package com.mastfrog.acteur.auth;

import com.google.common.base.Optional;
import com.google.inject.Inject;
import com.mastfrog.acteur.HttpEvent;
import com.mastfrog.acteur.Response;
import com.mastfrog.acteur.auth.AuthenticationStrategy;
import com.mastfrog.acteur.headers.Headers;
import com.mastfrog.acteur.util.BasicCredentials;
import com.mastfrog.acteur.util.PasswordHasher;
import com.mastfrog.acteur.util.Realm;
import com.mastfrog.settings.Settings;
import io.netty.handler.codec.http.cookie.Cookie;
import io.netty.handler.codec.http.cookie.DefaultCookie;
import java.time.Duration;
import java.util.Collection;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: input_file:com/mastfrog/acteur/auth/BasicAuthenticationStrategy.class */
class BasicAuthenticationStrategy extends AuthenticationStrategy {
    private final Realm realm;
    private final UserFactory<?> users;
    private final PasswordHasher hasher;
    private final OAuthPlugins plugins;
    public static final String CODE = "ba";
    private final boolean sendAuthHeader;
    public static final String SETTINGS_KEY_SEND_WWW_AUTHENTICATE = "www.authenticate.header.enabled";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/mastfrog/acteur/auth/BasicAuthenticationStrategy$FailHookImpl.class */
    public class FailHookImpl implements AuthenticationStrategy.FailHook {
        FailHookImpl() {
        }

        @Override // com.mastfrog.acteur.auth.AuthenticationStrategy.FailHook
        public void onAuthenticationFailed(HttpEvent httpEvent, Response response) {
            if ("true".equals(httpEvent.header(AuthenticationActeur.SKIP_HEADER)) || !BasicAuthenticationStrategy.this.sendAuthHeader) {
                return;
            }
            response.add(Headers.WWW_AUTHENTICATE, BasicAuthenticationStrategy.this.realm);
        }
    }

    @Inject
    BasicAuthenticationStrategy(Realm realm, UserFactory<?> userFactory, PasswordHasher passwordHasher, OAuthPlugins oAuthPlugins, Settings settings) {
        this.realm = realm;
        this.users = userFactory;
        this.hasher = passwordHasher;
        this.plugins = oAuthPlugins;
        this.sendAuthHeader = settings.getBoolean(SETTINGS_KEY_SEND_WWW_AUTHENTICATE, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mastfrog.acteur.auth.AuthenticationStrategy
    public boolean isEnabled(HttpEvent httpEvent) {
        return true;
    }

    @Override // com.mastfrog.acteur.auth.AuthenticationStrategy
    public Result<?> authenticate(HttpEvent httpEvent, AtomicReference<? super AuthenticationStrategy.FailHook> atomicReference, Collection<? super Object> collection, Response response) {
        BasicCredentials basicCredentials = (BasicCredentials) httpEvent.header(Headers.AUTHORIZATION);
        if (basicCredentials != null) {
            return tryAuthenticate(httpEvent, this.users, basicCredentials, atomicReference, collection, response);
        }
        atomicReference.set(new FailHookImpl());
        return new Result<>(ResultType.NO_CREDENTIALS, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> Result<?> tryAuthenticate(HttpEvent httpEvent, UserFactory<T> userFactory, BasicCredentials basicCredentials, AtomicReference<? super AuthenticationStrategy.FailHook> atomicReference, Collection<? super Object> collection, Response response) {
        Optional findUserByName = userFactory.findUserByName(basicCredentials.username);
        if (!findUserByName.isPresent()) {
            atomicReference.set(new FailHookImpl());
            return new Result<>(ResultType.NO_RECORD, basicCredentials.username, false);
        }
        Object obj = findUserByName.get();
        String userDisplayName = userFactory.getUserDisplayName(obj);
        Object userObject = userFactory.toUserObject(obj);
        Optional<String> passwordHash = userFactory.getPasswordHash(obj);
        if (!passwordHash.isPresent()) {
            return new Result<>(userObject, basicCredentials.username, null, ResultType.BAD_RECORD, false, userDisplayName);
        }
        String str = (String) passwordHash.get();
        if (!this.hasher.checkPassword(basicCredentials.password, str)) {
            return new Result<>(userObject, basicCredentials.username, str, ResultType.BAD_PASSWORD, false, userDisplayName);
        }
        collection.add(basicCredentials);
        collection.add(userObject);
        if (userDisplayName != null && !this.plugins.hasDisplayNameCookie(httpEvent)) {
            this.plugins.createDisplayNameCookie(httpEvent, response, userDisplayName);
        }
        String encodeCookieValue = this.plugins.encodeCookieValue(userFactory.getUserName(obj), ((String) userFactory.getPasswordHash(obj).get()) + "-");
        Cookie[] cookieArr = (Cookie[]) httpEvent.header(Headers.COOKIE_B);
        boolean z = cookieArr == null || cookieArr.length == 0;
        if (z && cookieArr != null) {
            for (Cookie cookie : cookieArr) {
                if (CODE.equals(cookie.name())) {
                    z = false;
                }
            }
        }
        if (z) {
            DefaultCookie defaultCookie = new DefaultCookie(CODE, encodeCookieValue);
            defaultCookie.setDomain(httpEvent.header(Headers.HOST) + "");
            defaultCookie.setSecure(true);
            defaultCookie.setPath(this.plugins.cookieBasePath());
            defaultCookie.setMaxAge(Duration.ofDays(1L).getSeconds());
            response.add(Headers.SET_COOKIE_B, defaultCookie);
        }
        return new Result<>(userObject, basicCredentials.username, str, ResultType.SUCCESS, false, userDisplayName);
    }
}
