package io.openk9.auth.keycloak;

import com.github.benmanes.caffeine.cache.AsyncLoadingCache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.Expiry;
import com.github.benmanes.caffeine.cache.LoadingCache;
import io.micrometer.core.instrument.Metrics;
import io.micrometer.core.instrument.binder.cache.CaffeineCacheMetrics;
import io.openk9.auth.keycloak.api.AuthVerifier;
import io.openk9.auth.keycloak.api.KeycloakClient;
import io.openk9.auth.keycloak.api.UserInfo;
import io.openk9.http.util.HttpUtil;
import io.openk9.http.web.HttpRequest;
import io.openk9.ingestion.api.Binding;
import io.openk9.ingestion.api.ReceiverReactor;
import io.openk9.json.api.JsonFactory;
import java.time.Duration;
import java.util.Collections;
import java.util.Map;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.Disposable;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;

@Component(immediate = true, service = {AuthVerifier.class})
/* loaded from: input_file:io/openk9/auth/keycloak/AuthVerifierImpl.class */
public class AuthVerifierImpl implements AuthVerifier {
    private AsyncLoadingCache<UserToken, UserInfo> _userTokenUserInfoAsyncLoadingCache;
    private Disposable _disposable;

    @Reference
    private KeycloakClient _keycloakClient;

    @Reference
    private ReceiverReactor _receiver;

    @Reference(target = "(component.name=io.openk9.auth.keycloak.AuthBinding)")
    private Binding _binding;

    @Reference
    private JsonFactory _jsonFactory;
    private static final Action _NOTHING = () -> {
    };
    private static final Logger _log = LoggerFactory.getLogger(AuthVerifierImpl.class);

    /* loaded from: input_file:io/openk9/auth/keycloak/AuthVerifierImpl$Action.class */
    private interface Action {
        void exec();

        default Action andThen(Action action) {
            return () -> {
                exec();
                action.exec();
            };
        }
    }

    /* loaded from: input_file:io/openk9/auth/keycloak/AuthVerifierImpl$UserToken.class */
    private static class UserToken {
        private final String virtualHost;
        private final String token;

        public String getVirtualHost() {
            return this.virtualHost;
        }

        public String getToken() {
            return this.token;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof UserToken)) {
                return false;
            }
            UserToken userToken = (UserToken) obj;
            if (!userToken.canEqual(this)) {
                return false;
            }
            String virtualHost = getVirtualHost();
            String virtualHost2 = userToken.getVirtualHost();
            if (virtualHost == null) {
                if (virtualHost2 != null) {
                    return false;
                }
            } else if (!virtualHost.equals(virtualHost2)) {
                return false;
            }
            String token = getToken();
            String token2 = userToken.getToken();
            return token == null ? token2 == null : token.equals(token2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof UserToken;
        }

        public int hashCode() {
            String virtualHost = getVirtualHost();
            int hashCode = (1 * 59) + (virtualHost == null ? 43 : virtualHost.hashCode());
            String token = getToken();
            return (hashCode * 59) + (token == null ? 43 : token.hashCode());
        }

        public String toString() {
            return "AuthVerifierImpl.UserToken(virtualHost=" + getVirtualHost() + ", token=" + getToken() + ")";
        }

        private UserToken(String str, String str2) {
            this.virtualHost = str;
            this.token = str2;
        }

        public static UserToken of(String str, String str2) {
            return new UserToken(str, str2);
        }
    }

    @Activate
    public void activate() {
        this._userTokenUserInfoAsyncLoadingCache = Caffeine.newBuilder().expireAfter(new Expiry<UserToken, UserInfo>() { // from class: io.openk9.auth.keycloak.AuthVerifierImpl.1
            public long expireAfterCreate(UserToken userToken, UserInfo userInfo, long j) {
                return Duration.ofSeconds(userInfo.getExp()).minus(Duration.ofMillis(System.currentTimeMillis())).toNanos();
            }

            public long expireAfterUpdate(UserToken userToken, UserInfo userInfo, long j, long j2) {
                return j2;
            }

            public long expireAfterRead(UserToken userToken, UserInfo userInfo, long j, long j2) {
                return j2;
            }
        }).removalListener((userToken, userInfo, removalCause) -> {
            if (_log.isDebugEnabled()) {
                _log.debug("key: " + userToken + ", value: " + userInfo + ", cause: " + removalCause);
            }
        }).buildAsync((userToken2, executor) -> {
            return this._keycloakClient.introspect(userToken2.virtualHost, userToken2.token).subscribeOn(Schedulers.fromExecutor(executor)).toFuture();
        });
        this._disposable = this._receiver.consumeAutoAck(this._binding.getQueue()).map((v0) -> {
            return v0.getBody();
        }).map(bArr -> {
            return (KeycloakEvent) this._jsonFactory.fromJson(bArr, KeycloakEvent.class);
        }).filter(keycloakEvent -> {
            return keycloakEvent.getError() == null;
        }).subscribe(this::_handle);
        CaffeineCacheMetrics.monitor(Metrics.globalRegistry, this._userTokenUserInfoAsyncLoadingCache, "auth", Collections.emptyList());
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:17:0x00a4. Please report as an issue. */
    private void _handle(KeycloakEvent keycloakEvent) {
        LoadingCache synchronous = this._userTokenUserInfoAsyncLoadingCache.synchronous();
        Action action = _NOTHING;
        for (Map.Entry entry : synchronous.asMap().entrySet()) {
            UserToken userToken = (UserToken) entry.getKey();
            if (userToken.virtualHost.equals(keycloakEvent.getRealmId())) {
                UserInfo userInfo = (UserInfo) entry.getValue();
                if (userInfo.getClientId().equals(keycloakEvent.getClientId()) && userInfo.getSub().equals(keycloakEvent.getUserId()) && userInfo.getSessionState().equals(keycloakEvent.getSessionId())) {
                    String type = keycloakEvent.getType();
                    boolean z = -1;
                    switch (type.hashCode()) {
                        case -2043999862:
                            if (type.equals("LOGOUT")) {
                                z = 3;
                                break;
                            }
                            break;
                        case -1785516855:
                            if (type.equals("UPDATE")) {
                                z = 2;
                                break;
                            }
                            break;
                        case -1694626987:
                            if (type.equals("REFRESH_TOKEN")) {
                                z = true;
                                break;
                            }
                            break;
                        case 72611657:
                            if (type.equals("LOGIN")) {
                                z = false;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                        case true:
                        case true:
                        case true:
                            action = action.andThen(() -> {
                                synchronous.invalidate(userToken);
                            });
                            break;
                    }
                }
            }
        }
        action.exec();
    }

    @Deactivate
    public void deactivate() {
        this._userTokenUserInfoAsyncLoadingCache.synchronous().invalidateAll();
        this._disposable.dispose();
    }

    public Mono<UserInfo> getUserInfo(HttpRequest httpRequest) {
        String hostName = HttpUtil.getHostName(httpRequest);
        String header = httpRequest.getHeader("Authorization");
        return (header == null || header.isEmpty()) ? Mono.just(GUEST) : Mono.fromFuture(this._userTokenUserInfoAsyncLoadingCache.get(UserToken.of(hostName, header.substring(7)))).defaultIfEmpty(GUEST);
    }
}
