package org.apache.james.jmap.http;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.io.IOException;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.james.core.Username;
import org.apache.james.jmap.Endpoint;
import org.apache.james.jmap.JMAPRoute;
import org.apache.james.jmap.JMAPRoutes;
import org.apache.james.jmap.api.access.AccessToken;
import org.apache.james.jmap.draft.api.AccessTokenManager;
import org.apache.james.jmap.draft.api.SimpleTokenFactory;
import org.apache.james.jmap.draft.api.SimpleTokenManager;
import org.apache.james.jmap.draft.exceptions.BadRequestException;
import org.apache.james.jmap.draft.exceptions.InternalErrorException;
import org.apache.james.jmap.draft.json.MultipleObjectMapperBuilder;
import org.apache.james.jmap.draft.model.AccessTokenRequest;
import org.apache.james.jmap.draft.model.AccessTokenResponse;
import org.apache.james.jmap.draft.model.ContinuationTokenRequest;
import org.apache.james.jmap.draft.model.ContinuationTokenResponse;
import org.apache.james.jmap.draft.model.EndPointsResponse;
import org.apache.james.jmap.exceptions.UnauthorizedException;
import org.apache.james.jmap.mailet.filter.HeaderExtractor;
import org.apache.james.metrics.api.MetricFactory;
import org.apache.james.user.api.UsersRepository;
import org.apache.james.user.api.UsersRepositoryException;
import org.apache.james.util.ReactorUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
import reactor.netty.http.server.HttpServerRequest;
import reactor.netty.http.server.HttpServerResponse;

/* loaded from: input_file:org/apache/james/jmap/http/AuthenticationRoutes.class */
public class AuthenticationRoutes implements JMAPRoutes {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationRoutes.class);
    private final ObjectMapper mapper = new MultipleObjectMapperBuilder().registerClass(ContinuationTokenRequest.UNIQUE_JSON_PATH, ContinuationTokenRequest.class).registerClass(AccessTokenRequest.UNIQUE_JSON_PATH, AccessTokenRequest.class).build();
    private final UsersRepository usersRepository;
    private final SimpleTokenManager simpleTokenManager;
    private final AccessTokenManager accessTokenManager;
    private final SimpleTokenFactory simpleTokenFactory;
    private final MetricFactory metricFactory;
    private final Authenticator authenticator;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.james.jmap.http.AuthenticationRoutes$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/james/jmap/http/AuthenticationRoutes$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$james$jmap$draft$api$SimpleTokenManager$TokenStatus = new int[SimpleTokenManager.TokenStatus.values().length];

        static {
            try {
                $SwitchMap$org$apache$james$jmap$draft$api$SimpleTokenManager$TokenStatus[SimpleTokenManager.TokenStatus.EXPIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$james$jmap$draft$api$SimpleTokenManager$TokenStatus[SimpleTokenManager.TokenStatus.INVALID.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$james$jmap$draft$api$SimpleTokenManager$TokenStatus[SimpleTokenManager.TokenStatus.OK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Inject
    public AuthenticationRoutes(UsersRepository usersRepository, SimpleTokenManager simpleTokenManager, AccessTokenManager accessTokenManager, SimpleTokenFactory simpleTokenFactory, MetricFactory metricFactory, @Named("DRAFT") Authenticator authenticator) {
        this.usersRepository = usersRepository;
        this.simpleTokenManager = simpleTokenManager;
        this.accessTokenManager = accessTokenManager;
        this.simpleTokenFactory = simpleTokenFactory;
        this.metricFactory = metricFactory;
        this.authenticator = authenticator;
    }

    public Stream<JMAPRoute> routes() {
        return Stream.of((Object[]) new JMAPRoute[]{JMAPRoute.builder().endpoint(Endpoint.ofFixedPath(HttpMethod.POST, "/authentication")).action(this::post).corsHeaders(), JMAPRoute.builder().endpoint(Endpoint.ofFixedPath(HttpMethod.GET, "/authentication")).action(this::returnEndPointsResponse).corsHeaders(), JMAPRoute.builder().endpoint(Endpoint.ofFixedPath(HttpMethod.DELETE, "/authentication")).action(this::delete).corsHeaders(), JMAPRoute.builder().endpoint(Endpoint.ofFixedPath(HttpMethod.OPTIONS, "/authentication")).action(CORS_CONTROL).noCorsHeaders()});
    }

