package com.vmware.dcp.services.common.authn;

import com.vmware.dcp.common.Claims;
import com.vmware.dcp.common.Operation;
import com.vmware.dcp.common.Service;
import com.vmware.dcp.common.ServiceDocument;
import com.vmware.dcp.common.StatelessService;
import com.vmware.dcp.common.Utils;
import com.vmware.dcp.common.http.netty.NettyHttpListener;
import com.vmware.dcp.services.common.AuthCredentialsService;
import com.vmware.dcp.services.common.QueryTask;
import com.vmware.dcp.services.common.ServiceUriPaths;
import com.vmware.dcp.services.common.UserService;
import com.vmware.dcp.services.common.authn.AuthenticationRequest;
import java.io.UnsupportedEncodingException;
import java.util.Base64;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/vmware/dcp/services/common/authn/BasicAuthenticationService.class */
public class BasicAuthenticationService extends StatelessService {
    public static String SELF_LINK = ServiceUriPaths.CORE_AUTHN_BASIC;
    public static final String WWW_AUTHENTICATE_HEADER_NAME = "WWW-Authenticate";
    public static final String WWW_AUTHENTICATE_HEADER_VALUE = "Basic realm=\"dcp\"";
    public static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    public static final String BASIC_AUTH_NAME = "Basic";
    private static final String BASIC_AUTH_SEPERATOR = " ";
    private static final String BASIC_AUTH_USER_SEPERATOR = ":";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.vmware.dcp.services.common.authn.BasicAuthenticationService$1, reason: invalid class name */
    /* loaded from: input_file:com/vmware/dcp/services/common/authn/BasicAuthenticationService$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$vmware$dcp$services$common$authn$AuthenticationRequest$AuthenticationRequestType = new int[AuthenticationRequest.AuthenticationRequestType.values().length];

        static {
            try {
                $SwitchMap$com$vmware$dcp$services$common$authn$AuthenticationRequest$AuthenticationRequestType[AuthenticationRequest.AuthenticationRequestType.LOGIN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$vmware$dcp$services$common$authn$AuthenticationRequest$AuthenticationRequestType[AuthenticationRequest.AuthenticationRequestType.LOGOUT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$com$vmware$dcp$common$Service$Action = new int[Service.Action.values().length];
            try {
                $SwitchMap$com$vmware$dcp$common$Service$Action[Service.Action.POST.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Override // com.vmware.dcp.common.StatelessService, com.vmware.dcp.common.Service
    public void handleRequest(Operation operation) {
        switch (operation.getAction()) {
            case POST:
                handlePost(operation);
                return;
            default:
                super.handleRequest(operation);
                return;
        }
    }

    private void handlePost(Operation operation) {
        AuthenticationRequest.AuthenticationRequestType authenticationRequestType = ((AuthenticationRequest) operation.getBody(AuthenticationRequest.class)).requestType;
        if (authenticationRequestType == null) {
            authenticationRequestType = AuthenticationRequest.AuthenticationRequestType.LOGIN;
        }
        switch (AnonymousClass1.$SwitchMap$com$vmware$dcp$services$common$authn$AuthenticationRequest$AuthenticationRequestType[authenticationRequestType.ordinal()]) {
            case 1:
                handleLogin(operation);
                return;
            case NettyHttpListener.EVENT_LOOP_THREAD_COUNT /* 2 */:
                handleLogout(operation);
                return;
            default:
                return;
        }
    }

    private void handleLogout(Operation operation) {
        if (operation.getAuthorizationContext() == null) {
            operation.complete();
        } else if (associateAuthorizationContext(operation, operation.getAuthorizationContext().getClaims().getSubject(), 0L)) {
            operation.complete();
        } else {
            operation.setStatusCode(Operation.STATUS_CODE_SERVER_FAILURE_THRESHOLD).complete();
        }
    }

    private void handleLogin(Operation operation) {
        String requestHeader = operation.getRequestHeader(AUTHORIZATION_HEADER_NAME);
        if (requestHeader == null) {
            operation.addResponseHeader(WWW_AUTHENTICATE_HEADER_NAME, WWW_AUTHENTICATE_HEADER_VALUE);
            operation.fail(Operation.STATUS_CODE_UNAUTHORIZED);
            return;
        }
        String[] split = requestHeader.split(BASIC_AUTH_SEPERATOR);
        if (split.length != 2 || !split[0].equalsIgnoreCase(BASIC_AUTH_NAME)) {
            operation.fail(400);
            return;
        }
        try {
            String[] split2 = new String(Base64.getDecoder().decode(split[1]), Utils.CHARSET).split(":");
            if (split2.length != 2) {
                operation.fail(400);
            } else {
                queryUserService(operation, split2[0], split2[1]);
            }
        } catch (UnsupportedEncodingException e) {
            logWarning("Exception decoding auth header: %s", Utils.toString(e));
            operation.setStatusCode(400).complete();
        }
    }

