package io.quarkus.vertx.http.runtime.security;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.security.AuthenticationCompletionException;
import io.quarkus.security.credential.PasswordCredential;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.security.identity.request.TrustedAuthenticationRequest;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
import io.quarkus.vertx.http.runtime.security.PersistentLoginManager;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.subscription.UniEmitter;
import io.vertx.core.Handler;
import io.vertx.core.MultiMap;
import io.vertx.core.http.Cookie;
import io.vertx.core.http.CookieSameSite;
import io.vertx.core.http.HttpMethod;
import io.vertx.ext.web.RoutingContext;
import java.net.URI;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import java.util.function.Consumer;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/FormAuthenticationMechanism.class */
public class FormAuthenticationMechanism implements HttpAuthenticationMechanism {
    private static final String FORM = "form";
    private static final Logger log = Logger.getLogger(FormAuthenticationMechanism.class);
    private final String loginPage;
    private final String errorPage;
    private final String postLocation;
    private final String usernameParameter;
    private final String passwordParameter;
    private final String locationCookie;
    private final String landingPage;
    private final boolean redirectToLandingPage;
    private final boolean redirectToErrorPage;
    private final boolean redirectToLoginPage;
    private final CookieSameSite cookieSameSite;
    private final String cookiePath;
    private final PersistentLoginManager loginManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism$1, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/vertx/http/runtime/security/FormAuthenticationMechanism$1.class */
    public class AnonymousClass1 implements Consumer<UniEmitter<? super SecurityIdentity>> {
        final /* synthetic */ RoutingContext val$exchange;
        final /* synthetic */ IdentityProviderManager val$securityContext;

        AnonymousClass1(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
            this.val$exchange = routingContext;
            this.val$securityContext = identityProviderManager;
        }

        @Override // java.util.function.Consumer
        public void accept(final UniEmitter<? super SecurityIdentity> uniEmitter) {
            this.val$exchange.request().endHandler(new Handler<Void>() { // from class: io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism.1.1
                public void handle(Void r9) {
                    try {
                        MultiMap formAttributes = AnonymousClass1.this.val$exchange.request().formAttributes();
                        String str = formAttributes.get(FormAuthenticationMechanism.this.usernameParameter);
                        String str2 = formAttributes.get(FormAuthenticationMechanism.this.passwordParameter);
                        if (str != null && str2 != null) {
                            AnonymousClass1.this.val$securityContext.authenticate(HttpSecurityUtils.setRoutingContextAttribute(new UsernamePasswordAuthenticationRequest(str, new PasswordCredential(str2.toCharArray())), AnonymousClass1.this.val$exchange)).subscribe().with(new Consumer<SecurityIdentity>() { // from class: io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism.1.1.1
                                @Override // java.util.function.Consumer
                                public void accept(SecurityIdentity securityIdentity) {
                                    try {
                                        FormAuthenticationMechanism.this.loginManager.save(securityIdentity, AnonymousClass1.this.val$exchange, null, AnonymousClass1.this.val$exchange.request().isSSL());
                                        if (FormAuthenticationMechanism.this.redirectToLandingPage || AnonymousClass1.this.val$exchange.request().getCookie(FormAuthenticationMechanism.this.locationCookie) != null) {
                                            FormAuthenticationMechanism.this.handleRedirectBack(AnonymousClass1.this.val$exchange);
                                        } else {
                                            AnonymousClass1.this.val$exchange.response().setStatusCode(200);
                                            AnonymousClass1.this.val$exchange.response().end();
                                        }
                                        uniEmitter.complete((Object) null);
                                    } catch (Throwable th) {
                                        FormAuthenticationMechanism.log.error("Unable to complete post authentication", th);
                                        uniEmitter.fail(th);
                                    }
                                }
                            }, new Consumer<Throwable>() { // from class: io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism.1.1.2
                                @Override // java.util.function.Consumer
                                public void accept(Throwable th) {
                                    uniEmitter.fail(th);
                                }
                            });
                        } else {
                            FormAuthenticationMechanism.log.debugf("Could not authenticate as username or password was not present in the posted result for %s", AnonymousClass1.this.val$exchange);
                            uniEmitter.complete((Object) null);
                        }
                    } catch (Throwable th) {
                        uniEmitter.fail(th);
                    }
                }
            });
            this.val$exchange.request().resume();
        }
    }

    public FormAuthenticationMechanism(String str, String str2, String str3, String str4, String str5, String str6, boolean z, String str7, String str8, String str9, PersistentLoginManager persistentLoginManager) {
        this.loginPage = str;
        this.postLocation = str2;
        this.usernameParameter = str3;
        this.passwordParameter = str4;
        this.locationCookie = str7;
        this.errorPage = str5;
        this.landingPage = str6;
        this.redirectToLandingPage = str6 != null && z;
        this.redirectToLoginPage = str != null;
        this.redirectToErrorPage = str5 != null;
        this.cookieSameSite = CookieSameSite.valueOf(str8);
        this.cookiePath = str9;
        this.loginManager = persistentLoginManager;
    }

