package com.nannoq.tools.auth;

import com.nannoq.tools.auth.models.AuthPackage;
import com.nannoq.tools.auth.models.TokenContainer;
import com.nannoq.tools.auth.models.UserProfile;
import com.nannoq.tools.auth.models.VerifyResult;
import com.nannoq.tools.auth.services.AuthenticationService;
import com.nannoq.tools.auth.services.VerificationService;
import com.nannoq.tools.auth.utils.Authorization;
import com.nannoq.tools.cluster.CircuitBreakerUtils;
import com.nannoq.tools.cluster.apis.APIManager;
import com.nannoq.tools.cluster.services.ServiceManager;
import io.vertx.circuitbreaker.CircuitBreaker;
import io.vertx.circuitbreaker.CircuitBreakerOptions;
import io.vertx.codegen.annotations.Fluent;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.eventbus.MessageConsumer;
import io.vertx.core.http.HttpClient;
import io.vertx.core.http.HttpClientRequest;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.serviceproxy.ServiceException;
import java.util.Base64;
import java.util.function.Consumer;

/* loaded from: input_file:com/nannoq/tools/auth/AuthUtils.class */
public class AuthUtils {
    private static final String AUTH_AUTH_CIRCUTBREAKER_NAME = "com.auth.auth.circuitbreaker";
    private static final String AUTH_VERIFY_CIRCUTBREAKER_NAME = "com.auth.verify.circuitbreaker";
    public static final String USER_IDENTIFIER = "userId";
    private static final String USER_NOT_VERIFIED = "NOT_VERIFIED";
    private static final String AUTH_API_BASE = "AUTH";
    private String AUTH_TOKEN_ENDPOINT;
    private String AUTH_VERIFY_ENDPOINT;
    private CircuitBreaker authAuthCircuitBreaker;
    private CircuitBreaker authVerifyCircuitBreaker;
    private MessageConsumer<JsonObject> authCircuitBreakerEvents;
    private MessageConsumer<JsonObject> verifyCircuitBreakerEvents;
    private final Vertx vertx;
    private final APIManager apiManager;
    private static final Logger logger = LoggerFactory.getLogger(AuthUtils.class.getSimpleName());
    private static AuthUtils instance = null;

    private AuthUtils() {
        this(Vertx.currentContext().config());
    }

    private AuthUtils(JsonObject jsonObject) {
        this(Vertx.currentContext().owner(), jsonObject);
    }

    private AuthUtils(Vertx vertx, JsonObject jsonObject) {
        this.AUTH_TOKEN_ENDPOINT = "/auth/api/oauth2/auth/convert";
        this.AUTH_VERIFY_ENDPOINT = "/auth/api/oauth2/verify";
        this.vertx = vertx;
        logger.info("Initializing AuthUtils...");
        this.apiManager = new APIManager(vertx, jsonObject);
        this.AUTH_TOKEN_ENDPOINT = jsonObject.getString("authTokenEndpoint");
        this.AUTH_VERIFY_ENDPOINT = jsonObject.getString("authVerifyEndpoint");
        prepareCircuitBreakers();
        prepareListeners();
        Runtime.getRuntime().addShutdownHook(new Thread(() -> {
            this.authCircuitBreakerEvents.unregister();
            this.verifyCircuitBreakerEvents.unregister();
        }));
        logger.info("AuthUtils initialized...");
    }

    public static AuthUtils getInstance() {
        if (instance == null) {
            instance = new AuthUtils();
        }
        return instance;
    }

    private void prepareCircuitBreakers() {
        this.authAuthCircuitBreaker = CircuitBreaker.create(AUTH_AUTH_CIRCUTBREAKER_NAME, this.vertx, new CircuitBreakerOptions().setMaxFailures(3).setTimeout(3000L).setFallbackOnFailure(true).setResetTimeout(10000L).setNotificationAddress(AUTH_AUTH_CIRCUTBREAKER_NAME).setNotificationPeriod(21600000L)).openHandler(r3 -> {
            logger.info("com.auth.auth.circuitbreaker OPEN");
        }).halfOpenHandler(r32 -> {
            logger.info("com.auth.auth.circuitbreaker HALF-OPEN");
        }).closeHandler(r33 -> {
            logger.info("com.auth.auth.circuitbreaker CLOSED");
        });
        this.authAuthCircuitBreaker.close();
        this.authVerifyCircuitBreaker = CircuitBreaker.create(AUTH_VERIFY_CIRCUTBREAKER_NAME, this.vertx, new CircuitBreakerOptions().setMaxFailures(3).setTimeout(1000L).setFallbackOnFailure(true).setResetTimeout(10000L).setNotificationAddress(AUTH_VERIFY_CIRCUTBREAKER_NAME).setNotificationPeriod(21600000L)).openHandler(r34 -> {
            logger.info("com.auth.verify.circuitbreaker OPEN");
        }).halfOpenHandler(r35 -> {
            logger.info("com.auth.auth.circuitbreaker HALF-OPEN");
        }).closeHandler(r36 -> {
            logger.info("com.auth.verify.circuitbreaker CLOSED");
        });
        this.authVerifyCircuitBreaker.close();
    }

    private void prepareListeners() {
        this.authCircuitBreakerEvents = this.vertx.eventBus().consumer(AUTH_AUTH_CIRCUTBREAKER_NAME, message -> {
            CircuitBreakerUtils.handleCircuitBreakerEvent(this.authAuthCircuitBreaker, message);
        });
        this.verifyCircuitBreakerEvents = this.vertx.eventBus().consumer(AUTH_VERIFY_CIRCUTBREAKER_NAME, message2 -> {
            CircuitBreakerUtils.handleCircuitBreakerEvent(this.authVerifyCircuitBreaker, message2);
        });
    }

