package net.thevpc.nuts.runtime.standalone.security;

import java.util.Arrays;
import java.util.Map;
import net.thevpc.nuts.NutsBlankable;
import net.thevpc.nuts.NutsMessage;
import net.thevpc.nuts.NutsSecurityException;
import net.thevpc.nuts.NutsSession;
import net.thevpc.nuts.NutsWorkspace;
import net.thevpc.nuts.runtime.standalone.io.util.CoreSecurityUtils;
import net.thevpc.nuts.spi.NutsAuthenticationAgent;
import net.thevpc.nuts.spi.NutsSupportLevelContext;

/* loaded from: input_file:net/thevpc/nuts/runtime/standalone/security/AbstractNutsAuthenticationAgent.class */
public abstract class AbstractNutsAuthenticationAgent implements NutsAuthenticationAgent {
    private final String name;
    private NutsWorkspace ws;
    private int supportLevel;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/thevpc/nuts/runtime/standalone/security/AbstractNutsAuthenticationAgent$CredentialsId.class */
    public static class CredentialsId {
        char type;
        char[] value;

        public CredentialsId(char c, char[] cArr) {
            this.type = c;
            this.value = cArr;
        }
    }

    public AbstractNutsAuthenticationAgent(String str, int i) {
        this.name = str;
        this.supportLevel = i;
    }

    public String getId() {
        return this.name;
    }

    public boolean removeCredentials(char[] cArr, Map<String, String> map, NutsSession nutsSession) {
        extractId(cArr, nutsSession);
        return true;
    }

    public int getSupportLevel(NutsSupportLevelContext nutsSupportLevelContext) {
        return this.supportLevel;
    }

    public void checkCredentials(char[] cArr, char[] cArr2, Map<String, String> map, NutsSession nutsSession) {
        if (cArr2 == null || NutsBlankable.isBlank(new String(cArr2))) {
            throw new NutsSecurityException(nutsSession, NutsMessage.plain("missing old password"));
        }
        CredentialsId extractId = extractId(cArr, nutsSession);
        switch (extractId.type) {
            case 'B':
                if (Arrays.equals(extractId.value, encryptChars(cArr2, getPassphrase(map), nutsSession))) {
                    return;
                }
                break;
            case 'H':
                if (Arrays.equals(extractId.value, hashChars(cArr2, getPassphrase(map), nutsSession))) {
                    return;
                }
                break;
        }
        throw new NutsSecurityException(nutsSession, NutsMessage.plain("invalid login or password"));
    }

    private CredentialsId extractId(char[] cArr, NutsSession nutsSession) {
        if (cArr != null && !NutsBlankable.isBlank(new String(cArr))) {
            char[] charArray = (getId() + ":").toCharArray();
            if (cArr.length > charArray.length + 1) {
                boolean z = true;
                int i = 0;
                while (true) {
                    if (i >= charArray.length) {
                        break;
                    }
                    if (cArr[i] != charArray[i]) {
                        z = false;
                        break;
                    }
                    i++;
                }
                if (z && (cArr[charArray.length] == 'H' || cArr[charArray.length] == 'B')) {
                    return new CredentialsId(cArr[charArray.length], Arrays.copyOfRange(cArr, charArray.length + 1, cArr.length));
                }
            }
        }
        throw new NutsSecurityException(nutsSession, NutsMessage.cstyle("credential id must start with '%s:'", new Object[]{getId()}));
    }

    public char[] getCredentials(char[] cArr, Map<String, String> map, NutsSession nutsSession) {
        CredentialsId extractId = extractId(cArr, nutsSession);
        if (extractId.type == 'B') {
            return decryptChars(extractId.value, getPassphrase(map), nutsSession);
        }
        throw new NutsSecurityException(nutsSession, NutsMessage.plain("credential is hashed and cannot be retrived"));
    }

    public char[] createCredentials(char[] cArr, boolean z, char[] cArr2, Map<String, String> map, NutsSession nutsSession) {
        char[] hashChars;
        char c;
        if (cArr == null || NutsBlankable.isBlank(new String(cArr))) {
            return null;
        }
        if (z) {
            hashChars = encryptChars(cArr, getPassphrase(map), nutsSession);
            c = 'B';
        } else {
            hashChars = hashChars(cArr, getPassphrase(map), nutsSession);
            c = 'H';
        }
        String id = getId();
        char[] cArr3 = new char[id.length() + 2 + hashChars.length];
        System.arraycopy(id.toCharArray(), 0, cArr3, 0, id.length());
        cArr3[id.length()] = ':';
        cArr3[id.length() + 1] = c;
        System.arraycopy(hashChars, 0, cArr3, id.length() + 2, hashChars.length);
        return cArr3;
    }

    public String getPassphrase(Map<String, String> map) {
        String str = CoreSecurityUtils.DEFAULT_PASSPHRASE;
        if (map == null) {
            return str;
        }
        String str2 = map.get("nuts.authentication-agent.simple.passphrase");
        if (str2 == null) {
            str2 = str;
        }
        if (str2 == null || str2.isEmpty()) {
            str2 = str;
        }
        return str2;
    }

    protected abstract char[] decryptChars(char[] cArr, String str, NutsSession nutsSession);

    protected abstract char[] encryptChars(char[] cArr, String str, NutsSession nutsSession);

    protected abstract char[] hashChars(char[] cArr, String str, NutsSession nutsSession);
}
