package de.gwdg.cdstar.rest.utils;

import de.gwdg.cdstar.Utils;
import de.gwdg.cdstar.auth.Permission;
import de.gwdg.cdstar.auth.Subject;
import de.gwdg.cdstar.auth.TokenCredentials;
import de.gwdg.cdstar.auth.UsernamePasswordCredentials;
import de.gwdg.cdstar.rest.api.RestContext;
import de.gwdg.cdstar.runtime.RuntimeContext;
import de.gwdg.cdstar.runtime.client.CDStarSession;
import de.gwdg.cdstar.runtime.client.exc.AccessError;
import de.gwdg.cdstar.ta.TransactionInfo;
import de.gwdg.cdstar.ta.exc.TARollbackException;
import de.gwdg.cdstar.web.common.model.ErrorResponse;
import java.nio.charset.Charset;
import java.time.Duration;
import java.util.Base64;
import java.util.concurrent.atomic.AtomicInteger;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gwdg/cdstar/rest/utils/SessionHelper.class */
public class SessionHelper {
    public static final String QUERY_TRANSACTION = "_ta";
    public static final String HEADER_TRANSACTION = "X-Transaction";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SessionHelper.class);
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String TOKEN_HEADER = "X-Token";
    private static final String TOKEN_PARAMETER = "token";

    public static CDStarSession getCDStarSession(RestContext restContext, boolean z) {
        CDStarSession begin;
        CDStarSession cDStarSession = (CDStarSession) restContext.getAttribute("cdstar.session", CDStarSession.class);
        if (cDStarSession != null) {
            return cDStarSession;
        }
        Subject subject = getSubject(restContext);
        RuntimeContext runtimeContext = (RuntimeContext) restContext.getService(RuntimeContext.class);
        String explicitTransactionID = getExplicitTransactionID(restContext);
        if (explicitTransactionID != null) {
            begin = runtimeContext.resumeSession(explicitTransactionID);
            if (begin == null || begin.isExpired()) {
                throw new ErrorResponse(400, "TxError", "Transaction invalid or timed out.").detail("transaction", explicitTransactionID);
            }
            if (!subject.isAnonymous() && !begin.getClient().getSubject().getPrincipal().getFullId().equals(subject.getPrincipal().getFullId())) {
                throw new ErrorResponse(400, "TxError", "Transaction invalid or timed out.").detail("transaction", explicitTransactionID);
            }
            if (begin.isReadOnly() && !z) {
                throw new ErrorResponse(400, "TxError", "Transaction is read-only.").detail("transaction", explicitTransactionID);
            }
            begin.refreshTimeout();
        } else {
            begin = runtimeContext.getClient(subject).begin(z);
            restContext.runAfterRequest(() -> {
                if (begin.isClosed()) {
                    return;
                }
                begin.rollback();
            });
        }
        suspendSessionTimeout(restContext, begin);
        restContext.setAttribute("cdstar.session", begin);
        return begin;
    }

    private static void suspendSessionTimeout(RestContext restContext, CDStarSession cDStarSession) {
        AtomicInteger atomicInteger;
        synchronized (cDStarSession) {
            atomicInteger = (AtomicInteger) cDStarSession.getContext().computeIfAbsent("suspendCounter", str -> {
                return new AtomicInteger();
            });
            if (atomicInteger.getAndIncrement() == 0) {
                cDStarSession.setTimeoutSuspended(true);
            }
        }
        restContext.runAfterRequest(() -> {
            synchronized (cDStarSession) {
                if (atomicInteger.decrementAndGet() == 0) {
                    cDStarSession.setTimeoutSuspended(false);
                }
            }
        });
    }

    public static CDStarSession createDurableSession(RestContext restContext, boolean z, TransactionInfo.Mode mode, Duration duration) {
        CDStarSession begin = ((RuntimeContext) restContext.getService(RuntimeContext.class)).getClient(getSubject(restContext)).begin(z, mode);
        begin.setTimeout(duration.toMillis());
        return begin;
    }

