package io.gardenerframework.camellia.authentication.server.main.mfa.utils;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import feign.FeignException;
import io.gardenerframework.camellia.authentication.common.client.schema.RequestingClient;
import io.gardenerframework.camellia.authentication.infra.challenge.core.ChallengeAuthenticatorNameProvider;
import io.gardenerframework.camellia.authentication.infra.challenge.core.Scenario;
import io.gardenerframework.camellia.authentication.infra.challenge.core.annotation.ChallengeAuthenticator;
import io.gardenerframework.camellia.authentication.infra.challenge.core.exception.ChallengeInCooldownException;
import io.gardenerframework.camellia.authentication.infra.challenge.core.exception.ChallengeResponseServiceException;
import io.gardenerframework.camellia.authentication.infra.challenge.core.schema.Challenge;
import io.gardenerframework.camellia.authentication.infra.challenge.core.schema.ChallengeContext;
import io.gardenerframework.camellia.authentication.infra.challenge.core.schema.ChallengeRequest;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.client.MfaClient;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.exception.MfaAuthenticatorNotReadyException;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.request.CloseChallengeRequest;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.request.SendChallengeRequest;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.request.VerifyResponseRequest;
import io.gardenerframework.camellia.authentication.server.common.annotation.AuthenticationServerEngineComponent;
import io.gardenerframework.camellia.authentication.server.main.mfa.challenge.AuthenticationServerMfaAuthenticator;
import io.gardenerframework.fragrans.api.standard.schema.ApiError;
import io.gardenerframework.fragrans.log.GenericBasicLogger;
import io.gardenerframework.fragrans.log.common.schema.reason.AlreadyExisted;
import io.gardenerframework.fragrans.log.schema.content.GenericBasicLogContent;
import io.gardenerframework.fragrans.log.schema.details.Detail;
import java.nio.ByteBuffer;
import java.time.Duration;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.cglib.proxy.Enhancer;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.lang.Nullable;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

@AuthenticationServerEngineComponent
@ConditionalOnClass({MfaClient.class})
/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/mfa/utils/MfaClientAuthenticationServerMfaAuthenticatorRegistry.class */
public class MfaClientAuthenticationServerMfaAuthenticatorRegistry implements AuthenticationServerMfaAuthenticatorRegistry, InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(MfaClientAuthenticationServerMfaAuthenticatorRegistry.class);
    private final GenericBasicLogger basicLogger;
    private final ObjectMapper objectMapper;
    private final Collection<MfaClient<? extends Challenge>> clients;
    private final Map<String, MfaClient<? extends Challenge>> knownRemoteAuthenticatorClientMappings = new HashMap();

    /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/mfa/utils/MfaClientAuthenticationServerMfaAuthenticatorRegistry$AuthenticationServerMfaAuthenticatorAdapter.class */
    private class AuthenticationServerMfaAuthenticatorAdapter implements AuthenticationServerMfaAuthenticator<ChallengeRequest, Challenge, ChallengeContext> {
        private final MfaClient<? extends Challenge> mfaAuthenticationClient;
        private final String authenticatorName;

