package org.adamalang.impl.global;

import io.jsonwebtoken.Jwts;
import org.adamalang.ErrorCodes;
import org.adamalang.auth.AuthRequest;
import org.adamalang.auth.AuthenticatedUser;
import org.adamalang.auth.Authenticator;
import org.adamalang.common.Callback;
import org.adamalang.common.ErrorCodeException;
import org.adamalang.contracts.data.ParsedToken;
import org.adamalang.frontend.Session;
import org.adamalang.impl.common.FastAuth;
import org.adamalang.impl.common.PublicKeyCodec;
import org.adamalang.mysql.DataBase;
import org.adamalang.mysql.model.Hosts;
import org.adamalang.runtime.natives.NtPrincipal;
import org.adamalang.transforms.PerSessionAuthenticator;
import org.adamalang.web.io.ConnectionContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/adamalang/impl/global/GlobalPerSessionAuthenticator.class */
public class GlobalPerSessionAuthenticator extends PerSessionAuthenticator {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GlobalPerSessionAuthenticator.class);
    private final DataBase database;
    private final Authenticator authenticator;
    private final String[] superKeys;
    private final String[] regionalPublicKeys;

    public GlobalPerSessionAuthenticator(DataBase dataBase, Authenticator authenticator, ConnectionContext connectionContext, String[] strArr, String[] strArr2) {
        super(connectionContext);
        this.database = dataBase;
        this.authenticator = authenticator;
        this.superKeys = strArr;
        this.regionalPublicKeys = strArr2;
    }

    @Override // org.adamalang.transforms.PerSessionAuthenticator
    public ConnectionContext getTransportContext() {
        return this.transportContext;
    }

    private void authHost(Session session, String str, ParsedToken parsedToken, Callback<AuthenticatedUser> callback) throws Exception {
        Jwts.parser().verifyWith(PublicKeyCodec.decode(Hosts.getHostPublicKey(this.database, parsedToken.key_id))).requireIssuer("host").build().parseSignedClaims(str);
        AuthenticatedUser authenticatedUser = new AuthenticatedUser(parsedToken.proxy_user_id, new NtPrincipal(parsedToken.sub, parsedToken.proxy_authority), new ConnectionContext(parsedToken.proxy_origin, parsedToken.proxy_ip, parsedToken.proxy_useragent, null));
        session.identityCache.put(str, authenticatedUser);
        callback.success(authenticatedUser);
    }

    private void authInternal(Session session, String str, ParsedToken parsedToken, Callback<AuthenticatedUser> callback) throws Exception {
        Jwts.parser().verifyWith(PublicKeyCodec.decode(Hosts.getHostPublicKey(this.database, parsedToken.key_id))).requireIssuer("internal").build().parseSignedClaims(str);
        AuthenticatedUser authenticatedUser = new AuthenticatedUser(parsedToken.proxy_user_id, new NtPrincipal(parsedToken.sub, parsedToken.proxy_authority), new ConnectionContext("::adama", "0.0.0.0", "", null));
        session.identityCache.put(str, authenticatedUser);
        callback.success(authenticatedUser);
    }

    private boolean authSuper(Session session, String str, ParsedToken parsedToken, Callback<AuthenticatedUser> callback) throws Exception {
        for (String str2 : this.superKeys) {
            try {
                Jwts.parser().verifyWith(PublicKeyCodec.decode(str2)).requireIssuer("super").build().parseSignedClaims(str);
                AuthenticatedUser authenticatedUser = new AuthenticatedUser(0, new NtPrincipal("super", "super"), this.transportContext);
                session.identityCache.put(str, authenticatedUser);
                callback.success(authenticatedUser);
                return true;
            } catch (Exception e) {
            }
        }
        return false;
    }

    private boolean authRegion(Session session, String str, ParsedToken parsedToken, Callback<AuthenticatedUser> callback) throws Exception {
        for (String str2 : this.regionalPublicKeys) {
            try {
                Jwts.parser().verifyWith(PublicKeyCodec.decode(str2)).requireIssuer("region").build().parseSignedClaims(str);
                AuthenticatedUser authenticatedUser = new AuthenticatedUser(0, new NtPrincipal(parsedToken.sub, "region"), this.transportContext);
                session.identityCache.put(str, authenticatedUser);
                callback.success(authenticatedUser);
                return true;
            } catch (Exception e) {
            }
        }
        return false;
    }

    @Override // org.adamalang.transforms.PerSessionAuthenticator
    public void execute(Session session, String str, Callback<AuthenticatedUser> callback) {
        String identityOf = this.transportContext.identityOf(str);
        AuthenticatedUser authenticatedUser = session.identityCache.get(identityOf);
        if (authenticatedUser != null) {
            callback.success(authenticatedUser);
            return;
        }
        try {
        } catch (Exception e) {
            LOGGER.error("auth-issue-not-known:", (Throwable) e);
        }
        if (FastAuth.process(identityOf, callback, this.transportContext)) {
            return;
        }
        ParsedToken parsedToken = new ParsedToken(identityOf);
        if ("host".equals(parsedToken.iss)) {
            authHost(session, identityOf, parsedToken, callback);
            return;
        }
        if ("internal".equals(parsedToken.iss)) {
            authInternal(session, identityOf, parsedToken, callback);
            return;
        }
        if ("super".equals(parsedToken.iss)) {
            if (authSuper(session, identityOf, parsedToken, callback)) {
                return;
            }
        } else if (!"region".equals(parsedToken.iss)) {
            this.authenticator.auth(new AuthRequest(identityOf, this.transportContext), callback);
            return;
        } else if (authRegion(session, identityOf, parsedToken, callback)) {
            return;
        }
        callback.failure(new ErrorCodeException(ErrorCodes.AUTH_FORBIDDEN));
    }
}
