package io.warp10.script.ext.token;

import io.warp10.continuum.Tokens;
import io.warp10.crypto.KeyStore;
import io.warp10.crypto.OrderPreservingBase64;
import io.warp10.crypto.SipHashInline;
import io.warp10.quasar.encoder.QuasarTokenDecoder;
import io.warp10.quasar.encoder.QuasarTokenEncoder;
import io.warp10.quasar.filter.exception.QuasarTokenException;
import io.warp10.quasar.token.thrift.data.ReadToken;
import io.warp10.quasar.token.thrift.data.TokenType;
import io.warp10.quasar.token.thrift.data.WriteToken;
import io.warp10.script.NamedWarpScriptFunction;
import io.warp10.script.WarpScriptException;
import io.warp10.script.WarpScriptStack;
import io.warp10.script.WarpScriptStackFunction;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.thrift.TBase;

/* loaded from: input_file:io/warp10/script/ext/token/TOKENDUMP.class */
public class TOKENDUMP extends NamedWarpScriptFunction implements WarpScriptStackFunction {
    private final QuasarTokenEncoder encoder;
    public static final String KEY_PARAMS = "params";
    private final byte[] keystoreTokenAESKey;
    private final byte[] keystoreTokenSipHashKey;
    private final boolean warpKeystore;

    public TOKENDUMP(String str, KeyStore keyStore, boolean z) {
        super(str);
        this.encoder = new QuasarTokenEncoder();
        if (null != keyStore) {
            this.keystoreTokenAESKey = keyStore.getKey("warp.aes.token");
            this.keystoreTokenSipHashKey = keyStore.getKey(KeyStore.SIPHASH_TOKEN);
        } else {
            this.keystoreTokenAESKey = null;
            this.keystoreTokenSipHashKey = null;
        }
        this.warpKeystore = z;
    }

    @Override // io.warp10.script.WarpScriptStackFunction
    public Object apply(WarpScriptStack warpScriptStack) throws WarpScriptException {
        byte[] bArr = null;
        byte[] bArr2 = null;
        boolean z = false;
        Object pop = warpScriptStack.pop();
        if (pop instanceof byte[]) {
            z = true;
            bArr2 = (byte[]) pop;
            Object pop2 = warpScriptStack.pop();
            if (!(pop2 instanceof byte[])) {
                throw new WarpScriptException(getName() + " expects a BYTES AES Key if a BYTES SipHash is given.");
            }
            bArr = (byte[]) pop2;
            pop = warpScriptStack.pop();
        }
        if (null == bArr) {
            if (this.warpKeystore) {
                String str = TokenWarpScriptExtension.TOKEN_SECRET;
                if (null == str) {
                    throw new WarpScriptException(getName() + " expects a token secret to be set in the configuration.");
                }
                if (!(pop instanceof String)) {
                    throw new WarpScriptException(getName() + " expects a STRING token secret.");
                }
                if (!str.equals(pop)) {
                    throw new WarpScriptException(getName() + " invalid token secret.");
                }
                pop = warpScriptStack.pop();
            }
            if (null == this.keystoreTokenAESKey || null == this.keystoreTokenSipHashKey) {
                throw new WarpScriptException(getName() + " expects SipHash and AES keys to be explicitly defined.");
            }
            bArr = this.keystoreTokenAESKey;
            bArr2 = this.keystoreTokenSipHashKey;
        }
        if (!(pop instanceof String)) {
            throw new WarpScriptException(getName() + " expects a STRING token.");
        }
        String str2 = (String) pop;
        ReadToken readToken = null;
        WriteToken writeToken = null;
        if (z || !this.warpKeystore) {
            byte[] decode = OrderPreservingBase64.decode(str2.getBytes(StandardCharsets.UTF_8));
            long[] key = SipHashInline.getKey(bArr2);
            QuasarTokenDecoder quasarTokenDecoder = new QuasarTokenDecoder(key[0], key[1], bArr);
            try {
                readToken = quasarTokenDecoder.decodeReadToken(decode);
            } catch (QuasarTokenException e) {
                try {
                    writeToken = quasarTokenDecoder.decodeWriteToken(decode);
                } catch (Exception e2) {
                    throw new WarpScriptException(getName() + " invalid token.", e2);
                }
            }
        } else {
            try {
                readToken = Tokens.extractReadToken(str2);
            } catch (WarpScriptException e3) {
                try {
                    writeToken = Tokens.extractWriteToken(str2);
                } catch (Exception e4) {
                    throw new WarpScriptException(getName() + " invalid token.", e4);
                }
            }
        }
        String tokenIdent = this.encoder.getTokenIdent(str2, bArr2);
        HashMap hashMap = new HashMap();
        hashMap.put("token", str2);
        hashMap.put(TOKENGEN.KEY_IDENT, tokenIdent);
        hashMap.put("params", mapFromToken(null != readToken ? readToken : writeToken));
        warpScriptStack.push(hashMap);
        return warpScriptStack;
    }

