package com.mastfrog.acteur.auth;

import com.google.common.base.Optional;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.mastfrog.acteur.Acteur;
import com.mastfrog.acteur.ActeurFactory;
import com.mastfrog.acteur.CheckIfModifiedSinceHeader;
import com.mastfrog.acteur.HttpEvent;
import com.mastfrog.acteur.Page;
import com.mastfrog.acteur.Response;
import com.mastfrog.acteur.auth.TestLoginPage;
import com.mastfrog.acteur.headers.Headers;
import com.mastfrog.acteur.headers.Method;
import com.mastfrog.acteur.preconditions.Description;
import com.mastfrog.acteur.preconditions.Methods;
import com.mastfrog.acteur.server.PathFactory;
import com.mastfrog.acteur.util.CacheControl;
import com.mastfrog.acteur.util.CacheControlTypes;
import com.mastfrog.acteur.util.PasswordHasher;
import com.mastfrog.giulius.Dependencies;
import com.mastfrog.settings.Settings;
import com.mastfrog.url.Host;
import com.mastfrog.url.Path;
import com.mastfrog.util.preconditions.Checks;
import com.mastfrog.util.preconditions.ConfigurationError;
import com.mastfrog.util.preconditions.Exceptions;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.cookie.ClientCookieEncoder;
import io.netty.handler.codec.http.cookie.Cookie;
import io.netty.handler.codec.http.cookie.DefaultCookie;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Duration;
import java.time.ZonedDateTime;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;

@Singleton
/* loaded from: input_file:com/mastfrog/acteur/auth/OAuthPlugins.class */
public final class OAuthPlugins implements Iterable<OAuthPlugin<?>> {
    private final List<OAuthPlugin<?>> all = new CopyOnWriteArrayList();
    public static final String OAUTH_LANDING_PAGE_BASE_SETTINGS_KEY = "oauth.plugin.landing.page.base";
    public static final String OAUTH_BOUNCE_PAGE_BASE_SETTINGS_KEY = "oauth.plugin.bounce.page.base";
    private final Settings settings;
    private final PathFactory pf;
    public static final String SETTINGS_KEY_COOKIE_SALT = "oauth.cookie.salt";
    private static final String DEFAULT_COOKIE_SALT = "asd#(#(f889asud(%&#_djAOKcausd89cj2k24hSj0000ss03w:@#*(#@#(";
    private final String salt;
    private final PasswordHasher hasher;
    public static final String SETTINGS_KEY_LOGIN_REDIRECT = "oauth.login.redirect";
    public static final String SETTINGS_KEY_SLUG_MAX_AGE_HOURS = "oauth.slug.max.age.hours";
    private final URI loginRedirectURI;
    private final Duration slugMaxAge;
    public static final String SETTINGS_KEY_OAUTH_COOKIE_PATH = "oauth.cookie.path";
    public static final String SETTINGS_KEY_OAUTH_COOKIE_HOST = "oauth.cookie.host";
    private final int[] ports;
    private final String cookieBasePath;
    private final String cookieHost;
    public static final String DISPLAY_NAME_COOKIE_NAME = "dn";
    public static final String SETTINGS_KEY_DISPLAY_NAME_COOKIE_MAX_AGE_DAYS = "display.name.cookie.max.age.days";
    private final boolean useDisplayNameCookie;
    private final Duration displayNameCookieMaxAge;
    public static final String SETTINGS_KEY_USE_DISPLAY_NAME_COOKIE = "use.display.name.cookie";
    public static final String SETTINGS_KEY_OAUTH_TYPES_PAGE_PATH = "oauth.types.page.path";

    /* loaded from: input_file:com/mastfrog/acteur/auth/OAuthPlugins$BouncePage.class */
    static class BouncePage extends Page {
        @Inject
        BouncePage(ActeurFactory acteurFactory, OAuthPlugins oAuthPlugins) {
            add(acteurFactory.matchMethods(new Method[]{Method.GET}));
            add(acteurFactory.matchPath(new String[]{oAuthPlugins.getBouncePageBasePath() + "/.*"}));
            add(InitiateOAuthActeur.class);
        }

        protected String getDescription() {
            return "Redirects to an oauth provider whose code is the second path component";
        }
    }

