package fathom.realm.redis;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.typesafe.config.Config;
import fathom.authc.StandardCredentials;
import fathom.exception.FathomException;
import fathom.realm.Account;
import fathom.realm.CachingRealm;
import fathom.utils.ClassUtil;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import redis.clients.jedis.Jedis;
import redis.clients.jedis.JedisPool;
import redis.clients.jedis.exceptions.JedisException;

/* loaded from: input_file:fathom/realm/redis/RedisRealm.class */
public class RedisRealm extends CachingRealm {
    private static Logger log = LoggerFactory.getLogger(RedisRealm.class);
    private JedisPool pool;
    private String redisUrl;
    private String redisPassword;
    private String passwordMapping;
    private String nameMapping;
    private String emailMapping;
    private String roleMapping;
    private String permissionMapping;
    private String startScript;
    private String stopScript;

    public void setup(Config config) {
        super.setup(config);
        this.redisUrl = Strings.emptyToNull(config.getString("url"));
        Preconditions.checkNotNull(this.redisUrl, "Url must be specified!");
        if (config.hasPath("password")) {
            this.redisPassword = Strings.emptyToNull(config.getString("password"));
        }
        this.passwordMapping = "${username}:password";
        if (config.hasPath("passwordMapping")) {
            this.passwordMapping = Strings.emptyToNull(config.getString("passwordMapping"));
        }
        Preconditions.checkNotNull(this.passwordMapping, "You must specify 'passwordMapping'");
        if (config.hasPath("nameMapping")) {
            this.nameMapping = Strings.emptyToNull(config.getString("nameMapping"));
        }
        if (config.hasPath("emailMapping")) {
            this.emailMapping = Strings.emptyToNull(config.getString("emailMapping"));
        }
        if (config.hasPath("roleMapping")) {
            this.roleMapping = Strings.emptyToNull(config.getString("roleMapping"));
        }
        if (config.hasPath("permissionMapping")) {
            this.permissionMapping = Strings.emptyToNull(config.getString("permissionMapping"));
        }
        if (config.hasPath("startScript")) {
            this.startScript = Strings.emptyToNull(config.getString("startScript"));
        }
        if (config.hasPath("stopScript")) {
            this.stopScript = Strings.emptyToNull(config.getString("stopScript"));
        }
    }

    public void start() {
        log.debug("Realm '{}' configuration:", getRealmName());
        logSetting(log, "url", this.redisUrl);
        logSetting(log, "password", this.redisPassword);
        logSetting(log, "passwordMapping", this.passwordMapping);
        logSetting(log, "nameMapping", this.nameMapping);
        logSetting(log, "emailMapping", this.emailMapping);
        logSetting(log, "roleMapping", this.roleMapping);
        super.logCacheSettings(log);
        try {
            this.pool = new JedisPool(this.redisUrl);
            if (Strings.isNullOrEmpty(this.startScript)) {
                return;
            }
            executeScript(this.startScript);
        } catch (JedisException e) {
            throw new FathomException("Failed to create a Redis pool!", new Object[]{e});
        }
    }

    public void stop() {
        if (this.pool != null) {
            if (!Strings.isNullOrEmpty(this.stopScript)) {
                executeScript(this.stopScript);
            }
            this.pool.close();
        }
    }

    public Account authenticate(StandardCredentials standardCredentials) {
        String username = standardCredentials.getUsername();
        return hasAccount(username) ? super.authenticate(standardCredentials) : authenticate(username, standardCredentials.getPassword());
    }

