package io.inugami.core.security.commons.services;

import io.inugami.api.constants.JvmKeyValues;
import io.inugami.commons.files.FilesUtils;
import io.inugami.commons.security.TokenBuilder;
import io.inugami.core.context.ApplicationContext;
import io.inugami.core.context.Context;
import io.inugami.core.security.commons.models.SecurityContext;
import io.inugami.core.security.commons.services.producers.TechnicalAccountInitializer;
import java.io.File;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringEscapeUtils;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.picketlink.authentication.Authenticator;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.Attribute;

@ApplicationScoped
@Named
/* loaded from: input_file:WEB-INF/lib/inugami_core_security_commons-2.2.0.jar:io/inugami/core/security/commons/services/SecurityTokenService.class */
public class SecurityTokenService implements TechnicalAccountInitializer {
    private static final File HOME = Context.getInstance().getHome();
    private static final File FILE_TOKEN = buildFileToken("users.token", JvmKeyValues.SECURITY_FILE_TOKEN);
    private static final File FILE_USERS = buildFileToken("users.refs", JvmKeyValues.SECURITY_FILE_USER);
    private static final Map<String, String> TOKEN_REFS = initMap(FILE_TOKEN);
    private static final Map<String, Account> USERS_REFS = (Map) FilesUtils.readFromBinary(FILE_USERS, new ConcurrentHashMap());
    private final TokenBuilder tokenBuilder = new TokenBuilder();

    @Inject
    private transient SecurityContext securityContext;

    @Inject
    private ApplicationContext appContext;

    private static File buildFileToken(String str, JvmKeyValues jvmKeyValues) {
        File buildFile = FilesUtils.buildFile(HOME, str + ".bin");
        String str2 = jvmKeyValues.get();
        if (str2 != null) {
            buildFile = new File(str2);
        }
        File parentFile = buildFile.getParentFile();
        if (!parentFile.exists()) {
            parentFile.mkdirs();
        }
        return buildFile;
    }

    private static Map<String, String> initMap(File file) {
        return (Map) FilesUtils.readFromBinary(file, new ConcurrentHashMap());
    }

    public Authenticator.AuthenticationStatus identify(String str) {
        boolean containsKey = TOKEN_REFS.containsKey(str);
        if (containsKey) {
            String str2 = TOKEN_REFS.get(str);
            containsKey = str.startsWith(this.tokenBuilder.buildUserToken(str2, buildSecurityToken(str2, this.securityContext)));
        }
        return containsKey ? Authenticator.AuthenticationStatus.SUCCESS : Authenticator.AuthenticationStatus.FAILURE;
    }

    public void logout(String str) {
        if (Authenticator.AuthenticationStatus.SUCCESS == identify(str)) {
            String str2 = TOKEN_REFS.get(str);
            TOKEN_REFS.remove(str);
            if (hasNoMoreTokenForLogin(str2)) {
                USERS_REFS.remove(str2);
            }
            backupFiles();
        }
    }

    public void register(String str, Account account, String str2) {
        processRegister(str, str2, account);
    }

    public String register(String str, Credentials credentials) {
        String buildToken = this.tokenBuilder.buildToken(str, buildSecurityToken(str, this.securityContext));
        if (this.appContext.isTechnicalUser(str)) {
            Iterator<Map.Entry<String, String>> it = TOKEN_REFS.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().getValue().equals(str)) {
                    TOKEN_REFS.put(buildToken, str);
                    USERS_REFS.put(str, credentials.getValidatedAccount());
                    backupFiles();
                    break;
                }
            }
        } else {
            processRegister(str, buildToken, credentials.getValidatedAccount());
        }
        return StringEscapeUtils.escapeJavaScript(buildToken);
    }

    private synchronized void processRegister(String str, String str2, Account account) {
        TOKEN_REFS.put(str2, str);
        account.setAttribute(new Attribute<>(ConstraintHelper.GROUPS, new ArrayList()));
        USERS_REFS.put(str, account);
        backupFiles();
    }

    private void backupFiles() {
        FilesUtils.writeToBinary(FILE_USERS, (ConcurrentHashMap) USERS_REFS);
        FilesUtils.writeToBinary(FILE_TOKEN, (ConcurrentHashMap) TOKEN_REFS);
    }

    public Account getUser(String str) {
        String str2 = str == null ? null : TOKEN_REFS.get(str);
        if (str2 == null) {
            return null;
        }
        return USERS_REFS.get(str2);
    }

    private boolean hasNoMoreTokenForLogin(String str) {
        boolean z = false;
        Iterator<Map.Entry<String, String>> it = TOKEN_REFS.entrySet().iterator();
        while (it.hasNext()) {
            z = str.equals(it.next().getValue());
            if (z) {
                break;
            }
        }
        return !z;
    }

    private String buildSecurityToken(String str, SecurityContext securityContext) {
        return isTechnicalUser(str) ? TokenBuilder.TECHNICAL_CONTEXT : securityContext.convertToJson();
    }

    private boolean isTechnicalUser(String str) {
        return this.appContext.getApplicationConfiguration().getSecurityTechnicalConfig().stream().map((v0) -> {
            return v0.getUsers();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap((v0) -> {
            return v0.stream();
        }).map((v0) -> {
            return v0.getLogin();
        }).filter(str2 -> {
            return str2.equals(str);
        }).findFirst().isPresent();
    }
}
