package com.gentics.mesh.auth;

import com.gentics.mesh.Mesh;
import com.gentics.mesh.cli.BootstrapInitializer;
import com.gentics.mesh.context.InternalActionContext;
import com.gentics.mesh.core.data.MeshAuthUser;
import com.gentics.mesh.core.rest.auth.TokenResponse;
import com.gentics.mesh.core.rest.error.Errors;
import com.gentics.mesh.etc.config.AuthenticationOptions;
import com.gentics.mesh.graphdb.spi.Database;
import com.gentics.mesh.json.JsonUtil;
import com.syncleus.ferma.tx.Tx;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.jwt.JWTAuth;
import io.vertx.ext.auth.jwt.JWTOptions;
import io.vertx.ext.web.Cookie;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.commons.lang.NotImplementedException;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Singleton
/* loaded from: input_file:com/gentics/mesh/auth/MeshAuthProvider.class */
public class MeshAuthProvider implements AuthProvider, JWTAuth {
    private static final Logger log = LoggerFactory.getLogger(MeshAuthProvider.class);
    private JWTAuth jwtProvider;
    public static final String TOKEN_COOKIE_KEY = "mesh.token";
    private static final String USERID_FIELD_NAME = "userUuid";
    private static final String API_KEY_TOKEN_CODE_FIELD_NAME = "jti";
    protected Database db;
    private BCryptPasswordEncoder passwordEncoder;
    private BootstrapInitializer boot;

    @Inject
    public MeshAuthProvider(BCryptPasswordEncoder bCryptPasswordEncoder, Database database, BootstrapInitializer bootstrapInitializer) {
        this.passwordEncoder = bCryptPasswordEncoder;
        this.db = database;
        this.boot = bootstrapInitializer;
        AuthenticationOptions authenticationOptions = Mesh.mesh().getOptions().getAuthenticationOptions();
        String keystorePassword = authenticationOptions.getKeystorePassword();
        if (keystorePassword == null) {
            throw new RuntimeException("The keystore password could not be found within the authentication options.");
        }
        this.jwtProvider = JWTAuth.create(Mesh.vertx(), new JsonObject().put("keyStore", new JsonObject().put("path", authenticationOptions.getKeystorePath()).put("type", "jceks").put("password", keystorePassword)));
    }

    public void authenticateJWT(JsonObject jsonObject, Handler<AsyncResult<AuthenticationResult>> handler) {
        if (jsonObject.getString("jwt") != null) {
            this.jwtProvider.authenticate(jsonObject, asyncResult -> {
                if (asyncResult.failed()) {
                    log.error("Could not authenticate token", asyncResult.cause());
                    handler.handle(Future.failedFuture("Invalid Token"));
                    return;
                }
                JsonObject principal = ((User) asyncResult.result()).principal();
                try {
                    AuthenticationResult authenticationResult = new AuthenticationResult(loadUserByJWT(principal));
                    if (principal.containsKey(API_KEY_TOKEN_CODE_FIELD_NAME)) {
                        authenticationResult.setUsingAPIKey(true);
                    }
                    handler.handle(Future.succeededFuture(authenticationResult));
                } catch (Exception e) {
                    handler.handle(Future.failedFuture(e));
                }
            });
        } else {
            authenticate(jsonObject.getString("username"), jsonObject.getString("password"), handler);
        }
    }

    public String generateToken(JsonObject jsonObject, JWTOptions jWTOptions) {
        throw new NotImplementedException();
    }

    public void authenticate(JsonObject jsonObject, Handler<AsyncResult<User>> handler) {
        throw new NotImplementedException();
    }

    public void generateToken(String str, String str2, Handler<AsyncResult<String>> handler) {
        authenticate(str, str2, asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
            } else {
                User user = ((AuthenticationResult) asyncResult.result()).getUser();
                handler.handle(Future.succeededFuture(this.jwtProvider.generateToken(new JsonObject().put(USERID_FIELD_NAME, user instanceof MeshAuthUser ? ((MeshAuthUser) user).getUuid() : user.principal().getString("uuid")), new JWTOptions().setExpiresInSeconds(Long.valueOf(Mesh.mesh().getOptions().getAuthenticationOptions().getTokenExpirationTime())))));
            }
        });
    }

