package org.summerboot.jexpress.security.auth;

import com.google.inject.Singleton;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.io.IOException;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.naming.NamingException;
import org.apache.commons.lang3.StringUtils;
import org.summerboot.jexpress.boot.BootPOI;
import org.summerboot.jexpress.integration.cache.AuthTokenCache;
import org.summerboot.jexpress.nio.server.domain.Err;
import org.summerboot.jexpress.nio.server.domain.ServiceContext;
import org.summerboot.jexpress.security.JwtUtil;
import org.summerboot.jexpress.util.FormatterUtil;

@Singleton
/* loaded from: input_file:org/summerboot/jexpress/security/auth/BootAuthenticator.class */
public abstract class BootAuthenticator implements Authenticator {
    protected AuthenticatorListener listener;

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public void setListener(AuthenticatorListener authenticatorListener) {
        this.listener = authenticatorListener;
    }

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public String authenticate(String str, String str2, int i, ServiceContext serviceContext) throws IOException, NamingException {
        serviceContext.privacyReqContent(true);
        serviceContext.timestampPOI(BootPOI.LDAP_BEGIN);
        Caller authenticateCaller = authenticateCaller(str, str2, this.listener);
        serviceContext.timestampPOI(BootPOI.LDAP_END);
        if (authenticateCaller == null) {
            serviceContext.status(HttpResponseStatus.UNAUTHORIZED);
            return null;
        }
        String createJWT = JwtUtil.createJWT(AuthConfig.CFG.getJwtSigningKey(), marshalCaller(authenticateCaller), TimeUnit.MINUTES, i);
        if (this.listener != null) {
            this.listener.onLoginSuccess(authenticateCaller.getUid(), createJWT);
        }
        serviceContext.caller(authenticateCaller).status(HttpResponseStatus.CREATED).privacyRespHeader(true);
        return createJWT;
    }

    protected abstract Caller authenticateCaller(String str, String str2, AuthenticatorListener authenticatorListener) throws IOException, NamingException;

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public JwtBuilder marshalCaller(Caller caller) {
        String valueOf = String.valueOf(caller.getId());
        String jwtIssuer = AuthConfig.CFG.getJwtIssuer();
        String uid = caller.getUid();
        Set<String> groups = caller.getGroups();
        String str = (groups == null || groups.size() < 1) ? null : (String) groups.stream().collect(Collectors.joining(","));
        Claims claims = Jwts.claims();
        claims.setId(valueOf).setIssuer(jwtIssuer).setSubject(uid).setAudience(str);
        if (caller.getTenantId() != null) {
            claims.put("tenantId", caller.getTenantId());
        }
        if (caller.getTenantName() != null) {
            claims.put("tenantName", caller.getTenantName());
        }
        Set<String> propKeySet = caller.propKeySet();
        if (propKeySet != null) {
            for (String str2 : propKeySet) {
                claims.put(str2, caller.getProp(str2, Object.class));
            }
        }
        return Jwts.builder().setClaims(claims);
    }

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public Caller unmarshalCaller(Claims claims) {
        long j;
        String id = claims.getId();
        claims.getIssuer();
        String subject = claims.getSubject();
        String audience = claims.getAudience();
        Long l = (Long) claims.get("tenantId", Long.class);
        String str = (String) claims.get("tenantName", String.class);
        try {
            j = Long.parseLong(id);
        } catch (Throwable th) {
            j = -1;
        }
        User user = new User(l.longValue(), str, j, subject);
        if (StringUtils.isNotBlank(audience)) {
            for (String str2 : FormatterUtil.parseCsv(audience)) {
                user.addGroup(str2);
            }
        }
        Set<String> keySet = claims.keySet();
        if (keySet != null) {
            for (String str3 : keySet) {
                user.putProp(str3, claims.get(str3));
            }
        }
        user.remove("aud");
        user.remove("exp");
        user.remove("jti");
        user.remove("iat");
        user.remove("iss");
        user.remove("nbf");
        user.remove("sub");
        user.remove("tenantId");
        user.remove("tenantName");
        return user;
    }

