package org.hyperledger.besu.ethereum.api.jsonrpc.authentication;

import com.google.common.annotations.VisibleForTesting;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpServerResponse;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.jwt.JWTAuth;
import io.vertx.ext.auth.jwt.JWTAuthOptions;
import io.vertx.ext.jwt.JWTOptions;
import io.vertx.ext.web.RoutingContext;
import java.io.File;
import java.util.Optional;
import javax.annotation.Nullable;
import org.hyperledger.besu.ethereum.api.jsonrpc.JsonRpcConfiguration;
import org.hyperledger.besu.ethereum.api.jsonrpc.websocket.WebSocketConfiguration;

/* loaded from: input_file:org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationService.class */
public class AuthenticationService {
    private final JWTAuth jwtAuthProvider;

    @VisibleForTesting
    public final JWTAuthOptions jwtAuthOptions;
    private final Optional<AuthProvider> credentialAuthProvider;
    private static final JWTAuthOptionsFactory jwtAuthOptionsFactory = new JWTAuthOptionsFactory();

    private AuthenticationService(JWTAuth jWTAuth, JWTAuthOptions jWTAuthOptions, Optional<AuthProvider> optional) {
        this.jwtAuthProvider = jWTAuth;
        this.jwtAuthOptions = jWTAuthOptions;
        this.credentialAuthProvider = optional;
    }

    public static Optional<AuthenticationService> create(Vertx vertx, JsonRpcConfiguration jsonRpcConfiguration) {
        return create(vertx, jsonRpcConfiguration.isAuthenticationEnabled(), jsonRpcConfiguration.getAuthenticationCredentialsFile(), jsonRpcConfiguration.getAuthenticationPublicKeyFile());
    }

    public static Optional<AuthenticationService> create(Vertx vertx, WebSocketConfiguration webSocketConfiguration) {
        return create(vertx, webSocketConfiguration.isAuthenticationEnabled(), webSocketConfiguration.getAuthenticationCredentialsFile(), webSocketConfiguration.getAuthenticationPublicKeyFile());
    }

    private static Optional<AuthenticationService> create(Vertx vertx, boolean z, String str, File file) {
        if (!z && str == null && file == null) {
            return Optional.empty();
        }
        JWTAuthOptions createWithGeneratedKeyPair = file == null ? jwtAuthOptionsFactory.createWithGeneratedKeyPair() : jwtAuthOptionsFactory.createForExternalPublicKey(file);
        return Optional.of(new AuthenticationService(JWTAuth.create(vertx, createWithGeneratedKeyPair), createWithGeneratedKeyPair, makeCredentialAuthProvider(vertx, z, str)));
    }

    private static Optional<AuthProvider> makeCredentialAuthProvider(Vertx vertx, boolean z, @Nullable String str) {
        return (!z || str == null) ? Optional.empty() : Optional.of(new TomlAuthOptions().setTomlPath(str).createProvider(vertx));
    }

    public static void handleDisabledLogin(RoutingContext routingContext) {
        routingContext.response().setStatusCode(HttpResponseStatus.BAD_REQUEST.code()).setStatusMessage("Authentication not enabled").end();
    }

    public void handleLogin(RoutingContext routingContext) {
        if (this.credentialAuthProvider.isPresent()) {
            login(routingContext, this.credentialAuthProvider.get());
        } else {
            handleDisabledLogin(routingContext);
        }
    }

    private void login(RoutingContext routingContext, AuthProvider authProvider) {
        JsonObject bodyAsJson = routingContext.getBodyAsJson();
        if (bodyAsJson == null) {
            routingContext.response().setStatusCode(HttpResponseStatus.BAD_REQUEST.code()).setStatusMessage(HttpResponseStatus.BAD_REQUEST.reasonPhrase()).end();
            return;
        }
        JsonObject jsonObject = new JsonObject();
        jsonObject.put("username", bodyAsJson.getValue("username"));
        jsonObject.put("password", bodyAsJson.getValue("password"));
        authProvider.authenticate(jsonObject, asyncResult -> {
            if (asyncResult.failed()) {
                routingContext.response().setStatusCode(HttpResponseStatus.UNAUTHORIZED.code()).setStatusMessage(HttpResponseStatus.UNAUTHORIZED.reasonPhrase()).end();
                return;
            }
            User user = (User) asyncResult.result();
            JWTOptions algorithm = new JWTOptions().setExpiresInMinutes(5).setAlgorithm("RS256");
            JsonObject put = new JsonObject().put("permissions", user.principal().getValue("permissions")).put("username", user.principal().getValue("username"));
            String string = user.principal().getString(TomlAuth.PRIVACY_PUBLIC_KEY);
            if (string != null) {
                put.put(TomlAuth.PRIVACY_PUBLIC_KEY, string);
            }
            JsonObject put2 = new JsonObject().put("token", this.jwtAuthProvider.generateToken(put, algorithm));
            HttpServerResponse response = routingContext.response();
            response.setStatusCode(200);
            response.putHeader("Content-Type", "application/json");
            response.end(put2.encode());
        });
    }

    public JWTAuth getJwtAuthProvider() {
        return this.jwtAuthProvider;
    }
}
