package io.datarouter.auth.service;

import io.datarouter.httpclient.security.DefaultCsrfGenerator;
import io.datarouter.web.security.CsrfValidator;
import io.datarouter.web.security.DefaultCsrfValidator;
import io.datarouter.web.util.http.RequestTool;
import java.time.Duration;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountCsrfValidator.class */
public class DatarouterAccountCsrfValidator implements CsrfValidator {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterAccountCsrfValidator.class);
    private final Long requestTimeoutMs;
    private final String apiKeyFieldName;
    private final DatarouterAccountCredentialService datarouterAccountCredentialService;

    @Singleton
    /* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountCsrfValidator$DatarouterAccountCsrfValidatorFactory.class */
    public static class DatarouterAccountCsrfValidatorFactory {

        @Inject
        private DatarouterAccountCredentialService datarouterAccountCredentialService;

        @Deprecated
        public DatarouterAccountCsrfValidator create(Long l) {
            return create(l, "apiKey");
        }

        public DatarouterAccountCsrfValidator create(Duration duration) {
            return create(Long.valueOf(duration.toMillis()), "apiKey");
        }

        public DatarouterAccountCsrfValidator create(Long l, String str) {
            return new DatarouterAccountCsrfValidator(l, str, this.datarouterAccountCredentialService);
        }
    }

    private DatarouterAccountCsrfValidator(Long l, String str, DatarouterAccountCredentialService datarouterAccountCredentialService) {
        this.requestTimeoutMs = l;
        this.apiKeyFieldName = str;
        this.datarouterAccountCredentialService = datarouterAccountCredentialService;
    }

    public boolean check(HttpServletRequest httpServletRequest) {
        return ((Boolean) getCsrfValidatorForAccountWithApiKey(httpServletRequest).map(defaultCsrfValidator -> {
            return Boolean.valueOf(defaultCsrfValidator.check(httpServletRequest));
        }).orElse(false)).booleanValue();
    }

    public Long getRequestTimeMs(HttpServletRequest httpServletRequest) {
        return (Long) getCsrfValidatorForAccountWithApiKey(httpServletRequest).map(defaultCsrfValidator -> {
            return defaultCsrfValidator.getRequestTimeMs(httpServletRequest);
        }).orElse(null);
    }

    private Optional<DefaultCsrfValidator> getCsrfValidatorForAccountWithApiKey(HttpServletRequest httpServletRequest) {
        String parameterOrHeader = RequestTool.getParameterOrHeader(httpServletRequest, this.apiKeyFieldName);
        Optional<String> findSecretKeyForApiKeyAuth = this.datarouterAccountCredentialService.findSecretKeyForApiKeyAuth(parameterOrHeader);
        if (findSecretKeyForApiKeyAuth.isEmpty()) {
            logger.warn("Missing account for apiKey={}", parameterOrHeader);
        }
        return findSecretKeyForApiKeyAuth.map(str -> {
            return () -> {
                return str;
            };
        }).map(supplier -> {
            return new DefaultCsrfValidator(new DefaultCsrfGenerator(supplier), this.requestTimeoutMs);
        });
    }
}
