package io.warp10.script.ext.token;

import io.warp10.crypto.KeyStore;
import io.warp10.quasar.encoder.QuasarTokenEncoder;
import io.warp10.quasar.token.thrift.data.ReadToken;
import io.warp10.quasar.token.thrift.data.TokenType;
import io.warp10.quasar.token.thrift.data.WriteToken;
import io.warp10.script.NamedWarpScriptFunction;
import io.warp10.script.WarpScriptException;
import io.warp10.script.WarpScriptStack;
import io.warp10.script.WarpScriptStackFunction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.thrift.TBase;
import org.apache.thrift.TException;

/* loaded from: input_file:io/warp10/script/ext/token/TOKENGEN.class */
public class TOKENGEN extends NamedWarpScriptFunction implements WarpScriptStackFunction {
    private static final QuasarTokenEncoder encoder = new QuasarTokenEncoder();
    public static final String KEY_TOKEN = "token";
    public static final String KEY_IDENT = "ident";
    public static final String KEY_ID = "id";
    public static final String KEY_TYPE = "type";
    public static final String KEY_APPLICATION = "application";
    public static final String KEY_EXPIRY = "expiry";
    public static final String KEY_ISSUANCE = "issuance";
    public static final String KEY_TTL = "ttl";
    public static final String KEY_LABELS = "labels";
    public static final String KEY_ATTRIBUTES = "attributes";
    public static final String KEY_OWNERS = "owners";
    public static final String KEY_OWNER = "owner";
    public static final String KEY_PRODUCERS = "producers";
    public static final String KEY_PRODUCER = "producer";
    public static final String KEY_APPLICATIONS = "applications";
    private static final long DEFAULT_TTL = 0;
    private final byte[] keystoreTokenAESKey;
    private final byte[] keystoreTokenSipHashKey;
    private final boolean warpKeystore;

    public TOKENGEN(String str, KeyStore keyStore, boolean z) {
        super(str);
        if (null != keyStore) {
            this.keystoreTokenAESKey = keyStore.getKey("warp.aes.token");
            this.keystoreTokenSipHashKey = keyStore.getKey(KeyStore.SIPHASH_TOKEN);
        } else {
            this.keystoreTokenAESKey = null;
            this.keystoreTokenSipHashKey = null;
        }
        this.warpKeystore = z;
    }

    @Override // io.warp10.script.WarpScriptStackFunction
    public Object apply(WarpScriptStack warpScriptStack) throws WarpScriptException {
        byte[] bArr = null;
        byte[] bArr2 = null;
        Object pop = warpScriptStack.pop();
        if (pop instanceof byte[]) {
            bArr2 = (byte[]) pop;
            Object pop2 = warpScriptStack.pop();
            if (!(pop2 instanceof byte[])) {
                throw new WarpScriptException(getName() + " expects a BYTES AES Key if a BYTES SipHash is given.");
            }
            bArr = (byte[]) pop2;
            pop = warpScriptStack.pop();
        }
        if (null == bArr) {
            if (this.warpKeystore) {
                String str = TokenWarpScriptExtension.TOKEN_SECRET;
                if (null == str) {
                    throw new WarpScriptException(getName() + " expects a token secret to be set in the configuration.");
                }
                if (!(pop instanceof String)) {
                    throw new WarpScriptException(getName() + " expects a STRING token secret.");
                }
                if (!str.equals(pop)) {
                    throw new WarpScriptException(getName() + " invalid token secret.");
                }
                pop = warpScriptStack.pop();
            }
            if (null == this.keystoreTokenAESKey || null == this.keystoreTokenSipHashKey) {
                throw new WarpScriptException(getName() + " expects SipHash and AES keys to be explicitly defined.");
            }
            bArr = this.keystoreTokenAESKey;
            bArr2 = this.keystoreTokenSipHashKey;
        }
        if (!(pop instanceof Map)) {
            throw new WarpScriptException(getName() + " expects a map on top of the stack.");
        }
        Map map = (Map) pop;
        try {
            String encryptToken = encoder.encryptToken(tokenFromMap(map, getName(), DEFAULT_TTL), bArr, bArr2);
            String tokenIdent = encoder.getTokenIdent(encryptToken, bArr2);
            HashMap hashMap = new HashMap();
            hashMap.put("token", encryptToken);
            hashMap.put(KEY_IDENT, tokenIdent);
            if (null != map.get("id")) {
                hashMap.put("id", map.get("id"));
            }
            warpScriptStack.push(hashMap);
