package eu.cloudnetservice.node.http.annotation;

import eu.cloudnetservice.driver.document.Document;
import eu.cloudnetservice.driver.network.http.HttpContext;
import eu.cloudnetservice.driver.network.http.HttpContextPreprocessor;
import eu.cloudnetservice.driver.network.http.HttpResponseCode;
import eu.cloudnetservice.driver.network.http.annotation.Optional;
import eu.cloudnetservice.driver.network.http.annotation.parser.AnnotationHttpHandleException;
import eu.cloudnetservice.driver.network.http.annotation.parser.DefaultHttpAnnotationParser;
import eu.cloudnetservice.driver.network.http.annotation.parser.HttpAnnotationParser;
import eu.cloudnetservice.driver.network.http.annotation.parser.HttpAnnotationProcessor;
import eu.cloudnetservice.driver.network.http.annotation.parser.HttpAnnotationProcessorUtil;
import eu.cloudnetservice.driver.network.http.annotation.parser.ParameterInvocationHint;
import eu.cloudnetservice.driver.permission.Permission;
import eu.cloudnetservice.driver.permission.PermissionManagement;
import eu.cloudnetservice.driver.permission.PermissionUser;
import eu.cloudnetservice.node.http.HttpSession;
import eu.cloudnetservice.node.http.V2HttpAuthentication;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import java.util.Objects;
import java.util.function.Function;
import lombok.NonNull;
import org.jetbrains.annotations.Nullable;

@Singleton
/* loaded from: input_file:eu/cloudnetservice/node/http/annotation/SecurityAnnotationExtension.class */
public final class SecurityAnnotationExtension {
    private final PermissionManagement permissionManagement;

    /* loaded from: input_file:eu/cloudnetservice/node/http/annotation/SecurityAnnotationExtension$BasicAuthProcessor.class */
    private final class BasicAuthProcessor implements HttpAnnotationProcessor {

        @NonNull
        private final V2HttpAuthentication authentication;

        private BasicAuthProcessor(@NonNull V2HttpAuthentication v2HttpAuthentication) {
            if (v2HttpAuthentication == null) {
                throw new NullPointerException("authentication is marked non-null but is null");
            }
            this.authentication = v2HttpAuthentication;
        }

        @Override // eu.cloudnetservice.driver.network.http.annotation.parser.HttpAnnotationProcessor
        @Nullable
        public HttpContextPreprocessor buildPreprocessor(@NonNull Method method, @NonNull Object obj) {
            if (method == null) {
                throw new NullPointerException("method is marked non-null but is null");
            }
            if (obj == null) {
                throw new NullPointerException("handler is marked non-null but is null");
            }
            HandlerPermission resolvePermissionAnnotation = SecurityAnnotationExtension.this.resolvePermissionAnnotation(method);
            Collection<ParameterInvocationHint> mapParameters = HttpAnnotationProcessorUtil.mapParameters(method, BasicAuth.class, (parameter, basicAuth) -> {
                return (str, httpContext) -> {
                    V2HttpAuthentication.LoginResult<PermissionUser> handleBasicLoginRequest = this.authentication.handleBasicLoginRequest(httpContext.request());
                    if (!parameter.isAnnotationPresent(Optional.class) && handleBasicLoginRequest.failed()) {
                        throw new AnnotationHttpHandleException(str, "Unable to authenticate user: " + handleBasicLoginRequest.errorMessage(), HttpResponseCode.UNAUTHORIZED, SecurityAnnotationExtension.this.buildErrorResponse("Unable to authenticate user"));
                    }
                    if (SecurityAnnotationExtension.this.validatePermission(handleBasicLoginRequest.result(), resolvePermissionAnnotation)) {
                        return handleBasicLoginRequest.result();
                    }
                    throw new AnnotationHttpHandleException(str, "User has not the required permission to send a request", HttpResponseCode.FORBIDDEN, SecurityAnnotationExtension.this.buildErrorResponse("Missing required permission"));
                };
            });
            if (!mapParameters.isEmpty()) {
                return (str, httpContext) -> {
                    return httpContext.addInvocationHints(DefaultHttpAnnotationParser.PARAM_INVOCATION_HINT_KEY, mapParameters);
                };
            }
            if (method.isAnnotationPresent(BasicAuth.class)) {
                return (str2, httpContext2) -> {
                    return SecurityAnnotationExtension.this.handleAuthResult(httpContext2, this.authentication.handleBasicLoginRequest(httpContext2.request()), Function.identity(), resolvePermissionAnnotation);
                };
            }
            return null;
        }
    }

    /* loaded from: input_file:eu/cloudnetservice/node/http/annotation/SecurityAnnotationExtension$BearerAuthProcessor.class */
    private final class BearerAuthProcessor implements HttpAnnotationProcessor {

        @NonNull
        private final V2HttpAuthentication authentication;

        private BearerAuthProcessor(@NonNull V2HttpAuthentication v2HttpAuthentication) {
            if (v2HttpAuthentication == null) {
                throw new NullPointerException("authentication is marked non-null but is null");
            }
            this.authentication = v2HttpAuthentication;
        }

