package com.gentics.mesh.auth;

import com.gentics.mesh.Mesh;
import com.gentics.mesh.core.data.MeshAuthUser;
import com.gentics.mesh.etc.config.JWTAuthenticationOptions;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.VertxException;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.jwt.JWTAuth;
import io.vertx.ext.auth.jwt.JWTOptions;
import io.vertx.ext.web.handler.FormLoginHandler;
import org.elasticsearch.search.suggest.context.GeolocationContextMapping;
import rx.Observable;

/* loaded from: input_file:com/gentics/mesh/auth/MeshJWTAuthProvider.class */
public class MeshJWTAuthProvider extends MeshAuthProvider implements AuthProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MeshJWTAuthProvider.class);
    private JWTAuth jwtProvider;
    private static final String USERID_FIELD_NAME = "userUuid";

    public MeshJWTAuthProvider() {
        JWTAuthenticationOptions jwtAuthenticationOptions = Mesh.mesh().getOptions().getAuthenticationOptions().getJwtAuthenticationOptions();
        String signatureSecret = jwtAuthenticationOptions.getSignatureSecret();
        if (signatureSecret == null) {
            throw new RuntimeException("Options file is missing the keystore secret password. This should be set in mesh.json: authenticationOptions.signatureSecret");
        }
        this.jwtProvider = JWTAuth.create(Mesh.vertx(), new JsonObject().put("keyStore", new JsonObject().put(GeolocationContextMapping.FIELD_FIELDNAME, jwtAuthenticationOptions.getKeystorePath()).put("type", "jceks").put(FormLoginHandler.DEFAULT_PASSWORD_PARAM, signatureSecret)));
    }

    @Override // com.gentics.mesh.auth.MeshAuthProvider, io.vertx.ext.auth.AuthProvider
    public void authenticate(JsonObject jsonObject, Handler<AsyncResult<User>> handler) {
        this.jwtProvider.authenticate(jsonObject, asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(new VertxException("Invalid Token")));
            } else {
                getUserByJWT((User) asyncResult.result()).subscribe(user -> {
                    handler.handle(Future.succeededFuture(user));
                }, th -> {
                    handler.handle(Future.failedFuture(th));
                });
            }
        });
    }

    private Observable<User> getUserByJWT(User user) {
        return this.db.asyncNoTrxExperimental(() -> {
            String string = user.principal().getString(USERID_FIELD_NAME);
            MeshAuthUser findMeshAuthUserByUuid = this.boot.userRoot().findMeshAuthUserByUuid(string);
            if (findMeshAuthUserByUuid != null) {
                return Observable.just(findMeshAuthUserByUuid);
            }
            if (log.isDebugEnabled()) {
                log.debug("Could not load user with UUID {" + string + "}.");
            }
            throw new Exception("Invalid credentials!");
        });
    }

    public void generateToken(String str, String str2, Handler<AsyncResult<String>> handler) {
        super.authenticate(new JsonObject().put("username", str).put(FormLoginHandler.DEFAULT_PASSWORD_PARAM, str2), asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            handler.handle(Future.succeededFuture(this.jwtProvider.generateToken(new JsonObject().put(USERID_FIELD_NAME, ((User) asyncResult.result()).principal().getString("uuid")), new JWTOptions().setExpiresInSeconds(Long.valueOf(Mesh.mesh().getOptions().getAuthenticationOptions().getJwtAuthenticationOptions().getTokenExpirationTime())))));
        });
    }

    public String generateToken(String str) {
        return this.jwtProvider.generateToken(new JsonObject().put(USERID_FIELD_NAME, str), new JWTOptions().setExpiresInSeconds(Long.valueOf(Mesh.mesh().getOptions().getAuthenticationOptions().getJwtAuthenticationOptions().getTokenExpirationTime())));
    }

    public String generateToken(User user) {
        return generateToken(user.principal().getString("uuid"));
    }
}
