package org.opendof.core.internal.core;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import org.opendof.core.internal.core.OALCore;
import org.opendof.core.internal.core.OALOperation;
import org.opendof.core.internal.core.security.ScopedPermissionList;
import org.opendof.core.internal.protocol.security.Authenticator;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.KeyRequest;
import org.opendof.core.internal.protocol.security.Validator;
import org.opendof.core.internal.protocol.security.credentials.Credentials;
import org.opendof.core.internal.protocol.trp.ScopeOperation;
import org.opendof.core.internal.util.AsyncRunnable;
import org.opendof.core.oal.DOF;
import org.opendof.core.oal.DOFErrorException;
import org.opendof.core.oal.DOFException;
import org.opendof.core.oal.DOFInterfaceID;
import org.opendof.core.oal.DOFObjectID;
import org.opendof.core.oal.DOFOperation;
import org.opendof.core.oal.security.DOFAuthenticationFailedException;
import org.opendof.core.oal.security.DOFPermission;
import org.opendof.core.oal.security.DOFPermissionSet;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/core/OALBridge.class */
public class OALBridge {
    private static volatile OALBridge PASS_THROUGH_BRIDGE;
    private final String name;
    protected final OALCore core;
    private final Credentials credentials;
    private final DOFPermissionSet initialPermissions;
    private final boolean isExtendAllowed;
    private OALSecurityScope nodeScope;
    private final ScopedPermissionList permissions;
    public static final DOFPermission ACT_AS_ANY = new DOFPermission.ActAsAny();
    public static final DOFPermission TUNNEL_ANY = new DOFPermission.TunnelDomain(1073741823);
    public static final DOFPermissionSet GENERAL_BINDING_PERMS = new DOFPermissionSet.Builder().addPermission(new DOFPermission.Requestor()).addPermission(new DOFPermission.Provider()).addPermission(new DOFPermission.Binding.Builder(4).build()).addPermission(new DOFPermission.Binding.Builder(2).build()).addPermission(new DOFPermission.Binding.Builder(1).build()).addPermission(new DOFPermission.Binding.Builder(8).build()).addPermission(new DOFPermission.Binding.Builder(16).build()).build();
    private static final Object passThruConstructMonitor = new Object();
    private final int TIMEOUT = 30000;
    private final AtomicLong grantEnd = new AtomicLong();
    private final AtomicLong nextAuthorize = new AtomicLong();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendof/core/internal/core/OALBridge$TempPassThroughBridge.class */
    public static final class TempPassThroughBridge extends OALBridge {
        private TempPassThroughBridge(OALCore oALCore) {
            super("pass_through_bridge", oALCore, null, null, false);
        }

        @Override // org.opendof.core.internal.core.OALBridge
        public boolean isPassThrough() {
            return true;
        }

        @Override // org.opendof.core.internal.core.OALBridge
        public boolean isUnsecure() {
            return false;
        }

        @Override // org.opendof.core.internal.core.OALBridge
        public boolean isCompatible(OALSecurityScope oALSecurityScope) {
            return true;
        }

        @Override // org.opendof.core.internal.core.OALBridge
        public OALSecurityScope getScope(DOFPermission dOFPermission) {
            if (dOFPermission == null) {
                return null;
            }
            return OALCore.getUnsecureScope();
        }
    }

    public static OALBridge getPassThroughBridge(OALCore oALCore) {
        OALBridge oALBridge;
        synchronized (passThruConstructMonitor) {
            if (PASS_THROUGH_BRIDGE == null && oALCore != null) {
                PASS_THROUGH_BRIDGE = new TempPassThroughBridge(oALCore);
            }
            oALBridge = PASS_THROUGH_BRIDGE;
        }
        return oALBridge;
    }

    public static OALBridge createConnectionBridge(String str, OALCore oALCore, DOFOperation.Bridge.Config config) {
        return new OALBridge(str, oALCore, config.getCredentials() != null ? oALCore.globalFactory.getInternalCredentials(config.getCredentials()) : null, config.getPermissions(), config.isPermissionsExtendAllowed());
    }

    public OALBridge(String str, OALCore oALCore, Credentials credentials, DOFPermissionSet dOFPermissionSet, boolean z) {
        this.name = str;
        this.core = oALCore;
        this.credentials = credentials;
        this.initialPermissions = dOFPermissionSet == null ? new DOFPermissionSet.Builder().build() : dOFPermissionSet;
        this.isExtendAllowed = z;
        this.permissions = ScopedPermissionList.create(null, null);
        this.nodeScope = OALCore.getUnsecureScope();
    }

