package jayeson.lib.delivery.module.auth;

import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import jayeson.lib.access.AccessManager;
import jayeson.lib.access.AccessManagerFactory;
import jayeson.lib.access.datastructure.AccessRequest;
import jayeson.lib.delivery.api.CoreComponent;
import jayeson.lib.delivery.api.IEndPoint;
import jayeson.lib.delivery.api.IEndPointEventSource;
import jayeson.lib.delivery.api.IEndPointListener;
import jayeson.lib.delivery.api.events.EPDisconnectedEvent;
import jayeson.lib.delivery.api.events.EPEvent;
import jayeson.lib.delivery.api.events.IEPEventDispatcher;
import jayeson.lib.delivery.api.messages.IMessageGroupProcessor;
import jayeson.lib.delivery.api.messages.MessageWrapper;
import jayeson.lib.delivery.core.EndPoint;
import jayeson.lib.delivery.core.http.messages.HttpMessageWrapper;
import jayeson.lib.delivery.core.server.ServerEndPoint;
import jayeson.lib.delivery.core.websocket.WebSocketRouter;
import jayeson.lib.delivery.core.websocket.WebSocketTransport;
import jayeson.lib.delivery.module.auth.event.AuthFailed;
import jayeson.lib.delivery.module.auth.event.AuthSuccessful;
import jayeson.lib.delivery.module.auth.event.TicketExpired;
import jayeson.lib.delivery.module.auth.messages.AuthGroup;
import jayeson.lib.delivery.module.auth.messages.beans.AuthContent;
import jayeson.lib.delivery.module.auth.messages.beans.GeneralResponse;
import jayeson.lib.delivery.module.auth.messages.beans.WSAuthContent;
import jayeson.lib.session.AsyncSessionAccessor;
import jayeson.utility.crypto.Crypto;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:jayeson/lib/delivery/module/auth/AuthService.class */
public class AuthService implements IEndPointEventSource, IEndPointListener, IAuthService, Runnable {
    private static final Logger log = LoggerFactory.getLogger(AuthService.class);
    public static final String EPF_AR = "access_request";
    private IEPEventDispatcher _ed;
    private AuthGroup _mg;
    AuthServiceConfig sharedConfig;
    Provider<WebSocketRouter> wrp;
    Provider<WebSocketTransport> wtp;
    public static final String EPF_ACCESS_REQUEST = "access";
    public static final String EPF_USERNAME = "username";
    public static final String EPF_SCOPE = "scope";
    private IMessageGroupProcessor processor;
    private Map<Long, AuthWrapper> eps = new ConcurrentHashMap(30, 0.75f, 2);
    private AccessManagerFactory amFactory;
    private ScheduledExecutorService ses;
    private Crypto crypto;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jayeson/lib/delivery/module/auth/AuthService$AuthWrapper.class */
    public static class AuthWrapper {
        public ServerEndPoint ep;
        public AuthContent c;
        public AsyncSessionAccessor sa;
        public String prevTicket;
        public int numInvalid = 0;

        public AuthWrapper(ServerEndPoint serverEndPoint, AuthContent authContent, AsyncSessionAccessor asyncSessionAccessor) {
            this.ep = serverEndPoint;
            this.c = authContent;
            this.sa = asyncSessionAccessor;
        }
    }

    @Inject
    public AuthService(AuthServiceConfig authServiceConfig, AuthGroup authGroup, AccessManagerFactory accessManagerFactory, @Named("CommonSES") ScheduledExecutorService scheduledExecutorService) {
        this._mg = authGroup;
        this.sharedConfig = authServiceConfig;
        this.ses = scheduledExecutorService;
        this.amFactory = accessManagerFactory;
        this.ses.submit(this);
    }

    @Inject
    public void setEventDispatcher(IEPEventDispatcher iEPEventDispatcher) {
        this._ed = iEPEventDispatcher;
    }

    @Inject
    public void setProcessor(AuthGroupProcessor authGroupProcessor) {
        this.processor = authGroupProcessor;
        authGroupProcessor.setAuthService(this);
    }

    @Inject
    public void setCrypto(Crypto crypto) {
        this.crypto = crypto;
    }

    @Inject
    public void setWRP(Provider<WebSocketRouter> provider) {
        this.wrp = provider;
    }

    @Inject
    public void setWTP(Provider<WebSocketTransport> provider) {
        this.wtp = provider;
    }

    @Override // jayeson.lib.delivery.api.IEndPointEventSource
    public void attachListener(IEndPointListener iEndPointListener) {
        this._ed.registerListener(iEndPointListener);
    }

    @Override // jayeson.lib.delivery.api.IEndPointEventSource
    public void detachListener(IEndPointListener iEndPointListener) {
        this._ed.deregisterListener(iEndPointListener);
    }

