package io.polyglotted.spring.elastic;

import io.polyglotted.common.model.AuthToken;
import io.polyglotted.common.model.Subject;
import io.polyglotted.common.util.CollUtil;
import io.polyglotted.common.util.HttpUtil;
import io.polyglotted.common.util.ListBuilder;
import io.polyglotted.spring.elastic.ElasticAuthFilter;
import io.polyglotted.spring.security.DefaultAuthToken;
import java.io.Closeable;
import java.io.IOException;
import java.util.List;
import javax.annotation.PreDestroy;
import javax.servlet.http.HttpServletRequest;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/polyglotted/spring/elastic/ElasticProcessor.class */
public class ElasticProcessor implements Closeable {
    private static final Logger log = LoggerFactory.getLogger(ElasticProcessor.class);
    private static final String LOGIN_TEMPL = "{\"grant_type\":\"password\",\"username\":\"$userid\",\"password\":\"$passwd\"}";
    private static final String LOGOUT_TEMPL = "{\"token\":\"$token\"}";
    private final CloseableHttpClient httpClient = HttpClientBuilder.create().setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(3000).setSocketTimeout(3000).build()).build();

    @Value("${idp.elastic.url:http://localhost:9200}")
    private String baseUri = null;

    @Override // java.io.Closeable, java.lang.AutoCloseable
    @PreDestroy
    public void close() throws IOException {
        this.httpClient.close();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultAuthToken authenticate(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Bearer") || header.contains(".")) {
            log.trace("No Bearer token found in HTTP Authorization header");
            return null;
        }
        Subject authenticateInternal = authenticateInternal(header);
        return new DefaultAuthToken(authenticateInternal, header.substring(7), authorities(authenticateInternal.roles));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthToken login(String str, String str2) {
        try {
            return AuthToken.buildWith(HttpUtil.execute(this.httpClient, HttpUtil.buildPost(this.baseUri, "/_xpack/security/oauth2/token").withBasicAuth(str, str2).withJson(LOGIN_TEMPL.replace("$userid", str).replace("$passwd", str2))));
        } catch (Exception e) {
            throw new ElasticAuthFilter.ElasticClientException("failed to login");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void logout(String str) {
        try {
            HttpUtil.execute(this.httpClient, HttpUtil.buildDelete(this.baseUri, "/_xpack/security/oauth2/token").withBearerAuth(str).withJson(LOGOUT_TEMPL.replace("$token", str)));
        } catch (Exception e) {
            throw new ElasticAuthFilter.ElasticClientException("failed to logout");
        }
    }

    private Subject authenticateInternal(String str) {
        try {
            return Subject.buildWith(HttpUtil.execute(this.httpClient, HttpUtil.buildGet(this.baseUri, "/_xpack/security/_authenticate").withAuth(str)));
        } catch (Exception e) {
            throw new ElasticAuthFilter.ElasticClientException("failed to authenticate");
        }
    }

    private static List<GrantedAuthority> authorities(List<String> list) {
        return (List) ListBuilder.immutableListBuilder().add(new SimpleGrantedAuthority("ROLE_CONSUMER")).add(new SimpleGrantedAuthority("ROLE_CURATOR")).addAll(CollUtil.transformList(list, str -> {
            return new SimpleGrantedAuthority("ROLE_" + str.toUpperCase());
        })).build();
    }
}
