package com.tokera.ate.dto;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.tokera.ate.annotations.YamlTag;
import com.tokera.ate.common.UUIDTools;
import com.tokera.ate.dao.enumerations.RiskRole;
import com.tokera.ate.dao.enumerations.UserRole;
import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.impl.AssertionUnmarshaller;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.schema.XSString;

@YamlTag("dto.token")
/* loaded from: input_file:com/tokera/ate/dto/TokenDto.class */
public class TokenDto {

    @JsonProperty
    @NotNull
    @Size(min = 1)
    private String xmlToken;

    @JsonProperty
    @Size(min = 43, max = 43)
    @Pattern(regexp = "^(?:[A-Za-z0-9+\\/\\-_])*(?:[A-Za-z0-9+\\/\\-_]{2}==|[A-Za-z0-9+\\/\\-_]{3}=)?$")
    private String tokenHash;

    @JsonProperty
    private List<ClaimDto> claimsCache = null;
    public static final String SECURITY_CLAIM_USERNAME = "claim://token/username";
    public static final String SECURITY_CLAIM_USER_ID = "claim://token/user-id";
    public static final String SECURITY_CLAIM_ACCOUNT_ID = "claim://token/account-id";
    public static final String SECURITY_CLAIM_NODE_ID = "claim://token/node-id";
    public static final String SECURITY_CLAIM_CLUSTER_ID = "claim://token/cluster-id";
    public static final String SECURITY_CLAIM_RISK_ROLE = "claim://token/risk-role";
    public static final String SECURITY_CLAIM_USER_ROLE = "claim://token/user-role";
    public static final String SECURITY_CLAIM_READ_KEY = "claim://token/read-key";
    public static final String SECURITY_CLAIM_WRITE_KEY = "claim://token/write-key";

    @Deprecated
    public TokenDto() {
    }

    public TokenDto(String str) {
        this.xmlToken = str;
    }

    public String getXmlToken() {
        return this.xmlToken;
    }

    private static String computeTokenHash(String str) {
        try {
            return Base64.encodeBase64String(MessageDigest.getInstance("SHA-256").digest(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            throw new WebApplicationException("Unable to generate the token hash.", e);
        }
    }

    public String getHash() {
        String str = this.tokenHash;
        if (str == null) {
            str = computeTokenHash(this.xmlToken);
            this.tokenHash = str;
        }
        return str;
    }

    public Assertion getAssertion() {
        try {
            BasicParserPool basicParserPool = new BasicParserPool();
            basicParserPool.setNamespaceAware(true);
            return new AssertionUnmarshaller().unmarshall(basicParserPool.parse(new ByteArrayInputStream(getXmlToken().getBytes())).getDocumentElement());
        } catch (UnmarshallingException | XMLParserException e) {
            throw new WebApplicationException("Client passed an invalid Token", Response.Status.BAD_REQUEST);
        }
    }

    public List<ClaimDto> getClaimsForKey(String str) {
        ArrayList arrayList = new ArrayList();
        for (ClaimDto claimDto : getClaims()) {
            if (str.equals(claimDto.getKey())) {
                arrayList.add(claimDto);
            }
        }
        return arrayList;
    }

    public List<ClaimDto> getClaims() {
        List<ClaimDto> list = this.claimsCache;
        if (list != null) {
            return list;
        }
        Assertion assertion = getAssertion();
        ArrayList arrayList = new ArrayList();
        Iterator it = assertion.getAttributeStatements().iterator();
        while (it.hasNext()) {
            for (Attribute attribute : ((AttributeStatement) it.next()).getAttributes()) {
                if (attribute.getName().length() > 0) {
                    for (XSString xSString : attribute.getAttributeValues()) {
                        if (xSString instanceof XSString) {
                            arrayList.add(new ClaimDto(attribute.getName(), xSString.getValue()));
                        }
                    }
                }
            }
        }
        this.claimsCache = arrayList;
        return arrayList;
    }

    public boolean hasRiskRole(RiskRole riskRole) {
        return hasClaim(SECURITY_CLAIM_RISK_ROLE, riskRole.name());
    }

    public boolean hasUserRole(UserRole userRole) {
        return hasClaim(SECURITY_CLAIM_USER_ROLE, userRole.name());
    }

    public boolean hasUserId() {
        for (ClaimDto claimDto : getClaims()) {
            if (claimDto.getKey().equalsIgnoreCase(SECURITY_CLAIM_USER_ID) && UUIDTools.parseUUIDorNull(claimDto.getValue()) != null) {
                return true;
            }
        }
        return false;
    }

    public UUID getUserId() {
        UUID parseUUIDorNull;
        for (ClaimDto claimDto : getClaims()) {
            if (claimDto.getKey().equalsIgnoreCase(SECURITY_CLAIM_USER_ID) && (parseUUIDorNull = UUIDTools.parseUUIDorNull(claimDto.getValue())) != null) {
                return parseUUIDorNull;
            }
        }
        throw new WebApplicationException("Unable to find user ID in token.");
    }

    public UUID getUserIdOrNull() {
        UUID parseUUIDorNull;
        for (ClaimDto claimDto : getClaims()) {
            if (claimDto.getKey().equalsIgnoreCase(SECURITY_CLAIM_USER_ID) && (parseUUIDorNull = UUIDTools.parseUUIDorNull(claimDto.getValue())) != null) {
                return parseUUIDorNull;
            }
        }
        return null;
    }

    public String getUsername() {
        for (ClaimDto claimDto : getClaims()) {
            if (claimDto.getKey().equalsIgnoreCase(SECURITY_CLAIM_USERNAME)) {
                return claimDto.getValue();
            }
        }
        throw new WebApplicationException("Unable to find username in token.");
    }

    public UUID getIdOrNull(String str) {
        for (ClaimDto claimDto : getClaims()) {
            if (claimDto.getKey().equals(str)) {
                return UUIDTools.parseUUIDorNull(claimDto.getValue());
            }
        }
        return null;
    }

    public boolean hasClaim(String str, String str2) {
        for (ClaimDto claimDto : getClaims()) {
            if (claimDto.getKey().compareToIgnoreCase(str) == 0 && claimDto.getValue().compareToIgnoreCase(str2) == 0) {
                return true;
            }
        }
        return false;
    }
}
