package org.iplass.mtp.impl.auth.oauth.subtypes;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import org.iplass.mtp.ManagerLocator;
import org.iplass.mtp.auth.User;
import org.iplass.mtp.auth.oauth.definition.SubjectIdentifierTypeDefinition;
import org.iplass.mtp.auth.oauth.definition.subtypes.PublicSubjectIdentifierTypeDefinition;
import org.iplass.mtp.entity.EntityManager;
import org.iplass.mtp.entity.LoadOption;
import org.iplass.mtp.entity.UpdateOption;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthClient;
import org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType;
import org.iplass.mtp.impl.auth.oauth.OAuthAuthorizationService;
import org.iplass.mtp.impl.core.ExecuteContext;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.util.StringUtil;

/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/subtypes/MetaPublicSubjectIdentifierType.class */
public class MetaPublicSubjectIdentifierType extends MetaSubjectIdentifierType {
    private static final long serialVersionUID = 7872789897631127807L;
    private String subjectIdMappedUserProperty;
    private boolean hashing;

    /* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/subtypes/MetaPublicSubjectIdentifierType$PublicSubjectIdentifierTypeRuntime.class */
    public class PublicSubjectIdentifierTypeRuntime extends MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime {
        private OAuthAuthorizationService oauthAuthService = (OAuthAuthorizationService) ServiceRegistry.getRegistry().getService(OAuthAuthorizationService.class);

        public PublicSubjectIdentifierTypeRuntime() {
            if (MetaPublicSubjectIdentifierType.this.hashing) {
                if (this.oauthAuthService.getSubjectIdHashAlgorithm() == null || this.oauthAuthService.getSubjectIdHashSalt() == null) {
                    throw new IllegalStateException("no hashing configration defined. OAuthAuthorizationService's subjectIdHashAlgorithm and subjectIdHashSalt must specify.");
                }
            }
        }

        @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime
        public String subjectId(User user, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime) {
            Object value = user.getValue(MetaPublicSubjectIdentifierType.this.subjectIdMappedUserProperty);
            if (value == null) {
                return null;
            }
            String obj = value.toString();
            if (MetaPublicSubjectIdentifierType.this.hashing) {
                try {
                    obj = Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance(this.oauthAuthService.getSubjectIdHashAlgorithm()).digest((obj + "-" + ExecuteContext.getCurrentContext().getClientTenantId() + "-" + this.oauthAuthService.getSubjectIdHashSalt()).getBytes("UTF-8")));
                } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
                    throw new RuntimeException(e);
                }
            }
            return obj;
        }

        @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime
        public User handleOnLoad(User user) {
            if (user.getValue(MetaPublicSubjectIdentifierType.this.subjectIdMappedUserProperty) == null) {
                EntityManager manager = ManagerLocator.getInstance().getManager(EntityManager.class);
                User load = manager.load(user.getOid(), "mtp.auth.User", new LoadOption(false, false));
                Object value = load.getValue(MetaPublicSubjectIdentifierType.this.subjectIdMappedUserProperty);
                if (value == null) {
                    value = "s" + StringUtil.randomToken();
                    load.setValue(MetaPublicSubjectIdentifierType.this.subjectIdMappedUserProperty, value);
                    manager.update(load, new UpdateOption(true).add(MetaPublicSubjectIdentifierType.this.subjectIdMappedUserProperty));
                }
                user.setValue(MetaPublicSubjectIdentifierType.this.subjectIdMappedUserProperty, value);
            }
            return user;
        }
    }

    public boolean isHashing() {
        return this.hashing;
    }

    public void setHashing(boolean z) {
        this.hashing = z;
    }

    public String getSubjectIdMappedUserProperty() {
        return this.subjectIdMappedUserProperty;
    }

    public void setSubjectIdMappedUserProperty(String str) {
        this.subjectIdMappedUserProperty = str;
    }

    @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType
    public PublicSubjectIdentifierTypeRuntime createRuntime() {
        return new PublicSubjectIdentifierTypeRuntime();
    }

    @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType
    public void applyConfig(SubjectIdentifierTypeDefinition subjectIdentifierTypeDefinition) {
        PublicSubjectIdentifierTypeDefinition publicSubjectIdentifierTypeDefinition = (PublicSubjectIdentifierTypeDefinition) subjectIdentifierTypeDefinition;
        this.subjectIdMappedUserProperty = publicSubjectIdentifierTypeDefinition.getSubjectIdMappedUserProperty();
        this.hashing = publicSubjectIdentifierTypeDefinition.isHashing();
    }

    @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType
    public SubjectIdentifierTypeDefinition currentConfig() {
        PublicSubjectIdentifierTypeDefinition publicSubjectIdentifierTypeDefinition = new PublicSubjectIdentifierTypeDefinition();
        publicSubjectIdentifierTypeDefinition.setSubjectIdMappedUserProperty(this.subjectIdMappedUserProperty);
        publicSubjectIdentifierTypeDefinition.setHashing(this.hashing);
        return publicSubjectIdentifierTypeDefinition;
    }
}
