package cern.rbac.common.test;

import cern.accsoft.commons.util.Assert;
import cern.cmw.data.Data;
import cern.cmw.data.DataFactory;
import cern.rbac.common.RbaToken;
import cern.rbac.common.TokenFormatException;
import cern.rbac.common.TokenType;
import cern.rbac.common.UserPrincipal;
import cern.rbac.common.impl.RbaConstants;
import cern.rbac.common.impl.serialization.TokenSerialization;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/rbac-common-2.0.2.jar:cern/rbac/common/test/TestTokenBuilder.class */
public final class TestTokenBuilder {
    public static final UserPrincipal.AccountType DEFAULT_USER_ACCOUNT_TYPE = UserPrincipal.AccountType.SERVICE;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TestTokenBuilder.class);
    private static final Random random = new SecureRandom();
    private static final String DEFAULT_USER = "rbaguest";
    private static final String DEFAULT_APPLICATION = "DefaultApplication";
    private static final String DEFAULT_LOCATION = "DefaultLocation";
    private static final String DEFAULT_USER_FULL_NAME = "RBAC GUEST";
    private static final String DEFAULT_USER_EMAIL = "rba.guest@cern.ch";
    private KeyPair generatedKeyPair;
    private int authTime = (int) (System.currentTimeMillis() / 1000);
    private int lifeTime = 480;
    private String username = DEFAULT_USER;
    private String userFullName = DEFAULT_USER_FULL_NAME;
    private String userEmail = DEFAULT_USER_EMAIL;
    private UserPrincipal.AccountType userAccountType = DEFAULT_USER_ACCOUNT_TYPE;
    private String application = DEFAULT_APPLICATION;
    private String locationName = DEFAULT_LOCATION;
    private String[] userRoles = new String[0];
    private String[] rolesHints = new String[0];
    private int[] rolesExpirations = new int[0];
    private TokenType tokenType = TokenType.APPLICATION;

    private TestTokenBuilder() {
        generateKeyPair();
    }

    public static TestTokenBuilder newInstance() {
        return new TestTokenBuilder();
    }

    public TestTokenBuilder authenticationTime(int i) {
        Assert.isTrue(i > 0, "Token authentication time must be > 0");
        this.authTime = i;
        return this;
    }

    public TestTokenBuilder lifeTime(int i) {
        Assert.isTrue(i >= 0, "Token lifetime must be >= 0");
        this.lifeTime = i;
        return this;
    }

    public TestTokenBuilder username(String str) {
        Assert.hasText(str, "Username cannot be null/empty string");
        this.username = str;
        return this;
    }

    public TestTokenBuilder roles(String... strArr) {
        Assert.notNull(strArr, "Roles cannot be null");
        this.userRoles = (String[]) strArr.clone();
        return this;
    }

    public TestTokenBuilder rolesHints(String... strArr) {
        Assert.notNull(strArr, "Roles hints cannot be null");
        this.rolesHints = (String[]) strArr.clone();
        return this;
    }

    public TestTokenBuilder rolesExpirations(int... iArr) {
        Assert.notNull(iArr, "Roles cannot be null");
        this.rolesExpirations = (int[]) iArr.clone();
        return this;
    }

    public TestTokenBuilder userFullName(String str) {
        this.userFullName = str;
        return this;
    }

    public TestTokenBuilder userEmail(String str) {
        this.userEmail = str;
        return this;
    }

    public TestTokenBuilder userAccountType(UserPrincipal.AccountType accountType) {
        this.userAccountType = accountType;
        return this;
    }

    public TestTokenBuilder application(String str) {
        Assert.hasText(str, "Application cannot be null/empty string");
        this.application = str;
        return this;
    }

    public TestTokenBuilder location(String str) {
        Assert.hasText(str, "Location cannot be null/empty string");
        this.locationName = str;
        return this;
    }

    public TestTokenBuilder tokenType(TokenType tokenType) {
        this.tokenType = tokenType;
        return this;
    }

    public TestTokenBuilder reset() {
        this.lifeTime = 480;
        this.username = DEFAULT_USER;
        this.application = DEFAULT_APPLICATION;
        this.locationName = DEFAULT_LOCATION;
        this.userRoles = new String[0];
        return this;
    }

    public RbaToken build() {
        Data createData = DataFactory.createData();
        createData.append(TokenSerialization.SERIAL_ID, random.nextInt());
        createData.append(TokenSerialization.AUTHENTICATION_TIME, this.authTime);
        createData.append(TokenSerialization.EXPIRATION_TIME, this.authTime + (this.lifeTime * 60));
        createData.append(TokenSerialization.APPLICATION_NAME, this.application);
        createData.append(TokenSerialization.APPLICATION_CRITICAL, false);
        createData.append(TokenSerialization.APPLICATION_TIMEOUT, -1);
        createData.append(TokenSerialization.LOCATION_NAME, this.locationName);
        try {
            createData.appendArray(TokenSerialization.LOCATION_ADDRESS, InetAddress.getLocalHost().getAddress());
            createData.append(TokenSerialization.LOCATION_AUTH_REQ, false);
            createData.append(TokenSerialization.USER_NAME, this.username);
            createData.appendArray(TokenSerialization.USER_ROLES, this.userRoles);
            createData.append(TokenSerialization.USER_FULLNAME, this.userFullName);
            createData.append(TokenSerialization.USER_EMAIL, this.userEmail);
            createData.append(TokenSerialization.USER_ACCOUNT_TYPE, this.userAccountType.getName());
            Data createData2 = DataFactory.createData();
            createData2.append(TokenSerialization.TOKEN_TYPE, (byte) (this.tokenType.ordinal() & 255));
            createData2.appendArray(TokenSerialization.ROLES_HINT, this.rolesHints);
            createData2.appendArray(TokenSerialization.ROLES_EXPIRATION, this.rolesExpirations);
            createData.appendArray(TokenSerialization.EXTRA_FIELDS, TokenSerialization.getBytes(DataFactory.createDataSerializer().serializeToString(createData2)));
            byte[] bytes = TokenSerialization.getBytes(DataFactory.createDataSerializer().serializeToString(createData));
            byte[] sign = TokenSerialization.sign(this.generatedKeyPair.getPrivate(), bytes);
            byte[] bytes2 = TokenSerialization.getBytes(sign.length);
            ByteBuffer allocate = ByteBuffer.allocate(bytes.length + sign.length + bytes2.length);
            allocate.put(bytes);
            allocate.put(sign);
            allocate.put(bytes2);
            allocate.rewind();
            try {
                RbaToken parseNoValidate = RbaToken.parseNoValidate(allocate);
                LOGGER.debug("Test token created: {}", parseNoValidate);
                return parseNoValidate;
            } catch (TokenFormatException e) {
                throw new RuntimeException(e);
            }
        } catch (UnknownHostException e2) {
            throw new RuntimeException(e2);
        }
    }

    private void generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RbaConstants.KEY_ALGORITHM);
            keyPairGenerator.initialize(512);
            this.generatedKeyPair = keyPairGenerator.genKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Could not initialize key pair generator for RSA", e);
        }
    }
}
