package io.continual.iam.impl.zk;

import io.continual.builder.Builder;
import io.continual.iam.access.AccessControlList;
import io.continual.iam.access.AclUpdateListener;
import io.continual.iam.exceptions.IamBadRequestException;
import io.continual.iam.exceptions.IamIdentityDoesNotExist;
import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.ApiKey;
import io.continual.iam.identity.JwtValidator;
import io.continual.iam.impl.common.CommonJsonApiKey;
import io.continual.iam.impl.common.CommonJsonDb;
import io.continual.iam.impl.common.CommonJsonGroup;
import io.continual.iam.impl.common.CommonJsonIdentity;
import io.continual.iam.impl.common.jwt.JwtProducer;
import io.continual.iam.impl.common.jwt.SimpleJwtValidator;
import io.continual.services.ServiceContainer;
import io.continual.util.data.StreamTools;
import io.continual.util.data.exprEval.ExpressionEvaluator;
import io.continual.util.data.json.CommentedJsonTokener;
import io.continual.util.data.json.JsonUtil;
import io.continual.util.data.json.JsonVisitor;
import io.continual.util.time.Clock;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.TreeSet;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.retry.ExponentialBackoffRetry;
import org.apache.zookeeper.KeeperException;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/continual/iam/impl/zk/ZkIamDb.class */
public abstract class ZkIamDb<I extends CommonJsonIdentity, G extends CommonJsonGroup> extends CommonJsonDb<I, G> {
    private final CuratorFramework fZk;
    private static final Logger log = LoggerFactory.getLogger(ZkIamDb.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.continual.iam.impl.zk.ZkIamDb$3, reason: invalid class name */
    /* loaded from: input_file:io/continual/iam/impl/zk/ZkIamDb$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$zookeeper$KeeperException$Code = new int[KeeperException.Code.values().length];

        static {
            try {
                $SwitchMap$org$apache$zookeeper$KeeperException$Code[KeeperException.Code.NONODE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    /* loaded from: input_file:io/continual/iam/impl/zk/ZkIamDb$Builder.class */
    public static abstract class Builder<I extends CommonJsonIdentity, G extends CommonJsonGroup> {
        private String fZkConnectionString;
        private String prefix;
        private CommonJsonDb.AclFactory fAclFactory;
        private JwtProducer fJwtProducer = null;
        private LinkedList<JwtValidator> fJwtValidators = new LinkedList<>();

        public Builder<I, G> connectingTo(String str) {
            this.fZkConnectionString = str;
            return this;
        }

        public Builder<I, G> withPathPrefix(String str) {
            this.prefix = str;
            return this;
        }

        public Builder<I, G> usingAclFactory(CommonJsonDb.AclFactory aclFactory) {
            this.fAclFactory = aclFactory;
            return this;
        }

        public Builder<I, G> withJwtProducer(JwtProducer jwtProducer) {
            this.fJwtProducer = jwtProducer;
            return this;
        }

        public Builder<I, G> addJwtValidator(JwtValidator jwtValidator) {
            this.fJwtValidators.add(jwtValidator);
            return this;
        }

        /* renamed from: build */
        public abstract ZkIamDb<I, G> build2() throws IamSvcException;
    }

