package kikaha.core.modules.security;

import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import lombok.NonNull;

/* loaded from: input_file:kikaha/core/modules/security/AuthenticationHttpHandler.class */
class AuthenticationHttpHandler implements HttpHandler {

    @NonNull
    final AuthenticationRuleMatcher authenticationRuleMatcher;

    @NonNull
    final String permissionDeniedPage;

    @NonNull
    final HttpHandler next;

    @NonNull
    final SecurityConfiguration securityConfiguration;

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        AuthenticationRule retrieveRuleThatEnsureRequestShouldBeAuthenticated = retrieveRuleThatEnsureRequestShouldBeAuthenticated(httpServerExchange);
        if (retrieveRuleThatEnsureRequestShouldBeAuthenticated == null) {
            retrieveRuleThatEnsureRequestShouldBeAuthenticated = AuthenticationRule.EMPTY;
        }
        SecurityContext orCreateSecurityContext = getOrCreateSecurityContext(httpServerExchange, retrieveRuleThatEnsureRequestShouldBeAuthenticated);
        if (orCreateSecurityContext.isAuthenticated()) {
            this.next.handleRequest(httpServerExchange);
        } else {
            runAuthenticationInIOThread(httpServerExchange, retrieveRuleThatEnsureRequestShouldBeAuthenticated, orCreateSecurityContext);
        }
    }

    private AuthenticationRule retrieveRuleThatEnsureRequestShouldBeAuthenticated(HttpServerExchange httpServerExchange) {
        AuthenticationRequestMatcher authenticationRequestMatcher = this.securityConfiguration.getAuthenticationRequestMatcher();
        if (authenticationRequestMatcher == null || authenticationRequestMatcher.matches(httpServerExchange)) {
            return this.authenticationRuleMatcher.retrieveAuthenticationRuleForUrl(httpServerExchange.getRelativePath());
        }
        return null;
    }

    private SecurityContext getOrCreateSecurityContext(HttpServerExchange httpServerExchange, AuthenticationRule authenticationRule) {
        SecurityContext securityContext = (SecurityContext) httpServerExchange.getSecurityContext();
        if (securityContext == null) {
            securityContext = this.securityConfiguration.getFactory().createSecurityContextFor(httpServerExchange, authenticationRule, this.securityConfiguration);
            httpServerExchange.setSecurityContext(securityContext);
        }
        httpServerExchange.addExchangeCompleteListener(new SecurityContextAutoUpdater(securityContext));
        return securityContext;
    }

    void runAuthenticationInIOThread(HttpServerExchange httpServerExchange, AuthenticationRule authenticationRule, SecurityContext securityContext) {
        httpServerExchange.dispatch(new AuthenticationRunner(httpServerExchange, this.next, securityContext, authenticationRule.expectedRoles(), this.securityConfiguration.getPermissionDeniedHandler()));
    }

    public AuthenticationHttpHandler(@NonNull AuthenticationRuleMatcher authenticationRuleMatcher, @NonNull String str, @NonNull HttpHandler httpHandler, @NonNull SecurityConfiguration securityConfiguration) {
        if (authenticationRuleMatcher == null) {
            throw new NullPointerException("authenticationRuleMatcher is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("permissionDeniedPage is marked non-null but is null");
        }
        if (httpHandler == null) {
            throw new NullPointerException("next is marked non-null but is null");
        }
        if (securityConfiguration == null) {
            throw new NullPointerException("securityConfiguration is marked non-null but is null");
        }
        this.authenticationRuleMatcher = authenticationRuleMatcher;
        this.permissionDeniedPage = str;
        this.next = httpHandler;
        this.securityConfiguration = securityConfiguration;
    }
}
