package fun.adaptive.lib.auth.service;

import fun.adaptive.auth.api.SessionApi;
import fun.adaptive.auth.context.EnsureKt;
import fun.adaptive.auth.context.ShorthandKt;
import fun.adaptive.auth.model.AuthenticationFail;
import fun.adaptive.auth.model.AuthenticationResult;
import fun.adaptive.auth.model.CredentialType;
import fun.adaptive.auth.model.Principal;
import fun.adaptive.auth.model.Role;
import fun.adaptive.auth.model.SecurityPolicy;
import fun.adaptive.auth.model.Session;
import fun.adaptive.backend.BackendAdapter;
import fun.adaptive.backend.BackendFragment;
import fun.adaptive.backend.builtin.BackendFragmentImpl;
import fun.adaptive.backend.builtin.ServiceImpl;
import fun.adaptive.foundation.AdaptiveAdapter;
import fun.adaptive.foundation.AdaptiveFragment;
import fun.adaptive.foundation.query.AdapterKt;
import fun.adaptive.lib.auth.crypto.BCrypt;
import fun.adaptive.lib.auth.store.HistoryKt;
import fun.adaptive.lib.auth.store.ShorthandsKt;
import fun.adaptive.lib.auth.worker.SessionWorker;
import fun.adaptive.log.AdaptiveLogger;
import fun.adaptive.service.ServiceContext;
import fun.adaptive.service.transport.ServiceCallTransport;
import fun.adaptive.utility.Clock_jvmKt;
import fun.adaptive.utility.RandomKt;
import fun.adaptive.utility.UUID;
import fun.adaptive.wireformat.WireFormatDecoder;
import fun.adaptive.wireformat.WireFormatEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.locks.ReentrantLock;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.coroutines.Continuation;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.StringsKt;
import kotlinx.datetime.Clock;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jetbrains.exposed.sql.transactions.TransactionManager;

/* compiled from: SessionService.kt */
@Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��`\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0007\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010#\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018��2\u00020\u00012\b\u0012\u0004\u0012\u00020��0\u0002B\u0007¢\u0006\u0004\b\u0003\u0010\u0004J\u0016\u0010\u000b\u001a\n\u0012\u0004\u0012\u00020\r\u0018\u00010\fH\u0096@¢\u0006\u0002\u0010\u000eJ\u001a\u0010\u000f\u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00110\f0\u0010H\u0096@¢\u0006\u0002\u0010\u000eJ\u001e\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0015H\u0096@¢\u0006\u0002\u0010\u0017J\u0016\u0010\u0018\u001a\u00020\u00132\u0006\u0010\u0019\u001a\u00020\u0015H\u0096@¢\u0006\u0002\u0010\u001aJ\u0010\u0010\u001b\u001a\u0004\u0018\u00010\u0013H\u0096@¢\u0006\u0002\u0010\u000eJ\u000e\u0010\u001c\u001a\u00020\u001dH\u0096@¢\u0006\u0002\u0010\u000eJ4\u0010\"\u001a\u00020\u001d2\f\u0010#\u001a\b\u0012\u0004\u0012\u00020\r0\f2\u0006\u0010\u0016\u001a\u00020\u00152\u0006\u0010$\u001a\u00020%2\u0006\u0010&\u001a\u00020\u00152\u0006\u0010'\u001a\u00020(J\u0016\u0010)\u001a\u00020\u001d2\f\u0010#\u001a\b\u0012\u0004\u0012\u00020\r0\fH\u0002J\u0016\u0010*\u001a\u00020\u001d2\f\u0010#\u001a\b\u0012\u0004\u0012\u00020\r0\fH\u0002J\u0006\u0010+\u001a\u00020(R\u001b\u0010\u0005\u001a\u00020\u00068FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\t\u0010\n\u001a\u0004\b\u0007\u0010\bR\u000e\u0010\u001e\u001a\u00020\u001fX\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010 \u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020\r0\f0!X\u0082\u0004¢\u0006\u0002\n��¨\u0006,"}, d2 = {"Lfun/adaptive/lib/auth/service/SessionService;", "Lfun/adaptive/auth/api/SessionApi;", "Lfun/adaptive/backend/builtin/ServiceImpl;", "<init>", "()V", "worker", "Lfun/adaptive/lib/auth/worker/SessionWorker;", "getWorker", "()Lfun/adaptive/lib/auth/worker/SessionWorker;", "worker$delegate", "Lkotlin/Lazy;", "owner", "Lfun/adaptive/utility/UUID;", "Lfun/adaptive/auth/model/Principal;", "(Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "roles", "", "Lfun/adaptive/auth/model/Role;", "login", "Lfun/adaptive/auth/model/Session;", "name", "", CredentialType.PASSWORD, "(Ljava/lang/String;Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "activateSession", "securityCode", "(Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "getSession", "logout", "", "authenticateLock", "Ljava/util/concurrent/locks/ReentrantLock;", "authenticateInProgress", "", "authenticate", "principalId", "checkCredentials", "", "credentialType", "policy", "Lfun/adaptive/auth/model/SecurityPolicy;", "lockState", "releaseState", "getPolicy", "adaptive-lib-auth"})
@SourceDebugExtension({"SMAP\nSessionService.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SessionService.kt\nfun/adaptive/lib/auth/service/SessionService\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 dependency.kt\nfun/adaptive/backend/builtin/DependencyKt\n*L\n1#1,221:1\n1557#2:222\n1628#2,3:223\n2632#2,3:226\n55#3,6:229\n*S KotlinDebug\n*F\n+ 1 SessionService.kt\nfun/adaptive/lib/auth/service/SessionService\n*L\n39#1:222\n39#1:223,3\n84#1:226,3\n26#1:229,6\n*E\n"})
/* loaded from: input_file:fun/adaptive/lib/auth/service/SessionService.class */
public final class SessionService implements SessionApi, ServiceImpl<SessionService> {