    private Mono<Void> post(HttpServerRequest httpServerRequest, HttpServerResponse httpServerResponse) {
        return Mono.from(this.metricFactory.decoratePublisherWithTimerMetric("JMAP-authentication-post", Mono.just(httpServerRequest).map(this::assertJsonContentType).map(this::assertAcceptJsonOnly).flatMap(this::deserialize).flatMap(obj -> {
            if (obj instanceof ContinuationTokenRequest) {
                return handleContinuationTokenRequest((ContinuationTokenRequest) obj, httpServerResponse);
            }
            if (obj instanceof AccessTokenRequest) {
                return handleAccessTokenRequest((AccessTokenRequest) obj, httpServerResponse);
            }
            throw new RuntimeException(obj.getClass() + " " + obj);
        }))).onErrorResume(BadRequestException.class, badRequestException -> {
            return handleBadRequest(httpServerResponse, LOGGER, badRequestException);
        }).doOnEach(ReactorUtils.logOnError(th -> {
            LOGGER.error("Unexpected error", th);
        })).onErrorResume(th2 -> {
            return handleInternalError(httpServerResponse, LOGGER, th2);
        }).contextWrite(LoggingHelper.jmapContext(httpServerRequest)).contextWrite(LoggingHelper.jmapAction("auth-post")).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER);
    }

    private Mono<Void> returnEndPointsResponse(HttpServerRequest httpServerRequest, HttpServerResponse httpServerResponse) {
        return this.authenticator.authenticate(httpServerRequest).flatMap(mailboxSession -> {
            return returnEndPointsResponse(httpServerResponse).contextWrite(LoggingHelper.jmapAuthContext(mailboxSession));
        }).onErrorResume(IllegalArgumentException.class, illegalArgumentException -> {
            return handleBadRequest(httpServerResponse, LOGGER, illegalArgumentException);
        }).onErrorResume(BadRequestException.class, badRequestException -> {
            return handleBadRequest(httpServerResponse, LOGGER, badRequestException);
        }).doOnEach(ReactorUtils.logOnError(th -> {
            LOGGER.error("Unexpected error", th);
        })).onErrorResume(InternalErrorException.class, internalErrorException -> {
            return handleInternalError(httpServerResponse, LOGGER, internalErrorException);
        }).onErrorResume(UnauthorizedException.class, unauthorizedException -> {
            return handleAuthenticationFailure(httpServerResponse, LOGGER, unauthorizedException);
        }).contextWrite(LoggingHelper.jmapContext(httpServerRequest)).contextWrite(LoggingHelper.jmapAction("returnEndPoints")).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER);
    }

    private Mono<Void> returnEndPointsResponse(HttpServerResponse httpServerResponse) {
        try {
            byte[] writeValueAsBytes = this.mapper.writeValueAsBytes(EndPointsResponse.builder().api("/jmap").eventSource("/notImplemented").upload("/upload").download("/download").build());
            return httpServerResponse.status(HttpResponseStatus.OK).header(HttpHeaderNames.CONTENT_TYPE, "application/json; charset=UTF-8").header(HttpHeaderNames.CONTENT_LENGTH, Integer.toString(writeValueAsBytes.length)).sendByteArray(Mono.just(writeValueAsBytes)).then();
        } catch (JsonProcessingException e) {
            throw new InternalErrorException("Error serializing endpoint response", e);
        }
    }

    private Mono<Void> delete(HttpServerRequest httpServerRequest, HttpServerResponse httpServerResponse) {
        String str = httpServerRequest.requestHeaders().get("Authorization");
        return this.authenticator.authenticate(httpServerRequest).flatMap(mailboxSession -> {
            return Mono.from(this.accessTokenManager.mo1revoke(AccessToken.fromString(str))).then(httpServerResponse.status(HttpResponseStatus.NO_CONTENT).send().then()).contextWrite(LoggingHelper.jmapAuthContext(mailboxSession));
        }).onErrorResume(UnauthorizedException.class, unauthorizedException -> {
            return handleAuthenticationFailure(httpServerResponse, LOGGER, unauthorizedException);
        }).contextWrite(LoggingHelper.jmapContext(httpServerRequest)).contextWrite(LoggingHelper.jmapAction("auth-delete")).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER);
    }

    private HttpServerRequest assertJsonContentType(HttpServerRequest httpServerRequest) {
        if (Objects.equals(httpServerRequest.requestHeaders().get(HttpHeaderNames.CONTENT_TYPE), "application/json; charset=UTF-8")) {
            return httpServerRequest;
        }
        throw new BadRequestException("Request ContentType header must be set to: application/json; charset=UTF-8");
    }

    private HttpServerRequest assertAcceptJsonOnly(HttpServerRequest httpServerRequest) {
        String str = httpServerRequest.requestHeaders().get(HttpHeaderNames.ACCEPT);
        if (str == null || !str.contains("application/json")) {
            throw new BadRequestException("Request Accept header must be set to JSON content type");
        }
        return httpServerRequest;
    }

    private Mono<Object> deserialize(HttpServerRequest httpServerRequest) {
        return httpServerRequest.receive().aggregate().asInputStream().map(inputStream -> {
            try {
                return this.mapper.readValue(inputStream, Object.class);
            } catch (IOException e) {
                throw new BadRequestException("Request can't be deserialized", e);
            }
        }).switchIfEmpty(Mono.error(() -> {
            return new BadRequestException("Empty body");
        }));
    }

