package at.itsv.security.servicesecurity.tokenbased.timestampednonce;

import at.itsv.commons.config.keyvalue.KeyValueConfiguration;
import at.itsv.security.servicesecurity.management.ManagementRegistry;
import at.itsv.security.servicesecurity.timestamp.Interval;
import at.itsv.security.servicesecurity.tokenbased.TokenAuthenticator;
import at.itsv.security.servicesecurity.tokenbased.TokenNotAuthenticException;
import at.itsv.security.servicesecurity.tokenbased.common.AbstractTimeAndNonceTokenAuthenticatorFactory;
import at.itsv.security.servicesecurity.tokenbased.nonce.Nonce;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.util.Objects;

/* loaded from: input_file:at/itsv/security/servicesecurity/tokenbased/timestampednonce/TimestampCheckingTokenAuthenticatorFactory.class */
public final class TimestampCheckingTokenAuthenticatorFactory extends AbstractTimeAndNonceTokenAuthenticatorFactory<TimestampedNonceToken, Nonce, Nonce, UsedNonce> {
    public static final String OPTION_CREATED_TIMESTAMP_TTL = "createdTimestampTTL";
    public static final String OPTION_CREATED_TIMESTAMP_FUTURE_TTL = "createdTimestampFutureTTL";
    public static final Duration DEFAULT_CREATED_TIMESTAMP_TTL = Duration.ofMinutes(5);
    public static final Duration DEFAULT_CREATED_TIMESTAMP_FUTURE_TTL = Duration.ofMinutes(1);

    public TimestampCheckingTokenAuthenticatorFactory(ManagementRegistry managementRegistry) {
        super(managementRegistry);
    }

    TimestampCheckingTokenAuthenticatorFactory(ManagementRegistry managementRegistry, Clock clock) {
        super(managementRegistry, clock);
    }

    @Override // at.itsv.security.servicesecurity.tokenbased.TokenAuthenticatorFactory
    public TokenAuthenticator<TimestampedNonceToken> authenticator(String str, KeyValueConfiguration keyValueConfiguration) {
        Objects.requireNonNull(keyValueConfiguration, "configuration");
        TokenAuthenticator tokenAuthenticator = TimestampCheckingTokenAuthenticatorFactory::authenticatePassword;
        TokenAuthenticator<TimestampedNonceToken> andThen = tokenAuthenticator.andThen(createdAuthenticator(keyValueConfiguration));
        return nonceValidationEnabled(keyValueConfiguration) ? andThen.andThen(new NonceAuthenticator(nonceStore(str, keyValueConfiguration), nonceLifetime(keyValueConfiguration), this.clock)) : andThen;
    }

    TokenAuthenticator<TimestampedNonceToken> createdAuthenticator(KeyValueConfiguration keyValueConfiguration) {
        return createdAuthenticator(Interval.of((Duration) keyValueConfiguration.valueOf(OPTION_CREATED_TIMESTAMP_TTL).map((v0) -> {
            return Duration.parse(v0);
        }).orElse(DEFAULT_CREATED_TIMESTAMP_TTL), (Duration) keyValueConfiguration.valueOf(OPTION_CREATED_TIMESTAMP_FUTURE_TTL).map((v0) -> {
            return Duration.parse(v0);
        }).orElse(DEFAULT_CREATED_TIMESTAMP_FUTURE_TTL)));
    }

    TokenAuthenticator<TimestampedNonceToken> createdAuthenticator(Interval interval) {
        return (timestampedNonceToken, str) -> {
            Instant created = timestampedNonceToken.created();
            if (created == null) {
                throw new TokenNotAuthenticException("Kein Created-Timestamp geliefert");
            }
            if (!interval.contains(created, this.clock.instant())) {
                throw new TokenNotAuthenticException("Created-Timestamp liegt ausserhalb der Gueltigkeit");
            }
        };
    }

    static void authenticatePassword(TimestampedNonceToken timestampedNonceToken, String str) throws TokenNotAuthenticException {
        if (!new SimpleImmutableDigestable(timestampedNonceToken.nonce(), timestampedNonceToken.created(), timestampedNonceToken.createdAsString(), str, timestampedNonceToken.realmToken()).digest().passwordDigest().equals(timestampedNonceToken.passwordDigest())) {
            throw new TokenNotAuthenticException("Ungueltiges Passwort");
        }
    }
}
