package org.usergrid.security.tokens.cassandra;

import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import me.prettyprint.cassandra.serializers.ByteBufferSerializer;
import me.prettyprint.cassandra.serializers.LongSerializer;
import me.prettyprint.cassandra.serializers.StringSerializer;
import me.prettyprint.cassandra.serializers.UUIDSerializer;
import me.prettyprint.hector.api.Serializer;
import me.prettyprint.hector.api.beans.HColumn;
import me.prettyprint.hector.api.factory.HFactory;
import me.prettyprint.hector.api.mutation.Mutator;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.util.Assert;
import org.usergrid.persistence.EntityManagerFactory;
import org.usergrid.persistence.cassandra.CassandraPersistenceUtils;
import org.usergrid.persistence.cassandra.CassandraService;
import org.usergrid.persistence.entities.Application;
import org.usergrid.security.AuthPrincipalInfo;
import org.usergrid.security.AuthPrincipalType;
import org.usergrid.security.tokens.TokenCategory;
import org.usergrid.security.tokens.TokenInfo;
import org.usergrid.security.tokens.TokenService;
import org.usergrid.security.tokens.exceptions.BadTokenException;
import org.usergrid.security.tokens.exceptions.ExpiredTokenException;
import org.usergrid.security.tokens.exceptions.InvalidTokenException;
import org.usergrid.utils.ConversionUtils;
import org.usergrid.utils.JsonUtils;
import org.usergrid.utils.MapUtils;
import org.usergrid.utils.UUIDUtils;

/* loaded from: input_file:usergrid-services-0.0.12.jar:org/usergrid/security/tokens/cassandra/TokenServiceImpl.class */
public class TokenServiceImpl implements TokenService {
    public static final String PROPERTIES_AUTH_TOKEN_SECRET_SALT = "usergrid.auth.token_secret_salt";
    public static final String PROPERTIES_AUTH_TOKEN_EXPIRES_FROM_LAST_USE = "usergrid.auth.token_expires_from_last_use";
    public static final String PROPERTIES_AUTH_TOKEN_REFRESH_REUSES_ID = "usergrid.auth.token_refresh_reuses_id";
    private static final String TOKEN_UUID = "uuid";
    private static final String TOKEN_TYPE = "type";
    private static final String TOKEN_CREATED = "created";
    private static final String TOKEN_ACCESSED = "accessed";
    private static final String TOKEN_INACTIVE = "inactive";
    private static final String TOKEN_DURATION = "duration";
    private static final String TOKEN_PRINCIPAL_TYPE = "principal";
    private static final String TOKEN_ENTITY = "entity";
    private static final String TOKEN_APPLICATION = "application";
    private static final String TOKEN_STATE = "state";
    private static final String TOKEN_TYPE_ACCESS = "access";
    private static final HashSet<String> REQUIRED_TOKEN_PROPERTIES;
    public static final String TOKEN_SECRET_SALT = "super secret token value";
    public static final long SHORT_TOKEN_AGE = 86400000;
    public static final long LONG_TOKEN_AGE = 604800000;
    String tokenSecretSalt = TOKEN_SECRET_SALT;
    long maxPersistenceTokenAge = 604800000;
    Map<TokenCategory, Long> tokenExpirations = MapUtils.hashMap(TokenCategory.ACCESS, 86400000L).map(TokenCategory.REFRESH, 604800000L).map(TokenCategory.EMAIL, 604800000L).map(TokenCategory.OFFLINE, 604800000L);
    long maxAccessTokenAge = 86400000;
    long maxRefreshTokenAge = 604800000;
    long maxEmailTokenAge = 604800000;
    long maxOfflineTokenAge = 604800000;
    protected CassandraService cassandra;
    protected Properties properties;
    protected EntityManagerFactory emf;
    private static final int MAX_TTL = 630720000;
    private static final Logger logger = LoggerFactory.getLogger(TokenServiceImpl.class);
    private static final ByteBufferSerializer BUFF_SER = ByteBufferSerializer.get();
    private static final StringSerializer STR_SER = StringSerializer.get();
    private static final HashSet<String> TOKEN_PROPERTIES = new HashSet<>();

    long getExpirationProperty(String str, long j) {
        long parseLong = Long.parseLong(this.properties.getProperty("usergrid.auth.token." + str + ".expires", "" + j));
        return parseLong > 0 ? parseLong : j;
    }

