package net.bluemind.webmodule.authenticationfilter;

import com.google.common.base.Strings;
import io.vertx.core.Vertx;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import net.bluemind.authentication.api.IAuthenticationPromise;
import net.bluemind.authentication.api.LoginResponse;
import net.bluemind.config.Token;
import net.bluemind.core.api.AsyncHandler;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.rest.http.HttpClientProvider;
import net.bluemind.core.rest.http.VertxPromiseServiceProvider;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.IDomainsPromise;
import net.bluemind.keydb.sessiondata.SessionData;
import net.bluemind.keydb.sessiondata.SessionDataStore;
import net.bluemind.mailbox.api.IMailboxesPromise;
import net.bluemind.mailbox.api.Mailbox;
import net.bluemind.network.topology.Topology;
import net.bluemind.server.api.Server;
import net.bluemind.server.api.TagDescriptor;
import net.bluemind.webmodule.authenticationfilter.internal.ExternalCreds;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/webmodule/authenticationfilter/AuthProvider.class */
public class AuthProvider {
    private static final Logger logger = LoggerFactory.getLogger(AuthProvider.class);
    public static final int DEFAULT_MAX_SESSIONS_PER_USER = 5;
    private static final String BM_WEBSERVER_AUTHFILTER = "bm-webserver-authfilter";
    private HttpClientProvider clientProvider;
    private final String domainUid;
    private final boolean internalAuth;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain.class */
    public static final class CredentialInfosWithDomain extends Record {
        private final ExternalCreds externalCreds;
        private final String userDomainUid;
        private final ItemValue<Domain> domain;

        private CredentialInfosWithDomain(ExternalCreds externalCreds, String str, ItemValue<Domain> itemValue) {
            this.externalCreds = externalCreds;
            this.userDomainUid = str;
            this.domain = itemValue;
        }

        public ExternalCreds externalCreds() {
            return this.externalCreds;
        }

        public String userDomainUid() {
            return this.userDomainUid;
        }

        public ItemValue<Domain> domain() {
            return this.domain;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CredentialInfosWithDomain.class), CredentialInfosWithDomain.class, "externalCreds;userDomainUid;domain", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->externalCreds:Lnet/bluemind/webmodule/authenticationfilter/internal/ExternalCreds;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->userDomainUid:Ljava/lang/String;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->domain:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CredentialInfosWithDomain.class), CredentialInfosWithDomain.class, "externalCreds;userDomainUid;domain", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->externalCreds:Lnet/bluemind/webmodule/authenticationfilter/internal/ExternalCreds;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->userDomainUid:Ljava/lang/String;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->domain:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CredentialInfosWithDomain.class, Object.class), CredentialInfosWithDomain.class, "externalCreds;userDomainUid;domain", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->externalCreds:Lnet/bluemind/webmodule/authenticationfilter/internal/ExternalCreds;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->userDomainUid:Ljava/lang/String;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithDomain;->domain:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox.class */
    public static final class CredentialInfosWithMailbox extends Record {
        private final ExternalCreds externalCreds;
        private final String userDomainUid;
        private final ItemValue<Mailbox> mailbox;

        private CredentialInfosWithMailbox(ExternalCreds externalCreds, String str, ItemValue<Mailbox> itemValue) {
            this.externalCreds = externalCreds;
            this.userDomainUid = str;
            this.mailbox = itemValue;
        }

        public ExternalCreds externalCreds() {
            return this.externalCreds;
        }

        public String userDomainUid() {
            return this.userDomainUid;
        }

        public ItemValue<Mailbox> mailbox() {
            return this.mailbox;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CredentialInfosWithMailbox.class), CredentialInfosWithMailbox.class, "externalCreds;userDomainUid;mailbox", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->externalCreds:Lnet/bluemind/webmodule/authenticationfilter/internal/ExternalCreds;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->userDomainUid:Ljava/lang/String;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->mailbox:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CredentialInfosWithMailbox.class), CredentialInfosWithMailbox.class, "externalCreds;userDomainUid;mailbox", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->externalCreds:Lnet/bluemind/webmodule/authenticationfilter/internal/ExternalCreds;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->userDomainUid:Ljava/lang/String;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->mailbox:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CredentialInfosWithMailbox.class, Object.class), CredentialInfosWithMailbox.class, "externalCreds;userDomainUid;mailbox", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->externalCreds:Lnet/bluemind/webmodule/authenticationfilter/internal/ExternalCreds;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->userDomainUid:Ljava/lang/String;", "FIELD:Lnet/bluemind/webmodule/authenticationfilter/AuthProvider$CredentialInfosWithMailbox;->mailbox:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }
    }