    public void authorize(int i) throws DOFException {
        if (this.credentials == null) {
            return;
        }
        if (!this.credentials.isResolved()) {
            this.credentials.resolve(this.core, null, i);
        }
        this.core.getDomainStore().registerCredentials(this.credentials);
        DOFPermissionSet.Builder builder = new DOFPermissionSet.Builder(this.initialPermissions);
        if (this.isExtendAllowed) {
            builder.addPermissions(GENERAL_BINDING_PERMS);
        }
        DOFPermissionSet build = builder.build();
        Set<Short> tRPAppIDsForDomain = this.core.getTRPAppIDsForDomain(this.credentials.getDomainID());
        OALOperation.WaitingListener waitingListener = new OALOperation.WaitingListener();
        OALOperation.MultiResponseCompleteListener multiResponseCompleteListener = new OALOperation.MultiResponseCompleteListener(waitingListener, tRPAppIDsForDomain.size());
        Iterator<Short> it = tRPAppIDsForDomain.iterator();
        while (it.hasNext()) {
            ScopeOperation scopeOperation = new ScopeOperation(new OALOperation.State(this.core, new OALCore.EmptyOperationSource(), this.core.createOperationID(), i), new Authenticator.RequestSecurityScopes(this.credentials.getDomainID(), new KeyRequest(EncryptionUtil.createRandomNonce(8), this.credentials.getIdentification(), build, (short) 1), this.credentials.getIdentity()), this.credentials, null, it.next().shortValue());
            scopeOperation.setCompleteListener(multiResponseCompleteListener);
            this.core.process(scopeOperation);
        }
        try {
            waitingListener.waitComplete(i);
            ScopeOperation scopeOperation2 = (ScopeOperation) waitingListener.getOperation();
            if (scopeOperation2.getScope() == null || !scopeOperation2.getScope().hasIDs()) {
                throw new DOFAuthenticationFailedException("Unable to authorize bridge.");
            }
            OALSecurityScope scope = scopeOperation2.getScope();
            this.nodeScope = this.core.globalFactory.createSecurityScope(this.core, this.core.getDomainStore().getDomainAlias(this.credentials), scope.getIDs(), scope.isAllScopes(), scope.isMasking());
            ScopedPermissionList create = ScopedPermissionList.create(build, scopeOperation2.getScopeList().intersectWith(this.nodeScope));
            this.permissions.clear();
            this.permissions.add(create);
            this.grantEnd.set(System.currentTimeMillis() + (scopeOperation2.getScopeResponse().getResponseBlock().getGrantedDuration() * this.core.getGrantTimeUnit()));
            this.nextAuthorize.set(this.grantEnd.get() - (5 * this.core.getGrantTimeUnit()));
            obtainSecureSID(this.credentials);
        } catch (DOFSecurityException e) {
            throw e;
        } catch (DOFErrorException e2) {
            throw new DOFSecurityException("Bridge Authentication Failed: TIMEOUT");
        } catch (Exception e3) {
            throw new DOFAuthenticationFailedException(e3);
        }
    }

    public void obtainSecureSID(Credentials credentials) throws DOFSecurityException {
        Validator validator = new Validator(this.core);
        validator.validate(credentials, null, null, 30000);
        if (validator.isValid()) {
            this.core.setSourceID(credentials, validator.getSourceID());
        }
    }

    public int getRdid() {
        if (this.credentials != null) {
            return this.credentials.getRdid();
        }
        return -1;
    }

    public OALSecurityScope getScope(DOFPermission dOFPermission) {
        if (dOFPermission == null) {
            return getNodeScope();
        }
        if (isUnsecure() || isIdentity(dOFPermission)) {
            return OALCore.getUnsecureScope();
        }
        OALSecurityScope securityScope = this.permissions.getSecurityScope(this.core, dOFPermission, this.isExtendAllowed);
        this.core.permissionRequested(this.credentials.getIdentity(), dOFPermission, securityScope);
        return securityScope;
    }