    @NotNull
    private final Lazy worker$delegate;

    @NotNull
    private final ReentrantLock authenticateLock;

    @NotNull
    private final Set<UUID<Principal>> authenticateInProgress;

    @NotNull
    private ServiceContext serviceContext;

    @Nullable
    private BackendFragment fragment;

    @NotNull
    private AdaptiveLogger logger;

    public SessionService() {
        this(null);
    }

    @NotNull
    public final SessionWorker getWorker() {
        return (SessionWorker) this.worker$delegate.getValue();
    }

    @Override // fun.adaptive.auth.api.SessionApi
    @Nullable
    public Object owner(@NotNull Continuation<? super UUID<Principal>> continuation) {
        EnsureKt.ensuredByLogic("Session owner gets own principal.");
        return ShorthandKt.getPrincipalIdOrNull(getServiceContext());
    }

    @Override // fun.adaptive.auth.api.SessionApi
    @Nullable
    public Object roles(@NotNull Continuation<? super List<UUID<Role>>> continuation) {
        List<Role> roles;
        EnsureKt.ensuredByLogic("Session owner gets own roles.");
        Session sessionOrNull = ShorthandKt.getSessionOrNull(getServiceContext());
        if (sessionOrNull == null || (roles = sessionOrNull.getRoles()) == null) {
            return CollectionsKt.emptyList();
        }
        List<Role> list = roles;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list, 10));
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(((Role) it.next()).getId());
        }
        return arrayList;
    }

    @Override // fun.adaptive.auth.api.SessionApi
    @Nullable
    public Object login(@NotNull String str, @NotNull String str2, @NotNull Continuation<? super Session> continuation) {
        EnsureKt.publicAccess();
        SecurityPolicy policy = getPolicy();
        Principal byNameOrNull = ShorthandsKt.getPrincipals().getByNameOrNull(str);
        if (byNameOrNull == null) {
            throw new AuthenticationFail(AuthenticationResult.UnknownPrincipal);
        }
        authenticate(byNameOrNull.getId(), str2, true, CredentialType.PASSWORD, policy);
        long vmNowSecond = Clock_jvmKt.vmNowSecond();
        UUID cast = getServiceContext().getUuid().cast();
        UUID<Principal> id = byNameOrNull.getId();
        String substring = StringsKt.padStart(String.valueOf(Math.abs(RandomKt.fourRandomInt()[0])), 6, '0').substring(0, 6);
        Intrinsics.checkNotNullExpressionValue(substring, "substring(...)");
        Session session = new Session(cast, id, substring, Clock.System.INSTANCE.now(), vmNowSecond, vmNowSecond, ShorthandsKt.getRoleGrants().rolesOf(byNameOrNull.getId(), null));
        if (getPolicy().getTwoFactorAuthentication()) {
            getWorker().getPreparedSessions$adaptive_lib_auth().put(getServiceContext().getUuid(), session);
            getWorker().getSendSecurityCode().invoke(session);
        } else {
            getWorker().getActiveSessions$adaptive_lib_auth().put(getServiceContext().getUuid(), session);
            getServiceContext().setDisconnect(true);
        }
        return session;
    }

