package _ss_com.streamsets.lib.security.http;

import _ss_com.com.google.common.annotations.VisibleForTesting;
import _ss_com.com.google.common.collect.ImmutableMap;
import _ss_com.streamsets.pipeline.lib.parser.log.Constants;
import com.streamsets.pipeline.api.impl.Utils;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;

/* loaded from: input_file:_ss_com/streamsets/lib/security/http/AuthenticationResourceHandler.class */
public class AuthenticationResourceHandler {
    static final Map AUTHENTICATION_OK = ImmutableMap.of(Constants.MESSAGE, "Authentication succeeded");
    static final Map AUTHENTICATION_FAILED = ImmutableMap.of(Constants.MESSAGE, "Authentication failed");
    private final Authentication authentication;
    private final boolean secureLoadBalancer;

    public AuthenticationResourceHandler(Authentication authentication, boolean z) {
        this.authentication = authentication;
        this.secureLoadBalancer = z;
    }

    @VisibleForTesting
    long getTimeNow() {
        return System.currentTimeMillis();
    }

    NewCookie createLoginCookie(HttpServletRequest httpServletRequest, SSOPrincipal sSOPrincipal) {
        return new NewCookie(HttpUtils.getLoginCookieName(), sSOPrincipal.getTokenStr(), "/", null, null, sSOPrincipal.getExpires() <= -1 ? -1 : (int) ((sSOPrincipal.getExpires() - getTimeNow()) / 1000), httpServletRequest.isSecure() || this.secureLoadBalancer);
    }

    public Response login(HttpServletRequest httpServletRequest, LoginJson loginJson) {
        Response build;
        Utils.checkNotNull(loginJson, "login");
        SSOPrincipal validateUserCredentials = this.authentication.validateUserCredentials(loginJson.getUserName(), loginJson.getPassword(), HttpUtils.getClientIpAddress(httpServletRequest));
        if (validateUserCredentials == null) {
            build = Response.status(Response.Status.FORBIDDEN).entity(AUTHENTICATION_FAILED).build();
        } else {
            build = Response.ok().header(SSOConstants.X_USER_AUTH_TOKEN, validateUserCredentials.getTokenStr()).entity(AUTHENTICATION_OK).cookie(createLoginCookie(httpServletRequest, validateUserCredentials)).build();
            this.authentication.registerSession(validateUserCredentials);
        }
        return build;
    }
}
