package io.continual.iam.impl.auth0;

import com.auth0.client.auth.AuthAPI;
import com.auth0.client.mgmt.ManagementAPI;
import com.auth0.exception.APIException;
import com.auth0.exception.Auth0Exception;
import com.auth0.json.mgmt.Role;
import com.auth0.json.mgmt.RolesPage;
import com.auth0.json.mgmt.users.User;
import com.auth0.json.mgmt.users.UsersPage;
import io.continual.builder.Builder;
import io.continual.iam.IamDb;
import io.continual.iam.access.AccessControlList;
import io.continual.iam.access.ProtectedResource;
import io.continual.iam.access.Resource;
import io.continual.iam.credentials.ApiKeyCredential;
import io.continual.iam.credentials.JwtCredential;
import io.continual.iam.credentials.UsernamePasswordCredential;
import io.continual.iam.exceptions.IamBadRequestException;
import io.continual.iam.exceptions.IamGroupDoesNotExist;
import io.continual.iam.exceptions.IamGroupExists;
import io.continual.iam.exceptions.IamIdentityDoesNotExist;
import io.continual.iam.exceptions.IamIdentityExists;
import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.ApiKey;
import io.continual.iam.identity.Identity;
import io.continual.iam.identity.JwtValidator;
import io.continual.metrics.MetricsCatalog;
import io.continual.util.collections.ShardedExpiringCache;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/continual/iam/impl/auth0/Auth0IamDb.class */
public class Auth0IamDb implements IamDb<Auth0Identity, Auth0Group> {
    private final String fDomain;
    private final String fClientId;
    private final AuthAPI fAuthApi;
    private ManagementAPI fMgmntApi;
    private JwtCredential fMgmtApiToken;
    private final ShardedExpiringCache<String, Auth0Identity> fUserCache;
    private final ShardedExpiringCache<String, Auth0Group> fGroupCache;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) Auth0IamDb.class);

    public static Auth0IamDb fromJson(JSONObject jSONObject) throws IamSvcException, Builder.BuildFailure {
        return new Auth0IamDb(jSONObject);
    }

    private Auth0IamDb(JSONObject jSONObject) throws Builder.BuildFailure {
        try {
            this.fDomain = jSONObject.getString("domain");
            this.fClientId = jSONObject.getString("clientId");
            this.fAuthApi = new AuthAPI(this.fDomain, this.fClientId, jSONObject.getString("clientSecret"));
            this.fMgmntApi = null;
            this.fMgmtApiToken = null;
            this.fUserCache = new ShardedExpiringCache.Builder().named("group cache").cachingFor(5L, TimeUnit.MINUTES).withShardCount(32).build();
            this.fGroupCache = new ShardedExpiringCache.Builder().named("group cache").cachingFor(5L, TimeUnit.MINUTES).withShardCount(32).build();
        } catch (JSONException e) {
            throw new Builder.BuildFailure(e);
        }
    }

    @Override // io.continual.iam.identity.IdentityDb
    public boolean userExists(String str) throws IamSvcException {
        return loadUser(str) != null;
    }

    @Override // io.continual.iam.identity.IdentityDb
    public boolean userOrAliasExists(String str) throws IamSvcException {
        return userExists(str);
    }

    @Override // io.continual.iam.identity.IdentityDb
    public Auth0Identity loadUserOrAlias(String str) throws IamSvcException {
        return loadUser(str);
    }

    @Override // io.continual.iam.identity.IdentityManager
    public Collection<String> getAllUsers() throws IamSvcException {
        try {
            TreeSet treeSet = new TreeSet();
            Iterator<User> it = getMgmntApi().users().list(null).execute().getItems().iterator();
            while (it.hasNext()) {
                treeSet.add(it.next().getEmail());
            }
            return treeSet;
        } catch (Auth0Exception e) {
            throw new IamSvcException(e);
        }
    }

    @Override // io.continual.iam.identity.IdentityManager
    public Map<String, Auth0Identity> loadAllUsers() throws IamSvcException {
        HashMap hashMap = new HashMap();
        for (String str : getAllUsers()) {
            hashMap.put(str, loadUser(str));
        }
        return hashMap;
    }

    @Override // io.continual.iam.identity.IdentityManager
    public List<String> findUsers(String str) throws IamSvcException {
        LinkedList linkedList = new LinkedList();
        for (String str2 : getAllUsers()) {
            if (str2.startsWith(str)) {
                linkedList.add(str2);
            }
        }
        return linkedList;
    }

    @Override // io.continual.iam.access.AccessManager
    public Set<String> getUsersGroups(String str) throws IamSvcException, IamIdentityDoesNotExist {
        Auth0Identity loadUser = loadUser(str);
        if (loadUser != null) {
            return loadUser.getGroupIds();
        }
        throw new IamIdentityDoesNotExist(str);
    }

