package net.bluemind.central.reverse.proxy.imap;

import io.vertx.core.AbstractVerticle;
import io.vertx.core.Future;
import io.vertx.core.MultiMap;
import io.vertx.core.Promise;
import io.vertx.core.Verticle;
import io.vertx.core.http.HttpServer;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.http.HttpServerResponse;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.security.InvalidParameterException;
import java.util.Base64;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import net.bluemind.central.reverse.proxy.model.client.ProxyInfoStoreClient;
import net.bluemind.lib.vertx.IVerticleFactory;
import net.bluemind.lib.vertx.utils.PasswordDecoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint.class */
public class NginxImapAuthEndpoint extends AbstractVerticle {
    private static final Logger logger = LoggerFactory.getLogger(NginxImapAuthEndpoint.class);
    private ProxyInfoStoreClient infoClient;
    private AtomicBoolean lastHealth;

    /* loaded from: input_file:net/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$EndpointFactory.class */
    public static final class EndpointFactory implements IVerticleFactory {
        public boolean isWorker() {
            return false;
        }

        public Verticle newInstance() {
            return new NginxImapAuthEndpoint();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters.class */
    public static final class QueryParameters extends Record {
        private final String clientIp;
        private final String protocol;
        private final String user;
        private final String latd;
        private final String password;
        private final String backendPort;
        private final long time;
        private final int attempt;

        private QueryParameters(String str, String str2, String str3, String str4, String str5, String str6, long j, int i) {
            this.clientIp = str;
            this.protocol = str2;
            this.user = str3;
            this.latd = str4;
            this.password = str5;
            this.backendPort = str6;
            this.time = j;
            this.attempt = i;
        }

        private static QueryParameters fromRequest(HttpServerRequest httpServerRequest, long j) {
            String str = httpServerRequest.headers().get("Client-IP");
            String str2 = httpServerRequest.headers().get("X-Auth-Port");
            String str3 = httpServerRequest.headers().get("Auth-Protocol");
            int intValue = ((Integer) Optional.ofNullable(httpServerRequest.headers().get("Auth-Login-Attempt")).map(Integer::parseInt).orElse(0)).intValue();
            String str4 = httpServerRequest.headers().get("Auth-User");
            if (str4 == null || "".equals(str4)) {
                throw new InvalidParameterException("null or empty login");
            }
            String lowerCase = new String(NginxImapAuthEndpoint.decode(str4)).toLowerCase();
            String password = PasswordDecoder.getPassword(lowerCase, NginxImapAuthEndpoint.decode(httpServerRequest.headers().get("Auth-Pass")));
            if (NginxImapAuthEndpoint.logger.isDebugEnabled()) {
                NginxImapAuthEndpoint.logger.debug("Password b64: {}, decoded: {}", httpServerRequest.headers().get("Auth-Pass"), password);
            }
            return new QueryParameters(str, str3, lowerCase, lowerCase, password, str2, j, intValue);
        }

        public String clientIp() {
            return this.clientIp;
        }

        public String protocol() {
            return this.protocol;
        }

        public String user() {
            return this.user;
        }

        public String latd() {
            return this.latd;
        }

        public String password() {
            return this.password;
        }

        public String backendPort() {
            return this.backendPort;
        }

        public long time() {
            return this.time;
        }

        public int attempt() {
            return this.attempt;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, QueryParameters.class), QueryParameters.class, "clientIp;protocol;user;latd;password;backendPort;time;attempt", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->clientIp:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->protocol:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->user:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->latd:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->password:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->backendPort:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->time:J", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->attempt:I").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, QueryParameters.class), QueryParameters.class, "clientIp;protocol;user;latd;password;backendPort;time;attempt", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->clientIp:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->protocol:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->user:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->latd:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->password:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->backendPort:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->time:J", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->attempt:I").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, QueryParameters.class, Object.class), QueryParameters.class, "clientIp;protocol;user;latd;password;backendPort;time;attempt", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->clientIp:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->protocol:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->user:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->latd:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->password:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->backendPort:Ljava/lang/String;", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->time:J", "FIELD:Lnet/bluemind/central/reverse/proxy/imap/NginxImapAuthEndpoint$QueryParameters;->attempt:I").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }
    }

    public void start(Promise<Void> promise) throws Exception {
        this.infoClient = ProxyInfoStoreClient.create(this.vertx);
        this.lastHealth = new AtomicBoolean(false);
        this.vertx.eventBus().consumer("crp.health", message -> {
            this.lastHealth.set(((Boolean) message.body()).booleanValue());
        });
        this.vertx.eventBus().consumer("proxy-address").handler(message2 -> {
            if ("model-ready".equals(message2.headers().get("action"))) {
                logger.info("[proxy:{}] Model ready, starting nginx endpoint", deploymentID());
                startEndpoint();
            }
        });
        promise.complete();
    }

    private void startEndpoint() {
        this.vertx.createHttpServer(new HttpServerOptions().setTcpFastOpen(true).setTcpNoDelay(true).setTcpQuickAck(true)).requestHandler(this::nginxRoutingRequest).listen(8143, asyncResult -> {
            if (!asyncResult.succeeded()) {
                logger.error("[imap-auth] Failed to listen on port 8143", asyncResult.cause());
            } else {
                HttpServer httpServer = (HttpServer) asyncResult.result();
                logger.info("[imap-auth:{}] Started on port {}", httpServer, Integer.valueOf(httpServer.actualPort()));
            }
        });
    }

    public static byte[] decode(String str) {
        return Base64.getDecoder().decode(str);
    }

    private void nginxRoutingRequest(HttpServerRequest httpServerRequest) {
        long nanoTime = System.nanoTime();
        httpServerRequest.endHandler(r8 -> {
            HttpServerResponse response = httpServerRequest.response();
            if (!this.lastHealth.get()) {
                logger.error("Refusing IMAP routing, crp is not healthy");
                response.setStatusCode(503).end();
                return;
            }
            try {
                QueryParameters fromRequest = QueryParameters.fromRequest(httpServerRequest, nanoTime);
                this.infoClient.ip(fromRequest.user()).flatMap(str -> {
                    return str == null ? Future.failedFuture("unknown user") : Future.succeededFuture(str);
                }).onSuccess(str2 -> {
                    MultiMap headers = response.headers();
                    headers.add("Auth-Status", "OK");
                    headers.add("Auth-Server", str2);
                    headers.add("Auth-Port", "1143");
                    response.end();
                }).onFailure(th -> {
                    logger.warn("No routing infos for login '{}'", fromRequest.user);
                    MultiMap headers = response.headers();
                    headers.add("Auth-Status", "Invalid login or password");
                    if (fromRequest.attempt() < 10) {
                        headers.add("Auth-Wait", "2");
                    }
                    response.end();
                });
            } catch (Exception e) {
                logger.error("Nginx routing error ({})", e.getMessage());
                response.setStatusCode(500).end();
            }
        });
    }
}
