package org.wso2.carbon.analytics.idp.client.local;

import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.analytics.idp.client.core.api.IdPClient;
import org.wso2.carbon.analytics.idp.client.core.exception.AuthenticationException;
import org.wso2.carbon.analytics.idp.client.core.exception.IdPClientException;
import org.wso2.carbon.analytics.idp.client.core.models.Role;
import org.wso2.carbon.analytics.idp.client.core.models.User;
import org.wso2.carbon.analytics.idp.client.core.utils.IdPClientConstants;
import org.wso2.carbon.analytics.idp.client.external.ExternalIdPClientConstants;
import org.wso2.carbon.analytics.idp.client.local.models.LocalSession;
import org.wso2.carbon.analytics.idp.client.local.models.LocalUser;

/* loaded from: input_file:org/wso2/carbon/analytics/idp/client/local/LocalIdPClient.class */
public class LocalIdPClient implements IdPClient {
    private static final Logger LOG = LoggerFactory.getLogger(LocalIdPClient.class);
    private Map<Integer, LocalSession> usersToSessionMap = new HashMap();
    private Map<String, LocalSession> sessionIdSessionMap = new HashMap();
    private Map<String, LocalSession> refreshIdSessionMap = new HashMap();
    private int sessionTimeout;
    private int refreshTimeout;
    private List<LocalUser> usersList;
    private Role adminRole;
    private List<Role> rolesList;

