package io.quarkus.vertx.http.runtime.security;

import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AnonymousAuthenticationRequest;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.groups.UniCreate;
import io.vertx.ext.web.RoutingContext;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import javax.enterprise.inject.Instance;
import javax.inject.Singleton;
import org.jboss.logging.Logger;

@Singleton
/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/HttpAuthenticator.class */
public class HttpAuthenticator {
    private static final Logger log = Logger.getLogger((Class<?>) HttpAuthenticator.class);
    private final IdentityProviderManager identityProviderManager;
    private final Instance<PathMatchingHttpSecurityPolicy> pathMatchingPolicy;
    private final HttpAuthenticationMechanism[] mechanisms;

    /* loaded from: input_file:io/quarkus/vertx/http/runtime/security/HttpAuthenticator$NoAuthenticationMechanism.class */
    static class NoAuthenticationMechanism implements HttpAuthenticationMechanism {
        NoAuthenticationMechanism() {
        }

        @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
        public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
            return Uni.createFrom().optional(Optional.empty());
        }

        @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
        public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
            return Uni.createFrom().item((UniCreate) new ChallengeData(HttpResponseStatus.FORBIDDEN.code(), null, null));
        }

        @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
        public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
            return Collections.singleton(AnonymousAuthenticationRequest.class);
        }

        @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
        public HttpCredentialTransport getCredentialTransport() {
            return null;
        }
    }

    /* loaded from: input_file:io/quarkus/vertx/http/runtime/security/HttpAuthenticator$NoopCloseTask.class */
    static class NoopCloseTask implements Runnable {
        static final NoopCloseTask INSTANCE = new NoopCloseTask();

        NoopCloseTask() {
        }

        @Override // java.lang.Runnable
        public void run() {
        }
    }

    public HttpAuthenticator(IdentityProviderManager identityProviderManager, Instance<PathMatchingHttpSecurityPolicy> instance, Instance<HttpAuthenticationMechanism> instance2, Instance<IdentityProvider<?>> instance3) {
        this.identityProviderManager = identityProviderManager;
        this.pathMatchingPolicy = instance;
        ArrayList arrayList = new ArrayList();
        for (HttpAuthenticationMechanism httpAuthenticationMechanism : instance2) {
            boolean z = false;
            for (Class<? extends AuthenticationRequest> cls : httpAuthenticationMechanism.getCredentialTypes()) {
                Iterator<IdentityProvider<?>> it = instance3.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (it.next().getRequestType().equals(cls)) {
                            z = true;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (z) {
                    break;
                }
            }
            if (z || httpAuthenticationMechanism.getCredentialTypes().isEmpty()) {
                arrayList.add(httpAuthenticationMechanism);
            }
        }
        if (arrayList.isEmpty()) {
            this.mechanisms = new HttpAuthenticationMechanism[]{new NoAuthenticationMechanism()};
        } else {
            arrayList.sort(new Comparator<HttpAuthenticationMechanism>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthenticator.1
                @Override // java.util.Comparator
                public int compare(HttpAuthenticationMechanism httpAuthenticationMechanism2, HttpAuthenticationMechanism httpAuthenticationMechanism3) {
                    return Integer.compare(httpAuthenticationMechanism3.getPriority(), httpAuthenticationMechanism2.getPriority());
                }
            });
            this.mechanisms = (HttpAuthenticationMechanism[]) arrayList.toArray(new HttpAuthenticationMechanism[arrayList.size()]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentityProviderManager getIdentityProviderManager() {
        return this.identityProviderManager;
    }

    public Uni<SecurityIdentity> attemptAuthentication(final RoutingContext routingContext) {
        final String authMechanismName = this.pathMatchingPolicy.isResolvable() ? this.pathMatchingPolicy.get().getAuthMechanismName(routingContext) : null;
        Uni<HttpAuthenticationMechanism> findBestCandidateMechanism = findBestCandidateMechanism(routingContext, authMechanismName);
        return findBestCandidateMechanism == null ? createSecurityIdentity(routingContext) : findBestCandidateMechanism.onItem().transformToUni(new Function<HttpAuthenticationMechanism, Uni<? extends SecurityIdentity>>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthenticator.2
            @Override // java.util.function.Function
            public Uni<SecurityIdentity> apply(HttpAuthenticationMechanism httpAuthenticationMechanism) {
                return httpAuthenticationMechanism != null ? httpAuthenticationMechanism.authenticate(routingContext, HttpAuthenticator.this.identityProviderManager) : authMechanismName != null ? Uni.createFrom().optional(Optional.empty()) : HttpAuthenticator.this.createSecurityIdentity(routingContext);
            }
        });
    }

    private Uni<SecurityIdentity> createSecurityIdentity(final RoutingContext routingContext) {
        Uni<SecurityIdentity> authenticate = this.mechanisms[0].authenticate(routingContext, this.identityProviderManager);
        for (int i = 1; i < this.mechanisms.length; i++) {
            final HttpAuthenticationMechanism httpAuthenticationMechanism = this.mechanisms[i];
            authenticate = authenticate.onItem().transformToUni(new Function<SecurityIdentity, Uni<? extends SecurityIdentity>>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthenticator.3
                @Override // java.util.function.Function
                public Uni<SecurityIdentity> apply(SecurityIdentity securityIdentity) {
                    return securityIdentity != null ? Uni.createFrom().item((UniCreate) securityIdentity) : httpAuthenticationMechanism.authenticate(routingContext, HttpAuthenticator.this.identityProviderManager);
                }
            });
        }
        return authenticate;
    }

