package kikaha.core.auth;

import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import java.beans.ConstructorProperties;
import java.util.Collection;
import java.util.Iterator;
import kikaha.core.api.KikahaException;
import kikaha.core.api.RequestHookChain;
import kikaha.core.api.conf.FormAuthConfiguration;

/* loaded from: input_file:kikaha/core/auth/AuthenticationRunner.class */
public class AuthenticationRunner implements Runnable {
    final SecurityContext context;
    final RequestHookChain chain;
    final Collection<String> expectedRoles;
    final FormAuthConfiguration formAuthConfig;

    @Override // java.lang.Runnable
    public void run() {
        try {
            this.context.setAuthenticationRequired();
            if (!this.context.authenticate() || !this.context.isAuthenticated()) {
                endCommunicationWithClient();
            } else if (!this.chain.exchange().isResponseStarted()) {
                tryExecuteChain();
            }
        } catch (Throwable th) {
            handleException(th);
        }
    }

    void tryExecuteChain() throws KikahaException {
        if (matchesExpectedRoles()) {
            this.chain.executeNext();
        } else {
            handlePermitionDenied();
        }
    }

    boolean matchesExpectedRoles() {
        int i = 0;
        for (String str : this.expectedRoles) {
            Iterator it = this.context.getAuthenticatedAccount().getRoles().iterator();
            while (it.hasNext()) {
                if (str.equals((String) it.next())) {
                    i++;
                }
            }
        }
        return i == this.expectedRoles.size();
    }

    void handlePermitionDenied() {
        HttpServerExchange exchange = this.chain.exchange();
        if (!exchange.isResponseStarted()) {
            if (this.formAuthConfig.permitionDeniedPage().isEmpty()) {
                sendForbidenError(exchange);
            } else {
                redirectToPermitionDeniedPage(exchange);
            }
        }
        endCommunicationWithClient();
    }

    void sendForbidenError(HttpServerExchange httpServerExchange) {
        httpServerExchange.setResponseCode(403);
        httpServerExchange.getResponseSender().send("Permition Denied");
    }

    void redirectToPermitionDeniedPage(HttpServerExchange httpServerExchange) {
        httpServerExchange.setResponseCode(303);
        httpServerExchange.getResponseHeaders().put(Headers.LOCATION, this.formAuthConfig.permitionDeniedPage());
    }

    void handleException(Throwable th) {
        th.printStackTrace();
        HttpServerExchange exchange = this.chain.exchange();
        if (!exchange.isResponseStarted()) {
            exchange.setResponseCode(500);
            exchange.getResponseSender().send("Internal Server Error: " + th.getMessage());
        }
        exchange.endExchange();
    }

    void endCommunicationWithClient() {
        this.chain.exchange().endExchange();
    }

    @ConstructorProperties({"context", "chain", "expectedRoles", "formAuthConfig"})
    public AuthenticationRunner(SecurityContext securityContext, RequestHookChain requestHookChain, Collection<String> collection, FormAuthConfiguration formAuthConfiguration) {
        this.context = securityContext;
        this.chain = requestHookChain;
        this.expectedRoles = collection;
        this.formAuthConfig = formAuthConfiguration;
    }
}
