package keywhiz.service.resources;

import com.google.common.collect.ImmutableList;
import com.google.inject.Inject;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.basic.BasicCredentials;
import io.dropwizard.java8.auth.Authenticator;
import java.net.URI;
import java.time.ZonedDateTime;
import java.util.Optional;
import javax.validation.Valid;
import javax.ws.rs.Consumes;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import keywhiz.api.LoginRequest;
import keywhiz.auth.User;
import keywhiz.auth.cookie.AuthenticatedEncryptedCookieFactory;
import keywhiz.auth.xsrf.XsrfProtection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/admin/login")
/* loaded from: input_file:keywhiz/service/resources/SessionLoginResource.class */
public class SessionLoginResource {
    private final Logger logger = LoggerFactory.getLogger(SessionLoginResource.class);
    private final Authenticator<BasicCredentials, User> userAuthenticator;
    private final AuthenticatedEncryptedCookieFactory cookieFactory;
    private final XsrfProtection xsrfProtection;

    @Inject
    public SessionLoginResource(Authenticator<BasicCredentials, User> authenticator, AuthenticatedEncryptedCookieFactory authenticatedEncryptedCookieFactory, XsrfProtection xsrfProtection) {
        this.userAuthenticator = authenticator;
        this.cookieFactory = authenticatedEncryptedCookieFactory;
        this.xsrfProtection = xsrfProtection;
    }

    @POST
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public Response login(@Valid LoginRequest loginRequest) {
        String str = loginRequest.username;
        String str2 = loginRequest.password;
        Optional empty = Optional.empty();
        try {
            empty = this.userAuthenticator.authenticate(new BasicCredentials(str, str2));
        } catch (AuthenticationException e) {
            this.logger.warn("User authenticator threw something weird.", e);
        }
        if (!empty.isPresent()) {
            this.logger.warn("User authentication failed at login for {}", str);
            throw new NotAuthorizedException("", new Object[0]);
        }
        this.logger.info("User logged in: {}", str);
        Response.ResponseBuilder cacheControl = Response.seeOther(URI.create("/ui/index.html")).cacheControl(CacheControl.valueOf("no-cache"));
        ImmutableList<NewCookie> cookiesForUser = cookiesForUser((User) empty.get());
        cacheControl.getClass();
        cookiesForUser.forEach(newCookie -> {
            cacheControl.cookie(new NewCookie[]{newCookie});
        });
        return cacheControl.build();
    }

    public ImmutableList<NewCookie> cookiesForUser(User user) {
        ZonedDateTime plusMinutes = ZonedDateTime.now().plusMinutes(15L);
        String session = this.cookieFactory.getSession(user, plusMinutes);
        return ImmutableList.of(this.cookieFactory.cookieFor(session, plusMinutes), this.xsrfProtection.generate(session));
    }
}
