package com.tokera.ate.security;

import com.tokera.ate.common.LoggerHook;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.ClaimDto;
import com.tokera.ate.dto.TokenDto;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import com.tokera.ate.scopes.TokenScoped;
import com.tokera.ate.token.SAMLWriter;
import com.tokera.ate.token.SignAssertion;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;

@TokenScoped
/* loaded from: input_file:com/tokera/ate/security/TokenSecurity.class */
public class TokenSecurity {

    @Inject
    protected LoggerHook LOG;
    private BasicX509Credential signingCredential;
    private SignatureValidator validator;
    private TokenDto token;
    private Set<MessagePrivateKeyDto> readRightsCache;
    private Set<MessagePrivateKeyDto> writeRightsCache;
    private AteDelegate d = AteDelegate.get();
    private final ConcurrentMap<String, byte[]> encryptKeyCache = new ConcurrentHashMap();

    @PostConstruct
    public void init() {
        this.signingCredential = SignAssertion.getSigningCredential();
        this.validator = new SignatureValidator(this.signingCredential);
    }

    public Map<String, byte[]> getEncryptKeyCache() {
        return this.encryptKeyCache;
    }

    public static TokenDto generateToken(String str, String str2, String str3, String str4, Map<String, List<String>> map, int i) {
        return SAMLWriter.createToken(str, str2, str3, str4, map, i);
    }

    public static void addClaim(Map<String, List<String>> map, String str, String str2) {
        if (!map.containsKey(str)) {
            map.put(str, new ArrayList());
        }
        map.get(str).add(str2);
    }

    public void validateToken(TokenDto tokenDto) {
        try {
            this.validator.validate(tokenDto.getAssertion().getSignature());
        } catch (ValidationException e) {
            throw new WebApplicationException("Token signature is not valid", e, Response.Status.UNAUTHORIZED);
        }
    }

    public void setToken(TokenDto tokenDto) {
        validateToken(tokenDto);
        this.token = tokenDto;
    }

    public TokenDto getToken() {
        if (this.token == null) {
            throw new WebApplicationException("There is not token currentRights attached to this token scope.");
        }
        return this.token;
    }

    public TokenDto getTokenOrNull() {
        return this.token;
    }

    public Set<MessagePrivateKeyDto> getRightsRead() {
        if (this.readRightsCache != null) {
            return this.readRightsCache;
        }
        HashSet hashSet = new HashSet();
        if (this.token == null) {
            return new HashSet();
        }
        Iterator<ClaimDto> it = this.token.getClaimsForKey(TokenDto.SECURITY_CLAIM_READ_KEY).iterator();
        while (it.hasNext()) {
            hashSet.add((MessagePrivateKeyDto) this.d.yaml.deserializeObj(it.next().getValue()));
        }
        this.readRightsCache = (Set) hashSet.stream().collect(Collectors.toSet());
        return this.readRightsCache;
    }

    public Set<MessagePrivateKeyDto> getRightsWrite() {
        if (this.writeRightsCache != null) {
            return this.writeRightsCache;
        }
        HashSet hashSet = new HashSet();
        if (this.token == null) {
            return new HashSet();
        }
        Iterator<ClaimDto> it = this.token.getClaimsForKey(TokenDto.SECURITY_CLAIM_WRITE_KEY).iterator();
        while (it.hasNext()) {
            hashSet.add((MessagePrivateKeyDto) this.d.yaml.deserializeObj(it.next().getValue()));
        }
        this.writeRightsCache = (Set) hashSet.stream().collect(Collectors.toSet());
        return this.writeRightsCache;
    }
}
