package org.iplass.mtp.impl.auth.oauth;

import java.io.Serializable;
import java.sql.Timestamp;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.iplass.mtp.auth.login.Credential;
import org.iplass.mtp.auth.login.IdPasswordCredential;
import org.iplass.mtp.auth.token.AuthTokenInfo;
import org.iplass.mtp.impl.auth.authenticate.token.AuthToken;
import org.iplass.mtp.impl.auth.authenticate.token.AuthTokenHandler;
import org.iplass.mtp.impl.auth.authenticate.token.AuthTokenService;
import org.iplass.mtp.impl.auth.authenticate.token.AuthTokenStore;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthClient;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthResourceServer;
import org.iplass.mtp.impl.core.ExecuteContext;
import org.iplass.mtp.spi.Config;
import org.iplass.mtp.spi.ServiceRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/OAuthClientCredentialHandler.class */
public class OAuthClientCredentialHandler extends AuthTokenHandler {
    private static Logger logger = LoggerFactory.getLogger("mtp.auth.oauth");
    public static final String TYPE_CLIENT = "OC";
    public static final String TYPE_RESOURCE_SERVER = "ORS";
    public static final String TYPE_POST_FIX_OLD = "$OLD";
    private AuthTokenStore oldCredentialStore;
    private int oldCredentialValidDays;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/OAuthClientCredentialHandler$OAuthClientCredentialInfo.class */
    public static class OAuthClientCredentialInfo implements AuthTokenInfo {
        private String type;

        OAuthClientCredentialInfo(String str) {
            this.type = str;
        }

        public String getType() {
            return this.type;
        }

        public String getKey() {
            return null;
        }

        public String getDescription() {
            return null;
        }
    }

    public int getOldCredentialValidDays() {
        return this.oldCredentialValidDays;
    }

    public void setOldCredentialValidDays(int i) {
        this.oldCredentialValidDays = i;
    }

    private String metaDataId(String str) {
        MetaOAuthResourceServer.OAuthResourceServerRuntime runtimeByName;
        if (TYPE_CLIENT.equals(getType())) {
            MetaOAuthClient.OAuthClientRuntime runtimeByName2 = ((OAuthClientService) ServiceRegistry.getRegistry().getService(OAuthClientService.class)).getRuntimeByName(str);
            if (runtimeByName2 == null) {
                return null;
            }
            return runtimeByName2.m32getMetaData().getId();
        }
        if (!TYPE_RESOURCE_SERVER.equals(getType()) || (runtimeByName = ((OAuthResourceServerService) ServiceRegistry.getRegistry().getService(OAuthResourceServerService.class)).getRuntimeByName(str)) == null) {
            return null;
        }
        return runtimeByName.m38getMetaData().getId();
    }

    public Credential generateCredential(String str) {
        AuthToken bySeries;
        int clientTenantId = ExecuteContext.getCurrentContext().getClientTenantId();
        String metaDataId = metaDataId(str);
        if (metaDataId == null) {
            throw new IllegalArgumentException("invalid clientId or clientType:" + str + ", " + getType());
        }
        if (this.oldCredentialValidDays > 0 && (bySeries = authTokenStore().getBySeries(clientTenantId, getType(), metaDataId)) != null) {
            bySeries.setSeries(bySeries.getSeries() + "$" + nextIndex(this.oldCredentialStore.getByOwner(clientTenantId, getType() + TYPE_POST_FIX_OLD, metaDataId)));
            bySeries.setStartDate(new Timestamp(System.currentTimeMillis()));
            bySeries.setType(bySeries.getType() + TYPE_POST_FIX_OLD);
            this.oldCredentialStore.create(bySeries);
        }
        authTokenStore().deleteBySeries(clientTenantId, getType(), metaDataId);
        AuthToken newAuthToken = newAuthToken(metaDataId, null, new OAuthClientCredentialInfo(getType()));
        authTokenStore().create(newAuthToken);
        if (logger.isInfoEnabled()) {
            logger.info(str + ":" + getType() + ",generateClientSecret,success");
        }
        return new IdPasswordCredential(str, newAuthToken.getToken());
    }

    private int nextIndex(List<AuthToken> list) {
        int i = -1;
        if (list != null) {
            Iterator<AuthToken> it = list.iterator();
            while (it.hasNext()) {
                String series = it.next().getSeries();
                int parseInt = Integer.parseInt(series.substring(series.lastIndexOf(36) + 1));
                if (i < parseInt) {
                    i = parseInt;
                }
            }
        }
        return i + 1;
    }

    public boolean validateCredential(Credential credential, String str) {
        List<AuthToken> byOwner;
        if (!(credential instanceof IdPasswordCredential)) {
            throw new OAuthRuntimeException("Currently, only IdPasswordCredential is supported.");
        }
        if (!credential.getId().equals(str)) {
            if (!logger.isWarnEnabled()) {
                return false;
            }
            logger.warn(str + ",clientValidate,fail");
            return false;
        }
        String metaDataId = metaDataId(str);
        if (metaDataId == null) {
            if (!logger.isWarnEnabled()) {
                return false;
            }
            logger.warn(str + ",clientValidate,fail");
            return false;
        }
        int clientTenantId = ExecuteContext.getCurrentContext().getClientTenantId();
        AuthToken bySeries = authTokenStore().getBySeries(clientTenantId, getType(), metaDataId);
        if (bySeries != null && checkTokenValid(((IdPasswordCredential) credential).getPassword(), bySeries)) {
            return true;
        }
        if (this.oldCredentialValidDays > 0 && (byOwner = this.oldCredentialStore.getByOwner(clientTenantId, getType() + TYPE_POST_FIX_OLD, metaDataId)) != null) {
            for (AuthToken authToken : byOwner) {
                if (authToken.getStartDate().getTime() + TimeUnit.DAYS.toMillis(this.oldCredentialValidDays) > System.currentTimeMillis() && checkTokenValid(((IdPasswordCredential) credential).getPassword(), authToken)) {
                    return true;
                }
            }
        }
        if (!logger.isWarnEnabled()) {
            return false;
        }
        logger.warn(str + ",clientValidate,fail");
        return false;
    }

    public void deleteOldCredential(String str) {
        String metaDataId = metaDataId(str);
        if (metaDataId == null) {
            throw new IllegalArgumentException("invalid clientId or clientType:" + str + ", " + getType());
        }
        this.oldCredentialStore.delete(ExecuteContext.getCurrentContext().getClientTenantId(), getType() + TYPE_POST_FIX_OLD, metaDataId);
    }

    public void inited(AuthTokenService authTokenService, Config config) {
        super.inited(authTokenService, config);
        setVisible(false);
        this.oldCredentialStore = authTokenService.getStore(getStore());
    }

    public AuthTokenInfo toAuthTokenInfo(AuthToken authToken) {
        return null;
    }

    protected Serializable createDetails(String str, String str2, String str3, String str4, AuthTokenInfo authTokenInfo) {
        return null;
    }

    public Credential toCredential(AuthToken authToken) {
        return new IdPasswordCredential(authToken.getOwnerId(), authToken.getToken());
    }

    public String newSeriesString(String str, String str2, AuthTokenInfo authTokenInfo) {
        return str;
    }
}