    public Map<String, Object> mapFromToken(TBase tBase) {
        HashMap hashMap = new HashMap();
        if (tBase instanceof ReadToken) {
            ReadToken readToken = (ReadToken) tBase;
            hashMap.put("type", TokenType.READ.toString());
            hashMap.put("owner", Tokens.getUUID(readToken.getBilledId()));
            hashMap.put(TOKENGEN.KEY_APPLICATION, readToken.getAppName());
            hashMap.put(TOKENGEN.KEY_ISSUANCE, Long.valueOf(readToken.getIssuanceTimestamp()));
            hashMap.put(TOKENGEN.KEY_EXPIRY, Long.valueOf(readToken.getExpiryTimestamp()));
            if (readToken.getOwnersSize() > 0) {
                ArrayList arrayList = new ArrayList(readToken.getOwnersSize());
                hashMap.put(TOKENGEN.KEY_OWNERS, arrayList);
                Iterator<ByteBuffer> it = readToken.getOwners().iterator();
                while (it.hasNext()) {
                    arrayList.add(Tokens.getUUID(it.next()));
                }
            }
            if (readToken.getProducersSize() > 0) {
                ArrayList arrayList2 = new ArrayList(readToken.getProducersSize());
                hashMap.put(TOKENGEN.KEY_PRODUCERS, arrayList2);
                Iterator<ByteBuffer> it2 = readToken.getProducers().iterator();
                while (it2.hasNext()) {
                    arrayList2.add(Tokens.getUUID(it2.next()));
                }
            }
            if (readToken.getAppsSize() > 0) {
                ArrayList arrayList3 = new ArrayList(readToken.getAppsSize());
                hashMap.put(TOKENGEN.KEY_APPLICATIONS, arrayList3);
                Iterator<String> it3 = readToken.getApps().iterator();
                while (it3.hasNext()) {
                    arrayList3.add(it3.next());
                }
            }
            if (readToken.getAttributesSize() > 0) {
                hashMap.put(TOKENGEN.KEY_ATTRIBUTES, new HashMap(readToken.getAttributes()));
            }
            if (readToken.getLabelsSize() > 0) {
                hashMap.put("labels", new HashMap(readToken.getLabels()));
            }
        } else {
            WriteToken writeToken = (WriteToken) tBase;
            hashMap.put("type", TokenType.WRITE.toString());
            hashMap.put("owner", Tokens.getUUID(writeToken.getOwnerId()));
            hashMap.put("producer", Tokens.getUUID(writeToken.getProducerId()));
            hashMap.put(TOKENGEN.KEY_APPLICATION, writeToken.getAppName());
            hashMap.put(TOKENGEN.KEY_ISSUANCE, Long.valueOf(writeToken.getIssuanceTimestamp()));
            hashMap.put(TOKENGEN.KEY_EXPIRY, Long.valueOf(writeToken.getExpiryTimestamp()));
            if (writeToken.getAttributesSize() > 0) {
                hashMap.put(TOKENGEN.KEY_ATTRIBUTES, new HashMap(writeToken.getAttributes()));
            }
            if (writeToken.getLabelsSize() > 0) {
                hashMap.put("labels", new HashMap(writeToken.getLabels()));
            }
        }
        return hashMap;
    }
}
