package com.nannoq.tools.auth.webhandlers;

import com.nannoq.tools.auth.models.AuthPackage;
import com.nannoq.tools.auth.models.TokenContainer;
import com.nannoq.tools.auth.services.AuthenticationService;
import com.nannoq.tools.auth.services.AuthenticationServiceImpl;
import com.nannoq.tools.auth.utils.AuthFutures;
import com.nannoq.tools.auth.utils.AuthPackageHandler;
import com.nannoq.tools.cluster.apis.APIManager;
import com.nannoq.tools.cluster.services.ServiceManager;
import com.nannoq.tools.repository.models.ModelUtils;
import com.nannoq.tools.repository.repository.redis.RedisUtils;
import com.nannoq.tools.web.requestHandlers.RequestLogHandler;
import facebook4j.Facebook;
import facebook4j.FacebookException;
import facebook4j.FacebookFactory;
import facebook4j.auth.AccessToken;
import facebook4j.conf.ConfigurationBuilder;
import io.vertx.codegen.annotations.Fluent;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.http.HttpClientRequest;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.web.RoutingContext;
import io.vertx.redis.RedisClient;
import java.security.NoSuchAlgorithmException;
import java.util.function.Consumer;
import java.util.function.Function;
import javax.annotation.Nonnull;
import org.jinstagram.auth.InstagramAuthService;
import org.jsoup.Jsoup;
import org.jsoup.safety.Whitelist;

/* loaded from: input_file:com/nannoq/tools/auth/webhandlers/JWTGenerator.class */
public class JWTGenerator implements Handler<RoutingContext> {
    private final Logger logger = LoggerFactory.getLogger(JWTGenerator.class.getSimpleName());
    protected final String CMS_ROOT;
    private final String GOOGLE_AUTH_URL;
    protected final Vertx vertx;
    protected final JsonObject appConfig;
    protected final String domainIdentifier;
    protected final RedisClient redisClient;
    private final AuthenticationService authenticator;
    private final AuthPackageHandler authPackageHandler;
    private final String callbackUrl;
    private final String EMAIL_HASH_KEY_BASE;
    private Function<AuthPackage, String> userIdFunction;

    public JWTGenerator(@Nonnull Vertx vertx, @Nonnull JsonObject jsonObject, @Nonnull AuthenticationService authenticationService, @Nonnull AuthPackageHandler authPackageHandler, @Nonnull String str) {
        this.vertx = vertx;
        this.appConfig = jsonObject;
        this.domainIdentifier = str;
        this.redisClient = RedisUtils.getRedisClient(vertx, jsonObject);
        this.authenticator = authenticationService;
        this.authPackageHandler = authPackageHandler;
        String string = jsonObject.getString("googleClientId");
        this.callbackUrl = jsonObject.getString("callBackRoot") + jsonObject.getString("callbackProviderUrl");
        this.CMS_ROOT = jsonObject.getString("callBackRoot");
        this.GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth?scope=openid%20email%20profile&state=:stateToken&redirect_uri=" + this.CMS_ROOT + "/auth/api/oauth2/auth/google&response_type=code&client_id=" + string + "&prompt=consent&include_granted_scopes=true&access_type=offline";
        this.EMAIL_HASH_KEY_BASE = jsonObject.getString("emailHashKeybase");
        this.userIdFunction = authPackage -> {
            try {
                return ModelUtils.hashString(authPackage.getUserProfile().getEmail() + this.EMAIL_HASH_KEY_BASE);
            } catch (NoSuchAlgorithmException e) {
                this.logger.error("No Algorithm Available!", e);
                return authPackage.getUserProfile().getEmail();
            }
        };
    }

    @Fluent
    public AuthenticationService withUserIdGenerator(Function<AuthPackage, String> function) {
        return setUserIdFunction(function);
    }

