package org.adamalang.auth;

import ch.qos.logback.classic.ClassicConstants;
import io.jsonwebtoken.Jwts;
import java.security.PublicKey;
import java.util.Iterator;
import org.adamalang.ErrorCodes;
import org.adamalang.common.Callback;
import org.adamalang.common.ErrorCodeException;
import org.adamalang.common.NamedRunnable;
import org.adamalang.common.SimpleExecutor;
import org.adamalang.contracts.data.ParsedToken;
import org.adamalang.impl.common.FastAuth;
import org.adamalang.impl.common.PublicKeyCodec;
import org.adamalang.mysql.DataBase;
import org.adamalang.mysql.model.Authorities;
import org.adamalang.mysql.model.Hosts;
import org.adamalang.mysql.model.Users;
import org.adamalang.runtime.natives.NtPrincipal;
import org.adamalang.runtime.security.Keystore;
import org.adamalang.web.io.ConnectionContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/adamalang/auth/GlobalAuthenticator.class */
public class GlobalAuthenticator implements Authenticator {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GlobalAuthenticator.class);
    private final DataBase database;
    private final SimpleExecutor executor;

    public GlobalAuthenticator(DataBase dataBase, SimpleExecutor simpleExecutor) {
        this.database = dataBase;
        this.executor = simpleExecutor;
    }

    private void authDocument(String str, ParsedToken parsedToken, ConnectionContext connectionContext, Callback<AuthenticatedUser> callback) {
        try {
            PublicKey decode = PublicKeyCodec.decode(Hosts.getHostPublicKey(this.database, parsedToken.key_id));
            Runnable runnable = () -> {
                Jwts.parser().verifyWith(decode).build().parseSignedClaims(str);
            };
            runnable.run();
            callback.success(new AuthenticatedUser(-1, new NtPrincipal(parsedToken.sub, parsedToken.iss), connectionContext));
        } catch (Exception e) {
            callback.failure(new ErrorCodeException(ErrorCodes.AUTH_FORBIDDEN));
        }
    }

    private boolean authUserByKey(String str, ParsedToken parsedToken, ConnectionContext connectionContext, Callback<AuthenticatedUser> callback) {
        try {
            PublicKey decode = PublicKeyCodec.decode(Hosts.getHostPublicKey(this.database, parsedToken.key_id));
            Runnable runnable = () -> {
                Jwts.parser().verifyWith(decode).build().parseSignedClaims(str);
            };
            runnable.run();
            callback.success(new AuthenticatedUser(Integer.parseInt(parsedToken.sub), new NtPrincipal(parsedToken.sub, parsedToken.iss), connectionContext));
            return true;
        } catch (Exception e) {
            callback.failure(new ErrorCodeException(ErrorCodes.AUTH_FORBIDDEN));
            return false;
        }
    }

    private boolean authAdama(String str, ParsedToken parsedToken, ConnectionContext connectionContext, Callback<AuthenticatedUser> callback) throws Exception {
        if (parsedToken.key_id > 0) {
            return authUserByKey(str, parsedToken, connectionContext, callback);
        }
        int parseInt = Integer.parseInt(parsedToken.sub);
        Iterator<String> it = Users.listKeys(this.database, parseInt).iterator();
        while (it.hasNext()) {
            try {
                Jwts.parser().verifyWith(PublicKeyCodec.decode(it.next())).requireIssuer("adama").build().parseSignedClaims(str);
                callback.success(new AuthenticatedUser(parseInt, new NtPrincipal(parseInt, "adama"), connectionContext));
                return true;
            } catch (Exception e) {
            }
        }
        return false;
    }

    private void authKeystore(String str, ParsedToken parsedToken, ConnectionContext connectionContext, Callback<AuthenticatedUser> callback) throws Exception {
        try {
            callback.success(new AuthenticatedUser(-1, Keystore.parse(Authorities.getKeystoreInternal(this.database, parsedToken.iss)).validate(parsedToken.iss, str), connectionContext));
        } catch (ErrorCodeException e) {
            callback.failure(e);
        }
    }

    @Override // org.adamalang.auth.Authenticator
    public void auth(final AuthRequest authRequest, final Callback<AuthenticatedUser> callback) {
        this.executor.execute(new NamedRunnable("global-auth", new String[0]) { // from class: org.adamalang.auth.GlobalAuthenticator.1
            @Override // org.adamalang.common.NamedRunnable
            public void execute() throws Exception {
                try {
                } catch (Exception e) {
                    GlobalAuthenticator.LOGGER.error("auth-issue-not-known:", (Throwable) e);
                }
                if (FastAuth.process(authRequest.identity, callback, authRequest.context)) {
                    return;
                }
                ParsedToken parsedToken = new ParsedToken(authRequest.identity);
                if (parsedToken.iss.startsWith("doc/")) {
                    GlobalAuthenticator.this.authDocument(authRequest.identity, parsedToken, authRequest.context, callback);
                    return;
                }
                if ("adama".equals(parsedToken.iss)) {
                    if (GlobalAuthenticator.this.authAdama(authRequest.identity, parsedToken, authRequest.context, callback)) {
                        return;
                    }
                } else if (!ClassicConstants.USER_MDC_KEY.equals(parsedToken.iss)) {
                    GlobalAuthenticator.this.authKeystore(authRequest.identity, parsedToken, authRequest.context, callback);
                    return;
                } else if (GlobalAuthenticator.this.authUserByKey(authRequest.identity, parsedToken, authRequest.context, callback)) {
                    return;
                }
                callback.failure(new ErrorCodeException(ErrorCodes.AUTH_FORBIDDEN));
            }
        });
    }
}