    public static <I extends CommonJsonIdentity, G extends CommonJsonGroup> void populateBuilderFrom(final Builder<I, G> builder, ServiceContainer serviceContainer, JSONObject jSONObject) throws Builder.BuildFailure {
        ExpressionEvaluator exprEval = serviceContainer.getExprEval(jSONObject);
        final String evaluateText = exprEval.evaluateText(jSONObject.optString("sysAdminGroup", "sysadmin"));
        JSONObject optJSONObject = jSONObject.optJSONObject("jwt");
        if (optJSONObject != null) {
            String optString = optJSONObject.optString("issuer", null);
            String optString2 = optJSONObject.optString("sha256Key", null);
            if (optString != null && optString2 != null) {
                builder.withJwtProducer(new JwtProducer.Builder().withIssuerName(optString).usingSigningKey(optString2).build());
            }
        }
        JSONObject jSONObject2 = jSONObject.getJSONObject("zk");
        builder.connectingTo(exprEval.evaluateText(jSONObject2.getString("connectionString"))).withPathPrefix(exprEval.evaluateText(jSONObject2.optString("pathPrefix", ""))).usingAclFactory(new CommonJsonDb.AclFactory() { // from class: io.continual.iam.impl.zk.ZkIamDb.1
            public AccessControlList createDefaultAcl(AclUpdateListener aclUpdateListener) {
                AccessControlList accessControlList = new AccessControlList(aclUpdateListener);
                accessControlList.permit(evaluateText, new String[]{"read"}).permit(evaluateText, new String[]{"update"}).permit(evaluateText, new String[]{"create"}).permit(evaluateText, new String[]{"delete"});
                return accessControlList;
            }
        });
        if (optJSONObject != null) {
            JsonVisitor.forEachElement(optJSONObject.optJSONArray("thirdPartyAuth"), new JsonVisitor.ArrayVisitor<JSONObject, Builder.BuildFailure>() { // from class: io.continual.iam.impl.zk.ZkIamDb.2
                public boolean visit(JSONObject jSONObject3) throws JSONException, Builder.BuildFailure {
                    Builder.this.addJwtValidator(new SimpleJwtValidator.Builder().named(jSONObject3.optString("name", "(anonymous)")).forIssuer(jSONObject3.getString("issuer")).forAudience(jSONObject3.getString("audience")).getPublicKeysFrom(jSONObject3.optString("keys")).build());
                    return true;
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ZkIamDb(Builder<I, G> builder) throws IamSvcException {
        super(((Builder) builder).fAclFactory, ((Builder) builder).fJwtProducer);
        this.fZk = CuratorFrameworkFactory.builder().namespace(((Builder) builder).prefix).connectString(((Builder) builder).fZkConnectionString).retryPolicy(new ExponentialBackoffRetry(1000, 3)).build();
    }

    public void start() throws IamSvcException {
        super.start();
        this.fZk.start();
        ensurePathExists("users");
        ensurePathExists("groups");
        ensurePathExists("apikeys/byKey");
        ensurePathExists("acls");
        ensurePathExists("tags/byTag");
        ensurePathExists("tags/byUser");
        ensurePathExists("aliases/byKey");
        ensurePathExists("aliases/byUser");
        ensurePathExists("invalidJwts");
    }

    public void close() {
        this.fZk.close();
    }

    public Map<String, I> loadAllUsers() throws IamSvcException {
        HashMap hashMap = new HashMap();
        for (String str : getAllUsers()) {
            hashMap.put(str, loadUser(str));
        }
        return hashMap;
    }

    public Collection<String> getAllUsers() throws IamSvcException {
        String concatPathParts = concatPathParts("users");
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(loadKeysBelow(concatPathParts));
        return linkedList;
    }

    public Collection<String> getAllGroups() throws IamSvcException {
        String concatPathParts = concatPathParts("groups");
        LinkedList linkedList = new LinkedList();
        Iterator<String> it = loadKeysBelow(concatPathParts).iterator();
        while (it.hasNext()) {
            String substring = it.next().substring(concatPathParts.length());
            if (substring.length() > 0) {
                linkedList.add(substring);
            }
        }
        return linkedList;
    }

    public List<String> findUsers(String str) throws IamSvcException {
        String concatPathParts = concatPathParts("users");
        List<String> loadKeysBelow = loadKeysBelow(concatPathParts(concatPathParts, str));
        LinkedList linkedList = new LinkedList();
        Iterator<String> it = loadKeysBelow.iterator();
        while (it.hasNext()) {
            linkedList.add(it.next().substring(concatPathParts.length() + 1));
        }
        return linkedList;
    }

    public void sweepExpiredTags() throws IamSvcException {
        Iterator<String> it = loadKeysBelow("/tags/byTag").iterator();
        while (it.hasNext()) {
            loadTagObject(it.next(), false);
        }
    }

