersonTokenOf(int i) {
        ByteBuffer wrap = ByteBuffer.wrap(new byte[8]);
        wrap.asLongBuffer().put(i);
        return makeToken(wrap.array()).asPersonToken(i);
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [byte[], byte[][]] */
    private static Token makeRootToken(String str) {
        ByteBuffer wrap = ByteBuffer.wrap(new byte[8]);
        wrap.asLongBuffer().put(System.currentTimeMillis());
        return makeToken(Bytes.concat((byte[][]) new byte[]{str.getBytes(), wrap.array()})).asRootToken();
    }

    private void removeDeviceTokenOf(int i) {
        this.deviceTokenTable.remove(new String[]{Integer.toString(i)});
    }

    private void removePersonTokenOf(int i) {
        this.personTokenTable.remove(new String[]{Integer.toString(i)});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DeviceBean registerDevice(DeviceBean deviceBean) throws ServiceSecurityException {
        TokenOp.REGISTER.asContextTokenOp();
        Preconditions.checkArgument(null != deviceBean, "deviceBean must not be null");
        Preconditions.checkArgument(deviceBean.isNew(), "for device registeration the 'newDevice' must be a new record,so the _isNew field must be true ");
        Preconditions.checkArgument(!deviceBean.isModified(0) || Objects.equal(0, deviceBean.getId()), "for device registeration the 'newDevice' must be a new record,so id field must be not be set or be zero");
        DeviceBean daoGetDeviceByIndexMac = this.dao.daoGetDeviceByIndexMac(deviceBean.getMac());
        DeviceBean daoGetDeviceByIndexSerialNo = this.dao.daoGetDeviceByIndexSerialNo(deviceBean.getSerialNo());
        if (null == daoGetDeviceByIndexMac) {
            checkNotOccupiedSerialNo(deviceBean.getSerialNo());
            checkValidSerialNo(deviceBean.getSerialNo());
            return this.dao.daoSaveDevice(deviceBean);
        }
        if (daoGetDeviceByIndexMac.equals(daoGetDeviceByIndexSerialNo) || Objects.equal(deviceBean.getSerialNo(), daoGetDeviceByIndexMac.getSerialNo())) {
            return daoGetDeviceByIndexMac;
        }
        if (isValidSerialNo(daoGetDeviceByIndexMac.getSerialNo())) {
            return daoGetDeviceByIndexMac;
        }
        checkNotOccupiedSerialNo(deviceBean.getSerialNo());
        checkValidSerialNo(deviceBean.getSerialNo());
        daoGetDeviceByIndexMac.setSerialNo(deviceBean.getSerialNo());
        return this.dao.daoSaveDevice(daoGetDeviceByIndexMac);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void unregisterDevice(int i, Token token) throws ServiceSecurityException {
        TokenOp.UNREGISTER.asContextTokenOp();
        Enable.DEVICE_ONLY.check(this, token);
        checkValidDeviceId(Integer.valueOf(i));
        this.dao.daoDeleteDevice(Integer.valueOf(i));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Token applyDeviceToken(DeviceBean deviceBean) throws ServiceSecurityException {
        TokenOp.APPLY.asContextTokenOp();
        checkValidDeviceId(deviceBean.getId());
        DeviceBean daoGetDevice = this.dao.daoGetDevice(deviceBean.getId());
        if (!Objects.equal(daoGetDevice.getMac(), deviceBean.getMac())) {
            throw new ServiceSecurityException(String.format("MISMATCH MAC:%s", daoGetDevice.getMac())).setType(ServiceSecurityException.SecurityExceptionType.INVALID_MAC);
        }
        if (!Objects.equal(daoGetDevice.getSerialNo(), deviceBean.getSerialNo())) {
            throw new ServiceSecurityException(String.format("MISMATCH Serial Number:%s", daoGetDevice.getSerialNo())).setType(ServiceSecurityException.SecurityExceptionType.INVALID_SN);
        }
        Token makeDeviceTokenOf = makeDeviceTokenOf(daoGetDevice);
        this.deviceTokenTable.set(daoGetDevice.getId().toString(), makeDeviceTokenOf, false);
        return makeDeviceTokenOf;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void releaseDeviceToken(Token token) throws ServiceSecurityException {
        TokenOp.RELEASE.asContextTokenOp();
        Enable.DEVICE_ONLY.check(this, token);
        removeDeviceTokenOf(token.getId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Token applyPersonToken(int i, String str, boolean z) throws ServiceSecurityException {
        TokenOp.APPLY.asContextTokenOp();
        checkValidPassword(Integer.toString(i), str, z);
        if (CommonConstant.PersonRank.person.equals(CommonConstant.PersonRank.fromRank(this.dao.daoGetPerson(Integer.valueOf(i)).getRank())) && this.rejectZero) {
            throw new ServiceSecurityException(String.format("REJECTION OF APPLICATION for rank 0 user (id = %d)", Integer.valueOf(i))).setType(ServiceSecurityException.SecurityExceptionType.REJECT_APPLY);
        }
        Token makePersonTokenOf = makePersonTokenOf(i);
        this.personTokenTable.set(Integer.toString(i), makePersonTokenOf, false);
        this.personTokenTable.expire(makePersonTokenOf);
        return makePersonTokenOf;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void releasePersonToken(Token token) throws ServiceSecurityException {
        TokenOp.RELEASE.asContextTokenOp();
        Enable.PERSON_ONLY.check(this, token);
        removePersonTokenOf(token.getId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Token applyRootToken(String str, boolean z) throws ServiceSecurityException {
        TokenOp.APPLY.asContextTokenOp();
        checkValidPassword("root", str, z);
        Token makeRootToken = makeRootToken(str);
        this.personTokenTable.set(Integer.toString(makeRootToken.getId()), makeRootToken, false);
        this.personTokenTable.expire(makeRootToken);
        return makeRootToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void releaseRootToken(Token token) throws ServiceSecurityException {
        TokenOp.RELEASE.asContextTokenOp();
        Enable.ROOT_ONLY.check(this, token);
        removePersonTokenOf(token.getId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidPassword(String str, String str2, boolean z) throws RuntimeDaoException, ServiceSecurityException {
        TokenOp.VALIDPWD.asContextTokenOp();
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str), "INVALID argument,must not be null or empty");
        if ("root".equals(str)) {
            return this.cg.cryptograph(CONFIG.getString("root.password"), false).equals(this.cg.cryptograph(str2, z));
        }
        try {
            return this.cg.cryptograph(str2, z).equals(this.dao.daoGetPersonChecked(Integer.valueOf(str)).getPassword());
        } catch (NumberFormatException e) {
            throw new ServiceSecurityException(ServiceSecurityException.SecurityExceptionType.INVALID_PERSON_ID);
        } catch (ObjectRetrievalException e2) {
            throw new ServiceSecurityException(ServiceSecurityException.SecurityExceptionType.INVALID_PERSON_ID);
        }
    }

