package swim.auth;

import swim.api.auth.AbstractAuthenticator;
import swim.api.auth.Credentials;
import swim.api.auth.Identity;
import swim.api.policy.PolicyDirective;
import swim.collections.FingerTrieSeq;
import swim.collections.HashTrieSet;
import swim.concurrent.TimerRef;
import swim.io.http.HttpInterface;
import swim.io.http.HttpSettings;
import swim.security.GoogleIdToken;
import swim.security.PublicKeyDef;
import swim.uri.Uri;
import swim.uri.UriAuthority;

/* loaded from: input_file:swim/auth/GoogleIdAuthenticator.class */
public class GoogleIdAuthenticator extends AbstractAuthenticator implements HttpInterface {
    protected final FingerTrieSeq<String> audiences;
    protected HashTrieSet<String> emails;
    protected final Uri publicKeyUri;
    protected final HttpSettings httpSettings;
    FingerTrieSeq<PublicKeyDef> publicKeyDefs;
    TimerRef publicKeyRefreshTimer;
    static final long PUBLIC_KEY_REFRESH_INTERVAL;

    public GoogleIdAuthenticator(FingerTrieSeq<String> fingerTrieSeq, HashTrieSet<String> hashTrieSet, Uri uri, HttpSettings httpSettings) {
        this.audiences = fingerTrieSeq;
        this.emails = hashTrieSet;
        this.publicKeyUri = uri;
        this.httpSettings = httpSettings;
        this.publicKeyDefs = FingerTrieSeq.empty();
    }

    public GoogleIdAuthenticator(GoogleIdAuthenticatorDef googleIdAuthenticatorDef) {
        this(googleIdAuthenticatorDef.audiences, googleIdAuthenticatorDef.emails, googleIdAuthenticatorDef.publicKeyUri, googleIdAuthenticatorDef.httpSettings);
    }

    public final FingerTrieSeq<String> audiences() {
        return this.audiences;
    }

    public final HashTrieSet<String> emails() {
        return this.emails;
    }

    public void addEmail(String str) {
        this.emails = this.emails.added(str);
    }

    public void removeEmail(String str) {
        this.emails = this.emails.removed(str);
    }

    public final Uri publicKeyUri() {
        return this.publicKeyUri;
    }

    public final HttpSettings httpSettings() {
        return this.httpSettings;
    }

    public PolicyDirective<Identity> authenticate(Credentials credentials) {
        GoogleIdToken verify;
        String stringValue = credentials.claims().get("idToken").stringValue((String) null);
        if (stringValue == null) {
            stringValue = credentials.claims().get("googleIdToken").stringValue((String) null);
        }
        if (stringValue == null || (verify = GoogleIdToken.verify(stringValue, this.publicKeyDefs)) == null) {
            return null;
        }
        if (this.emails.isEmpty() || this.emails.contains(verify.email())) {
            return PolicyDirective.allow(new Authenticated(credentials.requestUri(), credentials.fromUri(), verify.toValue()));
        }
        return null;
    }

    public final FingerTrieSeq<PublicKeyDef> publicKeyDefs() {
        return this.publicKeyDefs;
    }

    public void setPublicKeyDefs(FingerTrieSeq<PublicKeyDef> fingerTrieSeq) {
        this.publicKeyDefs = fingerTrieSeq;
    }

    public void refreshPublicKeys() {
        UriAuthority authority = this.publicKeyUri.authority();
        String hostAddress = authority.hostAddress();
        int portNumber = authority.portNumber();
        if (portNumber == 0) {
            portNumber = 443;
        }
        connectHttps(hostAddress, portNumber, new GoogleIdAuthenticatorPublicKeyClient(this), this.httpSettings);
    }

    public void didStart() {
        refreshPublicKeys();
        TimerRef timerRef = this.publicKeyRefreshTimer;
        if (timerRef != null) {
            timerRef.cancel();
        }
        this.publicKeyRefreshTimer = schedule().setTimer(PUBLIC_KEY_REFRESH_INTERVAL, new GoogleIdAuthenticatorPublicKeyRefreshTimer(this));
    }

    public void willStop() {
        TimerRef timerRef = this.publicKeyRefreshTimer;
        if (timerRef != null) {
            timerRef.cancel();
            this.publicKeyRefreshTimer = null;
        }
    }

    static {
        long j;
        try {
            j = Long.parseLong(System.getProperty("swim.auth.google.public.key.refresh.interval"));
        } catch (NumberFormatException e) {
            j = 3600000;
        }
        PUBLIC_KEY_REFRESH_INTERVAL = j;
    }
}
