package com.artipie.management.api;

import com.artipie.http.auth.AuthScheme;
import com.artipie.http.auth.Authentication;
import com.artipie.http.rq.RqHeaders;
import com.jcabi.log.Logger;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import javax.crypto.Cipher;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:com/artipie/management/api/CookiesAuthScheme.class */
public final class CookiesAuthScheme implements AuthScheme {
    private static final String SCHEME = "Cookie";

    public CompletionStage<AuthScheme.Result> authenticate(Iterable<Map.Entry<String, String>> iterable, String str) {
        return CompletableFuture.completedFuture(session(Optional.ofNullable(cookies(new RqHeaders(iterable, SCHEME)).get("session"))));
    }

    private static Map<String, String> cookies(Iterable<String> iterable) {
        HashMap hashMap = new HashMap(0);
        Iterator<String> it = iterable.iterator();
        while (it.hasNext()) {
            for (String str : it.next().split(";")) {
                String[] split = str.split("=", 2);
                String lowerCase = split[0].trim().toLowerCase(Locale.US);
                if (split.length <= 1 || split[1].isEmpty()) {
                    hashMap.remove(lowerCase);
                } else {
                    hashMap.put(lowerCase, split[1].trim());
                }
            }
        }
        return hashMap;
    }

    private static AuthScheme.Result session(Optional<String> optional) {
        Optional empty;
        String str = System.getenv("ARTIPIE_SESSION_KEY");
        if (str == null || optional.isEmpty()) {
            empty = Optional.empty();
        } else {
            try {
                PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(Files.readAllBytes(Paths.get(str, new String[0])));
                Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
                cipher.init(2, KeyFactory.getInstance("RSA").generatePrivate(pKCS8EncodedKeySpec));
                empty = Optional.of(new Authentication.User(new String(cipher.doFinal(Hex.decodeHex(optional.get().toCharArray())), StandardCharsets.UTF_8)));
            } catch (IOException | GeneralSecurityException | DecoderException e) {
                Logger.error(CookiesAuthScheme.class, "Failed to read session cookie: %[exception]s");
                throw new IllegalStateException("Failed to read session cookie", e);
            }
        }
        final Optional optional2 = empty;
        return new AuthScheme.Result() { // from class: com.artipie.management.api.CookiesAuthScheme.1
            public Optional<Authentication.User> user() {
                return optional2;
            }

            public String challenge() {
                return CookiesAuthScheme.SCHEME;
            }
        };
    }
}