    public AuthProvider(Vertx vertx, String str) {
        this.clientProvider = new HttpClientProvider(vertx);
        this.domainUid = str;
        this.internalAuth = false;
    }

    public AuthProvider(Vertx vertx, String str, boolean z) {
        this.clientProvider = new HttpClientProvider(vertx);
        this.domainUid = str;
        this.internalAuth = z;
    }

    public void sessionId(ExternalCreds externalCreds, List<String> list, AsyncHandler<SessionData> asyncHandler) {
        if (Strings.isNullOrEmpty(externalCreds.getLoginAtDomain()) || !externalCreds.getLoginAtDomain().contains("@")) {
            asyncHandler.failure(new ServerFault("Invalid loginAtDomain " + externalCreds.getLoginAtDomain() + " from external credentials"));
            return;
        }
        if (!"admin0@global.virt".equals(externalCreds.getLoginAtDomain())) {
            externalCredsToMailbox(list, externalCreds, asyncHandler);
        } else if (this.internalAuth) {
            doSudo(list, externalCreds, asyncHandler);
        } else {
            asyncHandler.failure(new ServerFault("Authentication failure: admin0@global.virt only available from internal authentication", ErrorCode.FORBIDDEN));
        }
    }

    public void sessionId(String str, String str2, List<String> list, AsyncHandler<SessionData> asyncHandler) {
        VertxPromiseServiceProvider provider = getProvider(null, list);
        logger.info("authenticating {}", str);
        ((IAuthenticationPromise) provider.instance(TagDescriptor.bm_core.getTag(), IAuthenticationPromise.class, new String[0])).loginWithParams(str.toLowerCase(), str2, BM_WEBSERVER_AUTHFILTER, true).exceptionally(th -> {
            logger.error("error during authentication of {}", str, th);
            asyncHandler.failure(new ServerFault("error login: No server assigned or server not avalaible"));
            return null;
        }).thenAccept(loginResponse -> {
            logger.info("Authenticated {}, response: {}", str, loginResponse.status);
            if (loginResponse.status == LoginResponse.Status.Ok || loginResponse.status == LoginResponse.Status.Expired) {
                handlerLoginSuccess(loginResponse, asyncHandler);
            } else {
                asyncHandler.failure(new ServerFault("error during login " + loginResponse.message, ErrorCode.INVALID_PASSWORD));
            }
        });
    }

    private void doSudo(List<String> list, ExternalCreds externalCreds, AsyncHandler<SessionData> asyncHandler) {
        ((IAuthenticationPromise) getProvider(Token.admin0(), list).instance(IAuthenticationPromise.class, new String[0])).suWithParams(externalCreds.getLoginAtDomain(), true).exceptionally(th -> {
            return null;
        }).thenAccept(loginResponse -> {
            if (loginResponse == null) {
                asyncHandler.failure(new ServerFault("Error during sudo for user " + externalCreds.getLoginAtDomain()));
            } else if (loginResponse.status == LoginResponse.Status.Ok) {
                handlerLoginSuccess(loginResponse, asyncHandler);
            } else {
                asyncHandler.success((Object) null);
            }
        });
    }

