package org.nuxeo.ecm.tokenauth.service;

import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.ClientRuntimeException;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.directory.BaseSession;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.ecm.tokenauth.TokenAuthenticationException;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/tokenauth/service/TokenAuthenticationServiceImpl.class */
public class TokenAuthenticationServiceImpl implements TokenAuthenticationService {
    private static final long serialVersionUID = 35041039370298705L;
    private static final Log log = LogFactory.getLog(TokenAuthenticationServiceImpl.class);
    protected static final String DIRECTORY_NAME = "authTokens";
    protected static final String DIRECTORY_SCHEMA = "authtoken";
    protected static final String USERNAME_FIELD = "userName";
    protected static final String TOKEN_FIELD = "token";
    protected static final String APPLICATION_NAME_FIELD = "applicationName";
    protected static final String DEVICE_ID_FIELD = "deviceId";
    protected static final String DEVICE_DESCRIPTION_FIELD = "deviceDescription";
    protected static final String PERMISSION_FIELD = "permission";
    protected static final String CREATION_DATE_FIELD = "creationDate";

    @Override // org.nuxeo.ecm.tokenauth.service.TokenAuthenticationService
    public String acquireToken(String str, String str2, String str3, String str4, String str5) throws TokenAuthenticationException {
        String token = getToken(str, str2, str3);
        if (token != null) {
            return token;
        }
        if (StringUtils.isEmpty(str5)) {
            throw new TokenAuthenticationException("The permission parameter is mandatory to acquire an authentication token.");
        }
        Session session = null;
        try {
            try {
                DirectoryService directoryService = (DirectoryService) Framework.getLocalService(DirectoryService.class);
                session = directoryService.open(DIRECTORY_NAME);
                String uuid = UUID.randomUUID().toString();
                DocumentModel bareAuthTokenModel = getBareAuthTokenModel(directoryService);
                bareAuthTokenModel.setProperty(DIRECTORY_SCHEMA, TOKEN_FIELD, uuid);
                bareAuthTokenModel.setProperty(DIRECTORY_SCHEMA, USERNAME_FIELD, str);
                bareAuthTokenModel.setProperty(DIRECTORY_SCHEMA, APPLICATION_NAME_FIELD, str2);
                bareAuthTokenModel.setProperty(DIRECTORY_SCHEMA, DEVICE_ID_FIELD, str3);
                if (!StringUtils.isEmpty(str4)) {
                    bareAuthTokenModel.setProperty(DIRECTORY_SCHEMA, DEVICE_DESCRIPTION_FIELD, str4);
                }
                bareAuthTokenModel.setProperty(DIRECTORY_SCHEMA, PERMISSION_FIELD, str5);
                Calendar calendar = Calendar.getInstance();
                calendar.setTimeInMillis(System.currentTimeMillis());
                bareAuthTokenModel.setProperty(DIRECTORY_SCHEMA, CREATION_DATE_FIELD, calendar);
                session.createEntry(bareAuthTokenModel);
                log.debug(String.format("Generated unique token for the (userName, applicationName, deviceId) triplet: ('%s', '%s', '%s'), returning it.", str, str2, str3));
                if (session != null) {
                    try {
                        session.close();
                    } catch (DirectoryException e) {
                        throw new ClientRuntimeException(e);
                    }
                }
                return uuid;
            } catch (ClientException e2) {
                throw new ClientRuntimeException(e2);
            }
        } catch (Throwable th) {
            if (session != null) {
                try {
                    session.close();
                } catch (DirectoryException e3) {
                    throw new ClientRuntimeException(e3);
                }
            }
            throw th;
        }
    }