    public LocalIdPClient(int i, int i2, List<LocalUser> list, List<Role> list2, Role role) {
        this.sessionTimeout = i;
        this.refreshTimeout = i2;
        this.adminRole = role;
        this.rolesList = list2;
        this.usersList = list;
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public List<Role> getAllRoles() {
        return this.rolesList;
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public List<Role> getAllRolesOfTenant(String str) throws IdPClientException {
        return getAllRoles();
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public Role getAdminRole() {
        return this.adminRole;
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public User getUser(String str) {
        LocalUser userFromUsersList = getUserFromUsersList(str);
        if (userFromUsersList != null) {
            return new User(userFromUsersList.getUsername(), userFromUsersList.getProperties(), userFromUsersList.getRoles());
        }
        return null;
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public List<Role> getUserRoles(String str) {
        LocalUser userFromUsersList = getUserFromUsersList(str);
        if (userFromUsersList != null) {
            return userFromUsersList.getRoles();
        }
        LOG.debug("User with username '{}' is not present when retrieving user roles.", str);
        return new ArrayList();
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public Map<String, String> login(Map<String, String> map) {
        HashMap hashMap = new HashMap();
        String orDefault = map.getOrDefault(IdPClientConstants.GRANT_TYPE, IdPClientConstants.PASSWORD_GRANT_TYPE);
        boolean z = -1;
        switch (orDefault.hashCode()) {
            case -1432035435:
                if (orDefault.equals(IdPClientConstants.REFRESH_GRANT_TYPE)) {
                    z = true;
                    break;
                }
                break;
            case 1216985755:
                if (orDefault.equals(IdPClientConstants.PASSWORD_GRANT_TYPE)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String str = map.get(IdPClientConstants.USERNAME);
                String str2 = map.get(IdPClientConstants.PASSWORD);
                int hashCode = (str + ":" + str2 + ":" + map.getOrDefault(IdPClientConstants.APP_ID, ExternalIdPClientConstants.EMPTY_STRING)).hashCode();
                if (!(str != null) || !(str2 != null)) {
                    String str3 = "The login credential used for login are invalid, username : '" + str + "'.";
                    LOG.debug(str3);
                    hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_FAILURE);
                    hashMap.put(IdPClientConstants.ERROR, IdPClientConstants.Error.INVALID_CREDENTIALS);
                    hashMap.put(IdPClientConstants.ERROR_DESCRIPTION, str3);
                    return hashMap;
                }
                LocalSession localSession = this.usersToSessionMap.get(Integer.valueOf(hashCode));
                if (localSession != null) {
                    ZonedDateTime now = ZonedDateTime.now();
                    localSession.setExpiryTime(now.plusSeconds(this.sessionTimeout));
                    localSession.setRefreshExpiryTime(now.plusSeconds(this.refreshTimeout));
                    this.usersToSessionMap.replace(Integer.valueOf(hashCode), localSession);
                    this.sessionIdSessionMap.replace(localSession.getSessionId().toString(), localSession);
                    this.refreshIdSessionMap.replace(localSession.getRefreshId().toString(), localSession);
                    LOG.debug("User '{}' session is extended.", str);
                    hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_SUCCESS);
                    hashMap.put(IdPClientConstants.USERNAME, str);
                    hashMap.put(IdPClientConstants.ACCESS_TOKEN, localSession.getSessionId().toString());
                    hashMap.put(IdPClientConstants.REFRESH_TOKEN, localSession.getRefreshId().toString());
                    hashMap.put(IdPClientConstants.VALIDITY_PERIOD, String.valueOf(this.sessionTimeout));
                    hashMap.put(IdPClientConstants.REFRESH_VALIDITY_PERIOD, String.valueOf(this.refreshTimeout));
                    return hashMap;
                }
                LocalUser userFromUsersList = getUserFromUsersList(str);
                if (userFromUsersList == null) {
                    LOG.debug("User not found for userName: '{}'. Failing the authentication.", str);
                    hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_FAILURE);
                    hashMap.put(IdPClientConstants.ERROR, IdPClientConstants.Error.INVALID_CREDENTIALS);
                    hashMap.put(IdPClientConstants.ERROR_DESCRIPTION, "The login credential used for login are invalid, username : '" + str + "'.");
                    return hashMap;
                }
                CharBuffer wrap = CharBuffer.wrap(userFromUsersList.getPassword());
                ByteBuffer decode = Base64.getDecoder().decode(Charset.forName("UTF-8").encode(wrap));
                byte[] copyOfRange = Arrays.copyOfRange(decode.array(), decode.position(), decode.limit());
                Arrays.fill(wrap.array(), (char) 0);
                Arrays.fill(decode.array(), (byte) 0);
                if (!Arrays.equals(copyOfRange, str2.getBytes(Charset.forName("UTF-8")))) {
                    LOG.debug("Password did not match with the configured user, userName: '{}', Failing the authentication.", str);
                    hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_FAILURE);
                    hashMap.put(IdPClientConstants.ERROR, IdPClientConstants.Error.INVALID_CREDENTIALS);
                    hashMap.put(IdPClientConstants.ERROR_DESCRIPTION, "The login credential used for login are invalid, username : '" + str + "'.");
                    return hashMap;
                }
                ZonedDateTime now2 = ZonedDateTime.now();
