package io.vertx.serviceproxy;

import io.vertx.core.Future;
import io.vertx.core.Promise;
import io.vertx.core.eventbus.Message;
import io.vertx.core.eventbus.ReplyException;
import io.vertx.core.eventbus.ReplyFailure;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authentication.AuthenticationProvider;
import io.vertx.ext.auth.authentication.CredentialValidationException;
import io.vertx.ext.auth.authentication.TokenCredentials;
import io.vertx.ext.auth.authorization.Authorization;
import io.vertx.ext.auth.authorization.AuthorizationContext;
import io.vertx.ext.auth.authorization.AuthorizationProvider;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.function.Function;

@Deprecated
/* loaded from: input_file:io/vertx/serviceproxy/ServiceAuthInterceptor.class */
public class ServiceAuthInterceptor implements Function<Message<JsonObject>, Future<Message<JsonObject>>> {
    private AuthenticationProvider authn;
    private AuthorizationProvider authz;
    private Set<Authorization> authorizations;

    public ServiceAuthInterceptor setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.authn = authenticationProvider;
        return this;
    }

    public ServiceAuthInterceptor setAuthorizationProvider(AuthorizationProvider authorizationProvider) {
        this.authz = authorizationProvider;
        return this;
    }

    public ServiceAuthInterceptor setAuthorizations(Set<Authorization> set) {
        this.authorizations = set;
        return this;
    }

    public ServiceAuthInterceptor addAuthorization(Authorization authorization) {
        if (this.authorizations == null) {
            this.authorizations = new HashSet();
        }
        this.authorizations.add(authorization);
        return this;
    }

    @Override // java.util.function.Function
    public Future<Message<JsonObject>> apply(Message<JsonObject> message) {
        TokenCredentials tokenCredentials = new TokenCredentials(message.headers().get("auth-token"));
        try {
            tokenCredentials.checkValid((Object) null);
            Promise promise = Promise.promise();
            if (this.authn == null) {
                promise.fail(new ReplyException(ReplyFailure.RECIPIENT_FAILURE, 500, "No AuthenticationProvider present"));
                return promise.future();
            }
            this.authn.authenticate(tokenCredentials).onComplete(asyncResult -> {
                if (asyncResult.failed()) {
                    promise.fail(new ReplyException(ReplyFailure.RECIPIENT_FAILURE, 500, asyncResult.cause().getMessage()));
                    return;
                }
                User user = (User) asyncResult.result();
                if (user == null) {
                    promise.fail(new ReplyException(ReplyFailure.RECIPIENT_FAILURE, 401, "Unauthorized"));
                } else if (this.authorizations == null || this.authorizations.isEmpty()) {
                    promise.complete(message);
                } else {
                    this.authz.getAuthorizations(user).onComplete(asyncResult -> {
                        if (asyncResult.failed()) {
                            promise.fail(new ReplyException(ReplyFailure.RECIPIENT_FAILURE, 500, asyncResult.cause().getMessage()));
                            return;
                        }
                        AuthorizationContext create = AuthorizationContext.create(user);
                        Iterator<Authorization> it = this.authorizations.iterator();
                        while (it.hasNext()) {
                            if (!it.next().match(create)) {
                                promise.fail(new ReplyException(ReplyFailure.RECIPIENT_FAILURE, 403, "Forbidden"));
                                return;
                            }
                        }
                        promise.complete(message);
                    });
                }
            });
            return promise.future();
        } catch (CredentialValidationException e) {
            return Future.failedFuture(new ReplyException(ReplyFailure.RECIPIENT_FAILURE, 401, "Unauthorized"));
        }
    }
}
