package kikaha.core.modules.security;

import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import java.beans.ConstructorProperties;
import java.util.Collection;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:kikaha/core/modules/security/AuthenticationRunner.class */
public class AuthenticationRunner implements Runnable {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationRunner.class);
    final HttpServerExchange exchange;
    final HttpHandler next;
    final SecurityContext context;
    final Collection<String> expectedRoles;
    final String permissionDeniedPage;

    @Override // java.lang.Runnable
    public void run() {
        try {
            if (this.context.isAuthenticationRequired() && (!this.context.authenticate() || !this.context.isAuthenticated())) {
                endCommunicationWithClient();
            } else if (!this.exchange.isResponseStarted()) {
                tryExecuteChain();
            }
        } catch (Throwable th) {
            handleException(th);
        }
    }

    void tryExecuteChain() throws Exception {
        if (!this.context.isAuthenticated() || matchesExpectedRoles()) {
            this.next.handleRequest(this.exchange);
        } else {
            handlePermissionDenied();
        }
    }

    boolean matchesExpectedRoles() {
        int i = 0;
        for (String str : this.expectedRoles) {
            Iterator it = this.context.getAuthenticatedAccount().getRoles().iterator();
            while (it.hasNext()) {
                if (str.equals((String) it.next())) {
                    i++;
                }
            }
        }
        return i == this.expectedRoles.size();
    }

    void handlePermissionDenied() {
        if (!this.exchange.isResponseStarted()) {
            if (this.permissionDeniedPage == null || this.permissionDeniedPage.isEmpty()) {
                sendForbiddenError();
            } else {
                redirectToPermissionDeniedPage();
            }
        }
        endCommunicationWithClient();
    }

    void sendForbiddenError() {
        this.exchange.setStatusCode(403);
        this.exchange.getResponseSender().send("Permission Denied");
    }

    void redirectToPermissionDeniedPage() {
        this.exchange.setStatusCode(303);
        this.exchange.getResponseHeaders().put(Headers.LOCATION, this.permissionDeniedPage);
    }

    void handleException(Throwable th) {
        log.error("Failed to execute the endpoint", th);
        if (!this.exchange.isResponseStarted()) {
            this.exchange.setStatusCode(500);
            this.exchange.getResponseSender().send("Internal Server Error: " + th.getMessage());
        }
        this.exchange.endExchange();
    }

    void endCommunicationWithClient() {
        this.exchange.endExchange();
    }

    @ConstructorProperties({"exchange", "next", "context", "expectedRoles", "permissionDeniedPage"})
    public AuthenticationRunner(HttpServerExchange httpServerExchange, HttpHandler httpHandler, SecurityContext securityContext, Collection<String> collection, String str) {
        this.exchange = httpServerExchange;
        this.next = httpHandler;
        this.context = securityContext;
        this.expectedRoles = collection;
        this.permissionDeniedPage = str;
    }
}
