package org.restheart.security.authenticators;

import io.undertow.server.handlers.Cookie;
import java.util.Map;
import org.restheart.configuration.Configuration;
import org.restheart.exchange.ServiceRequest;
import org.restheart.exchange.ServiceResponse;
import org.restheart.plugins.Inject;
import org.restheart.plugins.InterceptPoint;
import org.restheart.plugins.OnInit;
import org.restheart.plugins.PluginRecord;
import org.restheart.plugins.PluginsRegistry;
import org.restheart.plugins.RegisterPlugin;
import org.restheart.plugins.WildcardInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RegisterPlugin(name = "authCookieHandler", description = "sets the Authorization header from the auth cookie", interceptPoint = InterceptPoint.REQUEST_BEFORE_AUTH)
/* loaded from: input_file:org/restheart/security/authenticators/AuthCookieHandler.class */
public class AuthCookieHandler implements WildcardInterceptor {
    static final Logger LOGGER = LoggerFactory.getLogger(AuthCookieHandler.class);

    @Inject("rh-config")
    private Configuration rhConfig;

    @Inject("registry")
    PluginsRegistry pluginsRegistry;
    private String authCookieName;
    private boolean enabled = true;

    @OnInit
    public void init() {
        this.enabled = enabled(this.pluginsRegistry, false);
        if (this.rhConfig.toMap().containsKey("authCookieSetter")) {
            this.authCookieName = (String) argOrDefault((Map) this.rhConfig.toMap().get("authCookieSetter"), "name", "rh_auth");
        } else {
            this.authCookieName = "rh_auth";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean enabled(PluginsRegistry pluginsRegistry, boolean z) {
        PluginRecord tokenManager = pluginsRegistry.getTokenManager();
        boolean z2 = tokenManager != null && "rndTokenManager".equals(tokenManager.getName());
        boolean z3 = tokenManager != null && "jwtTokenManager".equals(tokenManager.getName());
        if (!z2 && !z3) {
            if (z) {
                return false;
            }
            LOGGER.warn("Cookie Authentication is disabled because it requires either rndTokenManager or jwtTokenManager. Please enable one of these token managers to use Cookie Authentication.");
            return false;
        }
        boolean anyMatch = pluginsRegistry.getAuthMechanisms().stream().map(pluginRecord -> {
            return pluginRecord.getName();
        }).anyMatch(str -> {
            return "tokenBasicAuthMechanism".equals(str);
        });
        boolean anyMatch2 = pluginsRegistry.getAuthMechanisms().stream().map(pluginRecord2 -> {
            return pluginRecord2.getName();
        }).anyMatch(str2 -> {
            return "jwtAuthenticationMechanism".equals(str2);
        });
        if (z2 && !anyMatch) {
            if (z) {
                return false;
            }
            LOGGER.warn("Cookie Authentication is disabled because the rndTokenManager requires tokenBasicAuthMechanism. Please enable tokenBasicAuthMechanism to use Cookie Authentication with rndTokenManager.");
            return false;
        }
        if (!z3 || anyMatch || anyMatch2) {
            return true;
        }
        if (z) {
            return false;
        }
        LOGGER.warn("Cookie Authentication is disabled because the jwtTokenManager requires either tokenBasicAuthMechanism or jwtAuthenticationMechanism. Please enable one of these authentication mechanisms to use Cookie Authentication.");
        return false;
    }

    public void handle(ServiceRequest<?> serviceRequest, ServiceResponse<?> serviceResponse) throws Exception {
        try {
            Cookie cookie = serviceRequest.getCookie(this.authCookieName);
            if (cookie == null) {
                LOGGER.debug("no {} cookie", this.authCookieName);
                return;
            }
            String value = cookie.getValue();
            serviceRequest.setHeader("Authorization", value);
            LOGGER.debug("set header Authorization: {}", value);
        } catch (Throwable th) {
            LOGGER.error("wrong cookie", th);
        }
    }

    public boolean resolve(ServiceRequest<?> serviceRequest, ServiceResponse<?> serviceResponse) {
        return this.enabled && serviceRequest.getHeader("Authorization") == null;
    }
}