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public String getBearerToken(HttpHeaders httpHeaders) {
        String str = httpHeaders.get(HttpHeaderNames.AUTHORIZATION);
        if (StringUtils.isBlank(str) || !str.startsWith("Bearer ")) {
            return null;
        }
        String[] split = str.split(" ");
        if (split.length < 2) {
            return null;
        }
        String str2 = split[1];
        if (StringUtils.isBlank(str2)) {
            return null;
        }
        return str2;
    }

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public Caller verifyBearerToken(HttpHeaders httpHeaders, AuthTokenCache authTokenCache, Integer num, ServiceContext serviceContext) {
        return verifyToken(getBearerToken(httpHeaders), authTokenCache, num, serviceContext);
    }

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public Caller verifyToken(String str, AuthTokenCache authTokenCache, Integer num, ServiceContext serviceContext) {
        Caller caller = null;
        if (str == null) {
            serviceContext.error(new Err(num != null ? num.intValue() : 41, "AUTH_REQUIRE_TOKEN", "Missing AuthToken", null)).status(HttpResponseStatus.UNAUTHORIZED);
        } else {
            try {
                Claims claims = (Claims) JwtUtil.parseJWT(AuthConfig.CFG.getJwtParser(), str).getBody();
                String id = claims.getId();
                serviceContext.callerId(id);
                if (authTokenCache == null || !authTokenCache.isOnBlacklist(id)) {
                    caller = unmarshalCaller(claims);
                    if (this.listener != null && !this.listener.verify(caller, claims)) {
                        serviceContext.error(new Err(num != null ? num.intValue() : 42, "AUTH_INVALID_TOKEN", "Rejected AuthToken", null)).status(HttpResponseStatus.UNAUTHORIZED);
                        caller = null;
                    }
                } else {
                    serviceContext.error(new Err(num != null ? num.intValue() : 43, "AUTH_EXPIRED_TOKEN", "Blacklisted AuthToken", null)).status(HttpResponseStatus.UNAUTHORIZED);
                }
            } catch (JwtException e) {
                serviceContext.error(new Err(num != null ? num.intValue() : 42, "AUTH_INVALID_TOKEN - " + e.getClass().getSimpleName(), "Invalid AuthToken - " + e.getMessage(), null)).status(HttpResponseStatus.UNAUTHORIZED);
            } catch (ExpiredJwtException e2) {
                serviceContext.error(new Err(num != null ? num.intValue() : 43, "AUTH_EXPIRED_TOKEN", "Expired AuthToken", null)).status(HttpResponseStatus.UNAUTHORIZED);
            }
        }
        serviceContext.caller(caller);
        return caller;
    }

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public void logout(HttpHeaders httpHeaders, AuthTokenCache authTokenCache, ServiceContext serviceContext) {
        logout(getBearerToken(httpHeaders), authTokenCache, serviceContext);
    }

    @Override // org.summerboot.jexpress.security.auth.Authenticator
    public void logout(String str, AuthTokenCache authTokenCache, ServiceContext serviceContext) {
        try {
            Claims claims = (Claims) JwtUtil.parseJWT(AuthConfig.CFG.getJwtParser(), str).getBody();
            String id = claims.getId();
            claims.getSubject();
            long time = claims.getExpiration().getTime() - System.currentTimeMillis();
            if (authTokenCache != null) {
                authTokenCache.putOnBlacklist(id, str, time);
            }
            if (this.listener != null) {
                this.listener.onLogout(id, str, time);
            }
        } catch (ExpiredJwtException e) {
        } catch (JwtException e2) {
            serviceContext.status(HttpResponseStatus.FORBIDDEN);
            return;
        }
        serviceContext.status(HttpResponseStatus.NO_CONTENT);
    }
}
