package fathom.security;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.Singleton;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import fathom.Service;
import fathom.authc.AuthenticationException;
import fathom.authc.AuthenticationToken;
import fathom.conf.Settings;
import fathom.exception.FathomException;
import fathom.realm.Account;
import fathom.realm.CachingRealm;
import fathom.realm.Realm;
import fathom.utils.ClassUtil;
import fathom.utils.RequireUtil;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:fathom-security-0.8.1.jar:fathom/security/SecurityManager.class */
public class SecurityManager implements Service {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityManager.class);

    @Inject
    private Injector injector;

    @Inject
    private Settings settings;
    private Collection<Realm> allRealms;
    private Cache<AuthenticationToken, Account> accountCache;

    @Override // fathom.Service
    public int getPreferredStartOrder() {
        return 50;
    }

    @Override // fathom.Service
    public void start() {
        this.allRealms = Collections.emptyList();
        URL fileUrl = this.settings.getFileUrl("security.configurationFile", "classpath:conf/realms.conf");
        if (fileUrl == null) {
            throw new FathomException("Failed to find Security Realms file '{}'", this.settings.getString("security.configurationFile", "classpath:conf/realms.conf"));
        }
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(fileUrl.openStream());
            Throwable th = null;
            try {
                try {
                    Config resolve = ConfigFactory.parseReader(inputStreamReader).resolve();
                    log.info("Configured Security Realms from '{}'", fileUrl);
                    if (inputStreamReader != null) {
                        if (0 != 0) {
                            try {
                                inputStreamReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStreamReader.close();
                        }
                    }
                    this.allRealms = parseDefinedRealms(resolve);
                    int i = resolve.hasPath("cacheTtl") ? resolve.getInt("cacheTtl") : 0;
                    int i2 = resolve.hasPath("cacheMax") ? resolve.getInt("cacheMax") : 100;
                    if (i > 0 && i2 > 0) {
                        this.accountCache = CacheBuilder.newBuilder().expireAfterAccess(i, TimeUnit.MINUTES).maximumSize(i2).build();
                    }
                    String padEnd = Strings.padEnd("", 68, '-');
                    log.info(padEnd);
                    log.info("Starting realms");
                    log.info(padEnd);
                    for (Realm realm : this.allRealms) {
                        log.debug("{} '{}'", realm.getClass().getName(), realm.getRealmName());
                    }
                    for (Realm realm2 : this.allRealms) {
                        try {
                            log.info("Starting realm '{}'", realm2.getRealmName());
                            realm2.start();
                        } catch (Exception e) {
                            log.error("Failed to start realm '{}'", realm2.getRealmName(), e);
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e2) {
            throw new FathomException(e2, "Failed to parse Security Realms file '{}'", fileUrl);
        }
    }

    @Override // fathom.Service
    public boolean isRunning() {
        return this.allRealms != null;
    }

    @Override // fathom.Service
    public void stop() {
        clearCache();
        for (Realm realm : this.allRealms) {
            try {
                log.debug("Stopping realm '{}'", realm.getRealmName());
                realm.stop();
            } catch (Exception e) {
                log.error("Failed to stop realm '{}'", realm.getRealmName(), e);
            }
        }
    }

    public Account check(AuthenticationToken authenticationToken) {
        Account authenticate = authenticate(authenticationToken);
        if (authenticate == null) {
            throw new AuthenticationException("Invalid credentials", new Object[0]);
        }
        return authenticate;
    }

    public Account authenticate(AuthenticationToken authenticationToken) {
        Account authenticate;
        Account ifPresent;
        if (this.accountCache != null && (ifPresent = this.accountCache.getIfPresent(authenticationToken)) != null) {
            return ifPresent;
        }
        Account account = null;
        Iterator<Realm> it = this.allRealms.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Realm next = it.next();
            if (next.canAuthenticate(authenticationToken) && (authenticate = next.authenticate(authenticationToken)) != null && !authenticate.isDisabled()) {
                account = new Account(authenticate.getName(), authenticate.getCredentials().sanitize());
                break;
            }
        }
        if (account == null) {
            return null;
        }
        Account account2 = account;
        this.allRealms.stream().filter(realm -> {
            return realm.hasAccount(account2.getUsername());
        }).map(realm2 -> {
            return realm2.getAccount(account2.getUsername());
        }).filter(account3 -> {
            return account3.isEnabled();
        }).forEach(account4 -> {
            if (Strings.isNullOrEmpty(account2.getName())) {
                account2.setName(account4.getName());
            }
            account2.addEmailAddresses(account4.getEmailAddresses());
            account2.addTokens(account4.getTokens());
            account2.getAuthorizations().addRoles(account4.getAuthorizations().getRoles()).addPermissions(account4.getAuthorizations().getPermissions());
        });
        if (this.accountCache != null) {
            this.accountCache.put(authenticationToken, account2);
        }
        return account2;
    }

    public void clearCache() {
        if (this.accountCache != null) {
            this.accountCache.invalidateAll();
        }
        for (Realm realm : this.allRealms) {
            if (realm instanceof CachingRealm) {
                ((CachingRealm) realm).clearCache();
            }
        }
    }

    protected Collection<Realm> parseDefinedRealms(Config config) {
        ArrayList arrayList = new ArrayList();
        if (config.hasPath("realms")) {
            log.trace("Parsing Realm definitions");
            for (Config config2 : config.getConfigList("realms")) {
                String emptyToNull = Strings.emptyToNull(config2.getString("type"));
                Preconditions.checkNotNull(emptyToNull, "Realm 'type' is null!");
                if (!ClassUtil.doesClassExist(emptyToNull)) {
                    throw new FathomException("Unknown realm type '{}'!", emptyToNull);
                }
                Class cls = ClassUtil.getClass(emptyToNull);
                if (RequireUtil.allowClass(this.settings, cls)) {
                    Realm realm = (Realm) this.injector.getInstance(cls);
                    realm.setup(config2);
                    arrayList.add(realm);
                    log.debug("Created '{}' named '{}'", emptyToNull, realm.getRealmName());
                }
            }
        }
        return Collections.unmodifiableList(arrayList);
    }
}
