package io.datarouter.webappinstance.service;

import io.datarouter.util.Require;
import io.datarouter.web.exception.InvalidCredentialsException;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.mav.imp.GlobalRedirectMav;
import io.datarouter.web.handler.mav.imp.MessageMav;
import io.datarouter.web.user.authenticate.DatarouterTokenGenerator;
import io.datarouter.web.user.session.service.Session;
import io.datarouter.webappinstance.config.DatarouterWebappInstancePaths;
import io.datarouter.webappinstance.storage.onetimelogintoken.DatarouterOneTimeLoginTokenDao;
import io.datarouter.webappinstance.storage.onetimelogintoken.OneTimeLoginToken;
import io.datarouter.webappinstance.storage.onetimelogintoken.OneTimeLoginTokenKey;
import io.datarouter.webappinstance.storage.webappinstance.DatarouterWebappInstanceDao;
import io.datarouter.webappinstance.storage.webappinstance.WebappInstance;
import io.datarouter.webappinstance.storage.webappinstance.WebappInstanceKey;
import io.datarouter.webappinstance.web.WebappInstanceRunningHandler;
import java.time.Instant;
import java.util.Date;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;

@Singleton
/* loaded from: input_file:io/datarouter/webappinstance/service/OneTimeLoginService.class */
public class OneTimeLoginService {

    @Inject
    private DatarouterOneTimeLoginTokenDao oneTimeLoginDao;

    @Inject
    private DatarouterWebappInstanceDao webappInstanceDao;

    @Inject
    private DatarouterWebappInstancePaths paths;

    public Mav createToken(Session session, String str, String str2, Boolean bool, HttpServletRequest httpServletRequest) {
        Require.noNulls(new Object[]{session, session.getUserId()});
        WebappInstance webappInstance = this.webappInstanceDao.get(new WebappInstanceKey(str, str2));
        if (webappInstance == null) {
            return new MessageMav("specified web app instance does not exist: " + str2);
        }
        String generateRandomToken = DatarouterTokenGenerator.generateRandomToken();
        this.oneTimeLoginDao.put(new OneTimeLoginToken(session.getUserId(), generateRandomToken, str2, webappInstance.getServerPublicIp(), Date.from(Instant.now().plusSeconds(5L))));
        GlobalRedirectMav globalRedirectMav = new GlobalRedirectMav(buildRedirectUrl(httpServletRequest, webappInstance, bool), true);
        globalRedirectMav.put(WebappInstanceRunningHandler.P_USER_ID, session.getUserId());
        globalRedirectMav.put(WebappInstanceRunningHandler.P_TOKEN, generateRandomToken);
        return globalRedirectMav;
    }

    private String buildRedirectUrl(HttpServletRequest httpServletRequest, WebappInstance webappInstance, Boolean bool) {
        return httpServletRequest.getScheme() + "://" + (bool.booleanValue() ? webappInstance.getServerPublicIp() : webappInstance.getKey().getServerName()) + ":" + httpServletRequest.getServerPort() + webappInstance.getServletContextPath() + this.paths.datarouter.webappInstances.running.toSlashedString();
    }

    public void validateToken(Long l, String str, String str2) {
        OneTimeLoginToken authenticatedToken = getAuthenticatedToken(l);
        if (!str.equals(authenticatedToken.getToken())) {
            throw new InvalidCredentialsException("invalid one time token for user " + l);
        }
        if (!(str2.equals(authenticatedToken.getTargetServerName()) || str2.equals(authenticatedToken.getTargetServerIp()))) {
            throw new InvalidCredentialsException("targetServerName mismatch: authenticated targetServerName=" + authenticatedToken.getTargetServerName() + ", actual serverName=" + str2 + " for user " + l);
        }
    }

    private OneTimeLoginToken getAuthenticatedToken(Long l) {
        OneTimeLoginTokenKey oneTimeLoginTokenKey = new OneTimeLoginTokenKey(l);
        OneTimeLoginToken oneTimeLoginToken = this.oneTimeLoginDao.get(oneTimeLoginTokenKey);
        if (oneTimeLoginToken == null) {
            throw new InvalidCredentialsException("No authenticated token exists for user " + l);
        }
        this.oneTimeLoginDao.delete(oneTimeLoginTokenKey);
        if (new Date().after(oneTimeLoginToken.getDeadline())) {
            throw new InvalidCredentialsException("expired one time token for user " + l);
        }
        return oneTimeLoginToken;
    }
}
