package de.iip_ecosphere.platform.support.aas;

import de.iip_ecosphere.platform.support.CollectionUtils;
import de.iip_ecosphere.platform.support.identities.IdentityToken;
import java.lang.ref.WeakReference;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor.class */
public interface AuthenticationDescriptor {

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$DefaultOAuth2Setup.class */
    public static class DefaultOAuth2Setup implements OAuth2Setup {
        private String issuerUri;
        private String jwkSetUri;
        private String requiredAud;

        public DefaultOAuth2Setup(String str, String str2, String str3) {
            this.issuerUri = str;
            this.jwkSetUri = str2;
            this.requiredAud = str3;
        }

        @Override // de.iip_ecosphere.platform.support.aas.AuthenticationDescriptor.OAuth2Setup
        public String getIssuerUri() {
            return this.issuerUri;
        }

        @Override // de.iip_ecosphere.platform.support.aas.AuthenticationDescriptor.OAuth2Setup
        public String getJwkSetUri() {
            return this.jwkSetUri;
        }

        @Override // de.iip_ecosphere.platform.support.aas.AuthenticationDescriptor.OAuth2Setup
        public String getRequiredAud() {
            return this.requiredAud;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$DefaultRole.class */
    public enum DefaultRole implements Role {
        USER(false),
        PLATFORM(false),
        DEVICE(false),
        ADMIN(false),
        NONE(true);

        private boolean anonymous;

        DefaultRole(boolean z) {
            this.anonymous = z;
        }

        @Override // de.iip_ecosphere.platform.support.aas.AuthenticationDescriptor.Role
        public boolean anonymous() {
            return this.anonymous;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$HeaderValueConsumer.class */
    public interface HeaderValueConsumer {
        void consume(String str, String str2);
    }

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$IdentityTokenWithRole.class */
    public static class IdentityTokenWithRole extends IdentityToken {
        private Role role;

        /* JADX INFO: Access modifiers changed from: protected */
        public IdentityTokenWithRole(IdentityToken identityToken, Role role) {
            super(identityToken);
            this.role = role;
        }

        public Role getRole() {
            return this.role;
        }

        @Override // de.iip_ecosphere.platform.support.identities.IdentityToken
        public String toString() {
            return super.toString() + " as " + String.valueOf(this.role);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$OAuth2Setup.class */
    public interface OAuth2Setup {
        String getIssuerUri();

        String getJwkSetUri();

        String getRequiredAud();
    }

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$RbacAasComponent.class */
    public enum RbacAasComponent {
        AAS,
        SUBMODEL,
        SUBMODEL_ELEMENT
    }

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$RbacAction.class */
    public enum RbacAction {
        READ,
        CREATE,
        UPDATE,
        EXECUTE,
        DELETE;

        public static RbacAction[] all() {
            return values();
        }

        public static RbacAction[] of(RbacAction... rbacActionArr) {
            return rbacActionArr;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$RbacRule.class */
    public static class RbacRule {
        public static final String PATH_SEPARATOR = ".";
        private RbacAasComponent component;
        private List<RbacAction> actions;
        private Role role;
        private String element;
        private WeakReference<Object> creator;
        private String path;

        public RbacRule(RbacAasComponent rbacAasComponent, Role role, String str, String str2, RbacAction... rbacActionArr) {
            this.component = rbacAasComponent;
            this.role = role;
            this.element = str;
            this.path = str2;
            this.actions = Collections.unmodifiableList(CollectionUtils.toList(rbacActionArr));
        }

        public RbacAasComponent getComponent() {
            return this.component;
        }

        public List<RbacAction> getActions() {
            return this.actions;
        }

        public Role getRole() {
            return this.role;
        }

        public String getElement() {
            return this.element;
        }

        public String getPath() {
            return this.path;
        }

        public Object getCreator() {
            if (null != this.creator) {
                return this.creator.get();
            }
            return null;
        }

        public RbacRule creator(Object obj) {
            this.creator = null != obj ? new WeakReference<>(obj) : null;
            return this;
        }

        public boolean isCreator(Object obj) {
            Object creator = getCreator();
            return null != creator && (creator == obj || creator.equals(obj));
        }

        public boolean isCreator(Object[] objArr) {
            boolean z = false;
            for (int i = 0; !z && i < objArr.length; i++) {
                z = isCreator(objArr[i]);
            }
            return z;
        }

        public String toString() {
            return "RbacRule{component='" + this.component + "', role='" + this.role + "', actions='" + this.actions + "', element='" + this.element + "', path='" + this.path + "'}";
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/support.aas-0.7.1-SNAPSHOT.jar:de/iip_ecosphere/platform/support/aas/AuthenticationDescriptor$Role.class */
    public interface Role {
        String name();

        boolean anonymous();

        static Role[] allAuthenticated() {
            return RbacRoles.allAuthenticated();
        }

        static Role[] allExcept(boolean z, Role... roleArr) {
            return RbacRoles.allExcept(z, roleArr);
        }

        static Role[] of(Role... roleArr) {
            return roleArr;
        }

        static Role[] allAnonymous() {
            return RbacRoles.allAnonymous();
        }

        static Role[] all() {
            return RbacRoles.all();
        }
    }

    IdentityToken getClientToken();

    static boolean isEnabledOnClient(AuthenticationDescriptor authenticationDescriptor) {
        return (null == authenticationDescriptor || authenticationDescriptor.getClientToken() == null) ? false : true;
    }

    static boolean isEnabledOnServer(AuthenticationDescriptor authenticationDescriptor) {
        return (null == authenticationDescriptor || (authenticationDescriptor.getServerUsers() == null && authenticationDescriptor.getOAuth2Setup() == null)) ? false : true;
    }

