package ru.quadcom.dbtool.authactions;

import com.google.common.base.Strings;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.typesafe.config.Config;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import play.mvc.Action;
import play.mvc.Http;
import play.mvc.Result;
import ru.quadcom.dbtool.AbstractBaseController;
import ru.quadcom.prototool.gateway.ILoggerService;

/* loaded from: input_file:ru/quadcom/dbtool/authactions/AuthorizeWithPasswordAction.class */
public class AuthorizeWithPasswordAction extends Action<AuthorizeWithPassword> {

    @Inject
    private static Config config;

    @Inject
    private static ILoggerService loggerService;
    private static final String PARAM_SIGNATURE = "signature";
    private static final String PARAM_TIMESTAMP = "timestamp";

    public CompletionStage<Result> call(Http.Context context) {
        Map<String, String> paramsMap = getParamsMap(context);
        if (!isValidSignature(paramsMap)) {
            return CompletableFuture.completedFuture(badRequest("Wrong signature"));
        }
        if (!isValidTimestamp(paramsMap)) {
            return CompletableFuture.completedFuture(badRequest("Expired timestamp"));
        }
        CompletionStage<Result> call = this.delegate.call(context);
        call.whenCompleteAsync((result, th) -> {
            if (th == null && ((AuthorizeWithPassword) this.configuration).log()) {
                String str = (String) paramsMap.remove("accountId");
                String str2 = (String) paramsMap.remove("profileId");
                paramsMap.remove(PARAM_SIGNATURE);
                loggerService.addCustomEvent(Strings.isNullOrEmpty(str) ? 0L : Long.parseLong(str), Strings.isNullOrEmpty(str2) ? 0L : Long.parseLong(str2), "Admin#" + ((AuthorizeWithPassword) this.configuration).name(), paramsMap);
            }
        });
        return call;
    }

    private static Map<String, String> getParamsMap(Http.Context context) {
        Map<String, String[]> requestParameters = AbstractBaseController.getRequestParameters(context.request());
        HashMap newHashMap = Maps.newHashMap();
        for (Map.Entry<String, String[]> entry : requestParameters.entrySet()) {
            String[] value = entry.getValue();
            newHashMap.put(entry.getKey(), (value == null || value.length == 0) ? "" : value[0]);
        }
        return newHashMap;
    }

    private static boolean isValidSignature(Map<String, String> map) {
        String str = map.get(PARAM_SIGNATURE);
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        ArrayList<String> arrayList = new ArrayList(map.keySet());
        arrayList.remove(PARAM_SIGNATURE);
        Collections.sort(arrayList);
        StringBuilder sb = new StringBuilder(128);
        for (String str2 : arrayList) {
            sb.append(str2).append('=').append(map.get(str2));
        }
        sb.append(config.getString("configuration.secret"));
        return MD5.Do(sb.toString()).equals(str);
    }

    private static boolean isValidTimestamp(Map<String, String> map) {
        String str = map.get(PARAM_TIMESTAMP);
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        try {
            return Math.abs(Long.parseLong(str) - (System.currentTimeMillis() / 1000)) <= 3600;
        } catch (NumberFormatException e) {
            return false;
        }
    }
}