    @Override // io.continual.iam.access.AccessManager
    public Set<String> getUsersInGroup(String str) throws IamSvcException, IamGroupDoesNotExist {
        TreeSet treeSet = new TreeSet();
        try {
            UsersPage execute = getMgmntApi().roles().listUsers(str, null).execute();
            if (execute == null) {
                throw new IamGroupDoesNotExist(str);
            }
            Iterator<User> it = execute.getItems().iterator();
            while (it.hasNext()) {
                treeSet.add(it.next().getEmail());
            }
            return treeSet;
        } catch (APIException e) {
            throw new IamGroupDoesNotExist(str);
        } catch (Auth0Exception e2) {
            throw new IamSvcException(e2);
        }
    }

    @Override // io.continual.iam.access.AccessManager
    public Collection<String> getAllGroups() throws IamSvcException {
        try {
            TreeSet treeSet = new TreeSet();
            Iterator<Auth0Group> it = groupsFromRoles(getMgmntApi().roles().list(null).execute()).iterator();
            while (it.hasNext()) {
                treeSet.add(it.next().getId());
            }
            return treeSet;
        } catch (Auth0Exception e) {
            throw new IamSvcException(e);
        }
    }

    @Override // io.continual.iam.identity.IdentityDb
    public Auth0Identity loadUser(final String str) throws IamSvcException {
        try {
            return this.fUserCache.read(str, null, new ShardedExpiringCache.Fetcher<String, Auth0Identity>(this) { // from class: io.continual.iam.impl.auth0.Auth0IamDb.1
                final /* synthetic */ Auth0IamDb this$0;

                {
                    this.this$0 = this;
                }

                @Override // io.continual.util.collections.ShardedExpiringCache.Fetcher
                public Auth0Identity fetch(String str2) throws ShardedExpiringCache.Fetcher.FetchException {
                    try {
                        List<User> execute = this.this$0.getMgmntApi().users().listByEmail(str, null).execute();
                        if (execute.size() <= 0) {
                            return null;
                        }
                        User user = execute.get(0);
                        if (execute.size() > 1) {
                            Auth0IamDb.log.warn("Ignoring additional records for {}", user.getEmail());
                        }
                        return new Auth0Identity(user, this.this$0.groupsFromRoles(this.this$0.getMgmntApi().users().listRoles(user.getId(), null).execute()));
                    } catch (Auth0Exception | IamSvcException e) {
                        throw new ShardedExpiringCache.Fetcher.FetchException(e);
                    }
                }
            });
        } catch (ShardedExpiringCache.Fetcher.FetchException e) {
            throw new IamSvcException(e);
        }
    }

    @Override // io.continual.iam.access.AccessDb
    public Auth0Group loadGroup(String str) throws IamSvcException {
        try {
            return this.fGroupCache.read(str, null, new ShardedExpiringCache.Fetcher<String, Auth0Group>() { // from class: io.continual.iam.impl.auth0.Auth0IamDb.2
                @Override // io.continual.util.collections.ShardedExpiringCache.Fetcher
                public Auth0Group fetch(String str2) throws ShardedExpiringCache.Fetcher.FetchException {
                    try {
                        return new Auth0Group(Auth0IamDb.this, Auth0IamDb.this.getMgmntApi().roles().get(str2).execute());
                    } catch (Auth0Exception | IamSvcException e) {
                        throw new ShardedExpiringCache.Fetcher.FetchException(e);
                    }
                }
            });
        } catch (ShardedExpiringCache.Fetcher.FetchException e) {
            throw new IamSvcException(e);
        }
    }

    @Override // io.continual.iam.access.AccessDb
    public AccessControlList getAclFor(Resource resource) {
        if (resource instanceof ProtectedResource) {
            return ((ProtectedResource) resource).getAccessControlList();
        }
        return null;
    }

    @Override // io.continual.iam.access.AccessDb
    public boolean canUser(String str, Resource resource, String str2) throws IamSvcException {
        AccessControlList aclFor = getAclFor(resource);
        if (aclFor == null) {
            return false;
        }
        return aclFor.canUser(loadUser(str), str2);
    }

    @Override // io.continual.iam.identity.IdentityManager
    public Auth0Identity createUser(String str) throws IamIdentityExists, IamSvcException {
        readOnlyDbException();
        return null;
    }

    @Override // io.continual.iam.identity.IdentityManager
    public Auth0Identity createAnonymousUser() throws IamSvcException {
        readOnlyDbException();
        return null;
    }

    @Override // io.continual.iam.identity.IdentityManager
    public void deleteUser(String str) throws IamSvcException {
        readOnlyDbException();
    }

    @Override // io.continual.iam.identity.IdentityManager
    public void addAlias(String str, String str2) throws IamSvcException, IamBadRequestException {
        readOnlyDbException();
    }

