package org.eclipse.hono.util;

import com.fasterxml.jackson.annotation.JsonAnySetter;
import com.fasterxml.jackson.annotation.JsonIgnore;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.time.format.DateTimeParseException;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:BOOT-INF/lib/hono-core-1.7.1.jar:org/eclipse/hono/util/CredentialsObject.class */
public final class CredentialsObject extends JsonBackedValueObject {
    public CredentialsObject() {
    }

    public CredentialsObject(String str, String str2, String str3) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        setDeviceId(str);
        setType(str3);
        setAuthId(str2);
    }

    @JsonAnySetter
    public CredentialsObject setProperty(String str, Object obj) {
        this.json.put((String) Objects.requireNonNull(str), obj);
        return this;
    }

    @JsonIgnore
    public String getDeviceId() {
        return (String) getProperty("device-id", String.class);
    }

    @JsonIgnore
    public CredentialsObject setDeviceId(String str) {
        setProperty("device-id", str);
        return this;
    }

    @JsonIgnore
    public String getType() {
        return (String) getProperty("type", String.class);
    }

    @JsonIgnore
    public CredentialsObject setType(String str) {
        setProperty("type", str);
        return this;
    }

    @JsonIgnore
    public String getAuthId() {
        return (String) getProperty("auth-id", String.class);
    }

    @JsonIgnore
    public CredentialsObject setAuthId(String str) {
        setProperty("auth-id", str);
        return this;
    }

    @JsonIgnore
    public boolean isEnabled() {
        return ((Boolean) getProperty(RequestResponseApiConstants.FIELD_ENABLED, (Class<Class>) Boolean.class, (Class) true)).booleanValue();
    }

    @JsonIgnore
    public CredentialsObject setEnabled(boolean z) {
        setProperty(RequestResponseApiConstants.FIELD_ENABLED, Boolean.valueOf(z));
        return this;
    }

    @JsonIgnore
    public JsonArray getSecrets() {
        return (JsonArray) Optional.ofNullable((JsonArray) getProperty("secrets", JsonArray.class)).orElseGet(() -> {
            JsonArray jsonArray = new JsonArray();
            setProperty("secrets", jsonArray);
            return jsonArray;
        });
    }

    public CredentialsObject addSecret(JsonObject jsonObject) {
        if (jsonObject != null) {
            getSecrets().add(jsonObject);
        }
        return this;
    }

    public CredentialsObject addSecret(Map<String, Object> map) {
        addSecret(new JsonObject(map));
        return this;
    }

    public void checkValidity() {
        checkValidity((str, jsonObject) -> {
        });
    }

    public void checkValidity(BiConsumer<String, JsonObject> biConsumer) {
        if (getDeviceId() == null) {
            throw new IllegalStateException("missing device ID");
        }
        if (getAuthId() == null) {
            throw new IllegalStateException("missing auth ID");
        }
        if (getType() == null) {
            throw new IllegalStateException("missing type");
        }
        checkSecrets(biConsumer);
    }

    public void checkSecrets() {
        checkSecrets((str, jsonObject) -> {
        });
    }

    public void checkSecrets(BiConsumer<String, JsonObject> biConsumer) {
        Objects.requireNonNull(biConsumer);
        JsonArray secrets = getSecrets();
        if (secrets == null || secrets.isEmpty()) {
            throw new IllegalStateException("credentials object must contain at least one secret");
        }
        try {
            String type = getType();
            boolean z = -1;
            switch (type.hashCode()) {
                case -558916037:
                    if (type.equals("hashed-password")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    checkSecrets(secrets, jsonObject -> {
                        checkHashedPassword(jsonObject);
                        biConsumer.accept(getType(), jsonObject);
                    });
                    break;
                default:
                    checkSecrets(secrets, jsonObject2 -> {
                    });
                    break;
            }
        } catch (Exception e) {
            throw new IllegalStateException(e.getMessage());
        }
    }