    private void queryUserService(Operation operation, String str, String str2) {
        QueryTask queryTask = new QueryTask();
        queryTask.querySpec = new QueryTask.QuerySpecification();
        queryTask.querySpec.query.addBooleanClause(new QueryTask.Query().setTermPropertyName(ServiceDocument.FIELD_NAME_KIND).setTermMatchValue(Utils.buildKind(UserService.UserState.class)));
        QueryTask.Query termMatchValue = new QueryTask.Query().setTermPropertyName(UserService.UserState.FIELD_NAME_EMAIL).setTermMatchValue(str);
        termMatchValue.occurance = QueryTask.Query.Occurance.MUST_OCCUR;
        queryTask.querySpec.query.addBooleanClause(termMatchValue);
        queryTask.taskInfo.isDirect = true;
        Operation completion = Operation.createPost(this, ServiceUriPaths.CORE_QUERY_TASKS).setBody(queryTask).setCompletion((operation2, th) -> {
            if (th != null) {
                logWarning("Exception validating user: %s", Utils.toString(th));
                operation.setBodyNoCloning(operation2.getBodyRaw()).fail(operation2.getStatusCode());
                return;
            }
            QueryTask queryTask2 = (QueryTask) operation2.getBody(QueryTask.class);
            if (queryTask2.results.documentLinks.isEmpty()) {
                operation.fail(Operation.STATUS_CODE_FORBIDDEN);
            } else {
                queryAuthStore(operation, queryTask2.results.documentLinks.get(0), str, str2);
            }
        });
        setAuthorizationContext(completion, getSystemAuthorizationContext());
        sendRequest(completion);
    }

    private void queryAuthStore(Operation operation, String str, String str2, String str3) {
        QueryTask queryTask = new QueryTask();
        queryTask.querySpec = new QueryTask.QuerySpecification();
        queryTask.querySpec.query.addBooleanClause(new QueryTask.Query().setTermPropertyName(ServiceDocument.FIELD_NAME_KIND).setTermMatchValue(Utils.buildKind(AuthCredentialsService.AuthCredentialsServiceState.class)));
        QueryTask.Query termMatchValue = new QueryTask.Query().setTermPropertyName(AuthCredentialsService.AuthCredentialsServiceState.FIELD_NAME_EMAIL).setTermMatchValue(str2);
        termMatchValue.occurance = QueryTask.Query.Occurance.MUST_OCCUR;
        queryTask.querySpec.query.addBooleanClause(termMatchValue);
        QueryTask.Query termMatchValue2 = new QueryTask.Query().setTermPropertyName(AuthCredentialsService.AuthCredentialsServiceState.FIELD_NAME_PRIVATE_KEY).setTermMatchValue(str3);
        termMatchValue2.occurance = QueryTask.Query.Occurance.MUST_OCCUR;
        queryTask.querySpec.query.addBooleanClause(termMatchValue2);
        queryTask.taskInfo.isDirect = true;
        Operation completion = Operation.createPost(this, ServiceUriPaths.CORE_QUERY_TASKS).setBody(queryTask).setCompletion((operation2, th) -> {
            if (th != null) {
                logWarning("Exception validating user credentials: %s", Utils.toString(th));
                operation.setBodyNoCloning(operation2.getBodyRaw()).fail(Operation.STATUS_CODE_SERVER_FAILURE_THRESHOLD);
            } else if (((QueryTask) operation2.getBody(QueryTask.class)).results.documentLinks.isEmpty()) {
                operation.fail(Operation.STATUS_CODE_FORBIDDEN);
            } else if (associateAuthorizationContext(operation, str, Utils.getNowMicrosUtc() + TimeUnit.HOURS.toMicros(1L))) {
                operation.complete();
            } else {
                operation.fail(Operation.STATUS_CODE_SERVER_FAILURE_THRESHOLD);
            }
        });
        setAuthorizationContext(completion, getSystemAuthorizationContext());
        sendRequest(completion);
    }

    private boolean associateAuthorizationContext(Operation operation, String str, long j) {
        Claims.Builder builder = new Claims.Builder();
        builder.setIssuer("dcp");
        builder.setSubject(str);
        builder.setExpirationTime(Long.valueOf(j));
        Claims result = builder.getResult();
        try {
            String sign = getTokenSigner().sign(result);
            Operation.AuthorizationContext.Builder create = Operation.AuthorizationContext.Builder.create();
            create.setClaims(result);
            create.setToken(sign);
            create.setPropagateToClient(true);
            setAuthorizationContext(operation, create.getResult());
            return true;
        } catch (Exception e) {
            logSevere(e);
            return false;
        }
    }
}
