package org.restheart.security.authenticators;

import io.undertow.server.handlers.CookieImpl;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Base64;
import java.util.Date;
import java.util.Map;
import org.restheart.exchange.ServiceRequest;
import org.restheart.exchange.ServiceResponse;
import org.restheart.plugins.Inject;
import org.restheart.plugins.InterceptPoint;
import org.restheart.plugins.OnInit;
import org.restheart.plugins.PluginsRegistry;
import org.restheart.plugins.RegisterPlugin;
import org.restheart.plugins.WildcardInterceptor;
import org.restheart.security.mechanisms.JwtAuthenticationMechanism;

@RegisterPlugin(name = "authCookieSetter", description = "sets the auth cookie if the URL contains the qparam ?set-auth-cookie", interceptPoint = InterceptPoint.RESPONSE)
/* loaded from: input_file:org/restheart/security/authenticators/AuthCookieSetter.class */
public class AuthCookieSetter implements WildcardInterceptor {

    @Inject("config")
    private Map<String, Object> config;

    @Inject("registry")
    PluginsRegistry pluginsRegistry;
    private boolean enabled = true;
    private boolean jwtAuthWithJwtAuthMechanism = false;
    private String name;
    private String domain;
    private String path;
    private boolean secure;
    private boolean httpOnly;
    private boolean sameSite;
    private String sameSiteMode;
    private int secondsUntilExpiration;

    @OnInit
    public void init() {
        this.enabled = AuthCookieHandler.enabled(this.pluginsRegistry, true);
        this.jwtAuthWithJwtAuthMechanism = this.pluginsRegistry.getTokenManager() != null && "jwtTokenManager".equals(this.pluginsRegistry.getTokenManager().getName()) && this.pluginsRegistry.getAuthMechanisms().stream().map(pluginRecord -> {
            return pluginRecord.getName();
        }).anyMatch(str -> {
            return "jwtAuthenticationMechanism".equals(str);
        });
        this.name = (String) argOrDefault(this.config, "name", "rh_auth");
        this.secure = ((Boolean) argOrDefault(this.config, "secure", true)).booleanValue();
        this.domain = (String) argOrDefault(this.config, "domain", "localhost");
        this.path = (String) argOrDefault(this.config, "path", "/");
        this.httpOnly = ((Boolean) argOrDefault(this.config, "http-only", true)).booleanValue();
        this.sameSite = ((Boolean) argOrDefault(this.config, "same-site", true)).booleanValue();
        this.sameSiteMode = (String) argOrDefault(this.config, "same-site-mode", "strict");
        this.secondsUntilExpiration = ((Integer) argOrDefault(this.config, "expires-ttl", 86400)).intValue();
    }

    public void handle(ServiceRequest<?> serviceRequest, ServiceResponse<?> serviceResponse) throws Exception {
        String header = serviceResponse.getHeader("Auth-Token");
        String concat = this.jwtAuthWithJwtAuthMechanism ? JwtAuthenticationMechanism.JWT_AUTH_HEADER_PREFIX.concat(header) : "Basic ".concat(Base64.getEncoder().encodeToString((serviceRequest.getAuthenticatedAccount().getPrincipal().getName() + ":" + header).getBytes()));
        if (concat != null) {
            serviceResponse.getExchange().setResponseCookie(new CookieImpl(this.name, concat).setSecure(this.secure).setHttpOnly(this.httpOnly).setDomain(this.domain).setPath(this.path).setSameSite(this.sameSite).setSameSiteMode(this.sameSiteMode).setExpires(Date.from(LocalDateTime.now().plusSeconds(this.secondsUntilExpiration).toInstant(ZoneOffset.UTC))));
        }
    }

    public boolean resolve(ServiceRequest<?> serviceRequest, ServiceResponse<?> serviceResponse) {
        return this.enabled && !serviceRequest.isOptions() && serviceRequest.isAuthenticated() && serviceRequest.getQueryParameters().containsKey("set-auth-cookie") && serviceResponse.getHeader("Auth-Token") != null;
    }
}