    private void externalCredsToMailbox(List<String> list, ExternalCreds externalCreds, AsyncHandler<SessionData> asyncHandler) {
        String str = (this.internalAuth && this.domainUid.equals("global.virt")) ? externalCreds.getLoginAtDomain().split("@")[1] : this.domainUid;
        VertxPromiseServiceProvider provider = getProvider(Token.admin0(), list);
        ((IMailboxesPromise) provider.instance(IMailboxesPromise.class, new String[]{str})).byEmail(externalCreds.getLoginAtDomain()).whenComplete((itemValue, th) -> {
            if (th != null) {
                asyncHandler.failure(th);
                return;
            }
            if (itemValue != null) {
                sudoFromMailbox(list, new CredentialInfosWithMailbox(externalCreds, str, itemValue), asyncHandler);
            } else if (!this.internalAuth) {
                ((IDomainsPromise) provider.instance(IDomainsPromise.class, new String[0])).findByNameOrAliases(externalCreds.getLoginAtDomain().split("@")[1]).whenComplete((itemValue, th) -> {
                    if (th != null) {
                        asyncHandler.failure(th);
                    } else {
                        onTheFlyImportFromExternalAuth(list, new CredentialInfosWithDomain(externalCreds, str, itemValue), asyncHandler);
                    }
                });
            } else {
                logger.info("Try sudo with login {} (try on-the-fly import)", externalCreds.getLoginAtDomain());
                doSudo(list, externalCreds, asyncHandler);
            }
        });
    }

    private void onTheFlyImportFromExternalAuth(List<String> list, CredentialInfosWithDomain credentialInfosWithDomain, AsyncHandler<SessionData> asyncHandler) {
        if (!credentialInfosWithDomain.domain.uid.equals(credentialInfosWithDomain.userDomainUid)) {
            asyncHandler.failure(new ServerFault("Authentication failure: external credentials " + credentialInfosWithDomain.externalCreds.getLoginAtDomain() + " not from domain: " + this.domainUid, ErrorCode.FORBIDDEN));
        } else {
            logger.info("Try sudo with login {} (try on-the-fly import)", credentialInfosWithDomain.externalCreds.getLoginAtDomain());
            doSudo(list, credentialInfosWithDomain.externalCreds, asyncHandler);
        }
    }

    private void sudoFromMailbox(List<String> list, CredentialInfosWithMailbox credentialInfosWithMailbox, AsyncHandler<SessionData> asyncHandler) {
        if (((Mailbox) credentialInfosWithMailbox.mailbox.value).type != Mailbox.Type.user || ((Mailbox) credentialInfosWithMailbox.mailbox.value).archived) {
            asyncHandler.success((Object) null);
            return;
        }
        String str = ((Mailbox) credentialInfosWithMailbox.mailbox.value).name + "@" + credentialInfosWithMailbox.userDomainUid;
        logger.info("Try sudo with login {} (Submitted login {})", str, credentialInfosWithMailbox.externalCreds.getLoginAtDomain());
        credentialInfosWithMailbox.externalCreds.setLoginAtDomain(str);
        doSudo(list, credentialInfosWithMailbox.externalCreds, asyncHandler);
    }

    private void handlerLoginSuccess(LoginResponse loginResponse, AsyncHandler<SessionData> asyncHandler) {
        SessionData sessionData = new SessionData(loginResponse);
        SessionDataStore.get().put(sessionData);
        asyncHandler.success(sessionData);
    }

    public CompletableFuture<Void> logout(String str) {
        SessionData ifPresent = SessionDataStore.get().getIfPresent(str);
        return ifPresent != null ? logout(ifPresent) : logout("Unknown", str);
    }

    public CompletableFuture<Void> logout(SessionData sessionData) {
        return logout(sessionData.loginAtDomain, sessionData.authKey);
    }

    private CompletableFuture<Void> logout(String str, String str2) {
        logger.info("Log out session {} for {}", str2, str);
        return ((IAuthenticationPromise) getProvider(str2, Collections.emptyList()).instance(IAuthenticationPromise.class, new String[0])).logout().whenComplete((r3, th) -> {
            if (th != null) {
                logger.warn(th.getMessage());
            }
        });
    }

    private VertxPromiseServiceProvider getProvider(String str, List<String> list) {
        VertxPromiseServiceProvider vertxPromiseServiceProvider = new VertxPromiseServiceProvider(this.clientProvider, (str2, asyncHandler) -> {
            asyncHandler.success(new String[]{(String) Topology.get().anyIfPresent(str2).map(itemValue -> {
                return ((Server) itemValue.value).address();
            }).orElse("127.0.0.1")});
        }, str, list);
        vertxPromiseServiceProvider.setOrigin(BM_WEBSERVER_AUTHFILTER);
        return vertxPromiseServiceProvider;
    }
}