    @Fluent
    public AuthUtils convertExternalToken(String str, String str2, Handler<AsyncResult<AuthPackage>> handler) {
        logger.debug("Auth request ready for: " + str2);
        if (str == null) {
            logger.error("Token cannot be null!");
            handler.handle(Future.failedFuture("Token cannot be null!"));
        } else {
            Consumer consumer = th -> {
                httpAuthBackUp(str, str2, asyncResult -> {
                    logger.debug("Launching http backup...");
                    if (asyncResult.failed()) {
                        handler.handle(Future.failedFuture(asyncResult.cause()));
                    } else {
                        handler.handle(Future.succeededFuture(asyncResult.result()));
                    }
                });
            };
            getAuthenticationService().compose(authenticationService -> {
                logger.debug("Running Eventbus Auth...");
                CircuitBreakerUtils.performRequestWithCircuitBreaker(this.authAuthCircuitBreaker, handler, future -> {
                    attemptAuthConversionOnEventBus(future, authenticationService, str, str2);
                }, consumer);
            }, Future.future().setHandler(asyncResult -> {
                consumer.accept(asyncResult.cause());
            }));
        }
        return this;
    }

    private Future<AuthenticationService> getAuthenticationService() {
        Future<AuthenticationService> future = Future.future();
        ServiceManager.getInstance().consumeService(AuthenticationService.class, asyncResult -> {
            if (!asyncResult.failed()) {
                future.complete(asyncResult.result());
            } else {
                logger.error("Failed Auth Service fetch...");
                future.fail(asyncResult.cause());
            }
        });
        return future;
    }

    private void attemptAuthConversionOnEventBus(Future<AuthPackage> future, AuthenticationService authenticationService, String str, String str2) {
        authenticationService.createJwtFromProvider(str, str2, asyncResult -> {
            if (future.isComplete()) {
                logger.error("Ignoring result, authFuture already completed: " + asyncResult.cause());
                return;
            }
            if (!asyncResult.failed()) {
                logger.debug("Conversion ok, returning result...");
                future.complete(asyncResult.result());
                return;
            }
            logger.error("Conversion failed!");
            if (!(asyncResult.cause() instanceof ServiceException)) {
                future.fail(asyncResult.cause());
            } else {
                ServiceManager.handleResultFailed(asyncResult.cause());
                future.complete((Object) null);
            }
        });
    }

    private void httpAuthBackUp(String str, String str2, Handler<AsyncResult<AuthPackage>> handler) {
        logger.debug("Running HTTP Auth Backup...");
        ServiceManager.getInstance().consumeApi(AUTH_API_BASE, asyncResult -> {
            if (!asyncResult.failed()) {
                this.apiManager.performRequestWithCircuitBreaker(AUTH_API_BASE, handler, future -> {
                    HttpClientRequest exceptionHandler = ((HttpClient) asyncResult.result()).get(this.AUTH_TOKEN_ENDPOINT, httpClientResponse -> {
                        if (httpClientResponse.statusCode() != 401) {
                            httpClientResponse.bodyHandler(buffer -> {
                                logger.debug("Received: " + buffer.toString() + " from auth.");
                                JsonObject jsonObject = buffer.toJsonObject();
                                logger.debug("AUTH FROM HTTP IS: " + Json.encodePrettily(jsonObject));
                                future.complete(new AuthPackage((TokenContainer) Json.decodeValue(jsonObject.getJsonObject("tokenContainer").toString(), TokenContainer.class), (UserProfile) Json.decodeValue(jsonObject.getJsonObject("userProfile").toString(), UserProfile.class)));
                                logger.debug("Auth result returned...");
                            });
                        } else {
                            logger.error("UNAUTHORIZED IN HTTP AUTH");
                            future.fail("Unauthorized...");
                        }
                    }).exceptionHandler(th -> {
                        logger.error("HTTP Auth ERROR: " + th);
                        future.fail(th);
                    });
                    exceptionHandler.putHeader("Authorization", "Bearer " + str);
                    exceptionHandler.putHeader("X-Authorization-Provider", str2);
                    exceptionHandler.setTimeout(5000L);
                    exceptionHandler.end();
                }, th -> {
                    handler.handle(Future.failedFuture(USER_NOT_VERIFIED));
                });
            } else {
                logger.error("HTTP Backup unavailable...");
                handler.handle(ServiceException.fail(502, "Service not available..."));
            }
        });
    }