        public Challenge sendChallenge(@Nullable RequestingClient requestingClient, @NonNull Class<? extends Scenario> cls, @NonNull ChallengeRequest challengeRequest) throws ChallengeResponseServiceException, ChallengeInCooldownException {
            if (cls == null) {
                throw new NullPointerException("scenario is marked non-null but is null");
            }
            if (challengeRequest == null) {
                throw new NullPointerException("request is marked non-null but is null");
            }
            try {
                Challenge sendChallenge = this.mfaAuthenticationClient.sendChallenge(this.authenticatorName, new SendChallengeRequest((Map) MfaClientAuthenticationServerMfaAuthenticatorRegistry.this.objectMapper.convertValue(challengeRequest, new TypeReference<Map<String, Object>>() { // from class: io.gardenerframework.camellia.authentication.server.main.mfa.utils.MfaClientAuthenticationServerMfaAuthenticatorRegistry.AuthenticationServerMfaAuthenticatorAdapter.1
                }), requestingClient == null ? null : (Map) MfaClientAuthenticationServerMfaAuthenticatorRegistry.this.objectMapper.convertValue(requestingClient, new TypeReference<Map<String, Object>>() { // from class: io.gardenerframework.camellia.authentication.server.main.mfa.utils.MfaClientAuthenticationServerMfaAuthenticatorRegistry.AuthenticationServerMfaAuthenticatorAdapter.2
                }), cls.getName()));
                if (!(sendChallenge instanceof ChallengeAuthenticatorNameProvider)) {
                    sendChallenge = injectAuthenticatorName(sendChallenge, this.authenticatorName);
                }
                return sendChallenge;
            } catch (Exception e) {
                throw new ChallengeResponseServiceException(e);
            } catch (FeignException.TooManyRequests e2) {
                ChallengeInCooldownException challengeInCooldownException = null;
                try {
                    ApiError apiError = (ApiError) MfaClientAuthenticationServerMfaAuthenticatorRegistry.this.objectMapper.readValue(((ByteBuffer) e2.responseBody().get()).array(), ApiError.class);
                    if (MfaAuthenticatorNotReadyException.class.getCanonicalName().equals(apiError.getError())) {
                        apiError.getDetails().get("timeRemaining");
                        challengeInCooldownException = new ChallengeInCooldownException((Duration) MfaClientAuthenticationServerMfaAuthenticatorRegistry.this.objectMapper.convertValue(apiError.getDetails().get("timeRemaining"), Duration.class));
                    }
                    if (challengeInCooldownException != null) {
                        throw challengeInCooldownException;
                    }
                    throw new ChallengeResponseServiceException(e2);
                } catch (Exception e3) {
                    throw new ChallengeResponseServiceException(e2);
                }
            }
        }

        private Challenge injectAuthenticatorName(@NonNull Challenge challenge, @NonNull String str) {
            if (challenge == null) {
                throw new NullPointerException("challenge is marked non-null but is null");
            }
            if (str == null) {
                throw new NullPointerException("authenticator is marked non-null but is null");
            }
            Enhancer enhancer = new Enhancer();
            enhancer.setSuperclass(challenge.getClass());
            enhancer.setInterfaces(new Class[]{ChallengeAuthenticatorNameProvider.class});
            enhancer.setCallback((obj, method, objArr, methodProxy) -> {
                try {
                    ChallengeAuthenticatorNameProvider.class.getDeclaredMethod(method.getName(), method.getParameterTypes());
                    return str;
                } catch (NoSuchMethodException e) {
                    return method.invoke(challenge, objArr);
                }
            });
            return (Challenge) enhancer.create();
        }

        public boolean verifyResponse(@Nullable RequestingClient requestingClient, @NonNull Class<? extends Scenario> cls, @NonNull String str, @NonNull String str2) throws ChallengeResponseServiceException {
            if (cls == null) {
                throw new NullPointerException("scenario is marked non-null but is null");
            }
            if (str == null) {
                throw new NullPointerException("challengeId is marked non-null but is null");
            }
            if (str2 == null) {
                throw new NullPointerException("response is marked non-null but is null");
            }
            try {
                return this.mfaAuthenticationClient.verifyResponse(this.authenticatorName, new VerifyResponseRequest(requestingClient == null ? null : (Map) MfaClientAuthenticationServerMfaAuthenticatorRegistry.this.objectMapper.convertValue(requestingClient, new TypeReference<Map<String, Object>>() { // from class: io.gardenerframework.camellia.authentication.server.main.mfa.utils.MfaClientAuthenticationServerMfaAuthenticatorRegistry.AuthenticationServerMfaAuthenticatorAdapter.3
                }), cls.getName(), str, str2)).isVerified();
            } catch (Exception e) {
                throw new ChallengeResponseServiceException(e);
            }
        }

