package io.streamthoughts.azkarra.http.security.handler;

import io.streamthoughts.azkarra.http.security.SecurityMechanism;
import io.streamthoughts.azkarra.http.security.auth.AzkarraPrincipalBuilder;
import io.streamthoughts.azkarra.http.security.authorizer.AuthorizationHandler;
import io.streamthoughts.azkarra.http.security.authorizer.AuthorizationManager;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMode;
import io.undertow.security.handlers.AuthenticationConstraintHandler;
import io.undertow.security.handlers.AuthenticationMechanismsHandler;
import io.undertow.security.handlers.SecurityInitialHandler;
import io.undertow.security.idm.IdentityManager;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.util.Collections;
import java.util.List;
import java.util.regex.Pattern;

/* loaded from: input_file:io/streamthoughts/azkarra/http/security/handler/SecurityHandler.class */
public class SecurityHandler implements HttpHandler {
    private List<Pattern> authenticatedRegexMatchers;
    private final IdentityManager idm;
    private HttpHandler securityHandler;
    protected final HttpHandler next;
    private final AuthenticationMechanism authenticationMechanism;
    private final SecurityMechanism securityMechanism;
    private AuthorizationManager authorizationManager;
    private AzkarraPrincipalBuilder principalBuilder;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityHandler(IdentityManager identityManager, AuthorizationManager authorizationManager, AuthenticationMechanism authenticationMechanism, SecurityMechanism securityMechanism, AzkarraPrincipalBuilder azkarraPrincipalBuilder, HttpHandler httpHandler, List<Pattern> list) {
        this.idm = identityManager;
        this.next = httpHandler;
        this.authorizationManager = authorizationManager;
        this.authenticationMechanism = authenticationMechanism;
        this.securityMechanism = securityMechanism;
        this.authenticatedRegexMatchers = list;
        this.principalBuilder = azkarraPrincipalBuilder;
        this.securityHandler = buildSecurityChain(httpHandler);
    }

    private HttpHandler buildSecurityChain(HttpHandler httpHandler) {
        return new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, this.idm, new AuthenticationMechanismsHandler(new AuthenticationConstraintHandler(new AuthenticationContextHandler(this.securityMechanism, new XMLHttpRequestAwareAuthCallHandler(new AuthorizationHandler(httpHandler, this.authorizationManager, this.principalBuilder)))), Collections.singletonList(this.authenticationMechanism)));
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (isAuthenticationRequired(httpServerExchange)) {
            this.securityHandler.handleRequest(httpServerExchange);
        } else {
            this.next.handleRequest(httpServerExchange);
        }
    }

    public SecurityMechanism getSecurityMechanism() {
        return this.securityMechanism;
    }

    private boolean isAuthenticationRequired(HttpServerExchange httpServerExchange) {
        String relativePath = httpServerExchange.getRelativePath();
        return this.authenticatedRegexMatchers.stream().anyMatch(pattern -> {
            return pattern.matcher(relativePath).matches();
        });
    }
}