    @Fluent
    public AuthUtils authenticateAndAuthorize(String str, Authorization authorization, Handler<AsyncResult<VerifyResult>> handler) {
        logger.debug("Auth request ready: " + authorization.toJson().encodePrettily());
        if (str == null) {
            logger.error("JWT cannot be null!");
            handler.handle(Future.failedFuture("JWT cannot be null!"));
        } else {
            Consumer consumer = th -> {
                httpVerifyBackUp(str, authorization, asyncResult -> {
                    logger.debug("Received HTTP Verify Result: " + asyncResult.succeeded());
                    if (asyncResult.failed()) {
                        handler.handle(Future.failedFuture(asyncResult.cause()));
                    } else {
                        handler.handle(Future.succeededFuture(asyncResult.result()));
                    }
                });
            };
            getVerificationService().compose(verificationService -> {
                logger.debug("Running Eventbus Auth...");
                CircuitBreakerUtils.performRequestWithCircuitBreaker(this.authAuthCircuitBreaker, asyncResult -> {
                    if (asyncResult.failed()) {
                        handler.handle(ServiceException.fail(500, "Unknown error..."));
                    } else if (asyncResult.result() == null) {
                        handler.handle(ServiceException.fail(401, "Not authorized!"));
                    } else {
                        handler.handle(Future.succeededFuture(asyncResult.result()));
                    }
                }, future -> {
                    attemptAuthOnEventBus(future, verificationService, str, authorization);
                }, consumer);
            }, Future.future().setHandler(asyncResult -> {
                consumer.accept(asyncResult.cause());
            }));
        }
        return this;
    }

    private Future<VerificationService> getVerificationService() {
        Future<VerificationService> future = Future.future();
        ServiceManager.getInstance().consumeService(VerificationService.class, asyncResult -> {
            if (!asyncResult.failed()) {
                future.complete(asyncResult.result());
            } else {
                logger.error("Failed Verification Service fetch...");
                future.fail(asyncResult.cause());
            }
        });
        return future;
    }

    private void attemptAuthOnEventBus(Future<VerifyResult> future, VerificationService verificationService, String str, Authorization authorization) {
        logger.debug("Running Auth on Eventbus, attempt: " + this.authVerifyCircuitBreaker.failureCount());
        verificationService.verifyJWT(str, authorization, asyncResult -> {
            if (future.isComplete()) {
                logger.error("Ignoring result, authFuture already completed:" + asyncResult.cause());
                return;
            }
            if (!asyncResult.failed()) {
                VerifyResult verifyResult = (VerifyResult) asyncResult.result();
                if (verifyResult == null) {
                    logger.error("Access Denied!");
                    future.fail(asyncResult.cause());
                    return;
                } else {
                    logger.debug("Authenticated!");
                    logger.debug(Json.encodePrettily(verifyResult));
                    future.complete(verifyResult);
                    return;
                }
            }
            logger.error("Failed verification service...");
            if (!(asyncResult.cause() instanceof ServiceException)) {
                logger.error(asyncResult.cause());
                future.fail(asyncResult.cause());
                return;
            }
            ServiceManager.handleResultFailed(asyncResult.cause());
            if (asyncResult.cause().failureCode() == 401) {
                future.complete((Object) null);
            } else {
                future.fail(asyncResult.cause());
            }
        });
    }

    private void httpVerifyBackUp(String str, Authorization authorization, Handler<AsyncResult<VerifyResult>> handler) {
        logger.debug("Running HTTP Verify Backup...");
        ServiceManager.getInstance().consumeApi(AUTH_API_BASE, asyncResult -> {
            if (!asyncResult.failed()) {
                this.apiManager.performRequestWithCircuitBreaker(AUTH_API_BASE, handler, future -> {
                    HttpClientRequest exceptionHandler = ((HttpClient) asyncResult.result()).get(this.AUTH_VERIFY_ENDPOINT, httpClientResponse -> {
                        if (httpClientResponse.statusCode() == 200) {
                            httpClientResponse.bodyHandler(buffer -> {
                                logger.debug("Auth Success!");
                                JsonObject jsonObject = buffer.toJsonObject();
                                logger.debug("Auth body: " + Json.encodePrettily(jsonObject));
                                future.complete((VerifyResult) Json.decodeValue(jsonObject.encode(), VerifyResult.class));
                            });
                        } else {
                            future.fail("User not authenticated!");
                        }
                    }).exceptionHandler(th -> {
                        logger.error("HTTP Auth ERROR: " + th);
                        future.fail(th);
                    });
                    exceptionHandler.putHeader("Authorization", "Bearer " + str);
                    exceptionHandler.putHeader("X-Authorization-Type", new String(Base64.getEncoder().encode(authorization.toJson().encode().getBytes())));
                    exceptionHandler.setTimeout(5000L);
                    exceptionHandler.end();
                }, th -> {
                    handler.handle(Future.failedFuture(USER_NOT_VERIFIED));
                });
            } else {
                logger.error("HTTP Backup unavailable...");
                handler.handle(ServiceException.fail(502, "Service not available..."));
            }
        });
    }
}
