package org.iplass.mtp.impl.auth.oauth.subtypes;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import org.iplass.mtp.ManagerLocator;
import org.iplass.mtp.auth.User;
import org.iplass.mtp.auth.oauth.definition.SubjectIdentifierTypeDefinition;
import org.iplass.mtp.auth.oauth.definition.subtypes.PairwiseSubjectIdentifierTypeDefinition;
import org.iplass.mtp.entity.EntityManager;
import org.iplass.mtp.entity.LoadOption;
import org.iplass.mtp.entity.UpdateOption;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthClient;
import org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType;
import org.iplass.mtp.impl.auth.oauth.OAuthAuthorizationService;
import org.iplass.mtp.impl.core.ExecuteContext;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.util.StringUtil;

/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/subtypes/MetaPairwiseSubjectIdentifierType.class */
public class MetaPairwiseSubjectIdentifierType extends MetaSubjectIdentifierType {
    private static final long serialVersionUID = 4993666973627956478L;
    private String subjectIdMappedUserProperty;

    /* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/subtypes/MetaPairwiseSubjectIdentifierType$PairwiseSubjectIdentifierTypeRuntime.class */
    public class PairwiseSubjectIdentifierTypeRuntime extends MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime {
        private OAuthAuthorizationService oauthAuthService = (OAuthAuthorizationService) ServiceRegistry.getRegistry().getService(OAuthAuthorizationService.class);

        public PairwiseSubjectIdentifierTypeRuntime() {
            if (this.oauthAuthService.getSubjectIdHashAlgorithm() == null || this.oauthAuthService.getSubjectIdHashSalt() == null) {
                throw new IllegalStateException("no hashing configration defined. OAuthAuthorizationService's subjectIdHashAlgorithm and subjectIdHashSalt must specify.");
            }
        }

        @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime
        public String subjectId(User user, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime) {
            Object value = user.getValue(MetaPairwiseSubjectIdentifierType.this.subjectIdMappedUserProperty);
            if (value == null) {
                return null;
            }
            try {
                return Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance(this.oauthAuthService.getSubjectIdHashAlgorithm()).digest((value.toString() + "-" + oAuthClientRuntime.sectorIdentifier() + "-" + ExecuteContext.getCurrentContext().getClientTenantId() + "-" + this.oauthAuthService.getSubjectIdHashSalt()).getBytes("UTF-8")));
            } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }

        @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime
        public User handleOnLoad(User user) {
            if (user.getValue(MetaPairwiseSubjectIdentifierType.this.subjectIdMappedUserProperty) == null) {
                EntityManager manager = ManagerLocator.getInstance().getManager(EntityManager.class);
                User load = manager.load(user.getOid(), "mtp.auth.User", new LoadOption(false, false));
                Object value = load.getValue(MetaPairwiseSubjectIdentifierType.this.subjectIdMappedUserProperty);
                if (value == null) {
                    value = "s" + StringUtil.randomToken();
                    load.setValue(MetaPairwiseSubjectIdentifierType.this.subjectIdMappedUserProperty, value);
                    manager.update(load, new UpdateOption(true).add(MetaPairwiseSubjectIdentifierType.this.subjectIdMappedUserProperty));
                }
                user.setValue(MetaPairwiseSubjectIdentifierType.this.subjectIdMappedUserProperty, value);
            }
            return user;
        }
    }

    public String getSubjectIdMappedUserProperty() {
        return this.subjectIdMappedUserProperty;
    }

    public void setSubjectIdMappedUserProperty(String str) {
        this.subjectIdMappedUserProperty = str;
    }

    @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType
    public MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime createRuntime() {
        return new PairwiseSubjectIdentifierTypeRuntime();
    }

    @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType
    public void applyConfig(SubjectIdentifierTypeDefinition subjectIdentifierTypeDefinition) {
        this.subjectIdMappedUserProperty = ((PairwiseSubjectIdentifierTypeDefinition) subjectIdentifierTypeDefinition).getSubjectIdMappedUserProperty();
    }

    @Override // org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType
    public SubjectIdentifierTypeDefinition currentConfig() {
        PairwiseSubjectIdentifierTypeDefinition pairwiseSubjectIdentifierTypeDefinition = new PairwiseSubjectIdentifierTypeDefinition();
        pairwiseSubjectIdentifierTypeDefinition.setSubjectIdMappedUserProperty(this.subjectIdMappedUserProperty);
        return pairwiseSubjectIdentifierTypeDefinition;
    }
}