    long getExpirationForTokenType(TokenCategory tokenCategory) {
        Long l = this.tokenExpirations.get(tokenCategory);
        if (l != null) {
            return l.longValue();
        }
        return 86400000L;
    }

    void setExpirationFromProperties(String str) {
        TokenCategory valueOf = TokenCategory.valueOf(str.toUpperCase());
        long parseLong = Long.parseLong(this.properties.getProperty("usergrid.auth.token." + str + ".expires", "" + getExpirationForTokenType(valueOf)));
        if (parseLong > 0) {
            this.tokenExpirations.put(valueOf, Long.valueOf(parseLong));
        }
        logger.info("{} token expires after {} seconds", str, Long.valueOf(getExpirationForTokenType(valueOf) / 1000));
    }

    @Autowired
    public void setProperties(Properties properties) {
        this.properties = properties;
        if (properties != null) {
            this.maxPersistenceTokenAge = getExpirationProperty("persistence", this.maxPersistenceTokenAge);
            setExpirationFromProperties(TOKEN_TYPE_ACCESS);
            setExpirationFromProperties("refresh");
            setExpirationFromProperties("email");
            setExpirationFromProperties("offline");
            this.tokenSecretSalt = properties.getProperty(PROPERTIES_AUTH_TOKEN_SECRET_SALT, TOKEN_SECRET_SALT);
        }
    }

    @Override // org.usergrid.security.tokens.TokenService
    public String createToken(TokenCategory tokenCategory, String str, Map<String, Object> map) throws Exception {
        return createToken(tokenCategory, str, null, map);
    }

    @Override // org.usergrid.security.tokens.TokenService
    public String createToken(AuthPrincipalInfo authPrincipalInfo) throws Exception {
        return createToken(TokenCategory.ACCESS, null, authPrincipalInfo, null);
    }

    @Override // org.usergrid.security.tokens.TokenService
    public String createToken(AuthPrincipalInfo authPrincipalInfo, Map<String, Object> map) throws Exception {
        return createToken(TokenCategory.ACCESS, null, authPrincipalInfo, map);
    }

    @Override // org.usergrid.security.tokens.TokenService
    public String createToken(TokenCategory tokenCategory, String str, AuthPrincipalInfo authPrincipalInfo, Map<String, Object> map) throws Exception {
        return createToken(tokenCategory, str, authPrincipalInfo, map, 0L);
    }

    @Override // org.usergrid.security.tokens.TokenService
    public String createToken(TokenCategory tokenCategory, String str, AuthPrincipalInfo authPrincipalInfo, Map<String, Object> map, long j) throws Exception {
        long maxTtl = getMaxTtl(authPrincipalInfo);
        if (j > maxTtl) {
            throw new IllegalArgumentException(String.format("Your token age cannot be more than the maxium age of %d milliseconds", Long.valueOf(maxTtl)));
        }
        if (j == 0) {
            j = maxTtl;
        }
        if (authPrincipalInfo != null) {
            Assert.notNull(authPrincipalInfo.getType());
            Assert.notNull(authPrincipalInfo.getApplicationId());
            Assert.notNull(authPrincipalInfo.getUuid());
        }
        UUID newTimeUUID = UUIDUtils.newTimeUUID();
        long timestampInMillis = UUIDUtils.getTimestampInMillis(newTimeUUID);
        if (str == null) {
            str = TOKEN_TYPE_ACCESS;
        }
        putTokenInfo(new TokenInfo(newTimeUUID, str, timestampInMillis, timestampInMillis, 0L, j, authPrincipalInfo, map));
        return getTokenForUUID(tokenCategory, newTimeUUID);
    }

    @Override // org.usergrid.security.tokens.TokenService
    public TokenInfo getTokenInfo(String str) throws Exception {
        TokenInfo tokenInfo = null;
        UUID uUIDForToken = getUUIDForToken(str);
        if (uUIDForToken != null) {
            tokenInfo = getTokenInfo(uUIDForToken);
            if (tokenInfo != null) {
                long currentTimeMillis = System.currentTimeMillis();
                long maxTtl = getMaxTtl(tokenInfo.getPrincipal());
                Mutator createMutator = HFactory.createMutator(this.cassandra.getSystemKeyspace(), UUIDSerializer.get());
                createMutator.addInsertion((Mutator) uUIDForToken, "Tokens", HFactory.createColumn(TOKEN_ACCESSED, Long.valueOf(currentTimeMillis), calcTokenTime(tokenInfo.getExpiration(maxTtl)), (Serializer<String>) StringSerializer.get(), (Serializer<Long>) LongSerializer.get()));
                long accessed = currentTimeMillis - tokenInfo.getAccessed();
                if (accessed > tokenInfo.getInactive()) {
                    createMutator.addInsertion((Mutator) uUIDForToken, "Tokens", HFactory.createColumn(TOKEN_INACTIVE, Long.valueOf(accessed), calcTokenTime(tokenInfo.getExpiration(maxTtl)), (Serializer<String>) StringSerializer.get(), (Serializer<Long>) LongSerializer.get()));
                    tokenInfo.setInactive(accessed);
                }
                createMutator.execute();
            }
        }
        return tokenInfo;
    }