    @Override // org.nuxeo.ecm.tokenauth.service.TokenAuthenticationService
    public String getToken(String str, String str2, String str3) throws TokenAuthenticationException {
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2) || StringUtils.isEmpty(str3)) {
            throw new TokenAuthenticationException("The following parameters are mandatory to get an authentication token: userName, applicationName, deviceId.");
        }
        Session session = null;
        try {
            try {
                Session open = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(DIRECTORY_NAME);
                HashMap hashMap = new HashMap();
                hashMap.put(USERNAME_FIELD, str);
                hashMap.put(APPLICATION_NAME_FIELD, str2);
                hashMap.put(DEVICE_ID_FIELD, str3);
                DocumentModelList query = open.query(hashMap);
                if (query.isEmpty()) {
                    log.debug(String.format("No token found for the (userName, applicationName, deviceId) triplet: ('%s', '%s', '%s'), returning null.", str, str2, str3));
                    if (open != null) {
                        try {
                            open.close();
                        } catch (DirectoryException e) {
                            throw new ClientRuntimeException(e);
                        }
                    }
                    return null;
                }
                if (query.size() > 1) {
                    throw new ClientRuntimeException(String.format("Found multiple tokens for the (userName, applicationName, deviceId) triplet: ('%s', '%s', '%s'), this is inconsistent.", str, str2, str3));
                }
                log.debug(String.format("Found token for the (userName, applicationName, deviceId) triplet: ('%s', '%s', '%s'), returning it.", str, str2, str3));
                String id = ((DocumentModel) query.get(0)).getId();
                if (open != null) {
                    try {
                        open.close();
                    } catch (DirectoryException e2) {
                        throw new ClientRuntimeException(e2);
                    }
                }
                return id;
            } catch (ClientException e3) {
                throw new ClientRuntimeException(e3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    session.close();
                } catch (DirectoryException e4) {
                    throw new ClientRuntimeException(e4);
                }
            }
            throw th;
        }
    }

    @Override // org.nuxeo.ecm.tokenauth.service.TokenAuthenticationService
    public String getUserName(String str) {
        Session session = null;
        try {
            try {
                Session open = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(DIRECTORY_NAME);
                DocumentModel entry = open.getEntry(str);
                if (entry == null) {
                    log.debug(String.format("Found no user name bound to the token: '%s', returning null.", str));
                    if (open != null) {
                        try {
                            open.close();
                        } catch (DirectoryException e) {
                            throw new ClientRuntimeException(e);
                        }
                    }
                    return null;
                }
                log.debug(String.format("Found a user name bound to the token: '%s', returning it.", str));
                String str2 = (String) entry.getProperty(DIRECTORY_SCHEMA, USERNAME_FIELD);
                if (open != null) {
                    try {
                        open.close();
                    } catch (DirectoryException e2) {
                        throw new ClientRuntimeException(e2);
                    }
                }
                return str2;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        session.close();
                    } catch (DirectoryException e3) {
                        throw new ClientRuntimeException(e3);
                    }
                }
                throw th;
            }
        } catch (ClientException e4) {
            throw new ClientRuntimeException(e4);
        }
    }

    @Override // org.nuxeo.ecm.tokenauth.service.TokenAuthenticationService
    public void revokeToken(String str) {
        Session session = null;
        try {
            try {
                session = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(DIRECTORY_NAME);
                session.deleteEntry(str);
                log.info(String.format("Deleted token: '%s' from the back-end.", str));
                if (session != null) {
                    try {
                        session.close();
                    } catch (DirectoryException e) {
                        throw new ClientRuntimeException(e);
                    }
                }
            } catch (Throwable th) {
                if (session != null) {
                    try {
                        session.close();
                    } catch (DirectoryException e2) {
                        throw new ClientRuntimeException(e2);
                    }
                }
                throw th;
            }
        } catch (ClientException e3) {
            throw new ClientRuntimeException(e3);
        }
    }

    @Override // org.nuxeo.ecm.tokenauth.service.TokenAuthenticationService
    public DocumentModelList getTokenBindings(String str) {
        Session session = null;
        try {
            try {
                session = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(DIRECTORY_NAME);
                HashMap hashMap = new HashMap();
                hashMap.put(USERNAME_FIELD, str);
                HashMap hashMap2 = new HashMap();
                hashMap2.put(CREATION_DATE_FIELD, "desc");
                DocumentModelList query = session.query(hashMap, Collections.emptySet(), hashMap2);
                if (session != null) {
                    try {
                        session.close();
                    } catch (DirectoryException e) {
                        throw new ClientRuntimeException(e);
                    }
                }
                return query;
            } catch (ClientException e2) {
                throw new ClientRuntimeException(e2);
            }
        } catch (Throwable th) {
            if (session != null) {
                try {
                    session.close();
                } catch (DirectoryException e3) {
                    throw new ClientRuntimeException(e3);
                }
            }
            throw th;
        }
    }

    protected DocumentModel getBareAuthTokenModel(DirectoryService directoryService) throws ClientException {
        return BaseSession.createEntryModel((String) null, directoryService.getDirectorySchema(DIRECTORY_NAME), (String) null, (Map) null);
    }
}