    private static void checkSecrets(JsonArray jsonArray, Consumer<JsonObject> consumer) {
        jsonArray.stream().filter(obj -> {
            return obj instanceof JsonObject;
        }).forEach(obj2 -> {
            JsonObject jsonObject = (JsonObject) obj2;
            checkValidityPeriod(jsonObject);
            consumer.accept(jsonObject);
        });
    }

    private static void checkHashedPassword(JsonObject jsonObject) {
        if (!(jsonObject.getValue("hash-function") instanceof String)) {
            throw new IllegalStateException("missing/invalid hash function");
        }
        if (!(jsonObject.getValue("pwd-hash") instanceof String)) {
            throw new IllegalStateException("missing/invalid password hash");
        }
    }

    private static void checkValidityPeriod(JsonObject jsonObject) {
        Instant timestampIfPresentForField = getTimestampIfPresentForField(jsonObject, "not-before");
        Instant timestampIfPresentForField2 = getTimestampIfPresentForField(jsonObject, "not-after");
        if (timestampIfPresentForField != null && timestampIfPresentForField2 != null && !timestampIfPresentForField.isBefore(timestampIfPresentForField2)) {
            throw new IllegalStateException("not-before must be before not-after");
        }
    }

    private static Instant getTimestampIfPresentForField(JsonObject jsonObject, String str) {
        String string = jsonObject.getString(str);
        if (string == null) {
            return null;
        }
        Instant instant = getInstant(string);
        if (instant == null) {
            throw new IllegalArgumentException("invalid " + str + " property");
        }
        return instant;
    }

    @JsonIgnore
    public List<JsonObject> getCandidateSecrets() {
        return getCandidateSecrets(jsonObject -> {
            return jsonObject;
        });
    }

    @JsonIgnore
    public <T> List<T> getCandidateSecrets(Function<JsonObject, T> function) {
        Objects.requireNonNull(function);
        Stream<Object> stream = getSecrets().stream();
        Class<JsonObject> cls = JsonObject.class;
        Objects.requireNonNull(JsonObject.class);
        Stream<Object> filter = stream.filter(cls::isInstance);
        Class<JsonObject> cls2 = JsonObject.class;
        Objects.requireNonNull(JsonObject.class);
        return (List) filter.map(cls2::cast).filter(CredentialsObject::isSecretEnabled).filter(jsonObject -> {
            return isInValidityPeriod(jsonObject, Instant.now());
        }).map(function).filter(Objects::nonNull).collect(Collectors.toList());
    }

    public static boolean isInValidityPeriod(JsonObject jsonObject, Instant instant) {
        Instant notBefore = getNotBefore(jsonObject);
        Instant notAfter = getNotAfter(jsonObject);
        return (notBefore == null || instant.isAfter(notBefore)) && (notAfter == null || instant.isBefore(notAfter));
    }

    public static Instant getNotBefore(JsonObject jsonObject) {
        if (jsonObject == null) {
            return null;
        }
        return getInstant(jsonObject, "not-before");
    }

    public static Instant getNotAfter(JsonObject jsonObject) {
        if (jsonObject == null) {
            return null;
        }
        return getInstant(jsonObject, "not-after");
    }

    private static Instant getInstant(JsonObject jsonObject, String str) {
        Object value = jsonObject.getValue(str);
        if (String.class.isInstance(value)) {
            return getInstant((String) value);
        }
        return null;
    }

    private static Instant getInstant(String str) {
        if (str == null) {
            return null;
        }
        try {
            return ((OffsetDateTime) DateTimeFormatter.ISO_OFFSET_DATE_TIME.parse(str, OffsetDateTime::from)).toInstant();
        } catch (DateTimeParseException e) {
            return null;
        }
    }

    private static boolean isSecretEnabled(JsonObject jsonObject) {
        Objects.requireNonNull(jsonObject);
        return ((Boolean) getProperty(jsonObject, RequestResponseApiConstants.FIELD_ENABLED, Boolean.class, true)).booleanValue();
    }