    List<IdentityTokenWithRole> getServerUsers();

    void enableRbac();

    void addAccessRule(RbacRule rbacRule);

    List<RbacRule> getAccessRules();

    default boolean requiresAnonymousAccess() {
        boolean z = false;
        List<RbacRule> accessRules = getAccessRules();
        if (null != accessRules) {
            z = accessRules.stream().anyMatch(rbacRule -> {
                return DefaultRole.NONE == rbacRule.getRole();
            });
        }
        return z;
    }

    static void addAccessRule(AuthenticationDescriptor authenticationDescriptor, RbacRule rbacRule) {
        if (null == authenticationDescriptor || null == rbacRule) {
            return;
        }
        authenticationDescriptor.addAccessRule(rbacRule);
    }

    static <T> T aasRbac(T t, AuthenticationDescriptor authenticationDescriptor, Role role, String str, RbacAction... rbacActionArr) {
        if (null != authenticationDescriptor) {
            authenticationDescriptor.addAccessRule(new RbacRule(RbacAasComponent.AAS, role, str, null, rbacActionArr).creator(t));
        }
        return t;
    }

    static <T> T submodelRbac(T t, AuthenticationDescriptor authenticationDescriptor, Role role, String str, RbacAction... rbacActionArr) {
        if (null != authenticationDescriptor) {
            authenticationDescriptor.addAccessRule(new RbacRule(RbacAasComponent.SUBMODEL, role, str, "*", rbacActionArr).creator(t));
        }
        return t;
    }

    static <T> T elementRbac(T t, AuthenticationDescriptor authenticationDescriptor, Role role, String str, RbacAction... rbacActionArr) {
        int indexOf;
        if (null != authenticationDescriptor && StringUtils.isNotBlank(str) && null != role && null != rbacActionArr && (indexOf = str.indexOf(".")) > 0) {
            authenticationDescriptor.addAccessRule(new RbacRule(RbacAasComponent.SUBMODEL_ELEMENT, role, str.substring(0, indexOf), str.substring(indexOf + 1), rbacActionArr).creator(t));
        }
        return t;
    }

    static <T> T parentRbac(T t, AuthenticationDescriptor authenticationDescriptor, Object[] objArr, String str, RbacAction... rbacActionArr) {
        String str2;
        String str3;
        if (null != authenticationDescriptor && objArr != null && str != null && str.length() > 0) {
            List<RbacRule> accessRules = authenticationDescriptor.getAccessRules();
            if (!accessRules.stream().anyMatch(rbacRule -> {
                return rbacRule.isCreator(t);
            })) {
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                for (RbacAction rbacAction : rbacActionArr) {
                    hashSet2.add(rbacAction);
                }
                accessRules.stream().filter(rbacRule2 -> {
                    return rbacRule2.isCreator(objArr);
                }).forEach(rbacRule3 -> {
                    hashSet.add(rbacRule3.getRole());
                    hashSet2.addAll(rbacRule3.actions);
                });
                int indexOf = str.indexOf(".");
                if (indexOf > 0) {
                    str2 = str.substring(0, indexOf);
                    str3 = str.substring(indexOf + 1);
                } else {
                    str2 = str;
                    str3 = null;
                }
                RbacAction[] rbacActionArr2 = (RbacAction[]) hashSet2.toArray(new RbacAction[hashSet2.size()]);
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    authenticationDescriptor.addAccessRule(new RbacRule(RbacAasComponent.SUBMODEL_ELEMENT, (Role) it.next(), str2, str3, rbacActionArr2).creator(t));
                }
            }
        }
        return t;
    }

    static boolean definesRbac(AuthenticationDescriptor authenticationDescriptor) {
        return isEnabledOnServer(authenticationDescriptor) && authenticationDescriptor.getAccessRules() != null;
    }

    OAuth2Setup getOAuth2Setup();

    static String authenticate(AuthenticationDescriptor authenticationDescriptor, boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        authenticate((str, str2) -> {
            if (z) {
                stringBuffer.append(str);
                stringBuffer.append(":");
            }
            stringBuffer.append(str2);
        }, authenticationDescriptor);
        if (stringBuffer.isEmpty()) {
            return null;
        }
        return stringBuffer.toString();
    }

    static void authenticate(HeaderValueConsumer headerValueConsumer, AuthenticationDescriptor authenticationDescriptor) {
        IdentityToken clientToken;
        if (authenticationDescriptor == null || (clientToken = authenticationDescriptor.getClientToken()) == null) {
            return;
        }
        switch (clientToken.getType()) {
            case USERNAME:
                headerValueConsumer.consume("Authorization", "Basic " + Base64.getEncoder().encodeToString((clientToken.getUserName() + ":" + clientToken.getTokenDataAsString()).getBytes()));
                return;
            case ISSUED:
                headerValueConsumer.consume("Authorization", "Bearer " + clientToken.getTokenDataAsString());
                return;
            case ANONYMOUS:
                return;
            default:
                LoggerFactory.getLogger((Class<?>) AuthenticationDescriptor.class).error("Authentication token type {} not supported for setting up HTTP authentication. Staying unauthenticated.", clientToken.getType());
                return;
        }
    }
}
