package de.ikor.sip.foundation.security.authentication.x509;

import de.ikor.sip.foundation.security.authentication.ConditionalOnSIPAuthProvider;
import de.ikor.sip.foundation.security.authentication.common.validators.SIPTokenValidator;
import de.ikor.sip.foundation.security.config.SecurityConfigProperties;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.annotation.Primary;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;

@ConditionalOnSIPAuthProvider(listItemValue = SIPX509AuthenticationProvider.class, validationClass = SIPX509FileValidator.class)
@Primary
@Component
/* loaded from: input_file:de/ikor/sip/foundation/security/authentication/x509/SIPX509FileValidator.class */
public class SIPX509FileValidator implements SIPTokenValidator<SIPX509AuthenticationToken> {
    private static final String WILDCARD_VALUE = "[*]";
    private static final String DN_DELIMITER = ",";
    private static final String COMMENT_START_INDICATOR = "#";
    private static final String KEY_VALUE_SEPARATOR = "=";
    private final List<Map<String, String>> validUsers = new ArrayList();

    public SIPX509FileValidator(SecurityConfigProperties securityConfigProperties) {
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(securityConfigProperties.getSettingsForProvider(SIPX509AuthenticationProvider.class).getValidation().getFilePath().getInputStream());
            try {
                BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
                try {
                    bufferedReader.lines().forEach(str -> {
                        Map<String, String> parseEntityLine = parseEntityLine(str);
                        if (parseEntityLine.isEmpty()) {
                            return;
                        }
                        this.validUsers.add(parseEntityLine);
                    });
                    bufferedReader.close();
                    inputStreamReader.close();
                } catch (Throwable th) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException("X509 Acl file could not be parsed properly", e);
        }
    }

    private static Map<String, String> parseEntityLine(String str) {
        return distinguishedNameToMap(str.contains(COMMENT_START_INDICATOR) ? str.substring(0, str.indexOf(COMMENT_START_INDICATOR)).trim() : str);
    }

    @Override // de.ikor.sip.foundation.security.authentication.common.validators.SIPTokenValidator
    public boolean isValid(SIPX509AuthenticationToken sIPX509AuthenticationToken) {
        Map<String, String> distinguishedNameToMap = distinguishedNameToMap(sIPX509AuthenticationToken.getPrincipal().toString());
        return this.validUsers.stream().anyMatch(map -> {
            return distinguishedNameToMap.entrySet().containsAll(map.entrySet());
        });
    }

    private static Map<String, String> distinguishedNameToMap(String str) {
        if (StringUtils.isBlank(str)) {
            return new HashMap();
        }
        try {
            return (Map) Stream.of((Object[]) str.split(DN_DELIMITER)).map(str2 -> {
                return str2.split(KEY_VALUE_SEPARATOR);
            }).filter(strArr -> {
                return !strArr[1].trim().equals(WILDCARD_VALUE);
            }).collect(Collectors.toMap(strArr2 -> {
                return strArr2[0].trim();
            }, strArr3 -> {
                return strArr3[1].trim();
            }));
        } catch (Exception e) {
            throw new BadCredentialsException("Distinguished name of certificate was not in a valid form", e);
        }
    }
}