    private Mono<Void> handleContinuationTokenRequest(ContinuationTokenRequest continuationTokenRequest, HttpServerResponse httpServerResponse) {
        try {
            return Mono.fromCallable(() -> {
                return ContinuationTokenResponse.builder().continuationToken(this.simpleTokenFactory.generateContinuationToken(continuationTokenRequest.getUsername())).methods(ContinuationTokenResponse.AuthenticationMethod.PASSWORD).build();
            }).map(continuationTokenResponse -> {
                try {
                    return this.mapper.writeValueAsBytes(continuationTokenResponse);
                } catch (JsonProcessingException e) {
                    throw new InternalErrorException("error serialising JMAP API response json");
                }
            }).subscribeOn(Schedulers.parallel()).flatMap(bArr -> {
                return httpServerResponse.header(HttpHeaderNames.CONTENT_TYPE, "application/json; charset=UTF-8").header(HttpHeaderNames.CONTENT_LENGTH, Integer.toString(bArr.length)).sendByteArray(Mono.just(bArr)).then();
            });
        } catch (Exception e) {
            throw new InternalErrorException("Error while responding to continuation token", e);
        }
    }

    private Mono<Void> handleAccessTokenRequest(AccessTokenRequest accessTokenRequest, HttpServerResponse httpServerResponse) {
        SimpleTokenManager.TokenStatus validity = this.simpleTokenManager.getValidity(accessTokenRequest.getToken());
        switch (AnonymousClass1.$SwitchMap$org$apache$james$jmap$draft$api$SimpleTokenManager$TokenStatus[validity.ordinal()]) {
            case HeaderExtractor.STRICT_PARSING /* 1 */:
                return returnForbiddenAuthentication(httpServerResponse);
            case 2:
                return returnUnauthorizedResponse(httpServerResponse).doOnEach(ReactorUtils.log(() -> {
                    LOGGER.warn("Use of an invalid ContinuationToken : {}", accessTokenRequest.getToken().serialize());
                }));
            case 3:
                return manageAuthenticationResponse(accessTokenRequest, httpServerResponse);
            default:
                throw new InternalErrorException(String.format("Validity %s is not implemented", validity));
        }
    }

    private Mono<Void> manageAuthenticationResponse(AccessTokenRequest accessTokenRequest, HttpServerResponse httpServerResponse) {
        Username of = Username.of(accessTokenRequest.getToken().getUsername());
        return authenticate(accessTokenRequest, of).flatMap(optional -> {
            return (Mono) optional.map(username -> {
                return returnAccessTokenResponse(httpServerResponse, username);
            }).orElseGet(() -> {
                return returnUnauthorizedResponse(httpServerResponse).doOnEach(ReactorUtils.log(() -> {
                    LOGGER.info("Authentication failure for {}", of);
                }));
            });
        });
    }

    private Mono<Optional<Username>> authenticate(AccessTokenRequest accessTokenRequest, Username username) {
        return Mono.fromCallable(() -> {
            try {
                return this.usersRepository.test(username, accessTokenRequest.getPassword());
            } catch (UsersRepositoryException e) {
                LOGGER.error("Error while trying to validate authentication for user '{}'", username, e);
                return Optional.empty();
            }
        }).subscribeOn(ReactorUtils.BLOCKING_CALL_WRAPPER);
    }

    private Mono<Void> returnAccessTokenResponse(HttpServerResponse httpServerResponse, Username username) {
        return Mono.from(this.accessTokenManager.mo4grantAccessToken(username)).map(accessToken -> {
            return AccessTokenResponse.builder().accessToken(accessToken).api("/jmap").eventSource("/notImplemented").upload("/upload").download("/download").build();
        }).flatMap(accessTokenResponse -> {
            try {
                byte[] writeValueAsBytes = this.mapper.writeValueAsBytes(accessTokenResponse);
                return httpServerResponse.status(HttpResponseStatus.CREATED).header(HttpHeaderNames.CONTENT_TYPE, "application/json; charset=UTF-8").header(HttpHeaderNames.CONTENT_LENGTH, Integer.toString(writeValueAsBytes.length)).sendByteArray(Mono.just(writeValueAsBytes)).then();
            } catch (JsonProcessingException e) {
                throw new InternalErrorException("Could not serialize access token response", e);
            }
        });
    }

    private Mono<Void> returnUnauthorizedResponse(HttpServerResponse httpServerResponse) {
        return httpServerResponse.status(HttpResponseStatus.UNAUTHORIZED).send().then();
    }

    private Mono<Void> returnForbiddenAuthentication(HttpServerResponse httpServerResponse) {
        return httpServerResponse.status(HttpResponseStatus.FORBIDDEN).send().then();
    }
}
