package io.mapsmessaging.security.identity.impl.cognito;

import com.auth0.jwk.JwkProvider;
import com.auth0.jwk.UrlJwkProvider;
import io.mapsmessaging.security.identity.JwtHelper;
import io.mapsmessaging.security.identity.impl.external.JwtPasswordHasher;
import io.mapsmessaging.security.identity.impl.external.JwtValidator;
import io.mapsmessaging.security.identity.impl.external.TokenProvider;
import io.mapsmessaging.security.jaas.aws.AwsAuthHelper;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Map;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AuthenticationResultType;

/* loaded from: input_file:io/mapsmessaging/security/identity/impl/cognito/CognitoPasswordHasher.class */
public class CognitoPasswordHasher extends JwtPasswordHasher implements TokenProvider {
    private final CognitoAuth cognitoAuth;
    private final String username;
    private final CognitoIdentityEntry identityEntry;

    public CognitoPasswordHasher(String str, CognitoAuth cognitoAuth, CognitoIdentityEntry cognitoIdentityEntry) {
        this.cognitoAuth = cognitoAuth;
        this.username = str;
        this.identityEntry = cognitoIdentityEntry;
    }

    @Override // io.mapsmessaging.security.passwords.PasswordHandler
    public byte[] transformPassword(byte[] bArr, byte[] bArr2, int i) {
        String str;
        try {
            str = new String(bArr);
        } catch (Exception e) {
        }
        if (JwtHelper.isJwt(str)) {
            this.jwt = new JwtValidator(this).validateJwt(this.username, str);
            this.computedPassword = bArr;
            success();
            return bArr;
        }
        AuthenticationResultType authenticationResult = this.cognitoAuth.getCognitoClient().adminInitiateAuth((AdminInitiateAuthRequest) AdminInitiateAuthRequest.builder().authFlow("ADMIN_NO_SRP_AUTH").clientId(this.cognitoAuth.getAppClientId()).userPoolId(this.cognitoAuth.getUserPoolId()).authParameters(Map.of("USERNAME", this.username, "PASSWORD", new String(bArr), "SECRET_HASH", generateSecretHash(this.username))).build()).authenticationResult();
        if (authenticationResult != null) {
            this.jwt = new JwtValidator(this).validateJwt(this.username, authenticationResult.idToken());
            this.computedPassword = bArr;
            success();
            return bArr;
        }
        this.computedPassword = new byte[10];
        Arrays.fill(this.computedPassword, (byte) -1);
        return new byte[0];
    }

    public String generateSecretHash(String str) throws NoSuchAlgorithmException, InvalidKeyException {
        return AwsAuthHelper.generateSecretHash(this.cognitoAuth.getAppClientId(), this.cognitoAuth.getAppClientSecret(), str);
    }

    private void success() {
        String asString;
        if (this.cognitoAuth != null) {
            if (this.jwt != null && (asString = this.jwt.getClaim("sub").asString()) != null) {
                this.identityEntry.setUuid(asString);
            }
            this.cognitoAuth.authorised(this.identityEntry);
        }
    }

    @Override // io.mapsmessaging.security.passwords.PasswordHandler
    public String getName() {
        return "cognito";
    }

    @Override // io.mapsmessaging.security.identity.impl.external.TokenProvider
    public JwkProvider getJwkProvider(String str) {
        return new UrlJwkProvider("https://cognito-idp." + this.cognitoAuth.getRegionName() + ".amazonaws.com/" + this.cognitoAuth.getUserPoolId());
    }
}