    String concatPathParts(String... strArr) {
        StringBuilder sb = new StringBuilder();
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            String str = strArr[i];
            if (str.startsWith("/")) {
                str = str.substring(1);
            }
            if (str.endsWith("/")) {
                str = str.substring(0, str.length() - 1);
            }
            sb.append("/").append(str);
        }
        return sb.toString();
    }

    String makeUserId(String str) {
        return concatPathParts("users/", str);
    }

    String makeGroupId(String str) {
        return concatPathParts("groups/", str);
    }

    String makeByApiKeyId(String str) {
        return concatPathParts("apikeys/byKey/", str);
    }

    String makeAclId(String str) {
        return concatPathParts("acls/", str);
    }

    String makeByTagId(String str) {
        return concatPathParts("tags/byTag/", str);
    }

    String makeByUserTagId(String str, String str2) {
        return concatPathParts("tags/byUser/", str, str2);
    }

    String makeByAliasId(String str) {
        return concatPathParts("aliases/byKey/", str);
    }

    String makeByUserAliasId(String str) {
        return concatPathParts("aliases/byUser/", str);
    }

    String makeJwtTokenId(String str) {
        return concatPathParts("invalidJwts/", str);
    }

    private InputStream load(String str) throws IamSvcException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (loadTo(str, byteArrayOutputStream)) {
            return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        }
        return null;
    }

    private JSONObject loadObject(String str) throws IamSvcException {
        long now = Clock.now();
        try {
            InputStream load = load(str);
            if (load == null) {
                return null;
            }
            JSONObject jSONObject = new JSONObject((JSONTokener) new CommentedJsonTokener(load));
            long now2 = Clock.now() - now;
            if (log.isDebugEnabled()) {
                log.debug("ZkIamDb.loadObject ( " + str + " ): from ZK, " + now2 + " ms");
            }
            return jSONObject;
        } catch (JSONException e) {
            throw new IamSvcException(e);
        }
    }

    private boolean loadTo(String str, OutputStream outputStream) throws IamSvcException {
        try {
            StreamTools.copyStream(new ByteArrayInputStream((byte[]) this.fZk.getData().forPath(str)), outputStream);
            return true;
        } catch (KeeperException e) {
            switch (AnonymousClass3.$SwitchMap$org$apache$zookeeper$KeeperException$Code[e.code().ordinal()]) {
                case 1:
                    log.info("No node {}", str);
                    return false;
                default:
                    throw new IamSvcException(e);
            }
        } catch (Exception e2) {
            throw new IamSvcException(e2);
        }
    }

    List<String> loadKeysBelow(String str) throws IamSvcException {
        LinkedList linkedList = new LinkedList();
        try {
            linkedList.addAll((List) this.fZk.getChildren().forPath(str));
        } catch (Exception e) {
            throw new IamSvcException(e);
        } catch (KeeperException e2) {
            switch (AnonymousClass3.$SwitchMap$org$apache$zookeeper$KeeperException$Code[e2.code().ordinal()]) {
                case 1:
                    log.info("No node {}", str);
                    break;
                default:
                    throw new IamSvcException(e2);
            }
        }
        return linkedList;
    }

    void storeObject(String str, JSONObject jSONObject) throws IamSvcException {
        try {
            this.fZk.create().orSetData().creatingParentsIfNeeded().forPath(str, jSONObject.toString().getBytes("UTF-8"));
        } catch (Exception e) {
            throw new IamSvcException(e);
        }
    }

    private void deleteObject(String str) throws IamSvcException {
        try {
            this.fZk.delete().forPath(str);
        } catch (Exception e) {
            throw new IamSvcException(e);
        }
    }

    protected JSONObject createNewUser(String str) {
        return CommonJsonIdentity.initializeIdentity();
    }

