package io.continual.restHttp;

import io.continual.http.service.framework.context.CHttpRequestContext;
import io.continual.http.service.framework.context.CHttpResponse;
import io.continual.iam.IamAuthLog;
import io.continual.iam.IamServiceManager;
import io.continual.iam.access.AccessDb;
import io.continual.iam.access.Resource;
import io.continual.iam.credentials.ApiKeyCredential;
import io.continual.iam.credentials.JwtCredential;
import io.continual.iam.credentials.UsernamePasswordCredential;
import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.Identity;
import io.continual.iam.identity.UserContext;
import io.continual.iam.impl.common.ApiKeyAuthHelper;
import io.continual.iam.impl.common.BasicAuthHelper;
import io.continual.iam.impl.common.HeaderReader;
import io.continual.util.data.TypeConvertor;
import io.continual.util.data.json.CommentedJsonTokener;
import io.continual.util.data.json.JsonUtil;
import io.continual.util.nv.NvReadable;
import java.io.IOException;
import java.util.Iterator;
import java.util.LinkedList;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/continual/restHttp/ApiContextHelper.class */
public class ApiContextHelper<I extends Identity> {
    public static final String kSetting_ContinualProductTag = "apiKeyProductTag";
    public static final String kContinualProductTag = "continual";
    public static final String kContinualSystemsGroup = "continualSystems";
    public static final String kSetting_AuthLineHeader = "http.auth.header";
    public static final String kSetting_DateLineHeader = "http.date.header";
    public static final String kSetting_MagicLineHeader = "http.magic.header";
    public static final String kDefault_AuthLineHeader = "X-Continual-Auth";
    public static final String kDefault_DateLineHeader = "X-Continual-Date";
    public static final String kDefault_MagicLineHeader = "X-Continual-Magic";
    private final IamServiceManager<I, ?> fAccts;
    private static final Logger log = LoggerFactory.getLogger(ApiContextHelper.class);

    /* loaded from: input_file:io/continual/restHttp/ApiContextHelper$ApiHandler.class */
    public interface ApiHandler<I extends Identity> {
        void handle(CHttpRequestContext cHttpRequestContext, HttpServlet httpServlet, UserContext<I> userContext) throws IOException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/continual/restHttp/ApiContextHelper$AuthList.class */
    public static class AuthList<I extends Identity> implements Authenticator<I> {
        private final LinkedList<Authenticator<I>> fAuthenticators = new LinkedList<>();