    @Override // jayeson.lib.delivery.api.IEndPointListener
    public void onEvent(EPEvent ePEvent) {
        if (ePEvent instanceof EPDisconnectedEvent) {
            ServerEndPoint serverEndPoint = (ServerEndPoint) ePEvent.getEndpoint();
            log.info("ServerEndPoint with Id {} disconnected and removed from AuthService", Long.valueOf(serverEndPoint.getId()));
            this.eps.remove(Long.valueOf(serverEndPoint.getId()));
        }
    }

    @Override // jayeson.lib.delivery.module.auth.IAuthService
    public IMessageGroupProcessor getProcessor() {
        return this.processor;
    }

    private void authFailed(IEndPoint iEndPoint, String str) {
        AuthFailed authFailed = new AuthFailed(iEndPoint);
        GeneralResponse generalResponse = new GeneralResponse();
        generalResponse.setMessage(str);
        generalResponse.setStatus(1);
        ((EndPoint) iEndPoint).send(new MessageWrapper(generalResponse, this._mg.GENERAL_RESPONSE), channelFuture -> {
            this._ed.dispatchEvent(authFailed);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authFailed(IEndPoint iEndPoint) {
        authFailed(iEndPoint, "Authentication Failed!!!");
    }

    void authSuccessful(IEndPoint iEndPoint, AuthContent authContent, AccessRequest accessRequest) {
        AuthSuccessful authSuccessful = new AuthSuccessful(iEndPoint, authContent, authContent.getFeedScope(), accessRequest.getUsername());
        EndPoint endPoint = (EndPoint) iEndPoint;
        GeneralResponse generalResponse = new GeneralResponse();
        generalResponse.setMessage("Authentication successful!!!");
        generalResponse.setStatus(0);
        endPoint.send(((authContent instanceof WSAuthContent) && ((WSAuthContent) authContent).isWsUpgrade()) ? new HttpMessageWrapper("", this._mg.STRING).status(101).withHeader("Upgrade", "websocket").withHeader("Connection", "Upgrade").withHeader("Sec-WebSocket-Accept", ((WSAuthContent) authContent).getWebsocketAccept()) : new MessageWrapper(generalResponse, this._mg.GENERAL_RESPONSE), channelFuture -> {
            if (authContent instanceof WSAuthContent) {
                endPoint.changeCoreComponent((CoreComponent) this.wtp.get());
                endPoint.changeCoreComponent((CoreComponent) this.wrp.get());
            }
            this._ed.dispatchEvent(authSuccessful);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticate(IEndPoint iEndPoint, AuthContent authContent) throws ExecutionException, InterruptedException {
        AuthEntryConfig authEntryConfig = this.sharedConfig.getAuthenticatorConfigs().get(authContent.getFeedScope());
        log.debug("Starting auth with scope [" + authContent.getFeedScope() + "], [" + authEntryConfig + "]");
        if (authEntryConfig == null) {
            authFailed(iEndPoint, "Token is from an unknown scope");
            log.debug("Unable to auth " + iEndPoint.getIdentifier() + ": Token is from an unknown scope");
            return;
        }
        AuthRequestBuilder authRequestBuilder = new AuthRequestBuilder(this.crypto, authEntryConfig, authContent);
        AccessManager am = this.amFactory.getAM(authEntryConfig.getAccessManagerName());
        try {
            AccessRequest build = authRequestBuilder.build(am);
            if (build == null || !((Boolean) am.isLoggedIn(build).toCompletableFuture().get()).booleanValue()) {
                authFailed(iEndPoint);
                log.debug("Unable to auth " + iEndPoint.getPeerIp() + ":" + iEndPoint.getPeerPort() + ": User not logged in.");
                return;
            }
            AsyncSessionAccessor asyncSessionAccessor = (AsyncSessionAccessor) am.getLoginSession(build).toCompletableFuture().get();
            if (asyncSessionAccessor != null) {
                asyncSessionAccessor.read(String.format(authEntryConfig.getTicketPattern(), authContent.getClientId())).whenComplete((str, th) -> {
                    if (th != null) {
                        authFailed(iEndPoint, "Unable to retrieve ticket from session store: " + th);
                        log.debug("Unable to auth " + iEndPoint.getIdentifier() + ": Unable to retrieve ticket from session store");
                        return;
                    }
                    if (str == null || !str.equals(authContent.getTicket())) {
                        authFailed(iEndPoint, "Ticket not matched!");
                        log.debug("Unable to auth " + iEndPoint.getPeerIp() + ":" + iEndPoint.getPeerPort() + ": Ticket not matched! StoredTicket [" + str + "], " + authContent);
                        return;
                    }
                    ServerEndPoint serverEndPoint = (ServerEndPoint) iEndPoint;
                    serverEndPoint.setData(EPF_ACCESS_REQUEST, build);
                    serverEndPoint.setData(EPF_USERNAME, build.getUsername());
                    serverEndPoint.setData(EPF_SCOPE, authContent.getFeedScope());
                    authSuccessful(iEndPoint, authContent, build);
                    this.eps.put(Long.valueOf(((ServerEndPoint) iEndPoint).getId()), new AuthWrapper((ServerEndPoint) iEndPoint, authContent, asyncSessionAccessor));
                });
            } else {
                authFailed(iEndPoint, "Internal error! Cannot obtain session.");
                log.debug("Unable to auth " + iEndPoint.getIdentifier() + ": Internal error! Cannot obtain session.");
            }
        } catch (Exception e) {
            log.error("Exception while building access request!", e);
            authFailed(iEndPoint, "Internal error! Access request corrupted.");
            log.debug("Unable to auth " + iEndPoint.getIdentifier() + ": Internal error! Access request corrupted.");
        }
    }