    protected JSONObject loadUserObject(String str) throws IamSvcException {
        return loadObject(makeUserId(str));
    }

    protected void storeUserObject(String str, JSONObject jSONObject) throws IamSvcException {
        storeObject(makeUserId(str), jSONObject);
    }

    protected void deleteUserObject(String str) throws IamSvcException {
        deleteObject(makeUserId(str));
    }

    protected JSONObject createNewGroup(String str, String str2) {
        return CommonJsonGroup.initializeGroup(str2);
    }

    protected JSONObject loadGroupObject(String str) throws IamSvcException {
        return loadObject(makeGroupId(str));
    }

    protected void storeGroupObject(String str, JSONObject jSONObject) throws IamSvcException {
        storeObject(makeGroupId(str), jSONObject);
    }

    protected void deleteGroupObject(String str) throws IamSvcException {
        deleteObject(makeGroupId(str));
    }

    protected JSONObject createApiKeyObject(String str, String str2, String str3) {
        return CommonJsonApiKey.initialize(str3, str);
    }

    protected JSONObject loadApiKeyObject(String str) throws IamSvcException {
        return loadObject(makeByApiKeyId(str));
    }

    protected void storeApiKeyObject(String str, JSONObject jSONObject) throws IamSvcException, IamBadRequestException {
        String optString = jSONObject.optString("userId", null);
        if (optString == null) {
            throw new IamBadRequestException("no user specified for api key");
        }
        JSONObject loadUserObject = loadUserObject(optString);
        if (loadUserObject == null) {
            throw new IamIdentityDoesNotExist(optString);
        }
        storeObject(makeByApiKeyId(str), jSONObject);
        JSONArray optJSONArray = loadUserObject.optJSONArray("apiKeys");
        if (optJSONArray == null) {
            optJSONArray = new JSONArray();
            loadUserObject.put("apiKeys", optJSONArray);
        }
        if (new TreeSet(JsonVisitor.arrayToList(optJSONArray)).contains(str)) {
            return;
        }
        optJSONArray.put(str);
        storeUserObject(optString, loadUserObject);
    }

    protected void deleteApiKeyObject(String str) throws IamSvcException {
        String string;
        JSONObject loadUserObject;
        JSONArray optJSONArray;
        JSONObject loadApiKeyObject = loadApiKeyObject(str);
        if (loadApiKeyObject != null && (optJSONArray = (loadUserObject = loadUserObject((string = loadApiKeyObject.getString("userId")))).optJSONArray("apiKeys")) != null && JsonUtil.removeStringFromArray(optJSONArray, str)) {
            storeUserObject(string, loadUserObject);
        }
        deleteObject(makeByApiKeyId(str));
    }

    protected ApiKey instantiateApiKey(String str, JSONObject jSONObject) {
        return new CommonJsonApiKey(str, jSONObject);
    }

    protected Collection<String> loadApiKeysForUser(String str) throws IamSvcException, IamIdentityDoesNotExist {
        JSONObject loadUserObject = loadUserObject(str);
        if (loadUserObject == null) {
            throw new IamIdentityDoesNotExist(str);
        }
        JSONArray optJSONArray = loadUserObject.optJSONArray("apiKeys");
        return optJSONArray != null ? JsonVisitor.arrayToList(optJSONArray) : new LinkedList();
    }

    protected JSONObject loadAclObject(String str) throws IamSvcException {
        return loadObject(makeAclId(str));
    }

    protected void storeAclObject(String str, JSONObject jSONObject) throws IamSvcException {
        storeObject(makeAclId(str), jSONObject);
    }

    protected void deleteAclObject(String str) throws IamSvcException {
        deleteObject(makeAclId(str));
    }