        public AuthList() {
            this.fAuthenticators.add(new Authenticator<I>() { // from class: io.continual.restHttp.ApiContextHelper.AuthList.1
                @Override // io.continual.restHttp.ApiContextHelper.Authenticator
                public I authenticate(IamServiceManager<I, ?> iamServiceManager, CHttpRequestContext cHttpRequestContext) throws IamSvcException {
                    NvReadable systemSettings = cHttpRequestContext.systemSettings();
                    Identity identity = null;
                    ApiKeyCredential readApiKeyCredential = ApiKeyAuthHelper.readApiKeyCredential(systemSettings, new LocalHeaderReader(cHttpRequestContext), systemSettings.getString(ApiContextHelper.kSetting_ContinualProductTag, ApiContextHelper.kContinualProductTag));
                    if (readApiKeyCredential != null) {
                        identity = iamServiceManager.getIdentityDb().authenticate(readApiKeyCredential);
                        if (identity != null) {
                            IamAuthLog.authenticationEvent(identity.getId(), "API Key", cHttpRequestContext.request().getBestRemoteAddress());
                        }
                    }
                    return (I) identity;
                }
            });
            this.fAuthenticators.add(new Authenticator<I>() { // from class: io.continual.restHttp.ApiContextHelper.AuthList.2
                @Override // io.continual.restHttp.ApiContextHelper.Authenticator
                public I authenticate(IamServiceManager<I, ?> iamServiceManager, CHttpRequestContext cHttpRequestContext) throws IamSvcException {
                    String parameter;
                    Identity identity = null;
                    try {
                        JwtCredential jwtCredential = null;
                        String firstHeader = cHttpRequestContext.request().getFirstHeader("Authorization");
                        if (firstHeader != null && firstHeader.startsWith("Bearer ") && firstHeader.split(" ").length == 2) {
                            jwtCredential = JwtCredential.fromHeader(firstHeader);
                        }
                        if (jwtCredential == null && (parameter = cHttpRequestContext.request().getParameter("jwt", (String) null)) != null) {
                            jwtCredential = new JwtCredential(parameter);
                        }
                        if (jwtCredential != null) {
                            identity = iamServiceManager.getIdentityDb().authenticate(jwtCredential);
                            if (identity != null) {
                                IamAuthLog.authenticationEvent(identity.getId(), "JWT", cHttpRequestContext.request().getBestRemoteAddress());
                            }
                        }
                    } catch (JwtCredential.InvalidJwtToken e) {
                    }
                    return (I) identity;
                }
            });
            this.fAuthenticators.add(new Authenticator<I>() { // from class: io.continual.restHttp.ApiContextHelper.AuthList.3
                @Override // io.continual.restHttp.ApiContextHelper.Authenticator
                public I authenticate(IamServiceManager<I, ?> iamServiceManager, CHttpRequestContext cHttpRequestContext) throws IamSvcException {
                    Identity identity = null;
                    UsernamePasswordCredential readUsernamePasswordCredential = BasicAuthHelper.readUsernamePasswordCredential(cHttpRequestContext.systemSettings(), new LocalHeaderReader(cHttpRequestContext));
                    if (readUsernamePasswordCredential != null) {
                        identity = iamServiceManager.getIdentityDb().authenticate(readUsernamePasswordCredential);
                        if (identity != null) {
                            IamAuthLog.authenticationEvent(identity.getId(), "Username/Password", cHttpRequestContext.request().getBestRemoteAddress());
                        }
                    }
                    return (I) identity;
                }
            });
        }

        @Override // io.continual.restHttp.ApiContextHelper.Authenticator
        public I authenticate(IamServiceManager<I, ?> iamServiceManager, CHttpRequestContext cHttpRequestContext) throws IamSvcException {
            Iterator<Authenticator<I>> it = this.fAuthenticators.iterator();
            while (it.hasNext()) {
                I authenticate = it.next().authenticate(iamServiceManager, cHttpRequestContext);
                if (authenticate != null) {
                    return authenticate;
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/continual/restHttp/ApiContextHelper$Authenticator.class */
    public interface Authenticator<I extends Identity> {
        I authenticate(IamServiceManager<I, ?> iamServiceManager, CHttpRequestContext cHttpRequestContext) throws IamSvcException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/continual/restHttp/ApiContextHelper$LocalHeaderReader.class */
    public static class LocalHeaderReader implements HeaderReader {
        private final CHttpRequestContext fContext;

        public LocalHeaderReader(CHttpRequestContext cHttpRequestContext) {
            this.fContext = cHttpRequestContext;
        }

        public String getFirstHeader(String str) {
            return this.fContext.request().getFirstHeader(str);
        }
    }

    /* loaded from: input_file:io/continual/restHttp/ApiContextHelper$MissingInputException.class */
    public static class MissingInputException extends Exception {
        private static final long serialVersionUID = 1;

        public MissingInputException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:io/continual/restHttp/ApiContextHelper$ResourceAccess.class */
    public static class ResourceAccess {
        public final String fResId;
        public final String fOp;

        public ResourceAccess(String str, String str2) {
            this.fResId = str;
            this.fOp = str2;
        }
    }

    public ApiContextHelper() {
        this(null);
    }

    public ApiContextHelper(IamServiceManager<I, ?> iamServiceManager) {
        this.fAccts = iamServiceManager;
    }

