package io.uhndata.cards.auth.token.impl;

import io.uhndata.cards.auth.token.CardsToken;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.jcr.Node;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.namespace.NamespaceConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.apache.jackrabbit.util.ISO8601;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/uhndata/cards/auth/token/impl/CardsTokenImpl.class */
public class CardsTokenImpl implements CardsToken {
    public static final String SYSTEM_NODE_NAME = "jcr:system";
    private static final Logger LOGGER = LoggerFactory.getLogger(CardsTokenImpl.class);
    private final Node tokenNode;
    private final Tree tokenTree;
    private final Root root;
    private final String loginToken;
    private final String userId;
    private final Calendar expirationTime;
    private final String validationKey;
    private final Map<String, String> attributes;

    public CardsTokenImpl(Node node, String str, String str2) {
        this.tokenNode = node;
        this.root = null;
        this.tokenTree = null;
        this.loginToken = str;
        this.userId = str2;
        this.expirationTime = parseExpirationTime();
        this.validationKey = getValidationKey();
        HashMap hashMap = new HashMap();
        try {
            PropertyIterator properties = node.getProperties();
            while (properties.hasNext()) {
                Property nextProperty = properties.nextProperty();
                String name = nextProperty.getName();
                String string = nextProperty.getString();
                if (!RESERVED_ATTRIBUTES.contains(name)) {
                    if (!isSystemProperty(name)) {
                        hashMap.put(name, string);
                    }
                }
            }
        } catch (RepositoryException e) {
            LOGGER.warn("Failed to access token: {}", e.getMessage(), e);
        }
        this.attributes = Collections.unmodifiableMap(hashMap);
    }

    public CardsTokenImpl(Root root, Tree tree, String str, String str2) {
        this.tokenNode = null;
        this.root = root;
        this.tokenTree = tree;
        this.loginToken = str;
        this.userId = str2;
        this.expirationTime = parseExpirationTime();
        this.validationKey = getValidationKey();
        HashMap hashMap = new HashMap();
        for (PropertyState propertyState : this.tokenTree.getProperties()) {
            String name = propertyState.getName();
            String str3 = (String) propertyState.getValue(Type.STRING);
            if (!RESERVED_ATTRIBUTES.contains(name) && !isSystemProperty(name)) {
                hashMap.put(name, str3);
            }
        }
        this.attributes = Collections.unmodifiableMap(hashMap);
    }

    public String getUserId() {
        return this.userId;
    }

    public String getToken() {
        return this.loginToken;
    }

    public boolean isExpired(long j) {
        return this.expirationTime.toInstant().getEpochSecond() * 1000 < j;
    }

    public boolean resetExpiration(long j) {
        return false;
    }

    public boolean remove() {
        try {
            if (this.tokenNode != null) {
                this.tokenNode.remove();
                this.tokenNode.getSession().save();
                return true;
            }
            if (this.tokenTree == null) {
                return true;
            }
            this.tokenTree.remove();
            this.root.commit();
            return true;
        } catch (RepositoryException | CommitFailedException e) {
            LOGGER.debug("Error while removing token {}: {}", this.loginToken, e.getMessage());
            return false;
        }
    }

    public boolean matches(TokenCredentials tokenCredentials) {
        String substringAfter = StringUtils.substringAfter(tokenCredentials.getToken(), CardsToken.TOKEN_DELIMITER);
        if (this.validationKey == null || !PasswordUtil.isSame(this.validationKey, computeSecretToken(substringAfter, this.userId))) {
            return false;
        }
        List asList = Arrays.asList(tokenCredentials.getAttributeNames());
        for (Map.Entry<String, String> entry : this.attributes.entrySet()) {
            String key = entry.getKey();
            if (!asList.contains(key)) {
                tokenCredentials.setAttribute(key, entry.getValue());
            }
        }
        return true;
    }

    public Map<String, String> getPrivateAttributes() {
        return Collections.emptyMap();
    }

    public Map<String, String> getPublicAttributes() {
        return this.attributes;
    }

    private boolean isSystemProperty(String str) {
        return NamespaceConstants.RESERVED_PREFIXES.contains(Text.getNamespacePrefix(str));
    }

    private Calendar parseExpirationTime() {
        if (this.tokenNode == null) {
            if (this.tokenTree == null || !this.tokenTree.hasProperty(CardsToken.TOKEN_ATTRIBUTE_EXPIRY)) {
                return null;
            }
            return ISO8601.parse((String) this.tokenTree.getProperty(CardsToken.TOKEN_ATTRIBUTE_EXPIRY).getValue(Type.DATE));
        }
        try {
            if (this.tokenNode.hasProperty(CardsToken.TOKEN_ATTRIBUTE_EXPIRY)) {
                return this.tokenNode.getProperty(CardsToken.TOKEN_ATTRIBUTE_EXPIRY).getDate();
            }
            return null;
        } catch (RepositoryException e) {
            LOGGER.warn("Failed to access token expiration date for {}: {}", new Object[]{this.loginToken, e.getMessage(), e});
            return null;
        }
    }

    @Override // io.uhndata.cards.auth.token.CardsToken
    public Calendar getExpirationTime() {
        return this.expirationTime;
    }

    private String getValidationKey() {
        if (this.tokenNode == null) {
            if (this.tokenTree == null || !this.tokenTree.hasProperty(CardsToken.TOKEN_ATTRIBUTE_KEY)) {
                return null;
            }
            return (String) this.tokenTree.getProperty(CardsToken.TOKEN_ATTRIBUTE_KEY).getValue(Type.STRING);
        }
        try {
            if (this.tokenNode.hasProperty(CardsToken.TOKEN_ATTRIBUTE_KEY)) {
                return this.tokenNode.getProperty(CardsToken.TOKEN_ATTRIBUTE_KEY).getString();
            }
            return null;
        } catch (RepositoryException e) {
            LOGGER.warn("Failed to access token validation key for {}: {}", new Object[]{this.loginToken, e.getMessage(), e});
            return null;
        }
    }

    private String computeSecretToken(String str, String str2) {
        return str + str2;
    }
}