    @Override // fun.adaptive.auth.api.SessionApi
    @Nullable
    public Object activateSession(@NotNull String str, @NotNull Continuation<? super Session> continuation) {
        boolean z;
        EnsureKt.publicAccess();
        Session session = getWorker().getPreparedSessions$adaptive_lib_auth().get(getServiceContext().getUuid());
        if (session == null) {
            throw new AuthenticationFail(AuthenticationResult.UnknownSession);
        }
        if (!Intrinsics.areEqual(session.getSecurityCode(), str)) {
            Collection<Session> values = getWorker().getPreparedSessions$adaptive_lib_auth().values();
            Intrinsics.checkNotNullExpressionValue(values, "<get-values>(...)");
            Collection<Session> collection = values;
            if (!collection.isEmpty()) {
                Iterator<T> it = collection.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        z = true;
                        break;
                    }
                    Session session2 = (Session) it.next();
                    if (Intrinsics.areEqual(session2.getPrincipalOrNull(), session.getPrincipalOrNull()) && Intrinsics.areEqual(session2.getSecurityCode(), str)) {
                        z = false;
                        break;
                    }
                }
            } else {
                z = true;
            }
            if (z) {
                throw new AuthenticationFail(AuthenticationResult.InvalidSecurityCode);
            }
        }
        HistoryKt.history(this, ShorthandKt.getPrincipalId(getServiceContext()), AuthenticationResult.Success, "fun.adaptive.lib.auth.service.SessionService.activateSession");
        getWorker().getPreparedSessions$adaptive_lib_auth().remove(getServiceContext().getUuid());
        getWorker().getActiveSessions$adaptive_lib_auth().put(getServiceContext().getUuid(), session);
        getServiceContext().setDisconnect(true);
        return session;
    }

    @Override // fun.adaptive.auth.api.SessionApi
    @Nullable
    public Object getSession(@NotNull Continuation<? super Session> continuation) {
        EnsureKt.ensuredByLogic("Session owner gets own session.");
        return ShorthandKt.getSessionOrNull(getServiceContext());
    }

    @Override // fun.adaptive.auth.api.SessionApi
    @Nullable
    public Object logout(@NotNull Continuation<? super Unit> continuation) {
        EnsureKt.publicAccess();
        getServiceContext().setDisconnect(true);
        if (ShorthandKt.getSessionOrNull(getServiceContext()) == null) {
            return Unit.INSTANCE;
        }
        HistoryKt.history$default(this, ShorthandKt.getPrincipalId(getServiceContext()), (UUID) null, "fun.adaptive.lib.auth.service.SessionService.logout", 2, (Object) null);
        getWorker().getActiveSessions$adaptive_lib_auth().remove(getServiceContext().getUuid());
        TransactionManager.Companion.current().commit();
        return Unit.INSTANCE;
    }

