package org.restlet.ext.apispark.internal.agent.module;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.UncheckedExecutionException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
import org.restlet.Application;
import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.ChallengeScheme;
import org.restlet.data.Status;
import org.restlet.ext.apispark.internal.ApiSparkConfig;
import org.restlet.ext.apispark.internal.agent.AgentException;
import org.restlet.ext.apispark.internal.agent.AgentUtils;
import org.restlet.ext.apispark.internal.agent.bean.AuthenticationSettings;
import org.restlet.ext.apispark.internal.agent.bean.Credentials;
import org.restlet.ext.apispark.internal.agent.bean.ModulesSettings;
import org.restlet.ext.apispark.internal.agent.bean.User;
import org.restlet.ext.apispark.internal.agent.resource.AuthenticationAuthenticateResource;
import org.restlet.resource.ResourceException;
import org.restlet.security.ChallengeAuthenticator;
import org.restlet.security.Role;
import org.restlet.security.Verifier;

/* loaded from: input_file:org/restlet/ext/apispark/internal/agent/module/AuthenticationModule.class */
public class AuthenticationModule extends ChallengeAuthenticator {
    public static final String AUTHENTICATE_PATH = "/authentication/authenticate";
    protected static Logger LOGGER = Logger.getLogger(AuthenticationModule.class.getName());
    private AuthenticationAuthenticateResource authenticateClientResource;
    private AuthenticationSettings authenticationSettings;
    private LoadingCache<UserIdentifier, UserInfo> userLoadingCache;

    /* loaded from: input_file:org/restlet/ext/apispark/internal/agent/module/AuthenticationModule$AgentVerifier.class */
    private class AgentVerifier implements Verifier {
        private AgentVerifier() {
        }

        public int verify(Request request, Response response) {
            int i;
            if (request.getChallengeResponse() == null) {
                i = 0;
            } else {
                String identifier = request.getChallengeResponse().getIdentifier();
                char[] secret = request.getChallengeResponse().getSecret();
                try {
                    UserInfo userInfo = (UserInfo) AuthenticationModule.this.userLoadingCache.getUnchecked(new UserIdentifier(identifier, secret));
                    if (userInfo == null) {
                        throw new AgentException("User could not be null");
                    }
                    if (Arrays.equals(secret, userInfo.getSecret())) {
                        User user = userInfo.getUser();
                        request.getClientInfo().setUser(new org.restlet.security.User(identifier, (char[]) null, user.getFirstName(), user.getLastName(), user.getEmail()));
                        ArrayList arrayList = new ArrayList();
                        Application current = Application.getCurrent();
                        if (user.getGroups() != null) {
                            Iterator<String> it = user.getGroups().iterator();
                            while (it.hasNext()) {
                                arrayList.add(new Role(current, it.next()));
                            }
                        }
                        request.getClientInfo().setRoles(arrayList);
                        i = 4;
                    } else {
                        i = -1;
                    }
                } catch (UncheckedExecutionException e) {
                    if (!(e.getCause() instanceof ResourceException)) {
                        throw new AgentException("Unexpected error during user authentication error of user: " + identifier, e);
                    }
                    ResourceException cause = e.getCause();
                    if (!Status.CLIENT_ERROR_UNAUTHORIZED.equals(cause.getStatus())) {
                        throw new ResourceException(Status.SERVER_ERROR_INTERNAL, "Agent service error during user authentication of user: " + identifier, cause);
                    }
                    response.setStatus(Status.CLIENT_ERROR_UNAUTHORIZED);
                    i = -1;
                }
            }
            return i;
        }
    }

    /* loaded from: input_file:org/restlet/ext/apispark/internal/agent/module/AuthenticationModule$UserIdentifier.class */
    public static class UserIdentifier {
        private String identifier;
        private char[] secret;

        public UserIdentifier(String str, char[] cArr) {
            this.identifier = str;
            this.secret = cArr;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj instanceof UserIdentifier) {
                return Objects.equals(this.identifier, ((UserIdentifier) obj).identifier);
            }
            return false;
        }

        public String getIdentifier() {
            return this.identifier;
        }

        public char[] getSecret() {
            return this.secret;
        }

        public int hashCode() {
            return Objects.hash(this.identifier);
        }

        public void setIdentifier(String str) {
            this.identifier = str;
        }

        public void setSecret(char[] cArr) {
            this.secret = cArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/restlet/ext/apispark/internal/agent/module/AuthenticationModule$UserInfo.class */
    public static class UserInfo {
        private char[] secret;
        private User user;

        private UserInfo(User user, char[] cArr) {
            this.user = user;
            this.secret = cArr;
        }

        public char[] getSecret() {
            return this.secret;
        }

        public User getUser() {
            return this.user;
        }
    }

    public AuthenticationModule(ApiSparkConfig apiSparkConfig, ModulesSettings modulesSettings) {
        this(apiSparkConfig, modulesSettings, null);
    }

    public AuthenticationModule(ApiSparkConfig apiSparkConfig, ModulesSettings modulesSettings, Context context) {
        super(context, ChallengeScheme.HTTP_BASIC, "realm");
        this.authenticationSettings = new AuthenticationSettings();
        this.authenticationSettings.setOptional(modulesSettings.isAuthorizationModuleEnabled());
        this.authenticateClientResource = (AuthenticationAuthenticateResource) AgentUtils.getClientResource(apiSparkConfig, modulesSettings, AuthenticationAuthenticateResource.class, AUTHENTICATE_PATH);
        setOptional(this.authenticationSettings.isOptional());
        setVerifier(new AgentVerifier());
        initializeCache();
    }

    private void initializeCache() {
        this.userLoadingCache = CacheBuilder.newBuilder().maximumSize(this.authenticationSettings.getCacheSize()).expireAfterWrite(this.authenticationSettings.getCacheTimeToLiveSeconds(), TimeUnit.SECONDS).build(new CacheLoader<UserIdentifier, UserInfo>() { // from class: org.restlet.ext.apispark.internal.agent.module.AuthenticationModule.1
            public UserInfo load(UserIdentifier userIdentifier) {
                User authenticate = AuthenticationModule.this.authenticateClientResource.authenticate(new Credentials(userIdentifier.getIdentifier(), userIdentifier.getSecret()));
                if (authenticate == null) {
                    throw new AgentException("Authentication should not return null");
                }
                return new UserInfo(authenticate, userIdentifier.getSecret());
            }
        });
    }
}
