package com.caucho.hemp.servlet;

import com.caucho.bam.ActorError;
import com.caucho.bam.ActorStream;
import com.caucho.bam.QueryGet;
import com.caucho.bam.QuerySet;
import com.caucho.bam.SimpleActor;
import com.caucho.bam.hmtp.AuthQuery;
import com.caucho.bam.hmtp.AuthResult;
import com.caucho.bam.hmtp.EncryptedObject;
import com.caucho.bam.hmtp.GetPublicKeyQuery;
import com.caucho.bam.hmtp.SelfEncryptedCredentials;
import com.caucho.security.SecurityException;
import com.caucho.security.SelfEncryptedCookie;
import com.caucho.server.cluster.Server;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/caucho/hemp/servlet/ServerLinkService.class */
public class ServerLinkService extends SimpleActor {
    private static final Logger log = Logger.getLogger(ServerLinkService.class.getName());
    private ServerLinkManager _linkManager;
    private ServerFromLinkStream _manager;
    private boolean _isRequireEncryptedPassword = true;

    public ServerLinkService(ServerFromLinkStream serverFromLinkStream, ActorStream actorStream, ServerLinkManager serverLinkManager) {
        this._manager = serverFromLinkStream;
        this._linkManager = serverLinkManager;
        setBrokerStream(actorStream);
    }

    @QueryGet
    public void getPublicKey(long j, String str, String str2, GetPublicKeyQuery getPublicKeyQuery) {
        getBrokerStream().queryResult(j, str2, str, this._linkManager.getPublicKey());
    }

    @QuerySet
    public void authLogin(long j, String str, String str2, LoginQuery loginQuery) {
        login(j, str, str2, loginQuery.getAuth(), loginQuery.getAddress());
    }

    @QuerySet
    public void authLogin(long j, String str, String str2, AuthQuery authQuery) {
        login(j, str, str2, authQuery, null);
    }

    private boolean login(long j, String str, String str2, AuthQuery authQuery, String str3) {
        Object credentials = authQuery.getCredentials();
        if (credentials instanceof EncryptedObject) {
            EncryptedObject encryptedObject = (EncryptedObject) credentials;
            credentials = this._linkManager.decrypt(this._linkManager.decryptKey(encryptedObject.getKeyAlgorithm(), encryptedObject.getEncKey()), encryptedObject.getEncData());
        } else if (credentials instanceof SelfEncryptedCredentials) {
            try {
                byte[] encData = ((SelfEncryptedCredentials) credentials).getEncData();
                String adminCookie = Server.getCurrent().getAdminCookie();
                credentials = adminCookie != null ? SelfEncryptedCookie.decrypt(adminCookie, encData) : null;
            } catch (SecurityException e) {
                log.log(Level.FINE, e.toString(), (Throwable) e);
                getBrokerStream().queryError(j, str2, str, authQuery, new ActorError(ActorError.TYPE_AUTH, ActorError.FORBIDDEN, e.getMessage()));
                return true;
            }
        } else if (this._isRequireEncryptedPassword) {
            getBrokerStream().queryError(j, str2, str, authQuery, new ActorError(ActorError.TYPE_AUTH, ActorError.FORBIDDEN, "passwords must be encrypted"));
            return true;
        }
        String login = this._manager.login(authQuery.getUid(), credentials, authQuery.getResource(), str3);
        if (login != null) {
            getBrokerStream().queryResult(j, str2, str, new AuthResult(login));
            return true;
        }
        getBrokerStream().queryError(j, str2, str, authQuery, new ActorError(ActorError.TYPE_AUTH, ActorError.FORBIDDEN));
        return true;
    }
}