    public static JsonObject emptySecret(Instant instant, Instant instant2) {
        if (instant != null && instant2 != null && !instant.isBefore(instant2)) {
            throw new IllegalArgumentException("not before must be before not after");
        }
        JsonObject jsonObject = new JsonObject();
        if (instant != null) {
            jsonObject.put("not-before", DateTimeFormatter.ISO_OFFSET_DATE_TIME.format(instant.atOffset(ZoneOffset.UTC)));
        }
        if (instant2 != null) {
            jsonObject.put("not-after", DateTimeFormatter.ISO_OFFSET_DATE_TIME.format(instant2.atOffset(ZoneOffset.UTC)));
        }
        return jsonObject;
    }

    public static CredentialsObject fromHashedPassword(String str, String str2, String str3, String str4, Instant instant, Instant instant2, byte[] bArr) {
        Objects.requireNonNull(str3);
        Objects.requireNonNull(str4);
        CredentialsObject credentialsObject = new CredentialsObject(str, str2, "hashed-password");
        credentialsObject.addSecret(hashedPasswordSecretForPasswordHash(str3, str4, instant, instant2, bArr));
        return credentialsObject;
    }

    public static CredentialsObject fromClearTextPassword(String str, String str2, String str3, Instant instant, Instant instant2) {
        Objects.requireNonNull(str3);
        CredentialsObject credentialsObject = new CredentialsObject(str, str2, "hashed-password");
        credentialsObject.addSecret(hashedPasswordSecretForClearTextPassword(str3, instant, instant2));
        return credentialsObject;
    }

    public static JsonObject hashedPasswordSecretForPasswordHash(String str, String str2, Instant instant, Instant instant2, byte[] bArr) {
        return hashedPasswordSecretForPasswordHash(str, str2, instant, instant2, (String) Optional.ofNullable(bArr).map(bArr2 -> {
            return Base64.getEncoder().encodeToString(bArr2);
        }).orElse(null));
    }

    public static JsonObject hashedPasswordSecretForPasswordHash(String str, String str2, Instant instant, Instant instant2, String str3) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        JsonObject emptySecret = emptySecret(instant, instant2);
        emptySecret.put("hash-function", str2);
        if (str3 != null) {
            emptySecret.put("salt", str3);
        }
        emptySecret.put("pwd-hash", str);
        return emptySecret;
    }

    public static JsonObject hashedPasswordSecretForClearTextPassword(String str, Instant instant, Instant instant2) {
        Objects.requireNonNull(str);
        JsonObject emptySecret = emptySecret(instant, instant2);
        emptySecret.put("pwd-plain", str);
        return emptySecret;
    }

    public static CredentialsObject fromPresharedKey(String str, String str2, byte[] bArr, Instant instant, Instant instant2) {
        Objects.requireNonNull(bArr);
        CredentialsObject credentialsObject = new CredentialsObject(str, str2, "psk");
        JsonObject emptySecret = emptySecret(instant, instant2);
        emptySecret.put("key", Base64.getEncoder().encodeToString(bArr));
        credentialsObject.addSecret(emptySecret);
        return credentialsObject;
    }

    public static CredentialsObject fromClientCertificate(String str, X509Certificate x509Certificate, Instant instant, Instant instant2) {
        Objects.requireNonNull(x509Certificate);
        return fromSubjectDn(str, x509Certificate.getSubjectX500Principal(), instant, instant2);
    }

    public static CredentialsObject fromSubjectDn(String str, X500Principal x500Principal, Instant instant, Instant instant2) {
        Objects.requireNonNull(x500Principal);
        CredentialsObject credentialsObject = new CredentialsObject(str, x500Principal.getName("RFC2253"), "x509-cert");
        credentialsObject.addSecret(emptySecret(instant, instant2));
        return credentialsObject;
    }
}
