package es.rediris.papi.poa;

import es.rediris.crypt.RSATool;
import es.rediris.papi.assertion.Assertion;
import es.rediris.papi.config.Config;
import es.rediris.papi.exception.PAPIException;
import es.rediris.papi.message.CheckRequest;
import es.rediris.papi.message.CheckedResponse;
import es.rediris.papi.message.Request;
import es.rediris.papi.registry.PersistenceHandler;
import es.rediris.papi.registry.PersistenceHandlerFactory;
import es.rediris.papi.registry.Registry;
import es.rediris.papi.registry.RegistryFactory;
import es.rediris.papi.token.GPoACheckedToken;
import es.rediris.papi.token.HCookToken;
import es.rediris.papi.token.LCookToken;
import es.rediris.papi.token.format.StringTokenFormat;
import java.io.IOException;
import java.util.StringTokenizer;
import java.util.UUID;
import java.util.regex.Pattern;
import org.apache.log4j.Logger;

/* loaded from: input_file:es/rediris/papi/poa/PoACore.class */
public class PoACore {
    private static Logger log = Logger.getLogger(PoACore.class);
    private Config config;
    private Registry registry;
    private PersistenceHandler persistenceHandler;
    private RSATool rsaGPoA;
    private StringTokenFormat stringTokenFormat;

    public PoACore(Config config) throws PAPIException {
        this.config = config;
        log.info("Initializing registry " + config.getProperty(Config.INIT_REGISTRY));
        this.registry = RegistryFactory.getRegistry(config.getProperty(Config.INIT_REGISTRY), config);
        log.info("Initializing persistence handler " + config.getProperty(Config.INIT_TOKEN_PERSISTENCE_HANDLER));
        this.persistenceHandler = PersistenceHandlerFactory.getPersistenceHandler(config.getProperty(Config.INIT_TOKEN_PERSISTENCE_HANDLER), config, this.registry);
        this.stringTokenFormat = new StringTokenFormat(config);
        this.rsaGPoA = new RSATool();
        if (hasGPoA()) {
            readGPoAKey();
        }
    }

    private void readGPoAKey() throws PAPIException {
        String property = this.config.getProperty(Config.PARENT_GPOA_PUBKEY);
        try {
            log.debug("Reading GPoA public key at " + property);
            this.rsaGPoA.readRsaPublicKeyPEM(property);
        } catch (IOException e) {
            throw new PAPIException(e);
        }
    }

    public void saveHCook(HCookToken hCookToken, int i) {
        log.debug("Saving hcook with id='" + i + "'");
        if (this.persistenceHandler.saveObject(i, hCookToken)) {
            return;
        }
        log.error("Error adding hcook with id " + i);
    }

    public HCookToken loadHCook(int i, boolean z) throws PAPIException {
        log.debug("Getting saved hcook with id='" + i + "'");
        Object object = this.persistenceHandler.getObject(i);
        if (!(object instanceof HCookToken)) {
            throw new PAPIException("Token " + i + " not found");
        }
        if (z) {
            this.persistenceHandler.deleteObject(i);
        }
        return (HCookToken) object;
    }

    public void saveRequest(Request request, int i) {
        log.debug("Saving request with id='" + i + "'");
        if (this.persistenceHandler.saveObject(i, request)) {
            return;
        }
        log.error("Error adding request with id " + i);
    }

    public Request loadRequest(int i, boolean z) throws PAPIException {
        log.debug("Getting saved request with id='" + i + "'");
        Object object = this.persistenceHandler.getObject(i);
        if (!(object instanceof Request)) {
            throw new PAPIException("Request " + i + " not found");
        }
        if (z) {
            this.persistenceHandler.deleteObject(i);
        }
        return (Request) object;
    }

    public HCookToken generateHCook(boolean z, Assertion assertion) {
        HCookToken hCookToken = new HCookToken();
        hCookToken.setTemporary(z);
        hCookToken.setAssertion(assertion);
        hCookToken.getAssertion().setConsumer(this.config.getProperty(Config.POA_SERVICEID));
        long parseLong = Long.parseLong(this.config.getProperty(Config.POA_HCOOK_MAXAGE));
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        hCookToken.getAssertion().setTimestamp(currentTimeMillis);
        hCookToken.setExpiryTime(currentTimeMillis + parseLong);
        hCookToken.setRandomBlock(UUID.randomUUID().toString());
        hCookToken.setLocation(this.config.getProperty(Config.POA_LOCATION));
        return hCookToken;
    }

