package org.hawkular.accounts.websocket;

import java.io.StringReader;
import java.util.HashMap;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
import javax.websocket.Session;
import org.hawkular.accounts.api.PersonaService;
import org.hawkular.accounts.api.UserService;
import org.hawkular.accounts.api.model.HawkularUser;
import org.hawkular.accounts.api.model.Persona;
import org.hawkular.accounts.common.TokenVerifier;
import org.hawkular.accounts.common.UsernamePasswordConverter;
import org.hawkular.accounts.websocket.internal.AuthenticationMode;
import org.hawkular.accounts.websocket.internal.CachedSession;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/hawkular-accounts-websocket-api-2.0.10.Final.jar:org/hawkular/accounts/websocket/Authenticator.class */
public class Authenticator {

    @Inject
    UsernamePasswordConverter usernamePasswordConverter;

    @Inject
    TokenVerifier tokenVerifier;

    @Inject
    PersonaService personaService;

    @Inject
    UserService userService;
    private Map<String, CachedSession> cachedSessions = new HashMap();

    public void authenticateWithMessage(String str, Session session) throws WebsocketAuthenticationException {
        JsonReader createReader = Json.createReader(new StringReader(str));
        Throwable th = null;
        try {
            JsonObject jsonObject = createReader.readObject().getJsonObject("authentication");
            String str2 = null;
            if (jsonObject != null && jsonObject.containsKey("persona")) {
                str2 = jsonObject.getString("persona");
            }
            authenticate(AuthenticationMode.MESSAGE, str2, session, jsonObject, null, null, null);
            if (createReader != null) {
                if (0 == 0) {
                    createReader.close();
                    return;
                }
                try {
                    createReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (createReader != null) {
                if (0 != 0) {
                    try {
                        createReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createReader.close();
                }
            }
            throw th3;
        }
    }

    public void authenticateWithToken(String str, String str2, Session session) throws WebsocketAuthenticationException {
        authenticate(AuthenticationMode.TOKEN, str2, session, null, str, null, null);
    }

    public void authenticateWithCredentials(String str, String str2, String str3, Session session) throws WebsocketAuthenticationException {
        authenticate(AuthenticationMode.CREDENTIALS, str3, session, null, null, str, str2);
    }

    private void authenticate(AuthenticationMode authenticationMode, String str, Session session, JsonObject jsonObject, String str2, String str3, String str4) throws WebsocketAuthenticationException {
        CachedSession doAuthenticationWithToken;
        if (isValid(this.cachedSessions.get(session.getId()), str, str2, jsonObject)) {
            return;
        }
        try {
            switch (authenticationMode) {
                case CREDENTIALS:
                    doAuthenticationWithToken = doAuthenticationWithCredentials(str, str3, str4);
                    break;
                case MESSAGE:
                    doAuthenticationWithToken = doAuthenticationWithMessage(str, jsonObject);
                    break;
                case TOKEN:
                    doAuthenticationWithToken = doAuthenticationWithToken(str, str2);
                    break;
                default:
                    throw new WebsocketAuthenticationException("Could not determine the authentication mode (token, message, credentials).");
            }
            if (null == doAuthenticationWithToken) {
                throw new WebsocketAuthenticationException("No authentication data provided.");
            }
            this.cachedSessions.putIfAbsent(session.getId(), doAuthenticationWithToken);
        } catch (WebsocketAuthenticationException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private CachedSession doAuthenticationWithMessage(String str, JsonObject jsonObject) throws Exception {
        if (null == jsonObject) {
            return null;
        }
        if (jsonObject.containsKey("token")) {
            return doAuthenticationWithToken(str, jsonObject.getString("token"));
        }
        JsonObject jsonObject2 = jsonObject.getJsonObject("login");
        if (null != jsonObject2) {
            return doAuthenticationWithCredentials(str, jsonObject2.getString("username"), jsonObject2.getString("password"));
        }
        return null;
    }

    private CachedSession doAuthenticationWithCredentials(String str, String str2, String str3) throws Exception {
        if (null == str2 || str2.isEmpty() || null == str3 || str3.isEmpty()) {
            return null;
        }
        return doAuthenticationWithToken(str, this.usernamePasswordConverter.getAccessToken(str2, str3));
    }

    private CachedSession doAuthenticationWithToken(String str, String str2) throws Exception {
        Persona persona;
        if (null == str2) {
            return null;
        }
        String verify = this.tokenVerifier.verify(str2);
        JsonObject readObject = Json.createReader(new StringReader(verify)).readObject();
        if (verify.contains("error_description")) {
            throw new WebsocketAuthenticationException("Authentication server returned an error. Error: " + readObject.getString("error") + ". Error description: " + readObject.getString("error_description"));
        }
        String string = readObject.getString("sub");
        if (null == string || string.isEmpty()) {
            throw new IllegalStateException("Subject wasn't returned by the authentication server.");
        }
        long j = readObject.getInt("exp") * 1000;
        HawkularUser orCreateById = this.userService.getOrCreateById(string);
        if (null == str || str.equals(string)) {
            persona = orCreateById;
        } else {
            Persona persona2 = this.personaService.get(str);
            if (null == persona2) {
                throw new WebsocketAuthenticationException("Persona not found.");
            }
            if (!this.personaService.isAllowedToImpersonate(orCreateById, persona2)) {
                throw new WebsocketAuthenticationException("User is not allowed to impersonate this persona.");
            }
            persona = persona2;
        }
        return new CachedSession(str2, verify, persona, j);
    }

    private boolean isValid(CachedSession cachedSession, String str, String str2, JsonObject jsonObject) {
        if (null == cachedSession) {
            return false;
        }
        if (str != null && !cachedSession.getPersona().getId().equals(str)) {
            return false;
        }
        if (null == str2 && null != jsonObject && jsonObject.containsKey("token")) {
            str2 = jsonObject.getString("token");
        }
        return cachedSession.getAuthToken().equals(str2) && System.currentTimeMillis() < cachedSession.getExpiresAt();
    }
}
