package io.bdeploy.jersey.ws;

import io.bdeploy.common.security.ApiAccessToken;
import io.bdeploy.common.util.JacksonHelper;
import io.bdeploy.jersey.JerseyAuthenticationProvider;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.security.KeyStore;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.glassfish.grizzly.websockets.Broadcaster;
import org.glassfish.grizzly.websockets.OptimizedBroadcaster;
import org.glassfish.grizzly.websockets.WebSocket;
import org.glassfish.grizzly.websockets.WebSocketAdapter;
import org.glassfish.grizzly.websockets.WebSocketApplication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/bdeploy/jersey/ws/BroadcastingAuthenticatedWebSocket.class */
public class BroadcastingAuthenticatedWebSocket extends WebSocketApplication implements JerseyEventBroadcaster {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) BroadcastingAuthenticatedWebSocket.class);
    private final Function<Object, byte[]> serializer;
    private final KeyStore authStore;
    private final ScheduledExecutorService autoCloser = Executors.newSingleThreadScheduledExecutor();
    private final ConcurrentMap<WebSocket, List<String>> webSockets = new ConcurrentHashMap();
    private final Broadcaster broadcaster = new OptimizedBroadcaster();

    public BroadcastingAuthenticatedWebSocket(Function<Object, byte[]> function, KeyStore keyStore) {
        this.serializer = function;
        this.authStore = keyStore;
    }

    @Override // io.bdeploy.jersey.ws.JerseyEventBroadcaster
    public void send(Object obj, List<String> list) {
        this.broadcaster.broadcast(getWebSockets(list), this.serializer.apply(obj));
    }

    @Override // org.glassfish.grizzly.websockets.WebSocketApplication, org.glassfish.grizzly.websockets.WebSocketAdapter, org.glassfish.grizzly.websockets.WebSocketListener
    public void onConnect(final WebSocket webSocket) {
        final ScheduledFuture<?> schedule = this.autoCloser.schedule(() -> {
            webSocket.close(Response.Status.UNAUTHORIZED.getStatusCode(), "No Token received");
        }, 5L, TimeUnit.SECONDS);
        webSocket.add(new WebSocketAdapter() { // from class: io.bdeploy.jersey.ws.BroadcastingAuthenticatedWebSocket.1
            @Override // org.glassfish.grizzly.websockets.WebSocketAdapter, org.glassfish.grizzly.websockets.WebSocketListener
            public void onMessage(WebSocket webSocket2, String str) {
                try {
                    WebSocketInitDto webSocketInitDto = (WebSocketInitDto) JacksonHelper.createObjectMapper(JacksonHelper.MapperType.JSON).readValue(str, WebSocketInitDto.class);
                    ApiAccessToken apiAccessToken = null;
                    try {
                        apiAccessToken = JerseyAuthenticationProvider.validateToken(webSocketInitDto.token, BroadcastingAuthenticatedWebSocket.this.authStore);
                    } catch (Exception e) {
                        BroadcastingAuthenticatedWebSocket.log.error("Cannot parse authentication token: ", (Throwable) e);
                    }
                    schedule.cancel(false);
                    if (apiAccessToken == null) {
                        BroadcastingAuthenticatedWebSocket.log.warn("Invalid authentication from client, closing");
                        webSocket2.close(Response.Status.UNAUTHORIZED.getStatusCode(), "Invalid Authentication Token");
                    } else {
                        webSocket.remove(this);
                        BroadcastingAuthenticatedWebSocket.this.add(webSocket, webSocketInitDto.scope);
                    }
                } catch (IOException e2) {
                    BroadcastingAuthenticatedWebSocket.log.error("Cannot read WebSocket init DTO", (Throwable) e2);
                    webSocket2.close(Response.Status.UNAUTHORIZED.getStatusCode(), "Invalid Init Message");
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean add(WebSocket webSocket, List<String> list) {
        return this.webSockets.put(webSocket, list) == null;
    }

    @Override // org.glassfish.grizzly.websockets.WebSocketApplication
    public boolean remove(WebSocket webSocket) {
        return this.webSockets.remove(webSocket) != null;
    }

    private Set<WebSocket> getWebSockets(List<String> list) {
        return (Set) this.webSockets.entrySet().stream().filter(entry -> {
            if (((List) entry.getValue()).size() > list.size()) {
                return false;
            }
            for (int i = 0; i < ((List) entry.getValue()).size(); i++) {
                if (!((String) ((List) entry.getValue()).get(i)).equals(list.get(i))) {
                    return false;
                }
            }
            return true;
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toSet());
    }
}
