package okapi.auth;

import io.vertx.core.json.DecodeException;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.web.RoutingContext;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import okapi.common.HttpResponse;

/* loaded from: input_file:okapi/auth/Auth.class */
public class Auth {
    static final String OKAPITOKENHEADER = "X-Okapi-Token";
    static final String OKAPIMODPERMSHEADER = "X-Okapi-Module-Permissions";
    static final String OKAPIMODTOKENSHEADER = "X-Okapi-Module-Tokens";
    private final Logger logger = LoggerFactory.getLogger("okapi-auth");

    private String token(String str, String str2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update("salt".getBytes());
        messageDigest.update(str.getBytes());
        messageDigest.update(str2.getBytes());
        byte[] digest = messageDigest.digest();
        StringBuilder sb = new StringBuilder();
        for (byte b : digest) {
            sb.append(Integer.toString((b & 255) + 256, 16).substring(1));
        }
        return "" + str + ":" + str2 + ":" + sb.toString();
    }

    public void login(RoutingContext routingContext) {
        String bodyAsString = routingContext.getBodyAsString();
        if (bodyAsString.length() == 0) {
            this.logger.info("Auth accept OK in login");
            HttpResponse.responseText(routingContext, 202).end("Auth accept in /login");
            return;
        }
        try {
            LoginParameters loginParameters = (LoginParameters) Json.decodeValue(bodyAsString, LoginParameters.class);
            String username = loginParameters.getUsername();
            String str = username + "-password";
            if (!loginParameters.getPassword().equals(str)) {
                this.logger.info("Bad passwd for '" + username + "'. Got '" + loginParameters.getPassword() + "' expected '" + str + "'");
                HttpResponse.responseText(routingContext, 401).end("Wrong username or password");
                return;
            }
            try {
                String str2 = token(loginParameters.getTenant(), loginParameters.getUsername());
                this.logger.info("Ok login for " + username + ": " + str2);
                HttpResponse.responseJson(routingContext, 200).putHeader(OKAPITOKENHEADER, str2).end(bodyAsString);
            } catch (NoSuchAlgorithmException e) {
                HttpResponse.responseText(routingContext, 500).end("Error in invoking MD5sum: " + e);
            }
        } catch (DecodeException e2) {
            HttpResponse.responseText(routingContext, 400).end("Error in decoding parameters: " + e2);
        }
    }

    private String moduleTokens(RoutingContext routingContext) {
        String header = routingContext.request().getHeader(OKAPIMODPERMSHEADER);
        this.logger.debug("moduleTokens: trying to decode '" + header + "'");
        HashMap hashMap = new HashMap();
        if (header != null) {
            try {
                if (!header.isEmpty()) {
                    JsonObject jsonObject = new JsonObject(header);
                    for (String str : jsonObject.fieldNames()) {
                        hashMap.put(str, token(str, String.join(",", jsonObject.getJsonArray(str).getList())));
                    }
                }
            } catch (NoSuchAlgorithmException e) {
                this.logger.error("no such algorithm: " + e.getMessage());
            }
        }
        if (!hashMap.isEmpty()) {
            hashMap.put("_", routingContext.request().getHeader(OKAPITOKENHEADER));
        }
        String encode = Json.encode(hashMap);
        this.logger.debug("auth: module tokens for " + header + "  :  " + encode);
        return encode;
    }

    public void check(RoutingContext routingContext) {
        String header = routingContext.request().getHeader(OKAPITOKENHEADER);
        if (header == null || header.isEmpty()) {
            this.logger.info("Auth.check called without X-Okapi-Token");
            HttpResponse.responseText(routingContext, 401).end("Auth.check called without X-Okapi-Token");
            return;
        }
        String[] split = header.split(":", 3);
        try {
            String str = split.length == 3 ? token(split[0], split[1]) : "???";
            if (!header.equals(str)) {
                this.logger.info("Invalid token. Got '" + header + "' Expected '" + str + "'");
                HttpResponse.responseText(routingContext, 401).end("Invalid token");
            } else {
                routingContext.response().headers().add(OKAPITOKENHEADER, header).add(OKAPIMODTOKENSHEADER, moduleTokens(routingContext));
                HttpResponse.responseText(routingContext, 202);
                echo(routingContext);
            }
        } catch (NoSuchAlgorithmException e) {
            this.logger.error("no such algorithm: " + e.getMessage());
            HttpResponse.responseText(routingContext, 500).end(e.getMessage());
        }
    }

    private void echo(RoutingContext routingContext) {
        routingContext.response().setChunked(true);
        routingContext.request().handler(buffer -> {
            routingContext.response().write(buffer);
        });
        routingContext.request().endHandler(r3 -> {
            routingContext.response().end();
        });
    }

    public void accept(RoutingContext routingContext) {
        this.logger.info("Auth accept OK");
        HttpResponse.responseText(routingContext, 202);
        echo(routingContext);
    }
}
