package com.linecorp.centraldogma.server.internal.admin.authentication;

import com.linecorp.armeria.common.HttpRequest;
import com.linecorp.armeria.server.ServiceRequestContext;
import com.linecorp.armeria.server.auth.AuthTokenExtractors;
import com.linecorp.armeria.server.auth.Authorizer;
import com.linecorp.armeria.server.auth.OAuth2Token;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/linecorp/centraldogma/server/internal/admin/authentication/SessionTokenAuthorizer.class */
public class SessionTokenAuthorizer implements Authorizer<HttpRequest> {
    private static final Logger logger = LoggerFactory.getLogger(SessionTokenAuthorizer.class);
    private final CentralDogmaSecurityManager securityManager;
    private final Set<String> administrators;

    public SessionTokenAuthorizer(CentralDogmaSecurityManager centralDogmaSecurityManager, Set<String> set) {
        this.securityManager = (CentralDogmaSecurityManager) Objects.requireNonNull(centralDogmaSecurityManager, "securityManager");
        this.administrators = (Set) Objects.requireNonNull(set, "administrators");
    }

    public CompletionStage<Boolean> authorize(ServiceRequestContext serviceRequestContext, HttpRequest httpRequest) {
        OAuth2Token oAuth2Token = (OAuth2Token) AuthTokenExtractors.OAUTH2.apply(httpRequest.headers());
        if (oAuth2Token == null) {
            return CompletableFuture.completedFuture(false);
        }
        CompletableFuture completableFuture = new CompletableFuture();
        serviceRequestContext.blockingTaskExecutor().execute(() -> {
            String accessToken = oAuth2Token.accessToken();
            try {
                try {
                    if (!this.securityManager.sessionExists(accessToken)) {
                        logNonExistentSession(accessToken);
                        completableFuture.complete(false);
                        return;
                    }
                    Subject buildSubject = new Subject.Builder(this.securityManager).sessionCreationEnabled(false).sessionId(accessToken).buildSubject();
                    Object principal = buildSubject != null ? buildSubject.getPrincipal() : null;
                    if (principal == null) {
                        logNonExistentSession(accessToken);
                        completableFuture.complete(false);
                    } else {
                        String obj = principal.toString();
                        AuthenticationUtil.setCurrentUser(serviceRequestContext, new User(obj, this.administrators.contains(obj) ? User.LEVEL_ADMIN : User.LEVEL_USER));
                        completableFuture.complete(true);
                    }
                } catch (Throwable th) {
                    logger.warn("Failed to authorize a session: {}", accessToken, th);
                    completableFuture.complete(false);
                }
            } catch (Throwable th2) {
                completableFuture.complete(false);
                throw th2;
            }
        });
        return completableFuture;
    }

    private static void logNonExistentSession(String str) {
        logger.debug("Non-existent session: {}", str);
    }
}
