package eu.cloudnetservice.node.http;

import eu.cloudnetservice.common.collection.Pair;
import eu.cloudnetservice.common.log.LogManager;
import eu.cloudnetservice.common.log.Logger;
import eu.cloudnetservice.driver.CloudNetDriver;
import eu.cloudnetservice.driver.network.http.HttpRequest;
import eu.cloudnetservice.driver.permission.PermissionUser;
import eu.cloudnetservice.node.Node;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.PrematureJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.sql.Date;
import java.util.Base64;
import java.util.Calendar;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import lombok.NonNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:eu/cloudnetservice/node/http/V2HttpAuthentication.class */
public class V2HttpAuthentication {
    protected static final Logger LOGGER = LogManager.logger((Class<?>) V2HttpAuthentication.class);
    protected static final String ISSUER = "CloudNet " + Node.instance().componentName();
    protected static final Key SIGN_KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256);
    protected static final JwtParser PARSER = Jwts.parserBuilder().setSigningKey(SIGN_KEY).requireIssuer(ISSUER).build();
    protected static final Pattern BASIC_LOGIN_PATTERN = Pattern.compile("Basic ([a-zA-Z\\d=]+)$");
    protected static final Pattern BEARER_LOGIN_PATTERN = Pattern.compile("Bearer ([a-zA-Z\\d-_.]+)$");
    protected static final LoginResult<HttpSession> ERROR_HANDLING_BEARER_LOGIN = LoginResult.failure("Unable to process bearer login");
    protected static final LoginResult<HttpSession> ERROR_HANDLING_BEARER_LOGIN_USER_GONE = LoginResult.failure("Unable to process bearer login: user gone");
    protected static final LoginResult<PermissionUser> ERROR_HANDLING_BASIC_LOGIN = LoginResult.failure("No matching user for provided basic login credentials");
    protected final Map<String, HttpSession> sessions = new ConcurrentHashMap();

    /* loaded from: input_file:eu/cloudnetservice/node/http/V2HttpAuthentication$LoginResult.class */
    public static final class LoginResult<T> extends Record {
        private final T result;
        private final String errorMessage;
        private static final LoginResult<?> UNDEFINED_RESULT = failure(null);

        public LoginResult(T t, String str) {
            this.result = t;
            this.errorMessage = str;
        }

        @NonNull
        public static <T> LoginResult<T> undefinedFailure() {
            return (LoginResult<T>) UNDEFINED_RESULT;
        }

        @NonNull
        public static <T> LoginResult<T> success(@NonNull T t) {
            if (t == null) {
                throw new NullPointerException("result is marked non-null but is null");
            }
            return new LoginResult<>(t, null);
        }

        @NonNull
        public static <T> LoginResult<T> failure(@Nullable String str) {
            return new LoginResult<>(null, str);
        }

        public boolean succeeded() {
            return this.result != null;
        }

        public boolean failed() {
            return this.result == null;
        }

        public boolean hasErrorMessage() {
            return this.errorMessage != null;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, LoginResult.class), LoginResult.class, "result;errorMessage", "FIELD:Leu/cloudnetservice/node/http/V2HttpAuthentication$LoginResult;->result:Ljava/lang/Object;", "FIELD:Leu/cloudnetservice/node/http/V2HttpAuthentication$LoginResult;->errorMessage:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, LoginResult.class), LoginResult.class, "result;errorMessage", "FIELD:Leu/cloudnetservice/node/http/V2HttpAuthentication$LoginResult;->result:Ljava/lang/Object;", "FIELD:Leu/cloudnetservice/node/http/V2HttpAuthentication$LoginResult;->errorMessage:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, LoginResult.class, Object.class), LoginResult.class, "result;errorMessage", "FIELD:Leu/cloudnetservice/node/http/V2HttpAuthentication$LoginResult;->result:Ljava/lang/Object;", "FIELD:Leu/cloudnetservice/node/http/V2HttpAuthentication$LoginResult;->errorMessage:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public T result() {
            return this.result;
        }

        public String errorMessage() {
            return this.errorMessage;
        }
    }

    @NonNull
    public String createJwt(@NonNull PermissionUser permissionUser, long j) {
        if (permissionUser == null) {
            throw new NullPointerException("subject is marked non-null but is null");
        }
        return generateJwt(permissionUser, sessions().computeIfAbsent(permissionUser.uniqueId().toString(), str -> {
            return new DefaultHttpSession(System.currentTimeMillis() + j, permissionUser.uniqueId(), this);
        }));
    }