    public Uni<Boolean> sendChallenge(final RoutingContext routingContext) {
        HttpAuthenticationMechanism httpAuthenticationMechanism;
        if (!routingContext.request().isEnded()) {
            routingContext.request().resume2();
        }
        Uni<Boolean> uni = null;
        if (this.mechanisms.length > 1 && (httpAuthenticationMechanism = (HttpAuthenticationMechanism) routingContext.get(HttpAuthenticationMechanism.class.getName())) != null) {
            uni = httpAuthenticationMechanism.sendChallenge(routingContext);
        }
        if (uni == null) {
            uni = this.mechanisms[0].sendChallenge(routingContext);
            for (int i = 1; i < this.mechanisms.length; i++) {
                final HttpAuthenticationMechanism httpAuthenticationMechanism2 = this.mechanisms[i];
                uni = uni.onItem().transformToUni(new Function<Boolean, Uni<? extends Boolean>>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthenticator.4
                    @Override // java.util.function.Function
                    public Uni<? extends Boolean> apply(Boolean bool) {
                        return bool.booleanValue() ? Uni.createFrom().item((UniCreate) bool) : httpAuthenticationMechanism2.sendChallenge(routingContext);
                    }
                });
            }
        }
        return uni.onItem().transformToUni(new Function<Boolean, Uni<? extends Boolean>>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthenticator.5
            @Override // java.util.function.Function
            public Uni<? extends Boolean> apply(Boolean bool) {
                if (!bool.booleanValue()) {
                    HttpAuthenticator.log.debug("Authentication has not been done, returning HTTP status 401");
                    routingContext.response().setStatusCode(401);
                    routingContext.response().end();
                }
                return Uni.createFrom().item((UniCreate) bool);
            }
        });
    }

    public Uni<ChallengeData> getChallenge(final RoutingContext routingContext) {
        HttpAuthenticationMechanism httpAuthenticationMechanism;
        if (this.mechanisms.length > 1 && (httpAuthenticationMechanism = (HttpAuthenticationMechanism) routingContext.get(HttpAuthenticationMechanism.class.getName())) != null) {
            return httpAuthenticationMechanism.getChallenge(routingContext);
        }
        Uni<ChallengeData> challenge = this.mechanisms[0].getChallenge(routingContext);
        for (int i = 1; i < this.mechanisms.length; i++) {
            final HttpAuthenticationMechanism httpAuthenticationMechanism2 = this.mechanisms[i];
            challenge = challenge.onItem().transformToUni(new Function<ChallengeData, Uni<? extends ChallengeData>>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthenticator.6
                @Override // java.util.function.Function
                public Uni<? extends ChallengeData> apply(ChallengeData challengeData) {
                    return challengeData != null ? Uni.createFrom().item((UniCreate) challengeData) : httpAuthenticationMechanism2.getChallenge(routingContext);
                }
            });
        }
        return challenge;
    }

    private Uni<HttpAuthenticationMechanism> findBestCandidateMechanism(final RoutingContext routingContext, final String str) {
        Uni<HttpAuthenticationMechanism> uni = null;
        if (str != null) {
            uni = getPathSpecificMechanism(0, routingContext, str);
            for (int i = 1; i < this.mechanisms.length; i++) {
                final int i2 = i;
                uni = uni.onItem().transformToUni(new Function<HttpAuthenticationMechanism, Uni<? extends HttpAuthenticationMechanism>>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthenticator.7
                    @Override // java.util.function.Function
                    public Uni<? extends HttpAuthenticationMechanism> apply(HttpAuthenticationMechanism httpAuthenticationMechanism) {
                        return httpAuthenticationMechanism != null ? Uni.createFrom().item((UniCreate) httpAuthenticationMechanism) : HttpAuthenticator.this.getPathSpecificMechanism(i2, routingContext, str);
                    }
                });
            }
        }
        return uni;
    }

    private Uni<HttpAuthenticationMechanism> getPathSpecificMechanism(final int i, final RoutingContext routingContext, final String str) {
        return getCredentialTransport(this.mechanisms[i], routingContext).onItem().transform(new Function<HttpCredentialTransport, HttpAuthenticationMechanism>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthenticator.8
            @Override // java.util.function.Function
            public HttpAuthenticationMechanism apply(HttpCredentialTransport httpCredentialTransport) {
                if (httpCredentialTransport == null || !httpCredentialTransport.getAuthenticationScheme().equalsIgnoreCase(str)) {
                    return null;
                }
                routingContext.put(HttpAuthenticationMechanism.class.getName(), HttpAuthenticator.this.mechanisms[i]);
                return HttpAuthenticator.this.mechanisms[i];
            }
        });
    }

    private static Uni<HttpCredentialTransport> getCredentialTransport(HttpAuthenticationMechanism httpAuthenticationMechanism, RoutingContext routingContext) {
        try {
            return httpAuthenticationMechanism.getCredentialTransport(routingContext);
        } catch (UnsupportedOperationException e) {
            return Uni.createFrom().item((UniCreate) httpAuthenticationMechanism.getCredentialTransport());
        }
    }
}
