package io.vertx.up.secure.provider;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.file.FileSystem;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.shareddata.AsyncMap;
import io.vertx.ext.auth.JWTOptions;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.jwt.JWTAuthOptions;
import io.vertx.ext.jwt.JWT;
import io.vertx.up.exception.web._401JwtAudientException;
import io.vertx.up.exception.web._401JwtExpiredException;
import io.vertx.up.exception.web._401JwtIssuerException;
import io.vertx.up.exception.web._500JwtRuntimeException;
import io.vertx.up.exception.web._500SecurityNotImplementException;
import io.vertx.up.fn.Fn;
import io.vertx.up.log.Annal;
import io.vertx.up.secure.Security;
import io.vertx.up.unity.Ux;
import java.util.Collections;
import java.util.function.Function;
import java.util.function.Supplier;

/* loaded from: input_file:io/vertx/up/secure/provider/JwtAuthProvider.class */
public class JwtAuthProvider implements JwtAuth {
    private static final String AUTH_POOL = "JWT_AUTH_TOKEN_POOL";
    private final JWT jwt;
    private final String permissionsClaimKey;
    private final JWTOptions jwtOptions;
    private final transient JwtSecurer securer = JwtSecurer.create();
    private transient AsyncMap<String, Boolean> sessionTokens;
    private static final JsonArray EMPTY_ARRAY = new JsonArray();
    private static final Annal LOGGER = Annal.get(JwtAuthProvider.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtAuthProvider(Vertx vertx, JWTAuthOptions jWTAuthOptions) {
        this.permissionsClaimKey = jWTAuthOptions.getPermissionsClaimKey();
        this.securer.setPermissionsClaimKey(this.permissionsClaimKey);
        this.jwtOptions = jWTAuthOptions.getJWTOptions();
        FileSystem fileSystem = vertx.fileSystem();
        fileSystem.getClass();
        this.jwt = Ux.Jwt.create(jWTAuthOptions, (Function<String, Buffer>) fileSystem::readFileBlocking);
        vertx.sharedData().getAsyncMap(AUTH_POOL, asyncResult -> {
            if (asyncResult.succeeded()) {
                LOGGER.debug(Info.MAP_INITED, new Object[]{AUTH_POOL});
                this.sessionTokens = (AsyncMap) asyncResult.result();
            }
        });
    }

    @Override // io.vertx.up.secure.provider.JwtAuth
    public JwtAuth bind(Supplier<Security> supplier) {
        Security security = supplier.get();
        Fn.outWeb(null == security, _500SecurityNotImplementException.class, new Object[]{getClass()});
        this.securer.setSecurity(security);
        return this;
    }

    public void authenticate(JsonObject jsonObject, Handler<AsyncResult<User>> handler) {
        LOGGER.info("( Auth ) Auth Information: {0}", new Object[]{jsonObject.encode()});
        String string = jsonObject.getString("jwt");
        if (null != this.sessionTokens) {
            this.sessionTokens.get(string, asyncResult -> {
                if (null == asyncResult || null == asyncResult.result() || !((Boolean) asyncResult.result()).booleanValue()) {
                    LOGGER.debug(Info.MAP_MISSING, new Object[]{string});
                    prerequisite(string).compose(str -> {
                        return this.securer.authenticate(jsonObject);
                    }).onComplete(authorized(string, handler));
                } else {
                    LOGGER.info(Info.MAP_HIT, new Object[]{string, asyncResult.result()});
                    this.securer.authorize(jsonObject).onComplete(authorized(string, handler));
                }
            });
        } else {
            LOGGER.debug(Info.FLOW_NULL, new Object[]{string});
            prerequisite(string).compose(str -> {
                return this.securer.authenticate(jsonObject);
            }).onComplete(authorized(string, handler));
        }
    }

    private Handler<AsyncResult<User>> authorized(String str, Handler<AsyncResult<User>> handler) {
        return asyncResult -> {
            if (asyncResult.succeeded()) {
                this.sessionTokens.put(str, Boolean.TRUE, asyncResult -> {
                    LOGGER.debug(Info.MAP_PUT, new Object[]{str, Boolean.TRUE});
                    handler.handle(Future.succeededFuture(asyncResult.result()));
                });
                return;
            }
            Throwable cause = asyncResult.cause();
            Ux.debug(cause, () -> {
                return cause;
            });
            handler.handle(Future.failedFuture(cause));
        };
    }

    private Future<String> prerequisite(String str) {
        try {
            JsonObject decode = this.jwt.decode(str);
            if (this.jwt.isExpired(decode, this.jwtOptions)) {
                return Future.failedFuture(new _401JwtExpiredException(getClass(), decode));
            }
            if (this.jwtOptions.getAudience() != null) {
                if (Collections.disjoint(this.jwtOptions.getAudience(), (decode.getValue("aud") instanceof String ? new JsonArray().add(decode.getValue("aud", "")) : decode.getJsonArray("aud", EMPTY_ARRAY)).getList())) {
                    return Future.failedFuture(new _401JwtAudientException(getClass(), Json.encode(this.jwtOptions.getAudience())));
                }
            }
            return (this.jwtOptions.getIssuer() == null || this.jwtOptions.getIssuer().equals(decode.getString("iss"))) ? Future.succeededFuture(str) : Future.failedFuture(new _401JwtIssuerException(getClass(), decode.getString("iss")));
        } catch (RuntimeException e) {
            return Future.failedFuture(new _500JwtRuntimeException(getClass(), e));
        }
    }

    @Override // io.vertx.up.secure.provider.JwtAuth
    public String generateToken(JsonObject jsonObject, JWTOptions jWTOptions) {
        JsonObject copy = jsonObject.copy();
        if (jWTOptions.getPermissions() != null && !copy.containsKey(this.permissionsClaimKey)) {
            copy.put(this.permissionsClaimKey, new JsonArray(jWTOptions.getPermissions()));
        }
        return this.jwt.sign(copy, jWTOptions);
    }
}