                LocalSession localSession2 = new LocalSession(hashCode, str, now2.plusSeconds(this.sessionTimeout), now2.plusSeconds(this.refreshTimeout));
                hashMap.put(IdPClientConstants.VALIDITY_PERIOD, String.valueOf(this.sessionTimeout));
                hashMap.put(IdPClientConstants.REFRESH_VALIDITY_PERIOD, String.valueOf(this.refreshTimeout));
                this.usersToSessionMap.put(Integer.valueOf(hashCode), localSession2);
                this.sessionIdSessionMap.put(localSession2.getSessionId().toString(), localSession2);
                this.refreshIdSessionMap.put(localSession2.getRefreshId().toString(), localSession2);
                LOG.debug("User '{}' is logged in.", str);
                hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_SUCCESS);
                hashMap.put(IdPClientConstants.USERNAME, str);
                hashMap.put(IdPClientConstants.ACCESS_TOKEN, localSession2.getSessionId().toString());
                hashMap.put(IdPClientConstants.REFRESH_TOKEN, localSession2.getRefreshId().toString());
                hashMap.put(IdPClientConstants.VALIDITY_PERIOD, String.valueOf(this.sessionTimeout));
                return hashMap;
            case true:
                String str4 = map.get(IdPClientConstants.REFRESH_TOKEN);
                LocalSession remove = this.refreshIdSessionMap.remove(str4);
                if (remove == null) {
                    String str5 = "The refresh token used for login are invalid, Refresh token : '" + str4 + "'.";
                    LOG.debug(str5);
                    hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_FAILURE);
                    hashMap.put(IdPClientConstants.ERROR, IdPClientConstants.Error.INVALID_CREDENTIALS);
                    hashMap.put(IdPClientConstants.ERROR_DESCRIPTION, str5);
                    return hashMap;
                }
                this.usersToSessionMap.remove(Integer.valueOf(remove.getUserHash()));
                this.sessionIdSessionMap.remove(remove.getSessionId().toString());
                if (!remove.getRefreshExpiryTime().isAfter(ZonedDateTime.now())) {
                    String str6 = "The refresh token used for login is expired, Refresh token : '" + str4 + "'.";
                    LOG.debug(str6);
                    hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_FAILURE);
                    hashMap.put(IdPClientConstants.ERROR, IdPClientConstants.Error.INVALID_CREDENTIALS);
                    hashMap.put(IdPClientConstants.ERROR_DESCRIPTION, str6);
                    return hashMap;
                }
                ZonedDateTime now3 = ZonedDateTime.now();
                remove.setSessionId(UUID.randomUUID());
                remove.setExpiryTime(now3.plusSeconds(this.sessionTimeout));
                remove.setRefreshId(UUID.randomUUID());
                remove.setRefreshExpiryTime(now3.plusSeconds(this.refreshTimeout));
                this.usersToSessionMap.put(Integer.valueOf(remove.getUserHash()), remove);
                this.sessionIdSessionMap.put(remove.getSessionId().toString(), remove);
                this.refreshIdSessionMap.put(remove.getRefreshId().toString(), remove);
                LOG.debug("User '{}' session is refreshed.", remove.getUsername());
                hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_SUCCESS);
                hashMap.put(IdPClientConstants.USERNAME, remove.getUsername());
                hashMap.put(IdPClientConstants.ACCESS_TOKEN, remove.getSessionId().toString());
                hashMap.put(IdPClientConstants.REFRESH_TOKEN, remove.getRefreshId().toString());
                hashMap.put(IdPClientConstants.VALIDITY_PERIOD, String.valueOf(this.sessionTimeout));
                return hashMap;
            default:
                String str7 = "The Grant Type '" + orDefault + "' is notsupported by the IdPClient '" + LocalIdPClient.class.getName();
                LOG.debug(str7);
                hashMap.put(IdPClientConstants.LOGIN_STATUS, IdPClientConstants.LoginStatus.LOGIN_FAILURE);
                hashMap.put(IdPClientConstants.ERROR, IdPClientConstants.Error.GRANT_TYPE_NOT_SUPPORTED);
                hashMap.put(IdPClientConstants.ERROR_DESCRIPTION, str7);
                return hashMap;
        }
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public Map<String, String> logout(Map<String, String> map) {
        String str = map.get(IdPClientConstants.ACCESS_TOKEN);
        LocalSession localSession = this.sessionIdSessionMap.get(str);
        if (localSession != null) {
            this.usersToSessionMap.remove(Integer.valueOf(localSession.getUserHash()));
            this.sessionIdSessionMap.remove(str);
        }
        HashMap hashMap = new HashMap();
        hashMap.put(IdPClientConstants.RETURN_LOGOUT_PROPERTIES, ExternalIdPClientConstants.DEFAULT_FILTERED_GROUPS_FLAG);
        return hashMap;
    }

    @Override // org.wso2.carbon.analytics.idp.client.core.api.IdPClient
    public String authenticate(String str) throws AuthenticationException {
        LocalSession localSession = this.sessionIdSessionMap.get(str);
        if (localSession == null) {
            throw new AuthenticationException("The session with id '" + str + "' is not valid.");
        }
        ZonedDateTime now = ZonedDateTime.now();
        if (localSession.getExpiryTime().isAfter(now)) {
            return localSession.getUsername();
        }
        this.usersToSessionMap.remove(Integer.valueOf(localSession.getUserHash()));
        this.sessionIdSessionMap.remove(localSession.getSessionId().toString());
        if (localSession.getRefreshExpiryTime().isAfter(now)) {
            this.refreshIdSessionMap.remove(localSession.getRefreshId().toString());
        }
        throw new AuthenticationException("The session with id '" + str + "' has expired.");
    }

    private LocalUser getUserFromUsersList(String str) {
        return this.usersList.stream().filter(localUser -> {
            return localUser.getUsername().equals(str);
        }).findFirst().orElse(null);
    }
}