            return warpScriptStack;
        } catch (TException e) {
            throw new WarpScriptException("Error while generating token.", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static TBase tokenFromMap(Map map, String str, long j) throws WarpScriptException {
        WriteToken writeToken;
        if (TokenType.READ.toString().equals(map.get("type"))) {
            ReadToken readToken = new ReadToken();
            readToken.setTokenType(TokenType.READ);
            if (null == map.get("owner")) {
                throw new WarpScriptException(str + " missing 'owner'.");
            }
            readToken.setBilledId(encoder.toByteBuffer(map.get("owner").toString()));
            if (null == map.get(KEY_APPLICATION)) {
                throw new WarpScriptException(str + " missing '" + KEY_APPLICATION + "'.");
            }
            readToken.setAppName(map.get(KEY_APPLICATION).toString());
            if (null != map.get(KEY_ISSUANCE)) {
                readToken.setIssuanceTimestamp(((Number) map.get(KEY_ISSUANCE)).longValue());
            } else {
                readToken.setIssuanceTimestamp(System.currentTimeMillis());
            }
            if (null != map.get("ttl")) {
                long longValue = ((Number) map.get("ttl")).longValue();
                if (longValue > Long.MAX_VALUE - readToken.getIssuanceTimestamp()) {
                    readToken.setExpiryTimestamp(Long.MAX_VALUE);
                } else {
                    readToken.setExpiryTimestamp(readToken.getIssuanceTimestamp() + longValue);
                }
            } else if (null != map.get(KEY_EXPIRY)) {
                readToken.setExpiryTimestamp(((Number) map.get(KEY_EXPIRY)).longValue());
            } else {
                if (DEFAULT_TTL == j) {
                    throw new WarpScriptException(str + " missing 'ttl' or '" + KEY_EXPIRY + "'.");
                }
                readToken.setExpiryTimestamp(readToken.getIssuanceTimestamp() + j);
            }
            if (null == map.get(KEY_OWNERS)) {
                readToken.setOwners(new ArrayList());
            } else {
                if (!(map.get(KEY_OWNERS) instanceof List)) {
                    throw new WarpScriptException(str + " expects '" + KEY_OWNERS + "' to be a list of UUIDs.");
                }
                Iterator it = ((List) map.get(KEY_OWNERS)).iterator();
                while (it.hasNext()) {
                    readToken.addToOwners(encoder.toByteBuffer(it.next().toString()));
                }
                if (0 == readToken.getOwnersSize()) {
                    readToken.setOwners(new ArrayList());
                }
            }
            if (null == map.get(KEY_PRODUCERS)) {
                readToken.setProducers(new ArrayList());
            } else {
                if (!(map.get(KEY_PRODUCERS) instanceof List)) {
                    throw new WarpScriptException(str + " expects '" + KEY_PRODUCERS + "' to be a list of UUIDs.");
                }
                Iterator it2 = ((List) map.get(KEY_PRODUCERS)).iterator();
                while (it2.hasNext()) {
                    readToken.addToProducers(encoder.toByteBuffer(it2.next().toString()));
                }
                if (0 == readToken.getProducersSize()) {
                    readToken.setProducers(new ArrayList());
                }
            }
            if (null == map.get(KEY_APPLICATIONS)) {
                readToken.setApps(new ArrayList());
            } else {
                if (!(map.get(KEY_APPLICATIONS) instanceof List)) {
                    throw new WarpScriptException(str + " expects '" + KEY_APPLICATIONS + "' to be a list of application names.");
                }
                Iterator it3 = ((List) map.get(KEY_APPLICATIONS)).iterator();
                while (it3.hasNext()) {
                    readToken.addToApps(it3.next().toString());
                }
                if (0 == readToken.getAppsSize()) {
                    readToken.setApps(new ArrayList());
                }
            }
            if (null != map.get(KEY_ATTRIBUTES)) {
                if (!(map.get(KEY_ATTRIBUTES) instanceof Map)) {
                    throw new WarpScriptException(str + " expects '" + KEY_ATTRIBUTES + "' to be a map.");
                }
                for (Map.Entry entry : ((Map) map.get(KEY_ATTRIBUTES)).entrySet()) {
                    if (!(entry.getKey() instanceof String) || !(entry.getValue() instanceof String)) {
