package se.arkalix.security.access;

import java.security.PublicKey;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import se.arkalix.ArSystem;
import se.arkalix.description.ConsumerDescription;
import se.arkalix.description.ServiceDescription;
import se.arkalix.descriptor.SecurityDescriptor;
import se.arkalix.internal.security.access.AccessToken;

/* loaded from: input_file:se/arkalix/security/access/AccessByToken.class */
public class AccessByToken implements AccessPolicy {
    private final AtomicReference<PublicKey> authorizationKey;

    public AccessByToken() {
        this.authorizationKey = new AtomicReference<>(null);
    }

    public AccessByToken(PublicKey publicKey) {
        this.authorizationKey = new AtomicReference<>(publicKey);
    }

    public void authorizationKey(PublicKey publicKey) {
        this.authorizationKey.set(publicKey);
    }

    @Override // se.arkalix.security.access.AccessPolicy
    public SecurityDescriptor descriptor() {
        return SecurityDescriptor.TOKEN;
    }

    @Override // se.arkalix.security.access.AccessPolicy
    public boolean isAuthorized(ConsumerDescription consumerDescription, ArSystem arSystem, ServiceDescription serviceDescription, String str) throws AccessTokenException {
        Objects.requireNonNull(consumerDescription, "Expected consumer");
        Objects.requireNonNull(serviceDescription, "Expected service");
        if (str == null) {
            return false;
        }
        PublicKey publicKey = this.authorizationKey.get();
        if (publicKey == null) {
            throw new IllegalStateException("Cannot verify token; no authorization key is available");
        }
        AccessToken read = AccessToken.read(str, arSystem.identity().privateKey(), publicKey);
        String cid = read.cid();
        String commonName = consumerDescription.identity().commonName();
        return commonName.startsWith(cid) && commonName.charAt(cid.length()) == '.' && Objects.equals(read.sid(), serviceDescription.name()) && serviceDescription.interfaces().contains(read.iid());
    }
}