    protected JSONObject loadTagObject(String str, boolean z) throws IamSvcException {
        JSONObject loadObject = loadObject(makeByTagId(str));
        if (loadObject == null) {
            return null;
        }
        if (loadObject.getLong("expireEpoch") >= Clock.now() / 1000 || z) {
            return loadObject;
        }
        String optString = loadObject.optString("userId", null);
        String optString2 = loadObject.optString("tagType", loadObject.optString("type", null));
        if (optString == null || optString2 == null) {
            log.warn("Tag " + str + " is damaged.");
            return null;
        }
        deleteTagObject(str, optString, optString2);
        log.info("Tag " + str + " (" + optString + "/" + optString2 + ") deleted.");
        return null;
    }

    protected JSONObject loadTagObject(String str, String str2, boolean z) throws IamSvcException {
        JSONObject loadObject = loadObject(makeByUserTagId(str, str2));
        if (loadObject == null) {
            return null;
        }
        if (loadObject.getLong("expireEpoch") >= Clock.now() / 1000 || z) {
            return loadObject;
        }
        removeMatchingTag(str, str2);
        return null;
    }

    protected void storeTagObject(String str, String str2, String str3, JSONObject jSONObject) throws IamSvcException {
        storeObject(makeByTagId(str), jSONObject);
        storeObject(makeByUserTagId(str2, str3), jSONObject);
    }

    protected void deleteTagObject(String str, String str2, String str3) throws IamSvcException {
        deleteObject(makeByTagId(str));
        deleteObject(makeByUserTagId(str2, str3));
    }

    protected JSONObject loadAliasObject(String str) throws IamSvcException {
        return loadObject(makeByAliasId(str));
    }

    protected void storeAliasObject(String str, JSONObject jSONObject) throws IamSvcException, IamBadRequestException {
        String optString = jSONObject.optString("userId", null);
        if (optString == null) {
            throw new IamBadRequestException("no user specified for alias");
        }
        JSONObject loadUserObject = loadUserObject(optString);
        if (loadUserObject == null) {
            throw new IamIdentityDoesNotExist(optString);
        }
        storeObject(makeByAliasId(str), jSONObject);
        JSONArray optJSONArray = loadUserObject.optJSONArray("aliases");
        if (optJSONArray == null) {
            optJSONArray = new JSONArray();
            loadUserObject.put("aliases", optJSONArray);
        }
        if (new TreeSet(JsonVisitor.arrayToList(optJSONArray)).contains(str)) {
            return;
        }
        optJSONArray.put(str);
        storeUserObject(optString, loadUserObject);
    }

    protected void deleteAliasObject(String str) throws IamSvcException {
        String string;
        JSONObject loadUserObject;
        JSONArray optJSONArray;
        JSONObject loadAliasObject = loadAliasObject(str);
        if (loadAliasObject != null && (optJSONArray = (loadUserObject = loadUserObject((string = loadAliasObject.getString("userId")))).optJSONArray("aliases")) != null && JsonUtil.removeStringFromArray(optJSONArray, str)) {
            storeUserObject(string, loadUserObject);
        }
        deleteObject(makeByAliasId(str));
    }

    protected Collection<String> loadAliasesForUser(String str) throws IamSvcException, IamIdentityDoesNotExist {
        JSONObject loadUserObject = loadUserObject(str);
        if (loadUserObject == null) {
            throw new IamIdentityDoesNotExist(str);
        }
        JSONArray optJSONArray = loadUserObject.optJSONArray("aliases");
        return optJSONArray != null ? JsonVisitor.arrayToList(optJSONArray) : new LinkedList();
    }

    protected void storeInvalidJwtToken(String str) throws IamSvcException {
        storeObject(makeJwtTokenId(str), new JSONObject());
    }

    protected boolean isInvalidJwtToken(String str) throws IamSvcException {
        return null != loadObject(makeJwtTokenId(str));
    }

    private void ensurePathExists(String... strArr) throws IamSvcException {
        String concatPathParts = concatPathParts(strArr);
        try {
            if (null != this.fZk.checkExists().forPath(concatPathParts)) {
                return;
            }
            storeObject(concatPathParts, new JSONObject());
        } catch (Exception e) {
            throw new IamSvcException(e);
        }
    }
}