        @Override // eu.cloudnetservice.driver.network.http.annotation.parser.HttpAnnotationProcessor
        @Nullable
        public HttpContextPreprocessor buildPreprocessor(@NonNull Method method, @NonNull Object obj) {
            if (method == null) {
                throw new NullPointerException("method is marked non-null but is null");
            }
            if (obj == null) {
                throw new NullPointerException("handler is marked non-null but is null");
            }
            HandlerPermission resolvePermissionAnnotation = SecurityAnnotationExtension.this.resolvePermissionAnnotation(method);
            Collection<ParameterInvocationHint> mapParameters = HttpAnnotationProcessorUtil.mapParameters(method, BearerAuth.class, (parameter, bearerAuth) -> {
                return (str, httpContext) -> {
                    V2HttpAuthentication.LoginResult<HttpSession> handleBearerLoginRequest = this.authentication.handleBearerLoginRequest(httpContext.request());
                    if (!parameter.isAnnotationPresent(Optional.class) && handleBearerLoginRequest.failed()) {
                        throw new AnnotationHttpHandleException(str, "Unable to authenticate user: " + handleBearerLoginRequest.errorMessage(), HttpResponseCode.UNAUTHORIZED, SecurityAnnotationExtension.this.buildErrorResponse("Unable to authenticate user"));
                    }
                    if (SecurityAnnotationExtension.this.validatePermission(handleBearerLoginRequest.result().user(), resolvePermissionAnnotation)) {
                        return handleBearerLoginRequest.result();
                    }
                    throw new AnnotationHttpHandleException(str, "User has not the required permission to send a request", HttpResponseCode.FORBIDDEN, SecurityAnnotationExtension.this.buildErrorResponse("Missing required permission"));
                };
            });
            if (!mapParameters.isEmpty()) {
                return (str, httpContext) -> {
                    return httpContext.addInvocationHints(DefaultHttpAnnotationParser.PARAM_INVOCATION_HINT_KEY, mapParameters);
                };
            }
            if (method.isAnnotationPresent(BearerAuth.class)) {
                return (str2, httpContext2) -> {
                    return SecurityAnnotationExtension.this.handleAuthResult(httpContext2, this.authentication.handleBearerLoginRequest(httpContext2.request()), (v0) -> {
                        return v0.user();
                    }, resolvePermissionAnnotation);
                };
            }
            return null;
        }
    }

    @Inject
    public SecurityAnnotationExtension(@NonNull PermissionManagement permissionManagement) {
        if (permissionManagement == null) {
            throw new NullPointerException("permissionManagement is marked non-null but is null");
        }
        this.permissionManagement = permissionManagement;
    }

    public void install(@NonNull HttpAnnotationParser<?> httpAnnotationParser, @NonNull V2HttpAuthentication v2HttpAuthentication) {
        if (httpAnnotationParser == null) {
            throw new NullPointerException("annotationParser is marked non-null but is null");
        }
        if (v2HttpAuthentication == null) {
            throw new NullPointerException("auth is marked non-null but is null");
        }
        httpAnnotationParser.registerAnnotationProcessor(new BasicAuthProcessor(v2HttpAuthentication)).registerAnnotationProcessor(new BearerAuthProcessor(v2HttpAuthentication));
    }

    @Nullable
    private <T> HttpContext handleAuthResult(@NonNull HttpContext httpContext, @NonNull V2HttpAuthentication.LoginResult<T> loginResult, @NonNull Function<T, PermissionUser> function, @Nullable HandlerPermission handlerPermission) {
        if (httpContext == null) {
            throw new NullPointerException("context is marked non-null but is null");
        }
        if (loginResult == null) {
            throw new NullPointerException("result is marked non-null but is null");
        }
        if (function == null) {
            throw new NullPointerException("userExtractor is marked non-null but is null");
        }
        if (!loginResult.succeeded()) {
            httpContext.cancelNext(true).closeAfter(true).response().status(HttpResponseCode.UNAUTHORIZED).body(buildErrorResponse(loginResult.errorMessage()));
            return null;
        }
        if (validatePermission(function.apply(loginResult.result()), handlerPermission)) {
            return httpContext;
        }
        httpContext.cancelNext(true).closeAfter(true).response().status(HttpResponseCode.UNAUTHORIZED).body(buildErrorResponse("Required permission is not set"));
        return null;
    }

    private boolean validatePermission(@NonNull PermissionUser permissionUser, @Nullable HandlerPermission handlerPermission) {
        if (permissionUser == null) {
            throw new NullPointerException("user is marked non-null but is null");
        }
        return handlerPermission == null || this.permissionManagement.hasPermission(permissionUser, Permission.of(handlerPermission.value()));
    }

    @Nullable
    private HandlerPermission resolvePermissionAnnotation(@NonNull Method method) {
        if (method == null) {
            throw new NullPointerException("method is marked non-null but is null");
        }
        HandlerPermission handlerPermission = (HandlerPermission) method.getAnnotation(HandlerPermission.class);
        return handlerPermission == null ? (HandlerPermission) method.getDeclaringClass().getAnnotation(HandlerPermission.class) : handlerPermission;
    }

    private byte[] buildErrorResponse(@Nullable String str) {
        return Document.newJsonDocument().append("success", (Boolean) false).append("reason", (String) Objects.requireNonNullElse(str, "undefined")).toString().getBytes(StandardCharsets.UTF_8);
    }
}