    private long getMaxTtl(AuthPrincipalInfo authPrincipalInfo) throws Exception {
        Application application;
        if (authPrincipalInfo != null && (application = this.emf.getEntityManager(authPrincipalInfo.getApplicationId()).getApplication()) != null) {
            long j = this.maxPersistenceTokenAge;
            if (application.getAccesstokenttl() != null) {
                j = application.getAccesstokenttl().longValue();
                if (j == 0) {
                    j = Long.MAX_VALUE;
                }
            }
            return j;
        }
        return this.maxPersistenceTokenAge;
    }

    @Override // org.usergrid.security.tokens.TokenService
    public String refreshToken(String str) throws Exception {
        TokenInfo tokenInfo = getTokenInfo(getUUIDForToken(str));
        if (tokenInfo == null) {
            throw new InvalidTokenException("Token not found in database");
        }
        putTokenInfo(tokenInfo);
        return getTokenForUUID(TokenCategory.ACCESS, tokenInfo.getUuid());
    }

    @Override // org.usergrid.security.tokens.TokenService
    public void removeTokens(AuthPrincipalInfo authPrincipalInfo) throws Exception {
        List<UUID> tokenUUIDS = getTokenUUIDS(authPrincipalInfo);
        Mutator createMutator = HFactory.createMutator(this.cassandra.getSystemKeyspace(), BUFF_SER);
        Iterator<UUID> it = tokenUUIDS.iterator();
        while (it.hasNext()) {
            createMutator.addDeletion((Mutator) ConversionUtils.bytebuffer(it.next()), "Tokens");
        }
        createMutator.addDeletion((Mutator) principalKey(authPrincipalInfo), CassandraService.PRINCIPAL_TOKEN_CF);
        createMutator.execute();
    }

    @Override // org.usergrid.security.tokens.TokenService
    public void revokeToken(String str) {
        try {
            TokenInfo tokenInfo = getTokenInfo(str);
            UUID uuid = tokenInfo.getUuid();
            Mutator createMutator = HFactory.createMutator(this.cassandra.getSystemKeyspace(), BUFF_SER);
            if (tokenInfo.getPrincipal() != null) {
                createMutator.addDeletion(principalKey(tokenInfo.getPrincipal()), CassandraService.PRINCIPAL_TOKEN_CF, ConversionUtils.bytebuffer(uuid), BUFF_SER);
            }
            createMutator.addDeletion((Mutator) ConversionUtils.bytebuffer(uuid), "Tokens");
            createMutator.execute();
        } catch (Exception e) {
            logger.error("Unable to find token with the specified value ignoring request.  Value : {}", str);
        }
    }

    private TokenInfo getTokenInfo(UUID uuid) throws Exception {
        if (uuid == null) {
            throw new InvalidTokenException("No token specified");
        }
        Map<String, ByteBuffer> columnMap = CassandraPersistenceUtils.getColumnMap(this.cassandra.getColumns(this.cassandra.getSystemKeyspace(), "Tokens", uuid, TOKEN_PROPERTIES, StringSerializer.get(), ByteBufferSerializer.get()));
        if (!MapUtils.hasKeys(columnMap, REQUIRED_TOKEN_PROPERTIES)) {
            throw new InvalidTokenException("Token not found in database");
        }
        String string = ConversionUtils.string(columnMap.get("type"));
        long j = ConversionUtils.getLong(columnMap.get("created"));
        long j2 = ConversionUtils.getLong(columnMap.get(TOKEN_ACCESSED));
        long j3 = ConversionUtils.getLong(columnMap.get(TOKEN_INACTIVE));
        long j4 = ConversionUtils.getLong(columnMap.get("duration"));
        String string2 = ConversionUtils.string(columnMap.get(TOKEN_PRINCIPAL_TYPE));
        AuthPrincipalType authPrincipalType = null;
        if (string2 != null) {
            try {
                authPrincipalType = AuthPrincipalType.valueOf(string2.toUpperCase());
            } catch (IllegalArgumentException e) {
            }
        }
        AuthPrincipalInfo authPrincipalInfo = null;
        if (authPrincipalType != null) {
            authPrincipalInfo = new AuthPrincipalInfo(authPrincipalType, ConversionUtils.uuid(columnMap.get("entity")), ConversionUtils.uuid(columnMap.get("application")));
        }
        return new TokenInfo(uuid, string, j, j2, j3, j4, authPrincipalInfo, (Map) JsonUtils.fromByteBuffer(columnMap.get("state")));
    }