    @NonNull
    public LoginResult<PermissionUser> handleBasicLoginRequest(@NonNull HttpRequest httpRequest) {
        if (httpRequest == null) {
            throw new NullPointerException("request is marked non-null but is null");
        }
        String header = httpRequest.header("Authorization");
        if (header == null) {
            return LoginResult.undefinedFailure();
        }
        Matcher matcher = BASIC_LOGIN_PATTERN.matcher(header);
        if (!matcher.matches()) {
            return LoginResult.undefinedFailure();
        }
        String[] split = new String(Base64.getDecoder().decode(matcher.group(1)), StandardCharsets.UTF_8).split(":");
        if (split.length == 2) {
            for (PermissionUser permissionUser : CloudNetDriver.instance().permissionManagement().usersByName(split[0])) {
                if (permissionUser.checkPassword(split[1])) {
                    return LoginResult.success(permissionUser);
                }
            }
        }
        return ERROR_HANDLING_BASIC_LOGIN;
    }

    @NonNull
    public LoginResult<HttpSession> handleBearerLoginRequest(@NonNull HttpRequest httpRequest) {
        if (httpRequest == null) {
            throw new NullPointerException("request is marked non-null but is null");
        }
        String header = httpRequest.header("Authorization");
        if (header == null) {
            return LoginResult.undefinedFailure();
        }
        Matcher matcher = BEARER_LOGIN_PATTERN.matcher(header);
        if (!matcher.matches()) {
            return LoginResult.undefinedFailure();
        }
        try {
            Jws parseClaimsJws = PARSER.parseClaimsJws(matcher.group(1));
            HttpSession sessionById = sessionById(((Claims) parseClaimsJws.getBody()).getId());
            if (sessionById != null) {
                PermissionUser user = sessionById.user();
                if (user == null) {
                    this.sessions.remove(sessionById.userId().toString());
                    return ERROR_HANDLING_BEARER_LOGIN_USER_GONE;
                }
                if (user.uniqueId().equals(UUID.fromString((String) ((Claims) parseClaimsJws.getBody()).get("uniqueId", String.class)))) {
                    return LoginResult.success(sessionById);
                }
            }
        } catch (JwtException | IllegalArgumentException e) {
            LOGGER.log(Level.FINE, "Exception while handling bearer auth", (Throwable) e);
            if ((e instanceof PrematureJwtException) || (e instanceof ExpiredJwtException)) {
                return LoginResult.failure(e.getMessage());
            }
        }
        return ERROR_HANDLING_BEARER_LOGIN;
    }

    public boolean expireSession(@NonNull HttpRequest httpRequest) {
        if (httpRequest == null) {
            throw new NullPointerException("request is marked non-null but is null");
        }
        LoginResult<HttpSession> handleBearerLoginRequest = handleBearerLoginRequest(httpRequest);
        if (handleBearerLoginRequest.succeeded()) {
            return expireSession(handleBearerLoginRequest.result());
        }
        return false;
    }

    public boolean expireSession(@NonNull HttpSession httpSession) {
        if (httpSession == null) {
            throw new NullPointerException("session is marked non-null but is null");
        }
        return this.sessions.remove(httpSession.user().uniqueId().toString()) != null;
    }

    @NonNull
    public LoginResult<Pair<HttpSession, String>> refreshJwt(@NonNull HttpRequest httpRequest, long j) {
        if (httpRequest == null) {
            throw new NullPointerException("request is marked non-null but is null");
        }
        LoginResult<HttpSession> handleBearerLoginRequest = handleBearerLoginRequest(httpRequest);
        if (!handleBearerLoginRequest.succeeded()) {
            return LoginResult.undefinedFailure();
        }
        HttpSession result = handleBearerLoginRequest.result();
        return LoginResult.success(new Pair(result, refreshJwt(result, j)));
    }

    @NonNull
    public String refreshJwt(@NonNull HttpSession httpSession, long j) {
        if (httpSession == null) {
            throw new NullPointerException("session is marked non-null but is null");
        }
        httpSession.refreshFor(j);
        return generateJwt(httpSession.user(), httpSession);
    }

    @Nullable
    protected HttpSession sessionById(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("id is marked non-null but is null");
        }
        for (HttpSession httpSession : sessions().values()) {
            if (httpSession.uniqueId().equals(str)) {
                return httpSession;
            }
        }
        return null;
    }

    @NonNull
    protected String generateJwt(@NonNull PermissionUser permissionUser, @NonNull HttpSession httpSession) {
        if (permissionUser == null) {
            throw new NullPointerException("subject is marked non-null but is null");
        }
        if (httpSession == null) {
            throw new NullPointerException("session is marked non-null but is null");
        }
        return Jwts.builder().setIssuer(ISSUER).signWith(SIGN_KEY).setSubject(permissionUser.name()).setId(httpSession.uniqueId()).setIssuedAt(Calendar.getInstance().getTime()).claim("uniqueId", permissionUser.uniqueId()).setExpiration(new Date(httpSession.expireTime())).compact();
    }

    protected void cleanup() {
        for (Map.Entry<String, HttpSession> entry : this.sessions.entrySet()) {
            if (entry.getValue().expireTime() <= System.currentTimeMillis()) {
                this.sessions.remove(entry.getKey());
            }
        }
    }

    @NonNull
    public Map<String, HttpSession> sessions() {
        cleanup();
        return this.sessions;
    }
}