                        throw new WarpScriptException(str + " expects '" + KEY_ATTRIBUTES + "' to be a map of STRING keys and values.");
                    }
                    readToken.putToAttributes(entry.getKey().toString(), entry.getValue().toString());
                }
            }
            if (null != map.get("labels")) {
                if (!(map.get("labels") instanceof Map)) {
                    throw new WarpScriptException(str + " expects 'labels' to be a map.");
                }
                for (Map.Entry entry2 : ((Map) map.get("labels")).entrySet()) {
                    if (!(entry2.getKey() instanceof String) || !(entry2.getValue() instanceof String)) {
                        throw new WarpScriptException(str + " expects 'labels' to be a map of STRING keys and values.");
                    }
                    readToken.putToLabels(entry2.getKey().toString(), entry2.getValue().toString());
                }
            }
            writeToken = readToken;
        } else {
            if (!TokenType.WRITE.toString().equals(map.get("type"))) {
                throw new WarpScriptException(str + " expects a key 'type' with value READ or WRITE in the parameter map.");
            }
            WriteToken writeToken2 = new WriteToken();
            writeToken2.setTokenType(TokenType.WRITE);
            if (null == map.get(KEY_APPLICATION)) {
                throw new WarpScriptException(str + " missing '" + KEY_APPLICATION + "'.");
            }
            writeToken2.setAppName(map.get(KEY_APPLICATION).toString());
            if (null != map.get(KEY_ISSUANCE)) {
                writeToken2.setIssuanceTimestamp(((Number) map.get(KEY_ISSUANCE)).longValue());
            } else {
                writeToken2.setIssuanceTimestamp(System.currentTimeMillis());
            }
            if (null != map.get("ttl")) {
                long longValue2 = ((Number) map.get("ttl")).longValue();
                if (longValue2 > Long.MAX_VALUE - writeToken2.getIssuanceTimestamp()) {
                    writeToken2.setExpiryTimestamp(Long.MAX_VALUE);
                } else {
                    writeToken2.setExpiryTimestamp(writeToken2.getIssuanceTimestamp() + longValue2);
                }
            } else if (null != map.get(KEY_EXPIRY)) {
                writeToken2.setExpiryTimestamp(((Number) map.get(KEY_EXPIRY)).longValue());
            } else {
                if (DEFAULT_TTL == j) {
                    throw new WarpScriptException(str + " missing 'ttl' or '" + KEY_EXPIRY + "'.");
                }
                writeToken2.setExpiryTimestamp(writeToken2.getIssuanceTimestamp() + j);
            }
            if (null == map.get("owner")) {
                throw new WarpScriptException(str + " missing 'owner'.");
            }
            writeToken2.setOwnerId(encoder.toByteBuffer(map.get("owner").toString()));
            if (null == map.get("producer")) {
                throw new WarpScriptException(str + " missing 'producer'.");
            }
            writeToken2.setProducerId(encoder.toByteBuffer(map.get("producer").toString()));
            if (null != map.get(KEY_ATTRIBUTES)) {
                if (!(map.get(KEY_ATTRIBUTES) instanceof Map)) {
                    throw new WarpScriptException(str + " expects '" + KEY_ATTRIBUTES + "' to be a map.");
                }
                for (Map.Entry entry3 : ((Map) map.get(KEY_ATTRIBUTES)).entrySet()) {
                    if (!(entry3.getKey() instanceof String) || !(entry3.getValue() instanceof String)) {
                        throw new WarpScriptException(str + " expects '" + KEY_ATTRIBUTES + "' to be a map of STRING keys and values.");
                    }
                    writeToken2.putToAttributes(entry3.getKey().toString(), entry3.getValue().toString());
                }
            }
            if (null != map.get("labels")) {
                if (!(map.get("labels") instanceof Map)) {
                    throw new WarpScriptException(str + " expects 'labels' to be a map.");
                }
                for (Map.Entry entry4 : ((Map) map.get("labels")).entrySet()) {
                    if (!(entry4.getKey() instanceof String) || !(entry4.getValue() instanceof String)) {
                        throw new WarpScriptException(str + " expects 'labels' to be a map of STRING keys and values.");
                    }
                    writeToken2.putToLabels(entry4.getKey().toString(), entry4.getValue().toString());
                }
            }
            writeToken = writeToken2;
        }
        return writeToken;
    }
}
