package org.apache.rocketmq.auth.authentication.chain;

import java.security.MessageDigest;
import java.util.concurrent.CompletableFuture;
import java.util.function.Supplier;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.acl.common.AclSigner;
import org.apache.rocketmq.auth.authentication.context.DefaultAuthenticationContext;
import org.apache.rocketmq.auth.authentication.enums.UserStatus;
import org.apache.rocketmq.auth.authentication.exception.AuthenticationException;
import org.apache.rocketmq.auth.authentication.factory.AuthenticationFactory;
import org.apache.rocketmq.auth.authentication.model.User;
import org.apache.rocketmq.auth.authentication.provider.AuthenticationMetadataProvider;
import org.apache.rocketmq.auth.config.AuthConfig;
import org.apache.rocketmq.common.chain.Handler;
import org.apache.rocketmq.common.chain.HandlerChain;

/* loaded from: input_file:org/apache/rocketmq/auth/authentication/chain/DefaultAuthenticationHandler.class */
public class DefaultAuthenticationHandler implements Handler<DefaultAuthenticationContext, CompletableFuture<Void>> {
    private final AuthenticationMetadataProvider authenticationMetadataProvider;

    public DefaultAuthenticationHandler(AuthConfig authConfig, Supplier<?> supplier) {
        this.authenticationMetadataProvider = AuthenticationFactory.getMetadataProvider(authConfig, supplier);
    }

    public CompletableFuture<Void> handle(DefaultAuthenticationContext defaultAuthenticationContext, HandlerChain<DefaultAuthenticationContext, CompletableFuture<Void>> handlerChain) {
        return getUser(defaultAuthenticationContext).thenAccept(user -> {
            doAuthenticate(defaultAuthenticationContext, user);
        });
    }

    protected CompletableFuture<User> getUser(DefaultAuthenticationContext defaultAuthenticationContext) {
        if (this.authenticationMetadataProvider == null) {
            throw new AuthenticationException("The authenticationMetadataProvider is not configured");
        }
        if (StringUtils.isEmpty(defaultAuthenticationContext.getUsername())) {
            throw new AuthenticationException("username cannot be null.");
        }
        return this.authenticationMetadataProvider.getUser(defaultAuthenticationContext.getUsername());
    }

    protected void doAuthenticate(DefaultAuthenticationContext defaultAuthenticationContext, User user) {
        if (user == null) {
            throw new AuthenticationException("User:{} is not found.", defaultAuthenticationContext.getUsername());
        }
        if (user.getUserStatus() == UserStatus.DISABLE) {
            throw new AuthenticationException("User:{} is disabled.", defaultAuthenticationContext.getUsername());
        }
        String calSignature = AclSigner.calSignature(defaultAuthenticationContext.getContent(), user.getPassword());
        if (defaultAuthenticationContext.getSignature() == null || !MessageDigest.isEqual(calSignature.getBytes(AclSigner.DEFAULT_CHARSET), defaultAuthenticationContext.getSignature().getBytes(AclSigner.DEFAULT_CHARSET))) {
            throw new AuthenticationException("check signature failed.");
        }
    }

    public /* bridge */ /* synthetic */ Object handle(Object obj, HandlerChain handlerChain) {
        return handle((DefaultAuthenticationContext) obj, (HandlerChain<DefaultAuthenticationContext, CompletableFuture<Void>>) handlerChain);
    }
}