    protected static void sendStatusCodeAndMessage(CHttpRequestContext cHttpRequestContext, int i, String str) {
        sendJson(cHttpRequestContext, i, new JSONObject().put("statusCode", i).put("message", str));
    }

    protected static void sendStatusOk(CHttpRequestContext cHttpRequestContext, String str) {
        sendJson(cHttpRequestContext, 200, new JSONObject().put("statusCode", 200).put("message", str));
    }

    protected static void sendStatusOk(CHttpRequestContext cHttpRequestContext, JSONObject jSONObject) {
        sendJson(cHttpRequestContext, 200, JsonUtil.clone(jSONObject).put("statusCode", 200));
    }

    protected static void sendStatusOkNoContent(CHttpRequestContext cHttpRequestContext) {
        cHttpRequestContext.response().setStatus(204);
    }

    protected static void sendNotAuth(CHttpRequestContext cHttpRequestContext) {
        sendStatusCodeAndMessage(cHttpRequestContext, 401, "Unauthorized. Check your API credentials.");
    }

    protected static void sendJson(CHttpRequestContext cHttpRequestContext, JSONObject jSONObject) {
        sendJson(cHttpRequestContext, 200, jSONObject);
    }

    protected static void sendJson(CHttpRequestContext cHttpRequestContext, int i, JSONObject jSONObject) {
        cHttpRequestContext.response().sendErrorAndBody(i, TypeConvertor.convertToBooleanBroad(cHttpRequestContext.request().getFirstHeader("X-CioPrettyJson")) ? jSONObject.toString(4) : jSONObject.toString(), "application/json");
    }

    public void handleWithApiAuth(CHttpRequestContext cHttpRequestContext, ApiHandler<I> apiHandler) {
        handleWithApiAuth(cHttpRequestContext, getInternalAccts(cHttpRequestContext), apiHandler);
    }

    public void handleWithApiAuthAndAccess(CHttpRequestContext cHttpRequestContext, ApiHandler<I> apiHandler, ResourceAccess... resourceAccessArr) {
        handleWithApiAuth(cHttpRequestContext, getInternalAccts(cHttpRequestContext), apiHandler);
    }

    public static <I extends Identity> void handleWithApiAuth(CHttpRequestContext cHttpRequestContext, IamServiceManager<I, ?> iamServiceManager, ApiHandler<I> apiHandler) {
        handleWithApiAuthAndAccess(cHttpRequestContext, iamServiceManager, apiHandler, new ResourceAccess[0]);
    }

    public static <I extends Identity> void handleWithApiAuthAndAccess(CHttpRequestContext cHttpRequestContext, IamServiceManager<I, ?> iamServiceManager, ApiHandler<I> apiHandler, ResourceAccess... resourceAccessArr) {
        try {
            try {
                setupCorsHeaders(cHttpRequestContext);
                UserContext<I> user = getUser(iamServiceManager, cHttpRequestContext);
                if (user == null) {
                    sendNotAuth(cHttpRequestContext);
                    return;
                }
                String effectiveUserId = user.getEffectiveUserId();
                AccessDb accessDb = iamServiceManager.getAccessDb();
                for (ResourceAccess resourceAccess : resourceAccessArr) {
                    if (!accessDb.canUser(effectiveUserId, makeResource(resourceAccess.fResId), resourceAccess.fOp)) {
                        sendNotAuth(cHttpRequestContext);
                        return;
                    }
                }
                apiHandler.handle(cHttpRequestContext, (HttpServlet) cHttpRequestContext.getServlet(), user);
            } catch (JSONException | IamSvcException e) {
                log.warn(e.getMessage(), e);
                sendStatusCodeAndMessage(cHttpRequestContext, 500, "There was a problem handling your API request.");
            }
        } catch (IOException e2) {
            log.warn(e2.getMessage());
            sendStatusCodeAndMessage(cHttpRequestContext, 500, "I/O problem writing the response, but... you got it???");
        }
    }