    public LCookToken generateLCook(Assertion assertion) {
        LCookToken lCookToken = new LCookToken();
        lCookToken.setAssertion(assertion);
        lCookToken.getAssertion().setTimestamp(System.currentTimeMillis() / 1000);
        lCookToken.getAssertion().setConsumer(this.config.getProperty(Config.POA_SERVICEID));
        lCookToken.setLocation(this.config.getProperty(Config.POA_LOCATION));
        return lCookToken;
    }

    public boolean checkAccess(String str, HCookToken hCookToken, LCookToken lCookToken) {
        if (hCookToken == null && lCookToken == null) {
            return false;
        }
        boolean z = false;
        if (lCookToken != null) {
            log.debug(lCookToken.toString());
            boolean validateToken = lCookToken.validateToken(this.config);
            log.debug("Is valid Lcook? " + validateToken);
            if (validateToken) {
                z = checkPAPIFilters(lCookToken.getAssertion());
            }
        }
        if (hCookToken != null && !z) {
            log.debug(hCookToken.toString());
            boolean validateToken2 = hCookToken.validateToken(this.config);
            log.debug("Is valid Hcook? " + validateToken2);
            if (validateToken2) {
                try {
                    HCookToken loadHCook = loadHCook(hCookToken.getRandomBlock().hashCode(), true);
                    log.debug("Got old hcook token: " + loadHCook.toString());
                    if (loadHCook.equalsData(hCookToken)) {
                        hCookToken.updateToken(Integer.parseInt(this.config.getProperty(Config.POA_HCOOK_MAXAGE)), false);
                        if (lCookToken != null) {
                            lCookToken.updateToken();
                        } else {
                            generateLCook(hCookToken.getAssertion());
                        }
                        saveHCook(hCookToken, hCookToken.getRandomBlock().hashCode());
                        z = checkPAPIFilters(hCookToken.getAssertion());
                    }
                } catch (PAPIException e) {
                    return false;
                }
            }
        }
        return z;
    }

    public boolean checkPAPIFilters(Assertion assertion) {
        String property = this.config.getProperty(Config.POA_FILTERS);
        if (property == null) {
            return true;
        }
        log.debug("Checking PAPI filters: " + property);
        String obj = new StringTokenFormat(this.config).composeAssertion(assertion).toString();
        StringTokenizer stringTokenizer = new StringTokenizer(property, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            nextToken.replaceAll("\\\\comma", ",");
            String[] split = nextToken.split("=>");
            String trim = split[0].trim();
            log.debug("** Checking '" + trim + "' against '" + obj + "'");
            if (Pattern.compile(trim).matcher(obj).matches()) {
                return split[1].trim().equals(Config.POA_FILTER_ACCEPT);
            }
        }
        return false;
    }

    public boolean hasGPoA() {
        return this.config.getProperty(Config.PARENT_GPOA_URI) != null;
    }

    public String getGPoAURI() throws PAPIException {
        if (hasGPoA()) {
            return this.config.getProperty(Config.PARENT_GPOA_URI);
        }
        throw new PAPIException("Not GPoA configured");
    }

    public Request getCheckRequest(String str) throws PAPIException {
        if (!hasGPoA()) {
            throw new PAPIException("Not GPoA configured");
        }
        return new CheckRequest(getGPoAURI(), str, UUID.randomUUID().toString());
    }

    public boolean validCheckedResponse(CheckedResponse checkedResponse) throws PAPIException {
        if (!hasGPoA()) {
            throw new PAPIException("Not GPoA configured");
        }
        String decode = this.rsaGPoA.decode(checkedResponse.getEncryptedData());
        GPoACheckedToken gPoACheckedToken = new GPoACheckedToken();
        gPoACheckedToken.setDataToken(this.stringTokenFormat, decode);
        checkedResponse.setGPoACheckedToken(gPoACheckedToken);
        Request loadRequest = loadRequest(gPoACheckedToken.getKey().hashCode(), true);
        log.debug("Recovering old request: " + loadRequest.toString() + ". Is it still valid? " + loadRequest.checkValidity());
        if (loadRequest.getMessage().getParam("DATA").equals(gPoACheckedToken.getKey()) && gPoACheckedToken.validateToken(this.config)) {
            return checkPAPIFilters(gPoACheckedToken.getAssertion());
        }
        return false;
    }
}