    public OALSecurityScope getScope(DOFPermissionSet dOFPermissionSet) {
        if (dOFPermissionSet == null) {
            return getNodeScope();
        }
        if (isUnsecure()) {
            return OALCore.getUnsecureScope();
        }
        ArrayList<OALSecurityScope> arrayList = new ArrayList();
        for (DOFPermission dOFPermission : dOFPermissionSet.getPermissions()) {
            OALSecurityScope unsecureScope = isIdentity(dOFPermission) ? OALCore.getUnsecureScope() : this.permissions.getSecurityScope(this.core, dOFPermission, this.isExtendAllowed);
            if (unsecureScope == null) {
                return null;
            }
            arrayList.add(unsecureScope);
            this.core.permissionRequested(this.credentials.getIdentity(), dOFPermission, unsecureScope);
        }
        OALSecurityScope oALSecurityScope = null;
        for (OALSecurityScope oALSecurityScope2 : arrayList) {
            oALSecurityScope = oALSecurityScope == null ? oALSecurityScope2 : oALSecurityScope.getCompatibleScope(oALSecurityScope2);
        }
        return oALSecurityScope;
    }

    public DOFObjectID.Source getSourceID() {
        return isUnsecure() ? this.core.getSourceID() : this.core.getSourceID(this.credentials);
    }

    public ArrayList<DOFPermission> getUnobtainedPermissions(ArrayList<DOFPermission> arrayList) throws DOFSecurityException {
        ArrayList<DOFPermission> arrayList2 = new ArrayList<>();
        for (int size = arrayList.size() - 1; size >= 0; size--) {
            DOFPermission dOFPermission = arrayList.get(size);
            OALSecurityScope scope = getScope(dOFPermission);
            if (scope == null) {
                if (dOFPermission instanceof DOFPermission.IAm) {
                    throw new DOFSecurityException("No IAm permission.");
                }
                arrayList2.add(dOFPermission);
            } else if (!scope.hasIDs()) {
                throw new DOFSecurityException("Permission has been denied");
            }
        }
        return arrayList2;
    }

    public boolean isGrantKnown(DOFPermission dOFPermission) {
        return this.permissions.isGrantKnown(dOFPermission, this.isExtendAllowed);
    }

    public OALSecurityScope getNodeScope() {
        return this.nodeScope;
    }

    public boolean isUnsecure() {
        return this.nodeScope.equals(OALCore.getUnsecureScope());
    }

    public Credentials getCredentials() {
        return this.credentials;
    }

    public DOFObjectID.Domain getDomainID() {
        if (this.credentials == null) {
            return null;
        }
        return this.credentials.getDomainID();
    }

    public boolean isPermissionsExtendAllowed() {
        return this.isExtendAllowed;
    }

    public boolean isPassThrough() {
        return false;
    }

    public boolean isCompatible(OALSecurityScope oALSecurityScope) {
        return (oALSecurityScope == null || oALSecurityScope.equals(OALCore.getUnsecureScope())) ? isUnsecure() : getNodeScope().isCompatible(oALSecurityScope);
    }

    public boolean extendPermission(DOFPermission dOFPermission) {
        return extendPermissions(new DOFPermissionSet.Builder().addPermission(dOFPermission).build());
    }

    public boolean extendPermissions(DOFPermissionSet dOFPermissionSet) {
        if (!this.isExtendAllowed || isUnsecure()) {
            return false;
        }
        try {
            DOFPermissionSet optimizeRequestPermissions = optimizeRequestPermissions(dOFPermissionSet, this.permissions);
            Set<Short> tRPAppIDsForDomain = this.core.getTRPAppIDsForDomain(this.credentials.getDomainID());
            OALOperation.WaitingListener waitingListener = new OALOperation.WaitingListener();
            OALOperation.MultiResponseCompleteListener multiResponseCompleteListener = new OALOperation.MultiResponseCompleteListener(waitingListener, tRPAppIDsForDomain.size());
            Iterator<Short> it = tRPAppIDsForDomain.iterator();
            while (it.hasNext()) {
                ScopeOperation scopeOperation = new ScopeOperation(new OALOperation.State(this.core, new OALCore.EmptyOperationSource(), this.core.createOperationID(), 30000), new Authenticator.RequestSecurityScopes(this.credentials.getDomainID(), new KeyRequest(EncryptionUtil.createRandomNonce(8), this.credentials.getIdentification(), optimizeRequestPermissions, (short) 1), this.credentials.getIdentity()), this.credentials, null, it.next().shortValue());
                scopeOperation.setCompleteListener(multiResponseCompleteListener);
                this.core.process(scopeOperation);
            }
            try {
                waitingListener.waitComplete(30000);
                this.permissions.add(ScopedPermissionList.create(optimizeRequestPermissions, ((ScopeOperation) waitingListener.getOperation()).getScopeResponse().getResponseBlock().getSecurityScopes()));
                return true;
            } catch (DOFSecurityException e) {
                throw e;
            } catch (DOFErrorException e2) {
                throw new DOFSecurityException("Bridge Extension Failed: TIMEOUT");
            } catch (Exception e3) {
                throw new DOFAuthenticationFailedException(e3);
            }
        } catch (DOFException e4) {
            return false;
        }
    }