    @Fluent
    public AuthenticationService setUserIdFunction(Function<AuthPackage, String> function) {
        this.userIdFunction = function;
        return this.authenticator;
    }

    public void handle(RoutingContext routingContext) {
        HttpServerRequest request = routingContext.request();
        String param = request.getParam("code");
        String param2 = request.getParam("provider");
        if (param2 == null || param == null) {
            unAuthorized(routingContext);
            this.logger.error("Unknown request...");
            return;
        }
        String upperCase = param2.toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -1479469166:
                if (upperCase.equals(AuthenticationServiceImpl.INSTAGRAM)) {
                    z = false;
                    break;
                }
                break;
            case 1279756998:
                if (upperCase.equals(AuthenticationServiceImpl.FACEBOOK)) {
                    z = true;
                    break;
                }
                break;
            case 2108052025:
                if (upperCase.equals(AuthenticationServiceImpl.GOOGLE)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                handleAccessToken(param2, "Bearer " + param, routingContext);
                return;
            case true:
                handleFacebookAuth(routingContext, param, param2);
                return;
            case true:
                handleGoogleAuth(routingContext, param, param2);
                return;
            default:
                unAuthorized(routingContext);
                this.logger.error("Unknown auth provider for Auth Flow...");
                return;
        }
    }

    private void handleGoogleAuth(RoutingContext routingContext, String str, String str2) {
        this.logger.info("Authing for google...");
        Handler handler = asyncResult -> {
            if (!asyncResult.succeeded()) {
                this.logger.error("Failed Google Auth...", asyncResult.cause());
                unAuthorized(routingContext);
            } else if (asyncResult.result() != null) {
                this.logger.info("Completed Google Auth...");
                handleAccessToken(str2, "Bearer " + ((String) asyncResult.result()), routingContext);
            } else {
                this.logger.error("Failed Google Auth...", asyncResult.cause());
                unAuthorized(routingContext);
            }
        };
        HttpClientRequest putHeader = this.vertx.createHttpClient(new HttpClientOptions().setSsl(true)).post(443, "www.googleapis.com", "/oauth2/v4/token").putHeader("Content-Type", "application/x-www-form-urlencoded");
        APIManager.performRequestWithCircuitBreaker(handler, future -> {
            putHeader.handler(httpClientResponse -> {
                if (httpClientResponse.statusCode() >= 200 && httpClientResponse.statusCode() < 400) {
                    this.logger.info("Google Status is: " + httpClientResponse.statusCode());
                    httpClientResponse.bodyHandler(buffer -> {
                        future.complete(buffer.toJsonObject().getString("id_token"));
                    });
                } else {
                    this.logger.error(Integer.valueOf(httpClientResponse.statusCode()));
                    this.logger.error(httpClientResponse.statusMessage());
                    this.logger.error(httpClientResponse.bodyHandler(buffer2 -> {
                        this.logger.error("UNAUTHORIZED!");
                        this.logger.error(Json.encodePrettily(buffer2.toJsonObject()));
                        future.fail(new UnknownError(httpClientResponse.statusMessage()));
                    }));
                }
            }).end("code=" + str + "&client_id=" + this.appConfig.getString("googleClientId") + "&client_secret=" + this.appConfig.getString("googleClientSecret") + "&redirect_uri=" + this.callbackUrl.replace(":provider", "google") + "&grant_type=authorization_code");
        }, th -> {
            this.logger.error("Failed Google Auth...");
            unAuthorized(routingContext);
        });
    }

    private void handleFacebookAuth(RoutingContext routingContext, String str, String str2) {
        String string = this.vertx.getOrCreateContext().config().getString("faceBookAppId");
        String string2 = this.vertx.getOrCreateContext().config().getString("faceBookAppSecret");
        this.vertx.executeBlocking(future -> {
            ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
            configurationBuilder.setAppSecretProofEnabled(true);
            configurationBuilder.setOAuthAppId(string);
            configurationBuilder.setOAuthAppSecret(string2);
            Facebook facebookFactory = new FacebookFactory(configurationBuilder.build()).getInstance();
            facebookFactory.setOAuthCallbackURL(this.callbackUrl.replace(":provider", "facebook"));
            this.logger.info("Authing for facebook...");
            try {
                AccessToken oAuthAccessToken = facebookFactory.getOAuthAccessToken(str);
                this.logger.info("Token is: " + oAuthAccessToken.getToken());
                handleAccessToken(str2, "Bearer " + oAuthAccessToken.getToken(), routingContext);
            } catch (FacebookException e) {
                this.logger.error("Failed Facebook Operation", e);
                unAuthorized(routingContext);
            }
        }, false, (Handler) null);
    }