    @Description("Page oauth services redirect the user back to after they have logged in.  Depending on the service, the URL may have to be setup with them for it to work.")
    /* loaded from: input_file:com/mastfrog/acteur/auth/OAuthPlugins$LandingPage.class */
    static class LandingPage extends Page {
        private final OAuthPlugins plgns;

        @Inject
        LandingPage(ActeurFactory acteurFactory, OAuthPlugins oAuthPlugins) {
            this.plgns = oAuthPlugins;
            add(acteurFactory.matchMethods(new Method[]{Method.GET}));
            add(acteurFactory.matchPath(new String[]{oAuthPlugins.getLandingPageBasePath() + "/.*"}));
            add(OAuthLandingPageActeur.class);
        }

        protected String getDescription() {
            StringBuilder sb = new StringBuilder();
            for (PluginInfo pluginInfo : this.plgns.getPlugins()) {
                if (sb.length() != 0) {
                    sb.append(", ");
                }
                sb.append(this.plgns.getLandingPageBasePath()).append("/").append(pluginInfo.code).append(" -> ").append(pluginInfo.name);
            }
            return "OAuth callback page - the exact service is determined by the last path element of the URL as follows: " + ((Object) sb);
        }
    }

    @Methods({Method.GET})
    /* loaded from: input_file:com/mastfrog/acteur/auth/OAuthPlugins$ListAuthsPage.class */
    static class ListAuthsPage extends Page {

        /* loaded from: input_file:com/mastfrog/acteur/auth/OAuthPlugins$ListAuthsPage$LastModifiedActeur.class */
        static class LastModifiedActeur extends Acteur {
            @Inject
            LastModifiedActeur(ZonedDateTime zonedDateTime) {
                add(Headers.LAST_MODIFIED, zonedDateTime);
                next(new Object[0]);
            }
        }

        /* loaded from: input_file:com/mastfrog/acteur/auth/OAuthPlugins$ListAuthsPage$ListAuthsActeur.class */
        static class ListAuthsActeur extends Acteur {
            @Inject
            ListAuthsActeur(OAuthPlugins oAuthPlugins) {
                add(Headers.CACHE_CONTROL, new CacheControl(new CacheControlTypes[]{CacheControlTypes.Public, CacheControlTypes.must_revalidate}).add(CacheControlTypes.max_age, Duration.ofHours(2L)));
                add(Headers.EXPIRES, ZonedDateTime.now().plus((TemporalAmount) Duration.ofHours(2L)));
                setState(new Acteur.RespondWith(this, HttpResponseStatus.OK, oAuthPlugins.getPlugins()));
            }
        }

        @Inject
        ListAuthsPage(Settings settings, ZonedDateTime zonedDateTime, ActeurFactory acteurFactory) {
            add(acteurFactory.matchPath(new String[]{"^" + settings.getString(OAuthPlugins.SETTINGS_KEY_OAUTH_TYPES_PAGE_PATH, "authtypes") + "$"}));
            add(LastModifiedActeur.class);
            add(CheckIfModifiedSinceHeader.class);
            add(ListAuthsActeur.class);
        }

        protected String getDescription() {
            return "List OAuth authentication methods supported";
        }
    }

    /* loaded from: input_file:com/mastfrog/acteur/auth/OAuthPlugins$PluginInfo.class */
    public static class PluginInfo {
        public final String code;
        public final String name;
        public final String loginPagePath;
        public final String logoUrl;
        public final String landingPagePath;

        public PluginInfo(String str, String str2, String str3, String str4, String str5) {
            this.code = str;
            this.name = str2;
            this.loginPagePath = str3;
            this.logoUrl = str4;
            this.landingPagePath = str5;
        }

        public boolean equals(Object obj) {
            return (obj instanceof PluginInfo) && ((PluginInfo) obj).code.equals(this.code);
        }

        public int hashCode() {
            return this.code.hashCode();
        }

        public String toString() {
            return this.name + ':' + this.code + ':' + this.loginPagePath + ':' + this.landingPagePath;
        }
    }