    protected void checkValidPassword(String str, String str2, boolean z) throws ServiceSecurityException {
        if (!isValidPassword(str, str2, z)) {
            throw new ServiceSecurityException(String.format("INVALID password [%s]for user [%s]", str2, str)).setType(ServiceSecurityException.SecurityExceptionType.INVALID_PASSWORD);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public long applyCmdSn(Token token) throws ServiceSecurityException {
        Enable.PERSON_ONLY.check(this, token);
        long incr = JedisUtils.incr(ServiceConstant.KEY_CMD_SN);
        String l = Long.toString(incr);
        this.cmdSnTable.set(l, Integer.valueOf(token.getId()), false);
        this.cmdSnTable.expire(l);
        return incr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String applyAckChannel(Token token, long j) throws ServiceSecurityException {
        Enable.PERSON_ONLY.check(this, token);
        String stringBuffer = new StringBuffer(ACK_PREFIX).append(JedisUtils.incr(ServiceConstant.KEY_ACK_SN)).toString();
        this.ackChannelTable.set(stringBuffer, Integer.valueOf(token.getId()), false);
        if (j > 0) {
            this.ackChannelTable.expire(stringBuffer, j, TimeUnit.SECONDS);
        } else {
            this.ackChannelTable.expire(stringBuffer);
        }
        return stringBuffer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidCmdSn(long j) {
        return this.cmdSnTable.containsKey(Long.toString(j));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidAckChannel(String str) {
        return this.ackChannelTable.containsKey(str);
    }
}