    public static boolean hasDurableSessionID(RestContext restContext) {
        return getExplicitTransactionID(restContext) != null;
    }

    private static String getExplicitTransactionID(RestContext restContext) {
        String header = restContext.getHeader(HEADER_TRANSACTION);
        if (header == null) {
            header = restContext.getQueryParam(QUERY_TRANSACTION);
        }
        return header;
    }

    public static void commitOrSuspend(RestContext restContext) throws TARollbackException {
        CDStarSession cDStarSession = (CDStarSession) restContext.getAttribute("cdstar.session", CDStarSession.class);
        if (cDStarSession == null) {
            throw new IllegalStateException("No session to commit");
        }
        synchronized (cDStarSession) {
            if (cDStarSession.isClosed()) {
                throw new IllegalStateException("Session already closed.");
            }
            if (getExplicitTransactionID(restContext) != null) {
                return;
            }
            cDStarSession.commit();
        }
    }

    public static Subject getSubject(RestContext restContext) {
        Subject subject = (Subject) restContext.getAttribute("cdstar.subject", Subject.class);
        if (subject != null) {
            return subject;
        }
        Subject createSubject = ((RuntimeContext) restContext.getService(RuntimeContext.class)).createSubject();
        String header = restContext.getHeader(TOKEN_HEADER);
        if (header != null) {
            loginToken(createSubject, header);
        }
        String header2 = restContext.getHeader(AUTHORIZATION_HEADER);
        if (header2 != null) {
            int indexOf = header2.indexOf(32);
            if (indexOf < 0) {
                throw new ErrorResponse(400, "BadRequest", "Invalid authorization header");
            }
            String substring = header2.substring(0, indexOf);
            String substring2 = header2.substring(indexOf + 1);
            if ("BASIC".equalsIgnoreCase(substring)) {
                loginBasic(createSubject, substring2);
            } else if ("BEARER".equalsIgnoreCase(substring) || "TOKEN".equalsIgnoreCase(substring)) {
                loginToken(createSubject, substring2);
            }
        }
        String queryParam = restContext.getQueryParam(TOKEN_PARAMETER);
        if (queryParam != null) {
            loginToken(createSubject, queryParam);
        }
        return createSubject;
    }

    private static void loginToken(Subject subject, String str) {
        if (subject.tryLogin(new TokenCredentials(str))) {
            return;
        }
        log.warn("Login failed: token={}", Utils.repr(str.substring(0, Math.min(str.length(), 5)) + "***"));
        throw new ErrorResponse(401, "Unauthorized", "Invalid or expired token");
    }

    private static void loginBasic(Subject subject, String str) {
        String str2 = new String(Base64.getDecoder().decode(str), Charset.forName("UTF-8"));
        int indexOf = str2.indexOf(58);
        if (indexOf < 0) {
            throw new ErrorResponse(400, "BadRequest", "Invalid authorization header");
        }
        String substring = str2.substring(0, indexOf);
        String str3 = null;
        String substring2 = str2.substring(indexOf + 1);
        int lastIndexOf = substring.lastIndexOf(64);
        if (lastIndexOf > 0 && lastIndexOf < substring.length() - 1 && substring.indexOf(46, lastIndexOf + 1) == -1) {
            str3 = substring.substring(lastIndexOf + 1);
            substring = substring.substring(0, lastIndexOf);
        }
        if (subject.tryLogin(new UsernamePasswordCredentials(substring, str3, substring2.toCharArray()))) {
            return;
        }
        log.warn("Login failed: user={} domain={} password=***", Utils.repr(substring), Utils.repr(str3));
        throw new ErrorResponse(401, "Unauthorized", "Invalid credentials");
    }

    public static boolean isPermitted(RestContext restContext, Permission permission) {
        return getSubject(restContext).isPermitted(permission);
    }

    public static void ensurePermitted(RestContext restContext, Permission permission) {
        if (!isPermitted(restContext, permission)) {
            throw new AccessError(permission);
        }
    }
}
