package com.gentics.mesh.auth;

import com.gentics.mesh.Mesh;
import com.gentics.mesh.cli.BootstrapInitializer;
import com.gentics.mesh.core.data.MeshAuthUser;
import com.gentics.mesh.graphdb.spi.Database;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.User;
import io.vertx.ext.web.Cookie;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.JWTAuthHandler;
import io.vertx.ext.web.handler.impl.AuthHandlerImpl;
import io.vertx.ext.web.handler.impl.JWTAuthHandlerImpl;
import java.util.List;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:com/gentics/mesh/auth/MeshAuthHandler.class */
public class MeshAuthHandler extends AuthHandlerImpl implements JWTAuthHandler {
    private static final Logger log = LoggerFactory.getLogger(JWTAuthHandlerImpl.class);
    private static final Pattern BEARER = Pattern.compile("^Bearer$", 2);
    public static final String ANONYMOUS_USERNAME = "anonymous";
    private final JsonObject options;
    private MeshAuthProvider authProvider;
    private BootstrapInitializer boot;
    private Database database;

    @Inject
    public MeshAuthHandler(MeshAuthProvider meshAuthProvider, BootstrapInitializer bootstrapInitializer, Database database) {
        super(meshAuthProvider);
        this.authProvider = meshAuthProvider;
        this.boot = bootstrapInitializer;
        this.database = database;
        this.options = new JsonObject();
    }

    public JWTAuthHandler setAudience(List<String> list) {
        this.options.put("audience", new JsonArray(list));
        return this;
    }

    public JWTAuthHandler setIssuer(String str) {
        this.options.put("issuer", str);
        return this;
    }

    public JWTAuthHandler setIgnoreExpiration(boolean z) {
        this.options.put("ignoreExpiration", Boolean.valueOf(z));
        return this;
    }

    public void handle(RoutingContext routingContext) {
        User user = routingContext.user();
        if (user != null) {
            authorizeUser(user, routingContext);
        } else {
            handleJWTAuth(routingContext);
        }
    }

    public void parseCredentials(RoutingContext routingContext, Handler<AsyncResult<JsonObject>> handler) {
    }

    private void authorizeUser(User user, RoutingContext routingContext) {
        authorize(user, asyncResult -> {
            if (asyncResult.failed()) {
                routingContext.fail(asyncResult.cause());
            } else {
                routingContext.next();
            }
        });
    }

    private void handleJWTAuth(RoutingContext routingContext) {
        Cookie cookie = routingContext.getCookie(MeshAuthProvider.TOKEN_COOKIE_KEY);
        if (cookie != null) {
            routingContext.request().headers().set(HttpHeaders.AUTHORIZATION, "Bearer " + cookie.getValue());
        }
        HttpServerRequest request = routingContext.request();
        String str = null;
        String str2 = request.headers().get(HttpHeaders.AUTHORIZATION);
        if (str2 != null) {
            String[] split = str2.split(" ");
            if (split.length != 2) {
                log.warn("Format is Authorization: Bearer [token]");
                routingContext.fail(401);
                return;
            }
            String str3 = split[0];
            String str4 = split[1];
            if (BEARER.matcher(str3).matches()) {
                str = str4;
            }
            if (str == null) {
                log.warn("No Authorization token value was found");
                handle401(routingContext);
                return;
            } else {
                this.authProvider.authenticateJWT(new JsonObject().put("jwt", str).put("options", this.options), asyncResult -> {
                    if (!asyncResult.succeeded()) {
                        log.warn("JWT decode failure", asyncResult.cause());
                        handle401(routingContext);
                        return;
                    }
                    AuthenticationResult authenticationResult = (AuthenticationResult) asyncResult.result();
                    User user = authenticationResult.getUser();
                    routingContext.setUser(user);
                    if (!authenticationResult.isUsingAPIKey()) {
                        String generateToken = this.authProvider.generateToken(user);
                        routingContext.removeCookie(MeshAuthProvider.TOKEN_COOKIE_KEY);
                        routingContext.addCookie(Cookie.cookie(MeshAuthProvider.TOKEN_COOKIE_KEY, generateToken).setMaxAge(Mesh.mesh().getOptions().getAuthenticationOptions().getTokenExpirationTime()).setPath("/"));
                    }
                    authorizeUser(user, routingContext);
                });
                return;
            }
        }
        if (Mesh.mesh().getOptions().getAuthenticationOptions().isEnableAnonymousAccess()) {
            if (log.isDebugEnabled()) {
                log.debug("No Authorization header was found.");
            }
            if ("disable".equals(request.headers().get("Anonymous-Authentication"))) {
                handle401(routingContext);
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Using anonymous user.");
            }
            MeshAuthUser meshAuthUser = (MeshAuthUser) this.database.tx(() -> {
                return this.boot.userRoot().findMeshAuthUserByUsername(ANONYMOUS_USERNAME);
            });
            if (meshAuthUser != null) {
                routingContext.setUser(meshAuthUser);
                authorizeUser(meshAuthUser, routingContext);
                return;
            } else if (log.isDebugEnabled()) {
                log.debug("No anonymous user and authorization header was found. Can't authenticate request.");
            }
        }
        handle401(routingContext);
    }

    private void handle401(RoutingContext routingContext) {
        routingContext.fail(401);
    }
}