    public void directAuth(RoutingContext routingContext) {
        HttpServerRequest request = routingContext.request();
        StringBuffer stringBuffer = (StringBuffer) routingContext.get("requestLog");
        String header = request.getHeader("Authorization");
        String header2 = request.getHeader("X-Authorization-Provider");
        if (header != null && header2 != null && header.startsWith("Bearer")) {
            this.authenticator.createJwtFromProvider(Jsoup.clean(header, Whitelist.none()).substring("Bearer".length()).trim(), Jsoup.clean(header2, Whitelist.none()).toUpperCase(), asyncResult -> {
                if (asyncResult.failed()) {
                    this.logger.error("AUTH Failed: " + stringBuffer.toString(), asyncResult.cause());
                    routingContext.response().setStatusCode(401);
                    routingContext.next();
                    return;
                }
                AuthPackage authPackage = (AuthPackage) asyncResult.result();
                try {
                    this.authPackageHandler.processDirectAuth(authPackage, this.userIdFunction.apply(authPackage), asyncResult -> {
                        if (asyncResult.failed()) {
                            this.logger.error("Failed processing Direct Auth!", asyncResult.cause());
                            routingContext.response().setStatusCode(422);
                            routingContext.next();
                        } else {
                            routingContext.response().setStatusCode(200);
                            routingContext.put("bodyContent", ((JsonObject) asyncResult.result()).encode());
                            routingContext.next();
                        }
                    });
                } catch (Exception e) {
                    this.logger.error("AUTH Failed: " + stringBuffer.toString(), e);
                    routingContext.response().setStatusCode(500);
                    routingContext.next();
                }
            });
            return;
        }
        this.logger.error("Invalid parameters!");
        JsonObject jsonObject = new JsonObject();
        if (header == null) {
            jsonObject.put("header_error", "Authorization Header cannot be null!");
        }
        if (header2 == null) {
            jsonObject.put("header_error", "X-Authorization-Provider Header cannot be null!");
        }
        if (this.domainIdentifier == null) {
            jsonObject.put("path_error", "FeedId cannot be null!");
        }
        routingContext.put("bodyContent", jsonObject.encodePrettily());
        routingContext.response().setStatusCode(401);
        routingContext.next();
    }

    private void handleAccessToken(String str, String str2, RoutingContext routingContext) {
        getReceivedUserState(routingContext).compose(str3 -> {
            getLocation(str3).compose(str3 -> {
                handleToken(str2, str3, str3, str).compose(authPackage -> {
                    finalizeResponse(str3, str3, authPackage, routingContext);
                }, AuthFutures.authFailRedirect(routingContext));
            }, AuthFutures.authFailRedirect(routingContext));
        }, AuthFutures.authFailRedirect(routingContext));
    }

    private Future<AuthPackage> handleToken(String str, String str2, String str3, String str4) {
        Future<AuthPackage> future = Future.future();
        if (str == null || str4 == null || str3 == null) {
            future.fail(this.CMS_ROOT + "#code=401&error=Unauthorized");
        } else if (str.startsWith("Bearer ")) {
            this.authenticator.createJwtFromProvider(str.substring("Bearer".length()).trim(), str4.toUpperCase(), asyncResult -> {
                if (asyncResult.failed()) {
                    ServiceManager.handleResultFailed(asyncResult.cause());
                    future.fail(this.CMS_ROOT + "#code=401&error=Unauthorized");
                } else {
                    AuthPackage authPackage = (AuthPackage) asyncResult.result();
                    this.logger.info("Result is: " + Json.encodePrettily(authPackage));
                    purgeState(str4, str2);
                    future.complete(authPackage);
                }
            });
        } else {
            future.fail(this.CMS_ROOT + "#code=400&error=Invalid Auth headers");
        }
        return future;
    }

    private void purgeState(String str, String str2) {
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            redisClient.del(str2, asyncResult -> {
                this.logger.info("Deleted state for " + str2 + " is " + asyncResult.result());
            });
        });
        if (str.toUpperCase().equals(AuthenticationServiceImpl.INSTAGRAM)) {
            RedisUtils.performJedisWithRetry(this.redisClient, redisClient2 -> {
                redisClient2.del(str2 + "_forUser", asyncResult -> {
                    this.logger.info("Deleted state_forUser for " + str2 + " is " + asyncResult.result());
                });
            });
        }
    }

