package io.uhndata.cards.auth.token.impl;

import io.uhndata.cards.auth.token.TokenManager;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Map;
import java.util.UUID;
import javax.jcr.InvalidItemStateException;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.apache.jackrabbit.util.Text;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.FieldOption;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component
/* loaded from: input_file:io/uhndata/cards/auth/token/impl/TokenManagerImpl.class */
public class TokenManagerImpl implements TokenManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenManagerImpl.class);
    private static final int SECRET_KEY_SIZE = 24;
    private final SecureRandom random = new SecureRandom();

    @Reference(fieldOption = FieldOption.REPLACE, cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY)
    private ResourceResolverFactory rrf;

    @Reference
    private TokenConfiguration configuration;

    @Override // io.uhndata.cards.auth.token.TokenManager
    public TokenInfo create(String str, Calendar calendar, Map<String, String> map) {
        try {
            ResourceResolver serviceResourceResolver = this.rrf.getServiceResourceResolver((Map) null);
            try {
                Node tokensNode = getTokensNode(str, (Session) serviceResourceResolver.adaptTo(Session.class));
                if (tokensNode != null) {
                    TokenInfo createTokenNode = createTokenNode(tokensNode, calendar, str, map);
                    if (serviceResourceResolver != null) {
                        serviceResourceResolver.close();
                    }
                    return createTokenNode;
                }
                LOGGER.warn("Unable to get/create token store for user " + str);
                if (serviceResourceResolver != null) {
                    serviceResourceResolver.close();
                }
                return null;
            } finally {
            }
        } catch (LoginException e) {
            LOGGER.error("Service access not granted: {}", e.getMessage());
            return null;
        }
    }

    @Override // io.uhndata.cards.auth.token.TokenManager
    public TokenInfo parse(String str) {
        String user;
        if (str == null) {
            return null;
        }
        String substringBefore = StringUtils.substringBefore(str, CardsTokenImpl.TOKEN_DELIMITER);
        try {
            ResourceResolver serviceResourceResolver = this.rrf.getServiceResourceResolver((Map) null);
            try {
                Node nodeByIdentifier = ((Session) serviceResourceResolver.adaptTo(Session.class)).getNodeByIdentifier(substringBefore);
                if (!isValidTokenNode(nodeByIdentifier) || (user = getUser(nodeByIdentifier)) == null) {
                    if (serviceResourceResolver != null) {
                        serviceResourceResolver.close();
                    }
                    return null;
                }
                CardsTokenImpl cardsTokenImpl = new CardsTokenImpl(nodeByIdentifier, str, user);
                if (serviceResourceResolver != null) {
                    serviceResourceResolver.close();
                }
                return cardsTokenImpl;
            } catch (Throwable th) {
                if (serviceResourceResolver != null) {
                    try {
                        serviceResourceResolver.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (LoginException e) {
            LOGGER.error("Service access not granted: {}", e.getMessage());
            return null;
        } catch (RepositoryException e2) {
            LOGGER.info("Cannot access token {}", str);
            return null;
        }
    }

    private Node getTokensNode(String str, Session session) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        try {
            return getOrCreateUserTokensNode(getOrCreateSystemTokensNode(session), str, session);
        } catch (RepositoryException e) {
            LOGGER.warn("Error while creating tokens node: {}", e.getMessage(), e);
            return null;
        }
    }

    private TokenInfo createTokenNode(Node node, Calendar calendar, String str, Map<String, String> map) {
        try {
            Node addNode = node.addNode(UUID.randomUUID().toString(), CardsTokenImpl.TOKEN_NT_NAME);
            String generateKey = generateKey();
            String str2 = addNode.getIdentifier() + "_" + generateKey;
            try {
                addNode.setProperty(CardsTokenImpl.TOKEN_ATTRIBUTE_KEY, PasswordUtil.buildPasswordHash(getKeyValue(generateKey, str), this.configuration.getParameters()));
            } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
                LOGGER.warn("Failed to hash token: {}", e.getMessage(), e);
            }
            addNode.setProperty(CardsTokenImpl.TOKEN_ATTRIBUTE_EXPIRY, calendar);
            if (map != null) {
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    if (!CardsTokenImpl.RESERVED_ATTRIBUTES.contains(entry.getKey())) {
                        addNode.setProperty(entry.getKey(), entry.getValue());
                    }
                }
            }
            addNode.getSession().save();
            return new CardsTokenImpl(addNode, str2, str);
        } catch (RepositoryException e2) {
            LOGGER.error("Failed to create token for user {}: {}", new Object[]{str, e2.getMessage(), e2});
            return null;
        }
    }

    private String generateKey() {
        byte[] bArr = new byte[SECRET_KEY_SIZE];
        this.random.nextBytes(bArr);
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(Text.hexTable[(b >> 4) & 15]);
            sb.append(Text.hexTable[b & 15]);
        }
        return sb.toString();
    }

    private String getKeyValue(String str, String str2) {
        return str + str2;
    }

    private boolean isValidTokenNode(Node node) {
        if (node == null || !node.isNode()) {
            return false;
        }
        try {
            if (CardsTokenImpl.TOKENS_NODE_PATH.equals(node.getParent().getParent().getPath())) {
                if (node.isNodeType(CardsTokenImpl.TOKEN_NT_NAME)) {
                    return true;
                }
            }
            return false;
        } catch (RepositoryException e) {
            return false;
        }
    }

    private String getUser(Node node) {
        try {
            return node.getParent().getName();
        } catch (RepositoryException e) {
            LOGGER.warn("Error while determining username for token {}: {}", new Object[]{node, e.getMessage(), e});
            return null;
        }
    }

    private Node getOrCreateSystemTokensNode(Session session) throws PathNotFoundException, RepositoryException {
        return getOrCreateNode(session.getRootNode().getNode(CardsTokenImpl.SYSTEM_NODE_NAME), CardsTokenImpl.TOKENS_NODE_NAME, CardsTokenImpl.TOKENS_NT_NAME, session);
    }

    private Node getOrCreateUserTokensNode(Node node, String str, Session session) throws PathNotFoundException, RepositoryException {
        return getOrCreateNode(node, str, CardsTokenImpl.TOKENS_NT_NAME, session);
    }

    private Node getOrCreateNode(Node node, String str, String str2, Session session) throws PathNotFoundException, RepositoryException {
        Node node2;
        try {
            node2 = node.hasNode(str) ? node.getNode(str) : node.addNode(str, str2);
            session.save();
        } catch (InvalidItemStateException e) {
            session.refresh(false);
            node2 = node.getNode(str);
        }
        return node2;
    }
}