    public boolean isAuthenticated(IEndPoint iEndPoint) {
        return (iEndPoint instanceof ServerEndPoint) && this.eps.get(Long.valueOf(((ServerEndPoint) iEndPoint).getId())) != null;
    }

    public void renewTicket(ServerEndPoint serverEndPoint, String str, String str2) {
        AuthWrapper authWrapper = this.eps.get(Long.valueOf(serverEndPoint.getId()));
        if (authWrapper == null) {
            log.error("AuthWrapper not found for {}: {}", Long.valueOf(serverEndPoint.getId()), serverEndPoint.getIdentifier());
            return;
        }
        AuthEntryConfig authEntryConfig = this.sharedConfig.getAuthenticatorConfigs().get(authWrapper.c.getFeedScope());
        if (authEntryConfig == null) {
            return;
        }
        (str2.equals(authWrapper.c.getTicket()) ? CompletableFuture.completedFuture(new GeneralResponse("Ticket Renew Failed! New ticket duplicate with old ticket!", 1)) : authWrapper.sa.read(String.format(authEntryConfig.getTicketPattern(), str)).thenApply(str3 -> {
            if (str3 == null || !str3.equals(str2)) {
                log.debug("Ticket renew failed for {}, redisTicket: {}, receivedTicket: {}", new Object[]{str, str3, str2});
                return new GeneralResponse("Ticket Renew Failed! New ticket isn't found in user session!", 1);
            }
            authWrapper.c.setTicket(str2);
            return new GeneralResponse("Ticket Renewed Successfully!", 0);
        })).thenAccept(generalResponse -> {
            authWrapper.ep.send(new MessageWrapper(generalResponse, this._mg.GENERAL_RESPONSE));
        });
    }

    @Override // java.lang.Runnable
    public void run() {
        CompletableFuture.allOf((CompletableFuture[]) ((List) this.eps.values().stream().map(this::validateEndpoint).collect(Collectors.toList())).toArray(new CompletableFuture[0])).thenAccept(r7 -> {
            this.ses.schedule(this, this.sharedConfig.getTicketCheckingInterval(), TimeUnit.MILLISECONDS);
        });
    }

    CompletableFuture<AuthWrapper> validateEndpoint(AuthWrapper authWrapper) {
        return checkTicket(authWrapper).thenCompose(authWrapper2 -> {
            if (!isEndpointExpired(authWrapper2)) {
                return CompletableFuture.completedFuture(authWrapper);
            }
            this.eps.remove(Long.valueOf(authWrapper2.ep.getId()));
            return notifyTicketExpiry(authWrapper2);
        });
    }

    CompletableFuture<AuthWrapper> notifyTicketExpiry(AuthWrapper authWrapper) {
        log.info("Client with id {} has ticket {} expired", authWrapper.c.getClientId(), authWrapper.c.getTicket());
        CompletableFuture<AuthWrapper> completableFuture = new CompletableFuture<>();
        authWrapper.ep.send(new MessageWrapper(new GeneralResponse("Ticket Expired!", 2), this._mg.GENERAL_RESPONSE), channelFuture -> {
            this._ed.dispatchEvent(new TicketExpired(authWrapper.ep, authWrapper.c.getTicket()));
            completableFuture.complete(authWrapper);
        });
        return completableFuture;
    }

    CompletableFuture<AuthWrapper> checkTicket(AuthWrapper authWrapper) {
        AuthEntryConfig authEntryConfig = this.sharedConfig.getAuthenticatorConfigs().get(authWrapper.c.getFeedScope());
        if (authEntryConfig == null) {
            authWrapper.numInvalid++;
            return CompletableFuture.completedFuture(authWrapper);
        }
        return ((CompletableFuture) authWrapper.sa.read(String.format(authEntryConfig.getTicketPattern(), authWrapper.c.getClientId()))).thenApply(str -> {
            if (str == null || !str.equals(authWrapper.c.getTicket())) {
                authWrapper.numInvalid++;
            } else {
                authWrapper.numInvalid = 0;
            }
            authWrapper.prevTicket = str;
            return authWrapper;
        });
    }

    boolean isEndpointExpired(AuthWrapper authWrapper) {
        return authWrapper.prevTicket == null || authWrapper.numInvalid >= 2;
    }
}