    @Inject
    OAuthPlugins(Settings settings, PathFactory pathFactory, Dependencies dependencies, PasswordHasher passwordHasher) throws URISyntaxException {
        this.settings = settings;
        this.pf = pathFactory;
        this.hasher = passwordHasher;
        long j = settings.getLong(SETTINGS_KEY_DISPLAY_NAME_COOKIE_MAX_AGE_DAYS, 60L);
        this.useDisplayNameCookie = settings.getBoolean(SETTINGS_KEY_USE_DISPLAY_NAME_COOKIE, true);
        this.displayNameCookieMaxAge = Duration.ofDays(j);
        this.salt = settings.getString(SETTINGS_KEY_COOKIE_SALT, DEFAULT_COOKIE_SALT);
        if (dependencies.isProductionMode() && this.salt == DEFAULT_COOKIE_SALT) {
            throw new ConfigurationError("Will not run in production mode with the default cookie salt which makes auth cookies predictable.  Set 'oauth.cookie.salt' in your settings.");
        }
        this.loginRedirectURI = new URI(settings.getString(SETTINGS_KEY_LOGIN_REDIRECT, "/"));
        this.slugMaxAge = Duration.ofHours(settings.getInt(SETTINGS_KEY_SLUG_MAX_AGE_HOURS, 3));
        Integer num = settings.getInt("port");
        if (num != null) {
            this.ports = new int[]{80, 443, num.intValue()};
        } else {
            this.ports = new int[]{80, 443};
        }
        this.cookieBasePath = settings.getString(SETTINGS_KEY_OAUTH_COOKIE_PATH, "/");
        this.cookieHost = settings.getString(SETTINGS_KEY_OAUTH_COOKIE_HOST);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String cookieHost() {
        return this.cookieHost;
    }

    List<Integer> cookiePortList() {
        ArrayList arrayList = new ArrayList(cookiePorts().length);
        for (int i : cookiePorts()) {
            arrayList.add(Integer.valueOf(i));
        }
        return arrayList;
    }

    int[] cookiePorts() {
        return this.ports;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String cookieBasePath() {
        return this.cookieBasePath;
    }

    public Class<? extends Acteur> testLoginActeurType() {
        return TestLoginPage.TestLoginActeur.class;
    }

    public Class<? extends Page> testLoginPageType() {
        return TestLoginPage.class;
    }

    public Class<? extends Acteur> landingActeurType() {
        return OAuthLandingPageActeur.class;
    }

    public Class<? extends Acteur> bounceActeurType() {
        return InitiateOAuthActeur.class;
    }

    public Class<? extends Page> bouncePageType() {
        return BouncePage.class;
    }

    public Class<? extends Page> landingPageType() {
        return LandingPage.class;
    }

    public Class<? extends Page> listOAuthProvidersPageType() {
        return ListAuthsPage.class;
    }

    public Duration slugMaxAge() {
        return this.slugMaxAge;
    }

    public URI loginRedirect() {
        return this.loginRedirectURI;
    }

    public String getBouncePageBasePath() {
        return this.settings.getString(OAUTH_BOUNCE_PAGE_BASE_SETTINGS_KEY, "oauth");
    }

    public String getLandingPageBasePath() {
        return this.settings.getString(OAUTH_LANDING_PAGE_BASE_SETTINGS_KEY, "login");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> cookieNames() {
        HashSet hashSet = new HashSet();
        Iterator<OAuthPlugin<?>> it = iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().code());
        }
        return hashSet;
    }

    private final Host getHost(HttpEvent httpEvent) {
        CharSequence charSequence = (CharSequence) httpEvent.getHeader(Headers.HOST);
        return this.cookieHost != null ? Host.parse(this.cookieHost) : charSequence == null ? Host.parse("fail.example") : Host.parse(charSequence.toString());
    }

    public void createDisplayNameCookie(HttpEvent httpEvent, Response response, String str) {
        if (this.useDisplayNameCookie) {
            try {
                DefaultCookie defaultCookie = new DefaultCookie(DISPLAY_NAME_COOKIE_NAME, str);
                System.out.println("DISPLAY NAME: " + str + " HOST " + getHost(httpEvent));
                System.out.println("ADD DN COOKIE " + ClientCookieEncoder.LAX.encode(defaultCookie));
                response.add(Headers.SET_COOKIE_B, defaultCookie);
            } catch (Exception e) {
                Exceptions.chuck(e);
            }
        }
    }