    @Override // io.continual.iam.identity.IdentityManager
    public void removeAlias(String str) throws IamBadRequestException, IamSvcException {
        readOnlyDbException();
    }

    @Override // io.continual.iam.identity.IdentityManager
    public Collection<String> getAliasesFor(String str) throws IamSvcException, IamIdentityDoesNotExist {
        return new LinkedList();
    }

    @Override // io.continual.iam.identity.IdentityManager
    public boolean completePasswordReset(String str, String str2) throws IamSvcException {
        return false;
    }

    @Override // io.continual.iam.identity.IdentityManager
    public ApiKey loadApiKeyRecord(String str) throws IamSvcException {
        return null;
    }

    @Override // io.continual.iam.identity.IdentityManager
    public void restoreApiKey(ApiKey apiKey) throws IamIdentityDoesNotExist, IamBadRequestException, IamSvcException {
        readOnlyDbException();
    }

    @Override // io.continual.iam.identity.IdentityManager
    public void addJwtValidator(JwtValidator jwtValidator) {
        log.warn("Ignoring added JWT validator in Auth0Db");
    }

    @Override // io.continual.iam.identity.AuthService
    public Auth0Identity authenticate(UsernamePasswordCredential usernamePasswordCredential) {
        return null;
    }

    @Override // io.continual.iam.identity.AuthService
    public Auth0Identity authenticate(ApiKeyCredential apiKeyCredential) {
        return null;
    }

    @Override // io.continual.iam.identity.AuthService
    public Auth0Identity authenticate(JwtCredential jwtCredential) throws IamSvcException {
        return null;
    }

    @Override // io.continual.iam.identity.IdentityDb
    public String createJwtToken(Identity identity, long j, TimeUnit timeUnit) throws IamSvcException {
        readOnlyDbException();
        return null;
    }

    @Override // io.continual.iam.identity.IdentityDb
    public void invalidateJwtToken(String str) {
    }

    @Override // io.continual.iam.access.AccessManager
    public Auth0Group createGroup(String str) throws IamGroupExists, IamSvcException {
        readOnlyDbException();
        return null;
    }

    @Override // io.continual.iam.access.AccessManager
    public Auth0Group createGroup(String str, String str2) throws IamGroupExists, IamSvcException {
        readOnlyDbException();
        return null;
    }

    @Override // io.continual.iam.access.AccessManager
    public void addUserToGroup(String str, String str2) throws IamSvcException, IamIdentityDoesNotExist, IamGroupDoesNotExist {
        readOnlyDbException();
    }

    @Override // io.continual.iam.access.AccessManager
    public void removeUserFromGroup(String str, String str2) throws IamSvcException, IamIdentityDoesNotExist, IamGroupDoesNotExist {
        readOnlyDbException();
    }

    @Override // io.continual.iam.tags.TagManager
    public String createTag(String str, String str2, long j, TimeUnit timeUnit, String str3) throws IamSvcException {
        readOnlyDbException();
        return null;
    }

    @Override // io.continual.iam.tags.TagManager
    public String getUserIdForTag(String str) {
        return null;
    }

    @Override // io.continual.iam.tags.TagManager
    public void removeMatchingTag(String str, String str2) {
    }

    @Override // io.continual.iam.tags.TagManager
    public void sweepExpiredTags() {
    }

    @Override // io.continual.iam.access.AclUpdateListener
    public void onAclUpdate(AccessControlList accessControlList) {
    }

    @Override // io.continual.metrics.MetricsSupplier
    public void populateMetrics(MetricsCatalog metricsCatalog) {
    }

    private JSONObject readOnlyDbException() throws IamSvcException {
        throw new IamSvcException("Auth0 db is read-only");
    }

    private ManagementAPI getMgmntApi() throws IamSvcException {
        if (this.fMgmntApi != null && !this.fMgmtApiToken.isExpired()) {
            return this.fMgmntApi;
        }
        try {
            String accessToken = this.fAuthApi.requestToken("https://" + this.fDomain + "/api/v2/").execute().getAccessToken();
            this.fMgmtApiToken = new JwtCredential(accessToken);
            this.fMgmntApi = new ManagementAPI(this.fDomain, accessToken);
            return this.fMgmntApi;
        } catch (Auth0Exception | JwtCredential.InvalidJwtToken e) {
            throw new IamSvcException(e);
        }
    }

    private Set<Auth0Group> groupsFromRoles(RolesPage rolesPage) {
        TreeSet treeSet = new TreeSet();
        for (Role role : rolesPage.getItems()) {
            Auth0Group read = this.fGroupCache.read(role.getId());
            if (read == null) {
                read = new Auth0Group(this, role);
                this.fGroupCache.write(role.getId(), read);
            }
            treeSet.add(read);
        }
        return treeSet;
    }
}
