package swim.linker;

import swim.api.auth.Authenticated;
import swim.api.auth.Credentials;
import swim.api.auth.Identity;
import swim.api.policy.PolicyDirective;
import swim.codec.Debug;
import swim.codec.Format;
import swim.codec.Output;
import swim.codec.ParserException;
import swim.collections.FingerTrieSeq;
import swim.collections.HashTrieSet;
import swim.concurrent.TimerRef;
import swim.io.TlsSettings;
import swim.io.http.HttpSettings;
import swim.security.GoogleIdToken;
import swim.security.PublicKeyDef;
import swim.structure.Form;
import swim.structure.Kind;
import swim.structure.Value;
import swim.uri.Uri;
import swim.uri.UriAuthority;
import swim.util.Murmur3;

/* loaded from: input_file:swim/linker/GoogleIdAuthDef.class */
public final class GoogleIdAuthDef extends AuthDef implements Debug {
    final FingerTrieSeq<String> audiences;
    HashTrieSet<String> emails;
    final Uri publicKeyUri;
    HttpSettings httpSettings;
    TimerRef publicKeyRefreshTimer;
    FingerTrieSeq<PublicKeyDef> publicKeyDefs;
    static final Uri PUBLIC_KEY_URI;
    static final long PUBLIC_KEY_REFRESH_INTERVAL;
    private static int hashSeed;
    private static Form<GoogleIdAuthDef> form;

    public GoogleIdAuthDef(FingerTrieSeq<String> fingerTrieSeq, HashTrieSet<String> hashTrieSet) {
        this(fingerTrieSeq, hashTrieSet, PUBLIC_KEY_URI);
    }

    public GoogleIdAuthDef(FingerTrieSeq<String> fingerTrieSeq, HashTrieSet<String> hashTrieSet, Uri uri) {
        this.audiences = fingerTrieSeq;
        this.emails = hashTrieSet;
        this.publicKeyUri = uri;
    }

    @Override // swim.linker.AuthDef
    public void setContext(AuthenticatorContext authenticatorContext) {
        super.setContext(authenticatorContext);
        refreshPublicKeys();
        if (this.publicKeyRefreshTimer != null) {
            this.publicKeyRefreshTimer.cancel();
        }
        this.publicKeyRefreshTimer = authenticatorContext.schedule().setTimer(PUBLIC_KEY_REFRESH_INTERVAL, new GoogleIdPublicKeyTimer(this));
    }

    public FingerTrieSeq<String> audiences() {
        return this.audiences;
    }

    public HashTrieSet<String> emails() {
        return this.emails;
    }

    public void addEmail(String str) {
        this.emails = this.emails.added(str);
    }

    public void removeEmail(String str) {
        this.emails = this.emails.removed(str);
    }

    public FingerTrieSeq<PublicKeyDef> getPublicKeyDefs() {
        return this.publicKeyDefs;
    }

    public void setPublicKeyDefs(FingerTrieSeq<PublicKeyDef> fingerTrieSeq) {
        this.publicKeyDefs = fingerTrieSeq;
    }

    public void refreshPublicKeys() {
        if (this.httpSettings == null) {
            this.httpSettings = HttpSettings.standard().tlsSettings(TlsSettings.standard());
        }
        UriAuthority authority = this.publicKeyUri.authority();
        String address = authority.host().address();
        int number = authority.port().number();
        if (number == 0) {
            number = 443;
        }
        this.context.endpoint().connectHttps(address, number, new GoogleIdPublicKeyClient(this), this.httpSettings);
    }

    @Override // swim.linker.AuthDef
    public PolicyDirective<Identity> authenticate(Credentials credentials) {
        GoogleIdToken verify;
        String stringValue = credentials.claims().get("idToken").stringValue((String) null);
        if (stringValue == null) {
            stringValue = credentials.claims().get("googleIdToken").stringValue((String) null);
        }
        if (stringValue == null || (verify = GoogleIdToken.verify(stringValue, this.publicKeyDefs)) == null) {
            return null;
        }
        if (this.emails.isEmpty() || this.emails.contains(verify.email())) {
            return PolicyDirective.allow(new Authenticated(credentials.requestUri(), credentials.fromUri(), verify.toValue()));
        }
        return null;
    }

    @Override // swim.linker.AuthDef
    public Value toValue() {
        return form().mold(this).toValue();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof GoogleIdAuthDef)) {
            return false;
        }
        GoogleIdAuthDef googleIdAuthDef = (GoogleIdAuthDef) obj;
        return this.audiences.equals(googleIdAuthDef.audiences) && this.emails.equals(googleIdAuthDef.emails) && this.publicKeyUri.equals(googleIdAuthDef.publicKeyUri);
    }

    public int hashCode() {
        if (hashSeed == 0) {
            hashSeed = Murmur3.seed(GoogleIdAuthDef.class);
        }
        return Murmur3.mash(Murmur3.mix(Murmur3.mix(Murmur3.mix(hashSeed, this.audiences.hashCode()), this.emails.hashCode()), this.publicKeyUri.hashCode()));
    }

    public void debug(Output<?> output) {
        Output debug = output.write("new").write(32).write("GoogleIdAuthDef").write(40).debug(this.audiences).write(", ").debug(this.emails);
        if (!PUBLIC_KEY_URI.equals(this.publicKeyUri)) {
            debug = debug.write(", ").debug(this.publicKeyUri);
        }
        debug.write(41);
    }

    public String toString() {
        return Format.debug(this);
    }

    @Kind
    public static Form<GoogleIdAuthDef> form() {
        if (form == null) {
            form = new GoogleIdAuthForm();
        }
        return form;
    }

    static {
        Uri parse;
        long j;
        try {
            parse = Uri.parse(System.getProperty("swim.auth.google.public.key.uri"));
        } catch (NullPointerException | ParserException e) {
            parse = Uri.parse("https://www.googleapis.com/oauth2/v3/certs");
        }
        PUBLIC_KEY_URI = parse;
        try {
            j = Long.parseLong(System.getProperty("swim.auth.google.public.key.refresh.interval"));
        } catch (NumberFormatException e2) {
            j = 3600000;
        }
        PUBLIC_KEY_REFRESH_INTERVAL = j;
    }
}