    public Uni<SecurityIdentity> runFormAuth(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        routingContext.request().setExpectMultipart(true);
        return Uni.createFrom().emitter(new AnonymousClass1(routingContext, identityProviderManager));
    }

    protected void handleRedirectBack(RoutingContext routingContext) {
        String str;
        Cookie cookie = routingContext.request().getCookie(this.locationCookie);
        if (cookie != null) {
            verifyRedirectBackLocation(routingContext.request().absoluteURI(), cookie.getValue());
            cookie.setSecure(routingContext.request().isSSL());
            cookie.setSameSite(this.cookieSameSite);
            str = cookie.getValue();
            routingContext.response().addCookie(cookie.setMaxAge(0L));
        } else {
            if (this.landingPage == null) {
                throw new IllegalStateException("Landing page is no set, please make sure 'quarkus.http.auth.form.landing-page' is configured properly.");
            }
            str = routingContext.request().scheme() + "://" + routingContext.request().host() + this.landingPage;
        }
        routingContext.response().setStatusCode(302);
        routingContext.response().headers().add(HttpHeaderNames.LOCATION, str);
        routingContext.response().end();
    }

    protected void verifyRedirectBackLocation(String str, String str2) {
        URI create = URI.create(str);
        URI create2 = URI.create(str2);
        if (create.getAuthority().equals(create2.getAuthority()) && create.getScheme().equals(create2.getScheme())) {
            return;
        }
        log.errorf("Location cookie value %s does not match the current request URI %s's scheme, host or port", str2, str);
        throw new AuthenticationCompletionException();
    }

    protected void storeInitialLocation(RoutingContext routingContext) {
        routingContext.response().addCookie(Cookie.cookie(this.locationCookie, routingContext.request().absoluteURI()).setPath(this.cookiePath).setSameSite(this.cookieSameSite).setSecure(routingContext.request().isSSL()));
    }

    protected void servePage(RoutingContext routingContext, String str) {
        sendRedirect(routingContext, str);
    }

    static void sendRedirect(RoutingContext routingContext, String str) {
        routingContext.response().headers().add(HttpHeaderNames.LOCATION, routingContext.request().scheme() + "://" + routingContext.request().host() + str);
        routingContext.response().setStatusCode(302);
        routingContext.response().end();
    }

    static Uni<ChallengeData> getRedirect(RoutingContext routingContext, String str) {
        return Uni.createFrom().item(new ChallengeData(302, "Location", routingContext.request().scheme() + "://" + routingContext.request().host() + str));
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Uni<SecurityIdentity> authenticate(final RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        if (routingContext.normalizedPath().endsWith(this.postLocation) && routingContext.request().method().equals(HttpMethod.POST)) {
            routingContext.put(HttpAuthenticationMechanism.class.getName(), this);
            return runFormAuth(routingContext, identityProviderManager);
        }
        final PersistentLoginManager.RestoreResult restore = this.loginManager.restore(routingContext);
        if (restore == null) {
            return Uni.createFrom().optional(Optional.empty());
        }
        routingContext.put(HttpAuthenticationMechanism.class.getName(), this);
        return identityProviderManager.authenticate(HttpSecurityUtils.setRoutingContextAttribute(new TrustedAuthenticationRequest(restore.getPrincipal()), routingContext)).onItem().invoke(new Consumer<SecurityIdentity>() { // from class: io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism.2
            @Override // java.util.function.Consumer
            public void accept(SecurityIdentity securityIdentity) {
                FormAuthenticationMechanism.this.loginManager.save(securityIdentity, routingContext, restore, routingContext.request().isSSL());
            }
        });
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        if (routingContext.normalizedPath().endsWith(this.postLocation) && routingContext.request().method().equals(HttpMethod.POST)) {
            if (this.redirectToErrorPage) {
                log.debugf("Serving form auth error page %s for %s", this.errorPage, routingContext);
                return getRedirect(routingContext, this.errorPage);
            }
        } else if (this.redirectToLoginPage) {
            log.debugf("Serving login form %s for %s", this.loginPage, routingContext);
            storeInitialLocation(routingContext);
            return getRedirect(routingContext, this.loginPage);
        }
        return Uni.createFrom().item(new ChallengeData(HttpResponseStatus.UNAUTHORIZED.code(), null, null));
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
        return new HashSet(Arrays.asList(UsernamePasswordAuthenticationRequest.class, TrustedAuthenticationRequest.class));
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext routingContext) {
        return Uni.createFrom().item(new HttpCredentialTransport(HttpCredentialTransport.Type.POST, this.postLocation, FORM));
    }
}