        @Nullable
        public ChallengeContext getContext(@Nullable RequestingClient requestingClient, @NonNull Class<? extends Scenario> cls, @NonNull String str) throws ChallengeResponseServiceException {
            if (cls == null) {
                throw new NullPointerException("scenario is marked non-null but is null");
            }
            if (str == null) {
                throw new NullPointerException("challengeId is marked non-null but is null");
            }
            return null;
        }

        public void closeChallenge(@Nullable RequestingClient requestingClient, @NonNull Class<? extends Scenario> cls, @NonNull String str) throws ChallengeResponseServiceException {
            if (cls == null) {
                throw new NullPointerException("scenario is marked non-null but is null");
            }
            if (str == null) {
                throw new NullPointerException("challengeId is marked non-null but is null");
            }
            try {
                this.mfaAuthenticationClient.closeChallenge(this.authenticatorName, new CloseChallengeRequest(requestingClient == null ? null : (Map) MfaClientAuthenticationServerMfaAuthenticatorRegistry.this.objectMapper.convertValue(requestingClient, new TypeReference<Map<String, Object>>() { // from class: io.gardenerframework.camellia.authentication.server.main.mfa.utils.MfaClientAuthenticationServerMfaAuthenticatorRegistry.AuthenticationServerMfaAuthenticatorAdapter.4
                }), cls.getName(), str));
            } catch (Exception e) {
                throw new ChallengeResponseServiceException(e);
            }
        }

        public AuthenticationServerMfaAuthenticatorAdapter(MfaClient<? extends Challenge> mfaClient, String str) {
            this.mfaAuthenticationClient = mfaClient;
            this.authenticatorName = str;
        }
    }

    @Nullable
    private String parseName(MfaClient<? extends Challenge> mfaClient) {
        if (mfaClient instanceof ChallengeAuthenticatorNameProvider) {
            return ((ChallengeAuthenticatorNameProvider) mfaClient).getChallengeAuthenticatorName();
        }
        ChallengeAuthenticator findAnnotation = AnnotationUtils.findAnnotation(mfaClient.getClass(), ChallengeAuthenticator.class);
        if (findAnnotation == null) {
            return null;
        }
        return findAnnotation.value();
    }

    @Nullable
    public <R extends ChallengeRequest, C extends Challenge, X extends ChallengeContext> AuthenticationServerMfaAuthenticator<R, C, X> getAuthenticator(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("name is marked non-null but is null");
        }
        MfaClient<? extends Challenge> mfaClient = this.knownRemoteAuthenticatorClientMappings.get(str);
        if (mfaClient == null) {
            return null;
        }
        return new AuthenticationServerMfaAuthenticatorAdapter(mfaClient, str);
    }

    public void afterPropertiesSet() throws Exception {
        if (CollectionUtils.isEmpty(this.clients)) {
            return;
        }
        for (final MfaClient<? extends Challenge> mfaClient : this.clients) {
            final String parseName = parseName(mfaClient);
            if (StringUtils.hasText(parseName)) {
                if (this.knownRemoteAuthenticatorClientMappings.get(parseName) != null) {
                    this.basicLogger.error(log, GenericBasicLogContent.builder().what(MfaClient.class).how(new AlreadyExisted()).detail(new Detail() { // from class: io.gardenerframework.camellia.authentication.server.main.mfa.utils.MfaClientAuthenticationServerMfaAuthenticatorRegistry.1
                        private final String clientClass;
                        private final String authenticator;

                        {
                            this.clientClass = mfaClient.getClass().getCanonicalName();
                            this.authenticator = parseName;
                        }
                    }).build(), (Throwable) null);
                    throw new IllegalStateException("fail to start due to duplicated challenge authenticator client name");
                }
                this.knownRemoteAuthenticatorClientMappings.put(parseName, mfaClient);
            }
        }
    }

    public MfaClientAuthenticationServerMfaAuthenticatorRegistry(GenericBasicLogger genericBasicLogger, ObjectMapper objectMapper, Collection<MfaClient<? extends Challenge>> collection) {
        this.basicLogger = genericBasicLogger;
        this.objectMapper = objectMapper;
        this.clients = collection;
    }
}