    public static boolean isIdentity(DOFPermission dOFPermission) {
        switch (dOFPermission.getPermissionType()) {
            case 3:
                return true;
            case 5:
                return true;
            default:
                return false;
        }
    }

    public static boolean isWireAllowed(DOFPermissionSet dOFPermissionSet) {
        Iterator<DOFPermission> it = dOFPermissionSet.getPermissions().iterator();
        while (it.hasNext()) {
            switch (it.next().getPermissionType()) {
                case 1:
                case 3:
                case 5:
                case 7:
                case 128:
                case 130:
                case 131:
                case 133:
                default:
                    return false;
            }
        }
        return true;
    }

    public void checkGrantDuration() {
        if (!isUnsecure() && this.nextAuthorize.get() <= System.currentTimeMillis()) {
            this.nextAuthorize.set(this.nextAuthorize.get() + this.core.getGrantTimeUnit());
            this.core.getThreadPool().submit(new AsyncRunnable() { // from class: org.opendof.core.internal.core.OALBridge.1
                @Override // org.opendof.core.internal.util.NameableRunnable
                public String getName() {
                    return "AsyncReauthorizeBridge";
                }

                @Override // java.lang.Runnable
                public void run() {
                    try {
                        OALBridge.this.authorize(30000);
                    } catch (DOFException e) {
                        if (DOF.Log.isLogError()) {
                            DOF.Log.message("DOFOperation.Bridge", DOF.Log.Level.ERROR, "Failed to reauthorize bridge.", e);
                        }
                    }
                }
            });
        }
    }

    public String toString() {
        return this.name;
    }

    public static DOFPermissionSet optimizeRequestPermissions(DOFPermissionSet dOFPermissionSet, ScopedPermissionList scopedPermissionList) {
        DOFPermissionSet appendGeneralRequestPermissions = appendGeneralRequestPermissions(dOFPermissionSet);
        DOFPermissionSet.Builder builder = new DOFPermissionSet.Builder();
        for (DOFPermission dOFPermission : appendGeneralRequestPermissions.getPermissions()) {
            if (!scopedPermissionList.isGrantAsked(dOFPermission)) {
                builder.addPermission(dOFPermission);
            }
        }
        return builder.build();
    }

    private static DOFPermissionSet appendGeneralRequestPermissions(DOFPermissionSet dOFPermissionSet) {
        DOFPermissionSet.Builder builder = new DOFPermissionSet.Builder();
        for (DOFPermission dOFPermission : dOFPermissionSet.getPermissions()) {
            builder.addPermission(dOFPermission);
            switch (dOFPermission.getPermissionType()) {
                case 1:
                    DOFPermission.Binding binding = (DOFPermission.Binding) dOFPermission;
                    builder.addPermission(new DOFPermission.Binding.Builder(binding.getActions()).setAllAttributesAllowed(false).build());
                    builder.addPermissions(binding.getComplement());
                    Iterator<DOFObjectID> it = binding.getObjectIDs().iterator();
                    while (it.hasNext()) {
                        builder.addPermission(new DOFPermission.Binding.Builder(binding.getActions()).setAllAttributesAllowed(false).addObjectID(it.next()).build());
                    }
                    Iterator<DOFInterfaceID> it2 = binding.getInterfaceIDs().iterator();
                    while (it2.hasNext()) {
                        builder.addPermission(new DOFPermission.Binding.Builder(binding.getActions()).setAllAttributesAllowed(false).addInterfaceID(it2.next()).build());
                    }
                    if (binding.getAttributes() != null) {
                        Iterator<DOFObjectID.Attribute> it3 = binding.getAttributes().iterator();
                        while (it3.hasNext()) {
                            builder.addPermission(new DOFPermission.Binding.Builder(binding.getActions()).setAllAttributesAllowed(false).addRequiredAttribute(it3.next()).build());
                        }
                        break;
                    } else {
                        break;
                    }
                case 3:
                    builder.addPermission(new DOFPermission.ActAsAny());
                    break;
                case 5:
                    builder.addPermission(new DOFPermission.ActAsAny());
                    break;
                case 131:
                    builder.addPermission(new DOFPermission.Define(DOFInterfaceID.WILDCARD));
                    break;
                case 133:
                    builder.addPermission(new DOFPermission.TunnelDomain(1073741823));
                    break;
            }
        }
        return builder.build();
    }
}