    public static <I extends Identity> UserContext<I> getUser(CHttpRequestContext cHttpRequestContext) throws IamSvcException {
        return getUser(getAccountsSvc(cHttpRequestContext), cHttpRequestContext);
    }

    public boolean canUser(CHttpRequestContext cHttpRequestContext, UserContext<Identity> userContext, String str, String str2) throws IamSvcException {
        boolean canUser = this.fAccts.getAccessDb().canUser(userContext.getEffectiveUserId(), makeResource(str), str2);
        if (!canUser) {
            log.info(userContext.toString() + " cannot " + str2 + " object " + str);
        }
        return canUser;
    }

    public static Resource makeResource(final String str) {
        return new Resource() { // from class: io.continual.restHttp.ApiContextHelper.1
            public String getId() {
                return str;
            }
        };
    }

    public static <I extends Identity> UserContext<I> getUser(IamServiceManager<I, ?> iamServiceManager, CHttpRequestContext cHttpRequestContext) throws IamSvcException {
        UserContext<I> userContext = null;
        try {
            Identity authenticate = new AuthList().authenticate(iamServiceManager, cHttpRequestContext);
            if (authenticate != null) {
                String firstHeader = new LocalHeaderReader(cHttpRequestContext).getFirstHeader("X-AuthFor");
                if (firstHeader == null || firstHeader.length() <= 0 || firstHeader.equals(authenticate.getId())) {
                    userContext = new UserContext.Builder().forUser(authenticate).build();
                } else {
                    Identity loadUser = iamServiceManager.getIdentityManager().loadUser(firstHeader);
                    if (loadUser != null && authenticate.getGroup(kContinualSystemsGroup) != null) {
                        userContext = new UserContext.Builder().forUser(loadUser).sponsoredByUser(authenticate).build();
                    }
                }
            }
            return userContext;
        } catch (IamSvcException e) {
            log.warn("Error processing authentication: " + e.getMessage());
            throw e;
        }
    }

    protected IamServiceManager<I, ?> getInternalAccts(CHttpRequestContext cHttpRequestContext) {
        return this.fAccts != null ? this.fAccts : getAccountsSvc(cHttpRequestContext);
    }

    protected static <I extends Identity> IamServiceManager<I, ?> getAccountsSvc(CHttpRequestContext cHttpRequestContext) {
        return (IamServiceManager) HttpServlet.getServices(cHttpRequestContext).get("accounts", IamServiceManager.class);
    }

    protected static void setupCorsHeaders(CHttpRequestContext cHttpRequestContext) {
        CHttpResponse response = cHttpRequestContext.response();
        response.writeHeader("Access-Control-Allow-Origin", "*");
        response.writeHeader("Access-Control-Allow-Methods", "DELETE, GET, OPTIONS, PATCH, POST, PUT");
        response.writeHeader("Access-Control-Max-Age", "3600");
        response.writeHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Continual-Auth, X-Continual-Date, X-Continual-Magic");
    }

    protected static JSONObject readBody(CHttpRequestContext cHttpRequestContext) throws JSONException, IOException {
        return new JSONObject((JSONTokener) new CommentedJsonTokener(cHttpRequestContext.request().getBodyStream()));
    }

    public static JSONObject readJsonBody(CHttpRequestContext cHttpRequestContext) throws JSONException, IOException {
        return readBody(cHttpRequestContext);
    }

    public static String readJsonString(JSONObject jSONObject, String str) throws MissingInputException {
        try {
            return jSONObject.getString(str);
        } catch (JSONException e) {
            throw new MissingInputException("Missing required field '" + str + "' in input.");
        }
    }

    public static JSONObject readJsonObject(JSONObject jSONObject, String str) throws MissingInputException {
        try {
            return jSONObject.getJSONObject(str);
        } catch (JSONException e) {
            throw new MissingInputException("Missing required field '" + str + "' in input.");
        }
    }
}
