package org.opensearch.identity.shiro;

import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.opensearch.common.Randomness;
import org.opensearch.identity.IdentityService;
import org.opensearch.identity.Subject;
import org.opensearch.identity.tokens.AuthToken;
import org.opensearch.identity.tokens.BasicAuthToken;
import org.opensearch.identity.tokens.OnBehalfOfClaims;
import org.opensearch.identity.tokens.TokenManager;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.PasswordGenerator;

/* loaded from: input_file:org/opensearch/identity/shiro/ShiroTokenManager.class */
class ShiroTokenManager implements TokenManager {
    private static final Logger log = LogManager.getLogger(IdentityService.class);
    private static Map<BasicAuthToken, String> shiroTokenPasswordMap = new HashMap();

    public Optional<AuthenticationToken> translateAuthToken(AuthToken authToken) {
        if (!(authToken instanceof BasicAuthToken)) {
            return Optional.empty();
        }
        BasicAuthToken basicAuthToken = (BasicAuthToken) authToken;
        return Optional.of(new UsernamePasswordToken(basicAuthToken.getUser(), basicAuthToken.getPassword()));
    }

    public AuthToken issueOnBehalfOfToken(Subject subject, OnBehalfOfClaims onBehalfOfClaims) {
        String generatePassword = generatePassword();
        BasicAuthToken basicAuthToken = new BasicAuthToken("Basic " + new String(Base64.getUrlEncoder().encode((onBehalfOfClaims.getAudience() + ":" + generatePassword).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        shiroTokenPasswordMap.put(basicAuthToken, generatePassword);
        return basicAuthToken;
    }

    public AuthToken issueServiceAccountToken(String str) {
        String generatePassword = generatePassword();
        BasicAuthToken basicAuthToken = new BasicAuthToken("Basic " + new String(Base64.getUrlEncoder().withoutPadding().encode((str + ":" + generatePassword).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        shiroTokenPasswordMap.put(basicAuthToken, generatePassword);
        return basicAuthToken;
    }

    public String getTokenInfo(AuthToken authToken) {
        if (authToken instanceof BasicAuthToken) {
            return ((BasicAuthToken) authToken).toString();
        }
        throw new UnsupportedAuthenticationToken();
    }

    public void revokeToken(AuthToken authToken) {
        if (!(authToken instanceof BasicAuthToken)) {
            throw new UnsupportedAuthenticationToken();
        }
        ((BasicAuthToken) authToken).revoke();
    }

    public void resetToken(AuthToken authToken) {
        if (authToken instanceof BasicAuthToken) {
            ((BasicAuthToken) authToken).revoke();
        }
    }

    public String generatePassword() {
        String generatePassword = new PasswordGenerator().generatePassword(Randomness.get().nextInt(8) + 8, Arrays.asList(new CharacterRule(EnglishCharacterData.LowerCase, 1), new CharacterRule(EnglishCharacterData.UpperCase, 1), new CharacterRule(EnglishCharacterData.Digit, 1), new CharacterRule(EnglishCharacterData.Special, 1)));
        log.info("Generated password: " + generatePassword);
        return generatePassword;
    }

    Map<BasicAuthToken, String> getShiroTokenPasswordMap() {
        return shiroTokenPasswordMap;
    }
}
