package de.mhus.lib.core.security;

import de.mhus.lib.core.MLog;
import de.mhus.lib.core.MPassword;
import de.mhus.lib.core.MPeriod;
import de.mhus.lib.core.MString;
import de.mhus.lib.core.MSystem;
import de.mhus.lib.core.aaa.Aaa;
import de.mhus.lib.core.aaa.BearerConfiguration;
import de.mhus.lib.core.aaa.TrustedToken;
import de.mhus.lib.core.cfg.CfgLong;
import de.mhus.lib.core.cfg.CfgNode;
import de.mhus.lib.core.node.INode;
import de.mhus.lib.core.util.SecureString;
import de.mhus.lib.core.util.SoftHashMap;
import de.mhus.lib.errors.NotFoundRuntimeException;
import de.mhus.lib.form.definition.IFmElement;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;

/* loaded from: input_file:de/mhus/lib/core/security/TrustFromConfiguration.class */
public class TrustFromConfiguration extends MLog implements TrustApi {
    public static final BearerConfiguration BEARER_CONFIG = new BearerConfiguration();
    private static final CfgLong CFG_BEARER_CONFIG_TIMEOUT = (CfgLong) new CfgLong(TrustApi.class, "bearerTimeout", MPeriod.HOUR_IN_MILLISECOUNDS).updateAction(l -> {
        BEARER_CONFIG.setTimeout(l.longValue());
    }).doUpdateAction();
    private Map<String, SecureString> passwordCache = Collections.synchronizedMap(new SoftHashMap());
    private Map<String, TYPE> typeCache = Collections.synchronizedMap(new SoftHashMap());
    private Map<String, String> targetCache = Collections.synchronizedMap(new SoftHashMap());
    private CfgNode config = (CfgNode) new CfgNode(TrustApi.class, "", null).updateAction(iNode -> {
        synchronized (this.passwordCache) {
            this.passwordCache.clear();
        }
    });

    /* loaded from: input_file:de/mhus/lib/core/security/TrustFromConfiguration$TYPE.class */
    public enum TYPE {
        PLAIN,
        JWT
    }

    public SecureString getPassword(String str) {
        INode value;
        if (MString.isSet(str)) {
            SecureString secureString = this.passwordCache.get(str);
            if (secureString == null && (value = this.config.value()) != null) {
                for (INode iNode : value.getObjects()) {
                    if (iNode.getString(IFmElement.NAME, "").equals(str)) {
                        secureString = MPassword.decodeSecure(iNode.getString("password", ""));
                        this.passwordCache.put(str, secureString);
                    }
                }
            }
            if (secureString != null) {
                return secureString;
            }
        }
        throw new NotFoundRuntimeException(new Object[]{"unknown trust", str});
    }

    public TYPE getType(String str) {
        INode value;
        TYPE type = this.typeCache.get(str);
        if (type == null && (value = this.config.value()) != null) {
            for (INode iNode : value.getObjects()) {
                if (iNode.getString(IFmElement.NAME, "").equals(str)) {
                    type = TYPE.valueOf(iNode.getString("type", "JWT"));
                    this.typeCache.put(str, type);
                }
            }
        }
        if (type != null) {
            return type;
        }
        throw new NotFoundRuntimeException(new Object[]{"unknown trust", str});
    }

    @Override // de.mhus.lib.core.security.TrustApi
    public AuthenticationToken createToken(String str) {
        String[] split = str.split(":", 3);
        validatePassword(split[0], split[2]);
        return new TrustedToken(split[1]);
    }

    public boolean validatePassword(String str, String str2) {
        return str2.equals(getPassword(str).value());
    }

    @Override // de.mhus.lib.core.security.TrustApi
    public String createToken(String str, Object obj, Subject subject) {
        String trustFor = getTrustFor(str, obj);
        switch (getType(trustFor)) {
            case PLAIN:
                return createTrustTicket(trustFor, getPassword(trustFor), subject);
            case JWT:
                return "jwt:" + Aaa.createBearerToken(subject, MSystem.getHostname(), BEARER_CONFIG);
            default:
                throw new NotFoundRuntimeException(new Object[]{"unknown trust type", trustFor});
        }
    }

    public String getTrustFor(String str, Object obj) {
        INode value;
        String str2 = str + ":" + obj;
        String str3 = this.targetCache.get(str2);
        if (str3 == null && (value = this.config.value()) != null) {
            Iterator<INode> it = value.getObjects().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                INode next = it.next();
                if (next.getString("source", "").matches(str)) {
                    str3 = next.getString(IFmElement.NAME, null);
                    this.targetCache.put(str2, str3);
                    break;
                }
            }
            if (str3 == null) {
                throw new NotFoundRuntimeException(new Object[]{"trust not found for source", str});
            }
        }
        return str3;
    }
}
