package de.rcenvironment.core.component.authorization.impl;

import de.rcenvironment.core.authorization.api.AuthorizationAccessGroup;
import de.rcenvironment.core.authorization.api.AuthorizationPermissionSet;
import de.rcenvironment.core.authorization.api.AuthorizationService;
import de.rcenvironment.core.authorization.cryptography.api.CryptographyOperationsProvider;
import de.rcenvironment.core.component.api.ComponentConstants;
import de.rcenvironment.core.component.authorization.api.ComponentExecutionAuthorizationService;
import de.rcenvironment.core.component.authorization.api.RemotableComponentExecutionAuthorizationService;
import de.rcenvironment.core.component.management.api.LocalComponentRegistrationService;
import de.rcenvironment.core.toolkitbridge.transitional.ConcurrencyUtils;
import de.rcenvironment.core.utils.common.StringUtils;
import de.rcenvironment.core.utils.common.exception.OperationFailureException;
import de.rcenvironment.core.utils.common.security.AllowRemoteAccess;
import de.rcenvironment.toolkit.utils.common.IdGenerator;
import java.util.Deque;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component
/* loaded from: input_file:de/rcenvironment/core/component/authorization/impl/ComponentExecutionAuthorizationServiceImpl.class */
public class ComponentExecutionAuthorizationServiceImpl implements ComponentExecutionAuthorizationService, RemotableComponentExecutionAuthorizationService {
    private static final long TOKEN_LIFETIME_MSEC = TimeUnit.MINUTES.toMillis(5);
    private static final long GC_INTERVAL_MSEC = 15000;
    private static final int TOKEN_HEX_STRING_LENGTH = 32;
    private AuthorizationService authorizationService;
    private LocalComponentRegistrationService localComponentRegistrationService;
    private CryptographyOperationsProvider cryptographyOperationsProvider;
    private final Deque<String> gcQueue = new LinkedList();
    private final Map<String, Long> activeTokens = new HashMap();
    private final Log log = LogFactory.getLog(getClass());

    @Activate
    public void activate() {
        ConcurrencyUtils.getAsyncTaskService().scheduleAfterDelay("Component Authorization Token Garbage Collection", this::runGarbageCollection, GC_INTERVAL_MSEC);
    }

    @Override // de.rcenvironment.core.component.authorization.api.RemotableComponentExecutionAuthorizationService
    @AllowRemoteAccess
    public synchronized String requestExecutionTokenForPublicComponent(String str, String str2) throws OperationFailureException {
        if (!this.localComponentRegistrationService.getComponentPermissionSet(this.localComponentRegistrationService.getComponentSelector(str), true).isPublic()) {
            throw new OperationFailureException(StringUtils.format("Public execution permission was requested for component \"%s\", but it is not currently public; maybe its permissions have been changed very recently", new Object[]{str}));
        }
        this.log.debug("Generating access token for public component \"" + str + "\"");
        return generateAndRegisterToken(String.valueOf(str) + ":public");
    }

    @Override // de.rcenvironment.core.component.authorization.api.RemotableComponentExecutionAuthorizationService
    @AllowRemoteAccess
    public String requestEncryptedExecutionTokenViaGroupMembership(String str, String str2, String str3) throws OperationFailureException {
        AuthorizationPermissionSet componentPermissionSet = this.localComponentRegistrationService.getComponentPermissionSet(this.localComponentRegistrationService.getComponentSelector(str), true);
        AuthorizationAccessGroup representRemoteGroupId = this.authorizationService.representRemoteGroupId(str3);
        if (!componentPermissionSet.includesAccessGroup(representRemoteGroupId)) {
            throw new OperationFailureException(StringUtils.format("Group-based execution permission was requested for component \"%s\", but it is not currently available for group \"%s\"; maybe its permissions have been changed very recently", new Object[]{str, str3}));
        }
        this.log.debug(StringUtils.format("Generating access token for component \"%s\", accessible via group membership in \"%s\"", new Object[]{str, str3}));
        return this.cryptographyOperationsProvider.encryptAndEncodeString(this.authorizationService.getKeyDataForGroup(representRemoteGroupId).getSymmetricKey(), generateAndRegisterToken(String.valueOf(str) + ":group"));
    }

    @Override // de.rcenvironment.core.component.authorization.api.ComponentExecutionAuthorizationService
    public String createAndRegisterExecutionTokenForLocalComponent(String str) {
        this.log.debug("Generating access token for local component \"" + str + "\"");
        return generateAndRegisterToken(String.valueOf(str) + ":local");
    }

    @Override // de.rcenvironment.core.component.authorization.api.ComponentExecutionAuthorizationService
    public synchronized boolean verifyAndUnregisterExecutionToken(String str) {
        Long remove = this.activeTokens.remove(str);
        if (remove == null) {
            this.log.debug("Rejecting component execution authorization token " + str + " as it is either invalid, was already used, or was already discarded because it had expired");
            return false;
        }
        if (System.currentTimeMillis() <= remove.longValue()) {
            this.log.debug("Accepting component execution authorization token " + str);
            return true;
        }
        this.log.debug("Rejecting component execution authorization token " + str + ", which is valid and was not used yet, but has expired");
        return false;
    }

    @Reference
    protected void bindLocalComponentRegistrationService(LocalComponentRegistrationService localComponentRegistrationService) {
        this.localComponentRegistrationService = localComponentRegistrationService;
    }

    @Reference
    protected void bindAuthorizationService(AuthorizationService authorizationService) {
        this.authorizationService = authorizationService;
    }

    @Reference
    protected void bindCryptographyOperationsProvider(CryptographyOperationsProvider cryptographyOperationsProvider) {
        this.cryptographyOperationsProvider = cryptographyOperationsProvider;
    }

    private String generateAndRegisterToken(String str) {
        String str2 = String.valueOf(str) + ComponentConstants.NOTIFICATION_ID_SEPARATOR + IdGenerator.secureRandomHexString(TOKEN_HEX_STRING_LENGTH);
        this.activeTokens.put(str2, Long.valueOf(System.currentTimeMillis() + TOKEN_LIFETIME_MSEC));
        this.gcQueue.addLast(str2);
        return str2;
    }

    private synchronized void runGarbageCollection() {
        int i = 0;
        while (!this.gcQueue.isEmpty()) {
            String peekFirst = this.gcQueue.peekFirst();
            Long l = this.activeTokens.get(peekFirst);
            if (l == null) {
                this.gcQueue.removeFirst();
            } else {
                if (System.currentTimeMillis() <= l.longValue()) {
                    break;
                }
                this.gcQueue.removeFirst();
                this.activeTokens.remove(peekFirst);
                this.log.debug("Removed unused component execution token " + peekFirst + " as it has expired without being used");
                i++;
            }
        }
        if (i > 0) {
            this.log.debug("Removed " + i + " unused component execution token(s) that have timed out");
        }
    }
}
