package restx.security;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Optional;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.inject.Named;
import org.joda.time.DateTime;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import restx.AbstractRouteLifecycleListener;
import restx.RestxContext;
import restx.RestxFilter;
import restx.RestxHandler;
import restx.RestxHandlerMatch;
import restx.RestxRequest;
import restx.RestxRequestMatch;
import restx.RestxResponse;
import restx.StdRestxRequestMatch;
import restx.WebException;
import restx.common.Crypto;
import restx.factory.Component;
import restx.factory.Name;
import restx.http.HttpStatus;
import restx.security.RestxSession;

@Component(priority = -200)
/* loaded from: input_file:restx/security/RestxSessionCookieFilter.class */
public class RestxSessionCookieFilter implements RestxFilter, RestxHandler {
    private static final String EXPIRES = "_expires";
    private final RestxSession.Definition sessionDefinition;
    private final ObjectMapper mapper;
    private final SignatureKey signatureKey;
    private final RestxSessionCookieDescriptor restxSessionCookieDescriptor;
    private final RestxSession emptySession;
    public static final Name<RestxSessionCookieFilter> NAME = Name.of(RestxSessionCookieFilter.class, "RestxSessionCookieFilter");
    private static final Logger logger = LoggerFactory.getLogger(RestxSessionCookieFilter.class);

    public RestxSessionCookieFilter(RestxSession.Definition definition, @Named("FrontObjectMapper") ObjectMapper objectMapper, Optional<SignatureKey> optional, RestxSessionCookieDescriptor restxSessionCookieDescriptor) {
        this.sessionDefinition = definition;
        this.mapper = objectMapper;
        this.signatureKey = (SignatureKey) optional.or(SignatureKey.DEFAULT);
        this.restxSessionCookieDescriptor = restxSessionCookieDescriptor;
        this.emptySession = new RestxSession(definition, ImmutableMap.of(), Optional.absent(), Duration.ZERO);
    }

    @Override // restx.RestxHandlerMatcher
    public Optional<RestxHandlerMatch> match(RestxRequest restxRequest) {
        return Optional.of(new RestxHandlerMatch(new StdRestxRequestMatch("*", restxRequest.getRestxPath()), this));
    }

    @Override // restx.RestxHandler
    public void handle(RestxRequestMatch restxRequestMatch, RestxRequest restxRequest, RestxResponse restxResponse, RestxContext restxContext) throws IOException {
        final RestxSession buildContextFromRequest = buildContextFromRequest(restxRequest);
        if (RestxContext.Modes.RECORDING.equals(restxContext.getMode())) {
            buildContextFromRequest.cleanUpCaches();
        }
        RestxSession.setCurrent(buildContextFromRequest);
        try {
            restxContext.nextHandlerMatch().handle(restxRequest, restxResponse, restxContext.withListener(new AbstractRouteLifecycleListener() { // from class: restx.security.RestxSessionCookieFilter.1
                @Override // restx.AbstractRouteLifecycleListener, restx.RouteLifecycleListener
                public void onBeforeWriteContent(RestxRequest restxRequest2, RestxResponse restxResponse2) {
                    RestxSession current = RestxSession.current();
                    if (current != buildContextFromRequest) {
                        RestxSessionCookieFilter.this.updateSessionInClient(restxResponse2, current);
                    }
                }
            }));
            RestxSession.setCurrent(null);
        } catch (Throwable th) {
            RestxSession.setCurrent(null);
            throw th;
        }
    }

    public RestxSession buildContextFromRequest(RestxRequest restxRequest) throws IOException {
        String cookieName = this.restxSessionCookieDescriptor.getCookieName();
        String str = (String) restxRequest.getCookieValue(cookieName).or("");
        if (str.trim().isEmpty()) {
            return this.emptySession;
        }
        if (!Crypto.sign(str, this.signatureKey.getKey()).equals((String) restxRequest.getCookieValue(this.restxSessionCookieDescriptor.getCookieSignatureName()).or(""))) {
            logger.warn("invalid restx session signature. session was: {}. Ignoring session cookie.", str);
            return this.emptySession;
        }
        Map<String, String> readEntries = readEntries(str);
        DateTime parse = DateTime.parse(readEntries.remove(EXPIRES));
        if (parse.isBeforeNow()) {
            return this.emptySession;
        }
        Duration duration = restxRequest.isPersistentCookie(cookieName) ? new Duration(DateTime.now(), parse) : Duration.ZERO;
        ImmutableMap copyOf = ImmutableMap.copyOf(readEntries);
        Optional value = RestxSession.getValue(this.sessionDefinition, RestxPrincipal.class, RestxPrincipal.SESSION_DEF_KEY, (String) copyOf.get(RestxPrincipal.SESSION_DEF_KEY));
        if (value.isPresent() && Permissions.hasRole("restx-admin").has((RestxPrincipal) value.get(), null).isPresent()) {
            Optional<String> header = restxRequest.getHeader("RestxSu");
            if (header.isPresent() && !Strings.isNullOrEmpty((String) header.get())) {
                try {
                    readEntries.putAll(readEntries((String) header.get()));
                    copyOf = ImmutableMap.copyOf(readEntries);
                    value = RestxSession.getValue(this.sessionDefinition, RestxPrincipal.class, RestxPrincipal.SESSION_DEF_KEY, (String) copyOf.get(RestxPrincipal.SESSION_DEF_KEY));
                    logger.info("restx-admin sudoing request with {}", header.get());
                } catch (Exception e) {
                    logger.warn("restx-admin tried sudoing request with {}, but it failed: {}", header.get(), e.toString());
                    throw new WebException(HttpStatus.BAD_REQUEST, "invalid su session '" + ((String) header.get()) + "': " + e.toString());
                }
            }
        }
        return new RestxSession(this.sessionDefinition, copyOf, value, duration);
    }

    protected Map<String, String> readEntries(String str) throws IOException {
        return (Map) this.mapper.readValue(str, Map.class);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateSessionInClient(RestxResponse restxResponse, RestxSession restxSession) {
        ImmutableMap<String, String> cookiesMap = toCookiesMap(restxSession);
        if (cookiesMap.isEmpty()) {
            restxResponse.clearCookie(this.restxSessionCookieDescriptor.getCookieName());
            restxResponse.clearCookie(this.restxSessionCookieDescriptor.getCookieSignatureName());
        } else {
            Iterator it = cookiesMap.entrySet().iterator();
            while (it.hasNext()) {
                Map.Entry entry = (Map.Entry) it.next();
                restxResponse.addCookie((String) entry.getKey(), (String) entry.getValue(), restxSession.getExpires());
            }
        }
    }

    public ImmutableMap<String, String> toCookiesMap(RestxSession restxSession) {
        try {
            ImmutableMap<String, String> valueidsByKeyMap = restxSession.valueidsByKeyMap();
            if (valueidsByKeyMap.isEmpty()) {
                return ImmutableMap.of();
            }
            HashMap newHashMap = Maps.newHashMap(valueidsByKeyMap);
            newHashMap.put(EXPIRES, DateTime.now().plusDays(30).toString());
            String writeValueAsString = this.mapper.writeValueAsString(newHashMap);
            return ImmutableMap.of(this.restxSessionCookieDescriptor.getCookieName(), writeValueAsString, this.restxSessionCookieDescriptor.getCookieSignatureName(), Crypto.sign(writeValueAsString, this.signatureKey.getKey()));
        } catch (JsonProcessingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public String toString() {
        return "RestxSessionCookieFilter";
    }
}