    public boolean hasDisplayNameCookie(HttpEvent httpEvent) {
        Cookie[] cookieArr = (Cookie[]) httpEvent.getHeader(Headers.COOKIE_B);
        if (cookieArr == null) {
            return false;
        }
        for (Cookie cookie : cookieArr) {
            if (DISPLAY_NAME_COOKIE_NAME.equals(cookie.name())) {
                return true;
            }
        }
        return false;
    }

    public void logout(HttpEvent httpEvent, Response response) {
        Host host;
        Checks.notNull("response", response);
        Checks.notNull("evt", httpEvent);
        Cookie[] cookieArr = (Cookie[]) httpEvent.getHeader(Headers.COOKIE_B);
        if (cookieArr == null || (host = getHost(httpEvent)) == null) {
            return;
        }
        Set<String> cookieNames = cookieNames();
        cookieNames.add(BasicAuthenticationStrategy.CODE);
        cookieNames.add(DISPLAY_NAME_COOKIE_NAME);
        for (Cookie cookie : cookieArr) {
            if (cookieNames.contains(cookie.name())) {
                DefaultCookie defaultCookie = new DefaultCookie(cookie.name(), "-");
                defaultCookie.setDomain(host.toString());
                defaultCookie.setPath(cookieBasePath());
                defaultCookie.setMaxAge(0L);
                response.add(Headers.SET_COOKIE_B, defaultCookie);
            }
        }
    }

    public List<PluginInfo> getPlugins() {
        ArrayList arrayList = new ArrayList(this.all.size());
        String string = this.settings.getString(OAUTH_BOUNCE_PAGE_BASE_SETTINGS_KEY, "oauth");
        String string2 = this.settings.getString(OAUTH_LANDING_PAGE_BASE_SETTINGS_KEY, "login");
        Path parse = Path.parse(string);
        for (OAuthPlugin<?> oAuthPlugin : this.all) {
            arrayList.add(new PluginInfo(oAuthPlugin.code(), oAuthPlugin.name(), this.pf.toExternalPath(parse.append(oAuthPlugin.code())).toStringWithLeadingSlash(), oAuthPlugin.getLogoUrl(), this.pf.toExternalPath(Path.parse(string2).append(oAuthPlugin.code())).toStringWithLeadingSlash()));
        }
        return arrayList;
    }

    public Optional<OAuthPlugin<?>> find(String str) {
        Checks.notNull("code", str);
        for (OAuthPlugin<?> oAuthPlugin : this.all) {
            if (str.equals(oAuthPlugin.code())) {
                return Optional.of(oAuthPlugin);
            }
        }
        return Optional.absent();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void register(OAuthPlugin<?> oAuthPlugin) {
        Checks.notNull("plugin", oAuthPlugin);
        if (find(oAuthPlugin.code()).isPresent()) {
            throw new ConfigurationError(oAuthPlugin + " registered twice - perhaps it is not bound as a singleton?");
        }
        this.all.add(oAuthPlugin);
    }

    public String encodeCookieValue(String str, String str2) {
        Checks.notNull("slug", str2);
        Checks.notNull("username", str);
        return this.hasher.hash(str + str2 + this.salt) + ":" + str;
    }

    public Optional<UserInfo> decodeCookieValue(String str) {
        Checks.notNull("cookievalue", str);
        int indexOf = str.indexOf(58);
        if (indexOf <= 0) {
            return Optional.absent();
        }
        return Optional.of(new UserInfo(str.substring(indexOf + 1), str.substring(0, indexOf)));
    }

    @Override // java.lang.Iterable
    public Iterator<OAuthPlugin<?>> iterator() {
        return Collections.unmodifiableCollection(this.all).iterator();
    }

    public OAuthPlugin getPlugin(String str) {
        Iterator<OAuthPlugin<?>> it = iterator();
        while (it.hasNext()) {
            OAuthPlugin<?> next = it.next();
            if (next.code().equals(str)) {
                return next;
            }
        }
        return null;
    }
}