    public final void authenticate(@NotNull UUID<Principal> uuid, @NotNull String str, boolean z, @NotNull String str2, @NotNull SecurityPolicy securityPolicy) {
        boolean z2;
        Intrinsics.checkNotNullParameter(uuid, "principalId");
        Intrinsics.checkNotNullParameter(str, CredentialType.PASSWORD);
        Intrinsics.checkNotNullParameter(str2, "credentialType");
        Intrinsics.checkNotNullParameter(securityPolicy, "policy");
        if (z) {
            String readValue = ShorthandsKt.getCredentials().readValue(uuid, str2);
            if (readValue == null) {
                throw new AuthenticationFail(AuthenticationResult.NoCredential);
            }
            z2 = BCrypt.Companion.checkpw(str, readValue);
        } else {
            z2 = true;
        }
        boolean z3 = z2;
        lockState(uuid);
        try {
            Principal principal = (Principal) ShorthandsKt.getPrincipals().get(uuid);
            AuthenticationResult authenticationResult = (principal.getActivated() || Intrinsics.areEqual(str2, CredentialType.ACTIVATION_KEY)) ? principal.getLocked() ? AuthenticationResult.Locked : principal.getExpired() ? AuthenticationResult.Expired : principal.getAnonymized() ? AuthenticationResult.Anonymized : !z3 ? AuthenticationResult.InvalidCredentials : null : AuthenticationResult.NotActivated;
            if (authenticationResult != null) {
                principal.setAuthFailCount(principal.getAuthFailCount() + 1);
                principal.setLastAuthFail(Clock.System.INSTANCE.now());
                principal.setLocked(principal.getLocked() || principal.getAuthFailCount() > securityPolicy.getMaxFailedAuths());
                ShorthandsKt.getPrincipals().remAssign(principal);
                HistoryKt.history(this, principal.getId(), authenticationResult, "fun.adaptive.lib.auth.service.SessionService.authenticate");
                TransactionManager.Companion.current().commit();
                throw new AuthenticationFail(authenticationResult);
            }
            principal.setLastAuthSuccess(Clock.System.INSTANCE.now());
            principal.setAuthSuccessCount(principal.getAuthSuccessCount() + 1);
            principal.setAuthFailCount(0);
            ShorthandsKt.getPrincipals().remAssign(principal);
            HistoryKt.history(this, principal.getId(), AuthenticationResult.Success, "fun.adaptive.lib.auth.service.SessionService.authenticate");
            TransactionManager.Companion.current().commit();
            releaseState(uuid);
        } catch (Throwable th) {
            releaseState(uuid);
            throw th;
        }
    }

    private final void lockState(UUID<Principal> uuid) {
        boolean z;
        boolean z2 = false;
        for (int i = 1; i < 6; i++) {
            ReentrantLock reentrantLock = this.authenticateLock;
            reentrantLock.lock();
            try {
                if (this.authenticateInProgress.contains(uuid)) {
                    Thread.sleep(100L);
                    z = false;
                } else {
                    this.authenticateInProgress.add(uuid);
                    z = true;
                }
                z2 = z;
                if (z2) {
                    break;
                }
            } finally {
                reentrantLock.unlock();
            }
        }
        if (!z2) {
            throw new RuntimeException("couldn't lock principal state in 5 tries");
        }
    }

    private final void releaseState(UUID<Principal> uuid) {
        ReentrantLock reentrantLock = this.authenticateLock;
        reentrantLock.lock();
        try {
            this.authenticateInProgress.remove(uuid);
            Unit unit = Unit.INSTANCE;
            reentrantLock.unlock();
        } catch (Throwable th) {
            reentrantLock.unlock();
            throw th;
        }
    }

    @NotNull
    public final SecurityPolicy getPolicy() {
        return new SecurityPolicy();
    }

    @NotNull
    /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
    public SessionService m125invoke(@NotNull ServiceContext serviceContext) {
        return (SessionService) ServiceImpl.DefaultImpls.invoke(this, serviceContext);
    }

    @NotNull
    /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
    public SessionService m126newInstance(@NotNull ServiceContext serviceContext) {
        Intrinsics.checkNotNullParameter(serviceContext, "serviceContext");
        SessionService sessionService = new SessionService(serviceContext);
        sessionService.setFragment(getFragment());
        return sessionService;
    }

    @NotNull
    public Void unknownFunction(@NotNull String str) {
        return ServiceImpl.DefaultImpls.unknownFunction(this, str);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x0045. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:9:0x007d. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:57:0x012e  */
    /* JADX WARN: Removed duplicated region for block: B:58:0x0172  */
    /* JADX WARN: Removed duplicated region for block: B:59:0x01db  */
    /* JADX WARN: Removed duplicated region for block: B:60:0x0229  */
    /* JADX WARN: Removed duplicated region for block: B:61:0x026d  */
    /* JADX WARN: Removed duplicated region for block: B:62:0x02b2  */
    /* JADX WARN: Removed duplicated region for block: B:63:0x02eb  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0070  */
    @org.jetbrains.annotations.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object dispatch(@org.jetbrains.annotations.NotNull java.lang.String r10, @org.jetbrains.annotations.NotNull fun.adaptive.wireformat.WireFormatDecoder<?> r11, @org.jetbrains.annotations.NotNull kotlin.coroutines.Continuation<? super byte[]> r12) {
        /*
            Method dump skipped, instructions count: 758
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: fun.adaptive.lib.auth.service.SessionService.dispatch(java.lang.String, fun.adaptive.wireformat.WireFormatDecoder, kotlin.coroutines.Continuation):java.lang.Object");
    }