    protected Future<String> getLocation(String str) {
        Future<String> future = Future.future();
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            redisClient.get(str, asyncResult -> {
                if (asyncResult.failed()) {
                    future.fail(new InternalError(this.CMS_ROOT + "#code=422&error=Unable to verify user state..."));
                } else {
                    future.complete(asyncResult.result());
                }
            });
        });
        return future;
    }

    private Future<String> getReceivedUserState(RoutingContext routingContext) {
        Future<String> future = Future.future();
        String param = routingContext.request().getParam("state");
        if (param != null) {
            future.complete(param);
        } else {
            future.fail(new IllegalArgumentException(this.CMS_ROOT + "#code=400&error=State cannot be null from external"));
        }
        return future;
    }

    private void finalizeResponse(String str, String str2, AuthPackage authPackage, RoutingContext routingContext) {
        this.logger.info("Building url for redirect...");
        String str3 = str + "#state=" + str2 + "&jwt=" + authPackage.getTokenContainer().getAccessToken() + "&refresh_token=" + authPackage.getTokenContainer().getRefreshToken() + "&id=" + authPackage.getUserProfile().getUserId();
        this.logger.debug("Url is: " + str3);
        this.authPackageHandler.processOAuthFlow(authPackage, this.userIdFunction.apply(authPackage), str3, asyncResult -> {
            if (asyncResult.failed()) {
                routingContext.response().setStatusCode(302).putHeader(HttpHeaders.LOCATION, "#code=500&error=UNKNOWN").end();
            } else {
                routingContext.response().setStatusCode(302).putHeader(HttpHeaders.LOCATION, ((JsonObject) asyncResult.result()).getString("Location")).end();
            }
        });
    }

    public void returnAuthUrl(RoutingContext routingContext) {
        Consumer consumer = str -> {
            routingContext.response().setStatusCode(302).putHeader(HttpHeaders.LOCATION, str).end();
        };
        getProvider(routingContext).compose(str2 -> {
            getUserState(routingContext).compose(str2 -> {
                getLocation(routingContext, str2).compose(str2 -> {
                    setState(str2, str2).compose(r12 -> {
                        Future<String> constructAuthUrl = constructAuthUrl(routingContext, str2, str2, str2);
                        consumer.getClass();
                        constructAuthUrl.compose((v1) -> {
                            r1.accept(v1);
                        }, AuthFutures.authFailRedirect(routingContext));
                    }, AuthFutures.authFailRedirect(routingContext));
                }, AuthFutures.authFailRedirect(routingContext));
            }, AuthFutures.denyRequest(routingContext));
        }, AuthFutures.denyRequest(routingContext));
    }

    private Future<String> constructAuthUrl(RoutingContext routingContext, String str, String str2, String str3) {
        Future<String> future = Future.future();
        String upperCase = str3.toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -1479469166:
                if (upperCase.equals(AuthenticationServiceImpl.INSTAGRAM)) {
                    z = false;
                    break;
                }
                break;
            case 1279756998:
                if (upperCase.equals(AuthenticationServiceImpl.FACEBOOK)) {
                    z = true;
                    break;
                }
                break;
            case 2108052025:
                if (upperCase.equals(AuthenticationServiceImpl.GOOGLE)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String param = routingContext.request().getParam("forUser");
                if (param == null) {
                    future.fail(new SecurityException(str2 + "#code=400&error=InstaGram does not support emails from API, and can only be federated into an established user. Please add id as email of the user to federate into as a query param with name \"forUser\"."));
                    break;
                } else {
                    getInstagramUrl(str, param, str2, asyncResult -> {
                        if (asyncResult.failed()) {
                            future.fail(new InternalError(asyncResult.cause().getMessage()));
                        } else {
                            future.complete(asyncResult.result());
                        }
                    });
                    break;
                }
            case true:
                this.vertx.executeBlocking(future2 -> {
                    JsonObject config = this.vertx.getOrCreateContext().config();
                    String string = config.getString("faceBookAppId");
                    String string2 = config.getString("faceBookAppSecret");
                    Facebook facebookFactory = new FacebookFactory().getInstance();
                    facebookFactory.setOAuthAppId(string, string2);
                    facebookFactory.setOAuthPermissions("public_profile,email,user_friends");
                    future2.complete(facebookFactory.getOAuthAuthorizationURL(this.callbackUrl.replace(":provider", "facebook"), str));
                }, false, asyncResult2 -> {
                    String str4 = (String) asyncResult2.result();
                    if (str4 == null || str4.isEmpty()) {
                        future.fail(new InternalError(str2 + "#code=500&error=Unknown"));
                    } else {
                        future.complete(asyncResult2.result());
                    }
                });
                break;
            case true:
                future.complete(this.GOOGLE_AUTH_URL.replace(":stateToken", str));
                break;
            default:
                future.fail(str2 + "#code=400&error=Unknown");
                break;
        }
        return future;
    }

