package io.quarkus.vertx.http.runtime.security;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.quarkus.security.credential.PasswordCredential;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.vertx.http.runtime.FormAuthConfig;
import io.quarkus.vertx.http.runtime.HttpBuildTimeConfig;
import io.quarkus.vertx.http.runtime.HttpConfiguration;
import io.quarkus.vertx.http.runtime.security.PersistentLoginManager;
import io.vertx.core.Handler;
import io.vertx.core.MultiMap;
import io.vertx.core.http.HttpMethod;
import io.vertx.ext.web.Cookie;
import io.vertx.ext.web.RoutingContext;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.BiFunction;
import java.util.function.Function;
import javax.inject.Singleton;
import org.jboss.logging.Logger;

@Singleton
/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/FormAuthenticationMechanism.class */
public class FormAuthenticationMechanism implements HttpAuthenticationMechanism {
    private static final Logger log = Logger.getLogger(FormAuthenticationMechanism.class);
    public static final String DEFAULT_POST_LOCATION = "/j_security_check";
    private volatile String loginPage;
    private volatile String errorPage;
    private volatile String postLocation = DEFAULT_POST_LOCATION;
    private volatile String locationCookie = "quarkus-redirect-location";
    private volatile String landingPage = "/index.html";
    private volatile boolean redirectAfterLogin;
    private volatile PersistentLoginManager loginManager;
    private static String encryptionKey;

    public void init(HttpConfiguration httpConfiguration, HttpBuildTimeConfig httpBuildTimeConfig) {
        String str;
        if (httpConfiguration.encryptionKey.isPresent()) {
            str = httpConfiguration.encryptionKey.get();
        } else if (encryptionKey != null) {
            str = encryptionKey;
        } else {
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.getEncoder().encodeToString(bArr);
            encryptionKey = encodeToString;
            str = encodeToString;
            log.warn("Encryption key was not specified for persistent FORM auth, using temporary key " + str);
        }
        FormAuthConfig formAuthConfig = httpBuildTimeConfig.auth.form;
        this.loginManager = new PersistentLoginManager(str, formAuthConfig.cookieName, formAuthConfig.timeout.toMillis(), formAuthConfig.newCookieInterval.toMillis());
        this.loginPage = formAuthConfig.loginPage.startsWith("/") ? formAuthConfig.loginPage : "/" + formAuthConfig.loginPage;
        this.errorPage = formAuthConfig.errorPage.startsWith("/") ? formAuthConfig.errorPage : "/" + formAuthConfig.errorPage;
        this.landingPage = formAuthConfig.landingPage.startsWith("/") ? formAuthConfig.landingPage : "/" + formAuthConfig.landingPage;
        this.redirectAfterLogin = formAuthConfig.redirectAfterLogin;
    }

    public CompletionStage<SecurityIdentity> runFormAuth(final RoutingContext routingContext, final IdentityProviderManager identityProviderManager) {
        routingContext.request().setExpectMultipart(true);
        final CompletableFuture completableFuture = new CompletableFuture();
        routingContext.request().resume();
        routingContext.request().endHandler(new Handler<Void>() { // from class: io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism.1
            public void handle(Void r9) {
                try {
                    MultiMap formAttributes = routingContext.request().formAttributes();
                    String str = formAttributes.get("j_username");
                    String str2 = formAttributes.get("j_password");
                    if (str != null && str2 != null) {
                        identityProviderManager.authenticate(new UsernamePasswordAuthenticationRequest(str, new PasswordCredential(str2.toCharArray()))).handle(new BiFunction<SecurityIdentity, Throwable, Object>() { // from class: io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism.1.1
                            @Override // java.util.function.BiFunction
                            public Object apply(SecurityIdentity securityIdentity, Throwable th) {
                                if (th != null) {
                                    completableFuture.completeExceptionally(th);
                                    return null;
                                }
                                FormAuthenticationMechanism.this.loginManager.save(securityIdentity, routingContext, null);
                                if (FormAuthenticationMechanism.this.redirectAfterLogin || routingContext.getCookie(FormAuthenticationMechanism.this.locationCookie) != null) {
                                    FormAuthenticationMechanism.this.handleRedirectBack(routingContext);
                                } else {
                                    routingContext.response().setStatusCode(200);
                                    routingContext.response().end();
                                }
                                completableFuture.complete(null);
                                return null;
                            }
                        });
                    } else {
                        FormAuthenticationMechanism.log.debugf("Could not authenticate as username or password was not present in the posted result for %s", routingContext);
                        completableFuture.complete(null);
                    }
                } catch (Throwable th) {
                    completableFuture.completeExceptionally(th);
                }
            }
        });
        return completableFuture;
    }

    protected void handleRedirectBack(RoutingContext routingContext) {
        String str;
        Cookie cookie = routingContext.getCookie(this.locationCookie);
        if (cookie != null) {
            str = cookie.getValue();
            routingContext.response().addCookie(cookie.setMaxAge(0L));
        } else {
            str = routingContext.request().scheme() + "://" + routingContext.request().host() + this.landingPage;
        }
        routingContext.response().setStatusCode(302);
        routingContext.response().headers().add(HttpHeaderNames.LOCATION, str);
        routingContext.response().end();
    }

    protected void storeInitialLocation(RoutingContext routingContext) {
        routingContext.response().addCookie(io.vertx.core.http.Cookie.cookie(this.locationCookie, routingContext.request().absoluteURI()).setPath("/"));
    }

    protected void servePage(RoutingContext routingContext, String str) {
        sendRedirect(routingContext, str);
    }

    static void sendRedirect(RoutingContext routingContext, String str) {
        routingContext.response().headers().add(HttpHeaderNames.LOCATION, routingContext.request().scheme() + "://" + routingContext.request().host() + str);
        routingContext.response().setStatusCode(302);
        routingContext.response().end();
    }

    static CompletionStage<ChallengeData> getRedirect(RoutingContext routingContext, String str) {
        return CompletableFuture.completedFuture(new ChallengeData(302, "Location", routingContext.request().scheme() + "://" + routingContext.request().host() + str));
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public CompletionStage<SecurityIdentity> authenticate(final RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        final PersistentLoginManager.RestoreResult restore = this.loginManager.restore(routingContext);
        if (restore == null) {
            return (routingContext.normalisedPath().endsWith(this.postLocation) && routingContext.request().method().equals(HttpMethod.POST)) ? runFormAuth(routingContext, identityProviderManager) : CompletableFuture.completedFuture(null);
        }
        CompletionStage<SecurityIdentity> authenticate = identityProviderManager.authenticate(new TrustedAuthenticationRequest(restore.getPrincipal()));
        authenticate.thenApply(new Function<SecurityIdentity, Object>() { // from class: io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism.2
            @Override // java.util.function.Function
            public Object apply(SecurityIdentity securityIdentity) {
                FormAuthenticationMechanism.this.loginManager.save(securityIdentity, routingContext, restore);
                return null;
            }
        });
        return authenticate;
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public CompletionStage<ChallengeData> getChallenge(RoutingContext routingContext) {
        if (routingContext.normalisedPath().endsWith(this.postLocation) && routingContext.request().method().equals(HttpMethod.POST)) {
            log.debugf("Serving form auth error page %s for %s", this.loginPage, routingContext);
            return getRedirect(routingContext, this.errorPage);
        }
        log.debugf("Serving login form %s for %s", this.loginPage, routingContext);
        storeInitialLocation(routingContext);
        return getRedirect(routingContext, this.loginPage);
    }
}