    public Account authenticate(String str, String str2) {
        Jedis resource = this.pool.getResource();
        try {
            try {
                String asNull = asNull(resource.get(key(str, this.passwordMapping)));
                if (Strings.isNullOrEmpty(asNull)) {
                    log.debug("Account '{}' in '{}' has no password and may not be used for authentication", str, getRealmName());
                    if (resource != null) {
                        this.pool.returnResource(resource);
                    }
                    return null;
                }
                if (!validatePassword(new StandardCredentials(str, str2), new StandardCredentials(str, asNull))) {
                    log.debug("Authentication failed for '{}' against '{}'", str, getRealmName());
                    if (resource == null) {
                        return null;
                    }
                    this.pool.returnResource(resource);
                    return null;
                }
                log.debug("Authentication succeeded for '{}' against '{}'", str, getRealmName());
                String str3 = null;
                if (!Strings.isNullOrEmpty(this.nameMapping)) {
                    str3 = asNull(resource.get(key(str, this.nameMapping)));
                }
                Account account = new Account(str3, new StandardCredentials(str, str2));
                if (!Strings.isNullOrEmpty(this.emailMapping)) {
                    account.addEmailAddresses(resource.lrange(key(str, this.emailMapping), 0L, -1L));
                }
                if (!Strings.isNullOrEmpty(this.roleMapping)) {
                    account.getAuthorizations().addRoles(asArray(resource.lrange(key(str, this.roleMapping), 0L, -1L)));
                }
                if (!Strings.isNullOrEmpty(this.permissionMapping)) {
                    account.getAuthorizations().addPermissions(asArray(resource.lrange(key(str, this.permissionMapping), 0L, -1L)));
                }
                cacheAccount(account);
                if (resource != null) {
                    this.pool.returnResource(resource);
                }
                return account;
            } catch (JedisException e) {
                log.debug("Authentication failed for '{}' against '{}'", str, getRealmName());
                this.pool.returnBrokenResource(resource);
                if (0 == 0) {
                    return null;
                }
                this.pool.returnResource((Jedis) null);
                return null;
            }
        } catch (Throwable th) {
            if (resource != null) {
                this.pool.returnResource(resource);
            }
            throw th;
        }
    }

    private String key(String str, String str2) {
        return str2.replace("${username}", str);
    }

    private String asNull(String str) {
        if ("nil".equals(str)) {
            return null;
        }
        return str;
    }

    private String[] asArray(Collection<String> collection) {
        return (String[]) collection.toArray(new String[collection.size()]);
    }

    private String unwrapQuotes(String str) {
        return Strings.isNullOrEmpty(str) ? str : (str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') ? str.substring(1, str.length() - 1) : str;
    }

    protected void executeScript(String str) {
        URL url = null;
        try {
            if (str.startsWith("classpath:")) {
                url = ClassUtil.getResource(str.substring("classpath:".length()));
                if (url == null) {
                    log.warn("Script '{}' not found!", str);
                }
            } else {
                File file = new File(str);
                if (file.exists()) {
                    url = file.toURI().toURL();
                } else {
                    log.warn("Script '{}' not found!", str);
                }
            }
            if (url != null) {
                executeScript(url);
            }
        } catch (Exception e) {
            log.error("Failed to parse '{}' as a url", str);
        }
    }

    protected void executeScript(URL url) {
        log.debug("Executing script '{}'", url);
        Jedis resource = this.pool.getResource();
        try {
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(url.openStream(), StandardCharsets.UTF_8));
                Throwable th = null;
                try {
                    bufferedReader.lines().filter(str -> {
                        return (Strings.isNullOrEmpty(str) || str.charAt(0) == '#' || str.startsWith("//")) ? false : true;
                    }).forEach(str2 -> {
                        try {
                            log.trace("execute: {}", str2);
                            String[] split = str2.split(" ", 3);
                            String str2 = null;
                            if (split.length == 1) {
                                str2 = String.format("return redis.call('%s')", split[0]);
                            } else if (split.length == 2) {
                                str2 = String.format("return redis.call('%s', '%s')", split[0], split[1]);
                            } else if (split.length == 3) {
                                str2 = String.format("return redis.call('%s', '%s', '%s')", split[0], split[1], unwrapQuotes(split[2]));
                            } else {
                                log.error("Unexpected number of script arguments {}", Integer.valueOf(split.length));
                            }
                            log.trace("command: {}", str2);
                            resource.eval(str2);
                        } catch (Exception e) {
                            log.error("Failed to execute '{}'", str2, e);
                        }
                    });
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    if (resource != null) {
                        this.pool.returnResource(resource);
                    }
                } catch (Throwable th3) {
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                log.error("Failed to execute script '{}'", url, e);
                this.pool.returnBrokenResource(resource);
                if (resource != null) {
                    this.pool.returnResource(resource);
                }
            }
        } catch (Throwable th5) {
            if (resource != null) {
                this.pool.returnResource(resource);
            }
            throw th5;
        }
    }
}
