package com.linecorp.centraldogma.server.internal.admin.authentication;

import com.github.benmanes.caffeine.cache.Cache;
import com.linecorp.armeria.common.AggregatedHttpMessage;
import com.linecorp.armeria.common.HttpRequest;
import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.HttpStatus;
import com.linecorp.armeria.common.MediaType;
import com.linecorp.armeria.common.util.Functions;
import com.linecorp.armeria.server.AbstractHttpService;
import com.linecorp.armeria.server.HttpResponseException;
import com.linecorp.armeria.server.ServiceRequestContext;
import com.linecorp.armeria.server.auth.AuthTokenExtractors;
import com.linecorp.armeria.server.auth.BasicToken;
import com.linecorp.centraldogma.internal.Jackson;
import com.linecorp.centraldogma.internal.api.v1.AccessToken;
import com.linecorp.centraldogma.server.internal.api.HttpApiUtil;
import com.linecorp.centraldogma.server.internal.command.Command;
import com.linecorp.centraldogma.server.internal.command.CommandExecutor;
import io.netty.handler.codec.http.QueryStringDecoder;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import javax.annotation.Nullable;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/linecorp/centraldogma/server/internal/admin/authentication/LoginService.class */
public class LoginService extends AbstractHttpService {
    private static final Logger logger = LoggerFactory.getLogger(LoginService.class);
    private final CentralDogmaSecurityManager securityManager;
    private final CommandExecutor executor;
    private final Function<String, String> loginNameNormalizer;
    private final Cache<String, AccessToken> cache;

    public LoginService(CentralDogmaSecurityManager centralDogmaSecurityManager, CommandExecutor commandExecutor, Function<String, String> function, Cache<String, AccessToken> cache) {
        this.securityManager = (CentralDogmaSecurityManager) Objects.requireNonNull(centralDogmaSecurityManager, "securityManager");
        this.executor = (CommandExecutor) Objects.requireNonNull(commandExecutor, "executor");
        this.loginNameNormalizer = (Function) Objects.requireNonNull(function, "loginNameNormalizer");
        this.cache = (Cache) Objects.requireNonNull(cache, "cache");
    }

    protected HttpResponse doPost(ServiceRequestContext serviceRequestContext, HttpRequest httpRequest) throws Exception {
        CompletableFuture completableFuture = new CompletableFuture();
        httpRequest.aggregate().thenAccept(aggregatedHttpMessage -> {
            try {
                UsernamePasswordToken usernamePassword = usernamePassword(aggregatedHttpMessage);
                serviceRequestContext.blockingTaskExecutor().execute(() -> {
                    ThreadContext.bind(this.securityManager);
                    Subject subject = null;
                    try {
                        try {
                            AccessToken currentUserTokenIfPresent = currentUserTokenIfPresent(usernamePassword);
                            if (currentUserTokenIfPresent != null) {
                                completableFuture.complete(HttpResponse.of(HttpStatus.OK, MediaType.JSON_UTF_8, Jackson.writeValueAsBytes(currentUserTokenIfPresent)));
                                if (0 == 0 && 0 != 0) {
                                    try {
                                        subject.logout();
                                    } finally {
                                    }
                                }
                                return;
                            }
                            Subject buildSubject = new Subject.Builder(this.securityManager).buildSubject();
                            buildSubject.login(usernamePassword);
                            Session session = buildSubject.getSession(false);
                            long timeout = session.getTimeout();
                            String obj = session.getId().toString();
                            this.executor.execute(Command.createSession(this.securityManager.getSerializableSession(obj))).join();
                            logger.info("{} Logged in: {} ({})", new Object[]{serviceRequestContext, usernamePassword.getUsername(), obj});
                            AccessToken accessToken = new AccessToken(obj, timeout);
                            this.cache.put(usernamePassword.getUsername(), accessToken);
                            completableFuture.complete(HttpResponse.of(HttpStatus.OK, MediaType.JSON_UTF_8, Jackson.writeValueAsBytes(accessToken)));
                            if (1 == 0 && buildSubject != null) {
                                try {
                                    buildSubject.logout();
                                } finally {
                                }
                            }
                        } catch (Throwable th) {
                            if (0 == 0 && 0 != 0) {
                                try {
                                    subject.logout();
                                } finally {
                                }
                            }
                            throw th;
                        }
                    } catch (IncorrectCredentialsException e) {
                        logger.debug("{} Incorrect login: {}", serviceRequestContext, usernamePassword.getUsername());
                        completableFuture.complete(HttpApiUtil.newResponse(HttpStatus.UNAUTHORIZED, "Incorrect login"));
                        if (0 == 0 && 0 != 0) {
                            try {
                                subject.logout();
                            } finally {
                            }
                        }
                    } catch (Throwable th2) {
                        logger.warn("{} Failed to authenticate: {}", new Object[]{serviceRequestContext, usernamePassword.getUsername(), th2});
                        completableFuture.complete(HttpApiUtil.newResponse(HttpStatus.INTERNAL_SERVER_ERROR, th2));
                        if (0 == 0 && 0 != 0) {
                            try {
                                subject.logout();
                            } finally {
                            }
                        }
                    }
                });
            } catch (HttpResponseException e) {
                completableFuture.complete(e.httpResponse());
            }
        }).exceptionally(Functions.voidFunction(th -> {
            logger.warn("{} Unexpected exception:", serviceRequestContext, th);
            completableFuture.complete(HttpApiUtil.newResponse(HttpStatus.INTERNAL_SERVER_ERROR, th));
        }));
        return HttpResponse.from(completableFuture);
    }

    private UsernamePasswordToken usernamePassword(AggregatedHttpMessage aggregatedHttpMessage) {
        BasicToken basicToken = (BasicToken) AuthTokenExtractors.BASIC.apply(aggregatedHttpMessage.headers());
        if (basicToken != null) {
            return new UsernamePasswordToken(basicToken.username(), basicToken.password());
        }
        if (aggregatedHttpMessage.headers().contentType() != MediaType.FORM_DATA) {
            return (UsernamePasswordToken) HttpApiUtil.throwResponse(HttpStatus.BAD_REQUEST, "The content type of a login request must be '%s'.", MediaType.FORM_DATA);
        }
        Map parameters = new QueryStringDecoder(aggregatedHttpMessage.content().toStringUtf8(), false).parameters();
        List list = (List) parameters.get("username");
        List list2 = (List) parameters.get("password");
        if (list == null || list2 == null) {
            return (UsernamePasswordToken) HttpApiUtil.throwResponse(HttpStatus.BAD_REQUEST, "A login request must contain username and password.");
        }
        return new UsernamePasswordToken(this.loginNameNormalizer.apply((String) list.get(0)), (String) list2.get(0));
    }

    @Nullable
    private AccessToken currentUserTokenIfPresent(UsernamePasswordToken usernamePasswordToken) {
        this.securityManager.authenticate(usernamePasswordToken);
        AccessToken accessToken = (AccessToken) this.cache.getIfPresent(usernamePasswordToken.getUsername());
        if (accessToken == null) {
            return null;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (accessToken.deadline() > currentTimeMillis + Math.min(this.securityManager.globalSessionTimeout(), 60000L)) {
            return new AccessToken(accessToken.accessToken(), accessToken.deadline() - currentTimeMillis);
        }
        return null;
    }
}