    private void putTokenInfo(TokenInfo tokenInfo) throws Exception {
        ByteBuffer bytebuffer = ConversionUtils.bytebuffer(tokenInfo.getUuid());
        Mutator createMutator = HFactory.createMutator(this.cassandra.getSystemKeyspace(), BUFF_SER);
        int calcTokenTime = calcTokenTime(tokenInfo.getDuration());
        createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn("uuid", ConversionUtils.bytebuffer(tokenInfo.getUuid()), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
        createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn("type", ConversionUtils.bytebuffer(tokenInfo.getType()), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
        createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn("created", ConversionUtils.bytebuffer(Long.valueOf(tokenInfo.getCreated())), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
        createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn(TOKEN_ACCESSED, ConversionUtils.bytebuffer(Long.valueOf(tokenInfo.getAccessed())), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
        createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn(TOKEN_INACTIVE, ConversionUtils.bytebuffer(Long.valueOf(tokenInfo.getInactive())), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
        createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn("duration", ConversionUtils.bytebuffer(Long.valueOf(tokenInfo.getDuration())), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
        if (tokenInfo.getPrincipal() != null) {
            AuthPrincipalInfo principal = tokenInfo.getPrincipal();
            createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn(TOKEN_PRINCIPAL_TYPE, ConversionUtils.bytebuffer(principal.getType().toString().toLowerCase()), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
            createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn("entity", ConversionUtils.bytebuffer(principal.getUuid()), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
            createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn("application", ConversionUtils.bytebuffer(principal.getApplicationId()), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
            createMutator.addInsertion((Mutator) principalKey(principal), CassandraService.PRINCIPAL_TOKEN_CF, HFactory.createColumn(bytebuffer, ConversionUtils.HOLDER, calcTokenTime, (Serializer<ByteBuffer>) BUFF_SER, (Serializer<ByteBuffer>) BUFF_SER));
        }
        if (tokenInfo.getState() != null) {
            createMutator.addInsertion((Mutator) bytebuffer, "Tokens", HFactory.createColumn("state", JsonUtils.toByteBuffer(tokenInfo.getState()), calcTokenTime, (Serializer<String>) STR_SER, (Serializer<ByteBuffer>) BUFF_SER));
        }
        createMutator.execute();
    }

    private List<UUID> getTokenUUIDS(AuthPrincipalInfo authPrincipalInfo) throws Exception {
        List<HColumn<ByteBuffer, ByteBuffer>> columns = this.cassandra.getColumns(this.cassandra.getSystemKeyspace(), CassandraService.PRINCIPAL_TOKEN_CF, principalKey(authPrincipalInfo), null, null, Integer.MAX_VALUE, false);
        ArrayList arrayList = new ArrayList(columns.size());
        Iterator<HColumn<ByteBuffer, ByteBuffer>> it = columns.iterator();
        while (it.hasNext()) {
            arrayList.add(ConversionUtils.uuid(it.next().getName()));
        }
        return arrayList;
    }

    private ByteBuffer principalKey(AuthPrincipalInfo authPrincipalInfo) {
        ByteBuffer allocate = ByteBuffer.allocate(66);
        allocate.put(ConversionUtils.bytes(authPrincipalInfo.getApplicationId()));
        allocate.put(ConversionUtils.bytes(authPrincipalInfo.getUuid()));
        allocate.put(ConversionUtils.bytes(authPrincipalInfo.getType().getPrefix()));
        allocate.rewind();
        return allocate;
    }