    private void getInstagramUrl(String str, String str2, String str3, Handler<AsyncResult<String>> handler) {
        String str4 = str + "_forUser";
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            redisClient.set(str4, str2, asyncResult -> {
                if (asyncResult.failed()) {
                    this.logger.error("Cannot set forUser, aborting instagram...", asyncResult.cause());
                    RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
                        redisClient.del(str, asyncResult -> {
                            this.logger.info("Deleted state for " + str + " is " + asyncResult.result());
                        });
                    });
                    handler.handle(Future.failedFuture(str3 + "#code=500&error=Internal Server Error, Retry."));
                } else {
                    handler.handle(Future.succeededFuture(new InstagramAuthService().apiKey(this.appConfig.getString("instaClientId")).apiSecret(this.appConfig.getString("instaClientSecret")).callback(this.callbackUrl.replace(":provider", "instagram")).scope("basic public_content follower_list likes comments relationships").build().getAuthorizationUrl() + "&state=" + str));
                }
            });
        });
    }

    protected Future<Void> setState(String str, String str2) {
        Future<Void> future = Future.future();
        RedisUtils.performJedisWithRetry(this.redisClient, redisClient -> {
            redisClient.set(str, str2, asyncResult -> {
                if (asyncResult.failed()) {
                    future.fail(new InternalError(str2 + "#code=500&error=Internal Server Error, Retry."));
                } else {
                    future.complete();
                }
            });
        });
        return future;
    }

    protected Future<String> getLocation(RoutingContext routingContext, String str) {
        Future<String> future = Future.future();
        String param = routingContext.request().getParam("location");
        if (param == null) {
            param = this.CMS_ROOT;
        }
        if (str == null || str.length() < 30) {
            future.fail(new IllegalArgumentException(param + "#code=400&error=Must have a state query param, containing a random or pseudo-random string of at least 30 characters."));
        } else {
            future.complete(param);
        }
        return future;
    }

    protected Future<String> getProvider(RoutingContext routingContext) {
        Future<String> future = Future.future();
        String param = routingContext.request().getParam("provider");
        if (param == null) {
            future.fail(new IllegalArgumentException());
        } else {
            future.complete(param);
        }
        return future;
    }

    protected Future<String> getUserState(RoutingContext routingContext) {
        Future<String> future = Future.future();
        String param = routingContext.request().getParam("state");
        if (param != null) {
            future.complete(param);
        } else {
            future.fail(new IllegalArgumentException("State cannot be null..."));
        }
        return future;
    }

    public void refreshFromHttp(RoutingContext routingContext) {
        Consumer consumer = tokenContainer -> {
            routingContext.response().setStatusCode(200);
            routingContext.put("bodyContent", tokenContainer);
            routingContext.next();
        };
        AuthFutures.getToken(routingContext).compose(str -> {
            Future<TokenContainer> refreshToken = refreshToken(str);
            consumer.getClass();
            refreshToken.compose((v1) -> {
                r1.accept(v1);
            }, AuthFutures.authFail(routingContext));
        }, AuthFutures.authFail(routingContext));
    }

    private Future<TokenContainer> refreshToken(String str) {
        Future<TokenContainer> future = Future.future();
        this.authenticator.refresh(str, asyncResult -> {
            if (asyncResult.failed()) {
                future.fail(new RuntimeException("Unable to refresh for: " + str));
            } else {
                future.complete(asyncResult.result());
            }
        });
        return future;
    }

    protected void unAuthorized(RoutingContext routingContext) {
        RequestLogHandler.addLogMessageToRequestLog(routingContext, "Unauthorized!");
        routingContext.response().setStatusCode(302).putHeader("Location", this.CMS_ROOT + "#code=401&error=Unauthorized").end();
    }
}
