package com.gentics.mesh.auth.handler;

import com.gentics.mesh.auth.AuthenticationResult;
import com.gentics.mesh.auth.provider.MeshJWTAuthProvider;
import com.gentics.mesh.etc.config.MeshOptions;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.User;
import io.vertx.ext.web.Cookie;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.JWTAuthHandler;
import io.vertx.ext.web.handler.impl.AuthHandlerImpl;
import io.vertx.ext.web.handler.impl.JWTAuthHandlerImpl;
import java.util.List;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:com/gentics/mesh/auth/handler/MeshJWTAuthHandler.class */
public class MeshJWTAuthHandler extends AuthHandlerImpl implements JWTAuthHandler, MeshAuthHandler {
    private static final Logger log = LoggerFactory.getLogger(JWTAuthHandlerImpl.class);
    private static final Pattern BEARER = Pattern.compile("^Bearer$", 2);
    public static final String ANONYMOUS_USERNAME = "anonymous";
    private final JsonObject options;
    private final MeshJWTAuthProvider authProvider;
    private final MeshOptions meshOptions;

    @Inject
    public MeshJWTAuthHandler(MeshJWTAuthProvider meshJWTAuthProvider, MeshOptions meshOptions) {
        super(meshJWTAuthProvider);
        this.authProvider = meshJWTAuthProvider;
        this.meshOptions = meshOptions;
        this.options = new JsonObject();
    }

    public JWTAuthHandler setAudience(List<String> list) {
        this.options.put("audience", new JsonArray(list));
        return this;
    }

    public JWTAuthHandler setIssuer(String str) {
        this.options.put("issuer", str);
        return this;
    }

    public JWTAuthHandler setIgnoreExpiration(boolean z) {
        this.options.put("ignoreExpiration", Boolean.valueOf(z));
        return this;
    }

    public void handle(RoutingContext routingContext) {
        handle(routingContext, false);
    }

    public void handle(RoutingContext routingContext, boolean z) {
        if (routingContext.user() != null) {
            routingContext.next();
        } else {
            handleJWTAuth(routingContext, z);
        }
    }

    public void parseCredentials(RoutingContext routingContext, Handler<AsyncResult<JsonObject>> handler) {
    }

    private void handleJWTAuth(RoutingContext routingContext, boolean z) {
        if (routingContext.user() != null) {
            routingContext.next();
            return;
        }
        Cookie cookie = routingContext.getCookie(MeshJWTAuthProvider.TOKEN_COOKIE_KEY);
        if (cookie != null) {
            routingContext.request().headers().set(HttpHeaders.AUTHORIZATION, "Bearer " + cookie.getValue());
        }
        String str = null;
        String str2 = routingContext.request().headers().get(HttpHeaders.AUTHORIZATION);
        if (str2 == null) {
            routingContext.next();
            return;
        }
        String[] split = str2.split(" ");
        if (split.length != 2) {
            log.warn("Format is Authorization: Bearer [token]");
            handle401(routingContext);
            return;
        }
        String str3 = split[0];
        String str4 = split[1];
        if (BEARER.matcher(str3).matches()) {
            str = str4;
        }
        if (str == null) {
            log.warn("No Authorization token value was found");
            handle401(routingContext);
        } else {
            this.authProvider.authenticateJWT(new JsonObject().put("jwt", str).put("options", this.options), asyncResult -> {
                if (asyncResult.succeeded()) {
                    AuthenticationResult authenticationResult = (AuthenticationResult) asyncResult.result();
                    User user = authenticationResult.getUser();
                    routingContext.setUser(user);
                    if (!authenticationResult.isUsingAPIKey()) {
                        String generateToken = this.authProvider.generateToken(user);
                        routingContext.removeCookie(MeshJWTAuthProvider.TOKEN_COOKIE_KEY);
                        routingContext.addCookie(Cookie.cookie(MeshJWTAuthProvider.TOKEN_COOKIE_KEY, generateToken).setMaxAge(this.meshOptions.getAuthenticationOptions().getTokenExpirationTime()).setPath("/"));
                    }
                    authorizeUser(user, routingContext);
                    return;
                }
                if (asyncResult.cause() != null && log.isDebugEnabled()) {
                    log.error("Authentication failed in Mesh JWT handler.", asyncResult.cause());
                }
                if (z) {
                    routingContext.next();
                } else {
                    log.warn("JWT decode failure", asyncResult.cause());
                    handle401(routingContext);
                }
            });
        }
    }
}