    private UUID getUUIDForToken(String str) throws ExpiredTokenException, BadTokenException {
        TokenCategory fromBase64String = TokenCategory.getFromBase64String(str);
        byte[] decodeBase64 = Base64.decodeBase64(str.substring(4));
        UUID uuid = ConversionUtils.uuid(decodeBase64);
        long timestampInMillis = UUIDUtils.getTimestampInMillis(uuid);
        if (getExpirationForTokenType(fromBase64String) > 0 && System.currentTimeMillis() > timestampInMillis + getExpirationForTokenType(fromBase64String)) {
            throw new ExpiredTokenException("Token expired " + (System.currentTimeMillis() - (timestampInMillis + getExpirationForTokenType(fromBase64String))) + " millisecons ago.");
        }
        int i = 16;
        long j = Long.MAX_VALUE;
        if (fromBase64String.getExpires()) {
            j = ByteBuffer.wrap(decodeBase64, 16, 8).getLong();
            i = 24;
        }
        ByteBuffer allocate = ByteBuffer.allocate(20);
        allocate.put(DigestUtils.sha(fromBase64String.getPrefix() + uuid + this.tokenSecretSalt + j));
        allocate.rewind();
        if (ByteBuffer.wrap(decodeBase64, i, 20).equals(allocate)) {
            return uuid;
        }
        throw new BadTokenException("Invalid token signature");
    }

    @Override // org.usergrid.security.tokens.TokenService
    public long getMaxTokenAge(String str) {
        TokenCategory fromBase64String = TokenCategory.getFromBase64String(str);
        byte[] decodeBase64 = Base64.decodeBase64(str.substring(4));
        long timestampInMillis = UUIDUtils.getTimestampInMillis(ConversionUtils.uuid(decodeBase64));
        if (fromBase64String.getExpires()) {
            return ByteBuffer.wrap(decodeBase64, 16, 8).getLong() - timestampInMillis;
        }
        return Long.MAX_VALUE;
    }

    public long getMaxPersistenceTokenAge() {
        return this.maxPersistenceTokenAge;
    }

    @Autowired
    @Qualifier("cassandraService")
    public void setCassandraService(CassandraService cassandraService) {
        this.cassandra = cassandraService;
    }

    @Autowired
    public void setEntityManagerFactory(EntityManagerFactory entityManagerFactory) {
        this.emf = entityManagerFactory;
    }

    private String getTokenForUUID(TokenCategory tokenCategory, UUID uuid) {
        int i = 36;
        if (tokenCategory.getExpires()) {
            i = 36 + 8;
        }
        ByteBuffer allocate = ByteBuffer.allocate(i);
        allocate.put(ConversionUtils.bytes(uuid));
        long j = Long.MAX_VALUE;
        if (tokenCategory.getExpires()) {
            j = UUIDUtils.getTimestampInMillis(uuid) + getExpirationForTokenType(tokenCategory);
            allocate.putLong(j);
        }
        allocate.put(DigestUtils.sha(tokenCategory.getPrefix() + uuid + this.tokenSecretSalt + j));
        return tokenCategory.getBase64Prefix() + Base64.encodeBase64URLSafeString(allocate.array());
    }

    private int calcTokenTime(long j) {
        long j2 = j / 1000;
        int i = (int) j2;
        if (i != j2) {
            i = (Integer.MAX_VALUE - ((int) (System.currentTimeMillis() / 1000))) - 120;
        }
        if (i > 630720000) {
            i = 630720000;
        }
        return i;
    }

    static {
        TOKEN_PROPERTIES.add("uuid");
        TOKEN_PROPERTIES.add("type");
        TOKEN_PROPERTIES.add("created");
        TOKEN_PROPERTIES.add(TOKEN_ACCESSED);
        TOKEN_PROPERTIES.add(TOKEN_INACTIVE);
        TOKEN_PROPERTIES.add(TOKEN_PRINCIPAL_TYPE);
        TOKEN_PROPERTIES.add("entity");
        TOKEN_PROPERTIES.add("application");
        TOKEN_PROPERTIES.add("state");
        TOKEN_PROPERTIES.add("duration");
        REQUIRED_TOKEN_PROPERTIES = new HashSet<>();
        REQUIRED_TOKEN_PROPERTIES.add("uuid");
        REQUIRED_TOKEN_PROPERTIES.add("type");
        REQUIRED_TOKEN_PROPERTIES.add("created");
        REQUIRED_TOKEN_PROPERTIES.add(TOKEN_ACCESSED);
        REQUIRED_TOKEN_PROPERTIES.add(TOKEN_INACTIVE);
        REQUIRED_TOKEN_PROPERTIES.add("duration");
    }
}