    private void authenticate(String str, String str2, Handler<AsyncResult<AuthenticationResult>> handler) {
        Tx tx = this.db.tx();
        Throwable th = null;
        try {
            MeshAuthUser findMeshAuthUserByUsername = this.boot.userRoot().findMeshAuthUserByUsername(str);
            if (findMeshAuthUserByUsername != null) {
                String passwordHash = findMeshAuthUserByUsername.getPasswordHash();
                boolean z = false;
                if (!StringUtils.isEmpty(passwordHash) || str2 == null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Validating password using the bcrypt password encoder");
                    }
                    z = this.passwordEncoder.matches(str2, passwordHash);
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("The account password hash or token password string are invalid.");
                    }
                    handler.handle(Future.failedFuture("Invalid credentials!"));
                }
                if (z) {
                    handler.handle(Future.succeededFuture(new AuthenticationResult(findMeshAuthUserByUsername)));
                } else {
                    handler.handle(Future.failedFuture("Invalid credentials!"));
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Could not load user with username {" + str + "}.");
                }
                handler.handle(Future.failedFuture("Invalid credentials!"));
            }
            if (tx != null) {
                if (0 == 0) {
                    tx.close();
                    return;
                }
                try {
                    tx.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (tx != null) {
                if (0 != 0) {
                    try {
                        tx.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    tx.close();
                }
            }
            throw th3;
        }
    }

    public String generateToken(User user) {
        if (!(user instanceof MeshAuthUser)) {
            log.error("Can't generate token for user of type {" + user.getClass().getName() + "}");
            throw Errors.error(HttpResponseStatus.INTERNAL_SERVER_ERROR, "error_internal", new String[0]);
        }
        AuthenticationOptions authenticationOptions = Mesh.mesh().getOptions().getAuthenticationOptions();
        return this.jwtProvider.generateToken(new JsonObject().put(USERID_FIELD_NAME, ((MeshAuthUser) user).getUuid()), new JWTOptions().setAlgorithm(authenticationOptions.getAlgorithm()).setExpiresInSeconds(Long.valueOf(authenticationOptions.getTokenExpirationTime())));
    }

    public String generateAPIToken(com.gentics.mesh.core.data.User user, String str) {
        AuthenticationOptions authenticationOptions = Mesh.mesh().getOptions().getAuthenticationOptions();
        return this.jwtProvider.generateToken(new JsonObject().put(USERID_FIELD_NAME, user.getUuid()).put(API_KEY_TOKEN_CODE_FIELD_NAME, str), new JWTOptions().setAlgorithm(authenticationOptions.getAlgorithm()));
    }

    private User loadUserByJWT(JsonObject jsonObject) throws Exception {
        Tx tx = this.db.tx();
        Throwable th = null;
        try {
            String string = jsonObject.getString(USERID_FIELD_NAME);
            MeshAuthUser findMeshAuthUserByUuid = this.boot.userRoot().findMeshAuthUserByUuid(string);
            if (findMeshAuthUserByUuid == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Could not load user with UUID {" + string + "}.");
                }
                throw new Exception("Invalid credentials!");
            }
            if (!findMeshAuthUserByUuid.isEnabled()) {
                throw new Exception("User is disabled");
            }
            if (!jsonObject.containsKey("exp")) {
                String string2 = jsonObject.getString(API_KEY_TOKEN_CODE_FIELD_NAME);
                String aPIKeyTokenCode = findMeshAuthUserByUuid.getAPIKeyTokenCode();
                if (string2 != null && !string2.equals(aPIKeyTokenCode)) {
                    throw new Exception("API key token is invalid.");
                }
            }
            findMeshAuthUserByUuid.getUuid();
            if (tx != null) {
                if (0 != 0) {
                    try {
                        tx.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    tx.close();
                }
            }
            return findMeshAuthUserByUuid;
        } catch (Throwable th3) {
            if (tx != null) {
                if (0 != 0) {
                    try {
                        tx.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    tx.close();
                }
            }
            throw th3;
        }
    }

    public void login(InternalActionContext internalActionContext, String str, String str2) {
        generateToken(str, str2, asyncResult -> {
            if (asyncResult.failed()) {
                throw Errors.error(HttpResponseStatus.UNAUTHORIZED, "auth_login_failed", asyncResult.cause());
            }
            internalActionContext.addCookie(Cookie.cookie(TOKEN_COOKIE_KEY, (String) asyncResult.result()).setMaxAge(Mesh.mesh().getOptions().getAuthenticationOptions().getTokenExpirationTime()).setPath("/"));
            internalActionContext.send(JsonUtil.toJson(new TokenResponse((String) asyncResult.result())));
        });
    }
}