    @Nullable
    public ServiceCallTransport getServiceCallTransport() {
        return ServiceImpl.DefaultImpls.getServiceCallTransport(this);
    }

    public void setServiceCallTransport(@Nullable ServiceCallTransport serviceCallTransport) {
        ServiceImpl.DefaultImpls.setServiceCallTransport(this, serviceCallTransport);
    }

    @NotNull
    public ServiceContext getServiceContext() {
        return this.serviceContext;
    }

    @NotNull
    /* renamed from: getInternal, reason: merged with bridge method [inline-methods] */
    public SessionService m127getInternal() {
        return (SessionService) ServiceImpl.DefaultImpls.getInternal(this);
    }

    @NotNull
    public WireFormatEncoder wireFormatEncoder() {
        return ServiceImpl.DefaultImpls.wireFormatEncoder(this);
    }

    @NotNull
    public WireFormatDecoder<?> wireFormatDecoder(@NotNull byte[] bArr) {
        return ServiceImpl.DefaultImpls.wireFormatDecoder(this, bArr);
    }

    @NotNull
    public String getServiceName() {
        return "fun.adaptive.auth.api.SessionApi";
    }

    public void setServiceName(@NotNull String str) {
        ServiceImpl.DefaultImpls.setServiceName(this, str);
    }

    @NotNull
    public ServiceCallTransport getServiceCallTransportOrDefault() {
        return ServiceImpl.DefaultImpls.getServiceCallTransportOrDefault(this);
    }

    public void create() {
        ServiceImpl.DefaultImpls.create(this);
    }

    public void mount() {
        ServiceImpl.DefaultImpls.mount(this);
    }

    public void unmount() {
        ServiceImpl.DefaultImpls.unmount(this);
    }

    @Nullable
    public BackendFragment getFragment() {
        return this.fragment;
    }

    public void setFragment(@Nullable BackendFragment backendFragment) {
        this.fragment = backendFragment;
    }

    @Nullable
    public BackendAdapter getAdapter() {
        return ServiceImpl.DefaultImpls.getAdapter(this);
    }

    @NotNull
    public AdaptiveLogger getLogger() {
        return this.logger;
    }

    public void setLogger(@NotNull AdaptiveLogger adaptiveLogger) {
        Intrinsics.checkNotNullParameter(adaptiveLogger, "<set-?>");
        this.logger = adaptiveLogger;
    }

    public SessionService(@Nullable ServiceContext serviceContext) {
        final BackendFragmentImpl backendFragmentImpl = (BackendFragmentImpl) this;
        this.worker$delegate = LazyKt.lazy(new Function0<SessionWorker>() { // from class: fun.adaptive.lib.auth.service.SessionService$special$$inlined$worker$1
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final SessionWorker m128invoke() {
                AdaptiveAdapter adapter = backendFragmentImpl.getAdapter();
                if (adapter == null) {
                    throw new IllegalStateException("this implementation is not part of an adaptive backend".toString());
                }
                BackendFragment single$default = AdapterKt.single$default(adapter, false, false, new Function1<AdaptiveFragment, Boolean>() { // from class: fun.adaptive.lib.auth.service.SessionService$special$$inlined$worker$1.1
                    public final Boolean invoke(AdaptiveFragment adaptiveFragment) {
                        Intrinsics.checkNotNullParameter(adaptiveFragment, "it");
                        return Boolean.valueOf((adaptiveFragment instanceof BackendFragment) && (((BackendFragment) adaptiveFragment).getImpl() instanceof SessionWorker));
                    }
                }, 3, (Object) null);
                Intrinsics.checkNotNull(single$default, "null cannot be cast to non-null type fun.adaptive.backend.BackendFragment");
                SessionWorker impl = single$default.getImpl();
                if (impl == null) {
                    throw new NullPointerException("null cannot be cast to non-null type `fun`.adaptive.lib.auth.worker.SessionWorker");
                }
                return impl;
            }
        });
        this.authenticateLock = new ReentrantLock();
        this.authenticateInProgress = new LinkedHashSet();
        this.serviceContext = serviceContext;
    }
}
