package org.jooby.pac4j;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Maps;
import com.google.common.collect.Multimap;
import com.google.inject.Binder;
import com.google.inject.multibindings.MapBinder;
import com.google.inject.multibindings.Multibinder;
import com.google.inject.multibindings.OptionalBinder;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.jooby.Env;
import org.jooby.Jooby;
import org.jooby.Routes;
import org.jooby.internal.pac4j.AuthCallback;
import org.jooby.internal.pac4j.AuthContext;
import org.jooby.internal.pac4j.AuthFilter;
import org.jooby.internal.pac4j.AuthLogout;
import org.jooby.internal.pac4j.AuthorizerFilter;
import org.jooby.internal.pac4j.BasicAuth;
import org.jooby.internal.pac4j.ClientType;
import org.jooby.internal.pac4j.ClientsProvider;
import org.jooby.internal.pac4j.ConfigProvider;
import org.jooby.internal.pac4j.FormAuth;
import org.jooby.internal.pac4j.FormFilter;
import org.jooby.scope.Providers;
import org.jooby.scope.RequestScoped;
import org.pac4j.core.authorization.AuthorizationChecker;
import org.pac4j.core.authorization.Authorizer;
import org.pac4j.core.authorization.DefaultAuthorizationChecker;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.ClientFinder;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DefaultClientFinder;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.http.client.indirect.IndirectBasicAuthClient;
import org.pac4j.http.credentials.authenticator.UsernamePasswordAuthenticator;
import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator;
import org.pac4j.http.profile.HttpProfile;

/* loaded from: input_file:org/jooby/pac4j/Auth.class */
public class Auth implements Jooby.Module {
    public static final String ID = Auth.class.getName() + ".id";
    public static final String CNAME = Auth.class.getName() + ".client.id";
    private Multimap<String, BiFunction<Binder, Config, AuthFilter>> bindings = ArrayListMultimap.create();
    private Class<? extends AuthStore> storeClass = AuthSessionStore.class;
    private Optional<String> logoutUrl = Optional.empty();
    private Optional<String> redirecTo = Optional.empty();
    private Multimap<String, Map.Entry<String, Object>> authorizers = ArrayListMultimap.create();
    private Set<Object> bindedProfiles = new HashSet();

    public Auth authorizer(String str, String str2, Authorizer<?> authorizer) {
        authorizer(authorizer, str, str2);
        return this;
    }

    public Auth authorizer(String str, String str2, Class<? extends Authorizer> cls) {
        authorizer(cls, str, str2);
        return this;
    }

    private void authorizer(Object obj, String str, String str2) {
        Objects.requireNonNull(str, "An authorizer's name is required.");
        Objects.requireNonNull(str2, "An authorizer's pattern is required.");
        Objects.requireNonNull(obj, "An authorizer is required.");
        this.authorizers.put(str2, Maps.immutableEntry(str, obj));
    }

    public Auth form(String str, Class<? extends UsernamePasswordAuthenticator> cls) {
        this.bindings.put(str, (binder, config) -> {
            binder.bind(UsernamePasswordAuthenticator.class).to(cls);
            bindProfile(binder, HttpProfile.class);
            Multibinder.newSetBinder(binder, Client.class).addBinding().toProvider(FormAuth.class);
            return new FormFilter(config.getString("auth.form.loginUrl"), config.getString("auth.callback"));
        });
        return this;
    }

    public Auth form(String str) {
        return form(str, SimpleTestUsernamePasswordAuthenticator.class);
    }

    public Auth form() {
        return form("*");
    }

    public Auth basic(String str, Class<? extends UsernamePasswordAuthenticator> cls) {
        this.bindings.put(str, (binder, config) -> {
            binder.bind(UsernamePasswordAuthenticator.class).to(cls);
            bindProfile(binder, HttpProfile.class);
            Multibinder.newSetBinder(binder, Client.class).addBinding().toProvider(BasicAuth.class);
            return new AuthFilter(IndirectBasicAuthClient.class, HttpProfile.class);
        });
        return this;
    }

    public Auth basic(String str) {
        return basic(str, SimpleTestUsernamePasswordAuthenticator.class);
    }

    public Auth basic() {
        return basic("*");
    }

    public <C extends Credentials, U extends UserProfile> Auth client(Client<C, U> client) {
        return client("*", client);
    }

    public <C extends Credentials, U extends UserProfile> Auth client(Class<? extends Client<C, U>> cls) {
        return client("*", cls);
    }

    public <C extends Credentials, U extends UserProfile> Auth client(String str, Client<C, U> client) {
        return client(str, config -> {
            return client;
        });
    }

    public <C extends Credentials, U extends UserProfile> Auth client(Function<Config, Client<C, U>> function) {
        return client("*", function);
    }

    public <C extends Credentials, U extends UserProfile> Auth client(String str, Function<Config, Client<C, U>> function) {
        this.bindings.put(str, (binder, config) -> {
            Client client = (Client) function.apply(config);
            Multibinder.newSetBinder(binder, Client.class).addBinding().toInstance(client);
            Class<?> cls = client.getClass();
            Class<? extends UserProfile> typeOf = ClientType.typeOf(cls);
            bindProfile(binder, typeOf);
            return new AuthFilter(cls, typeOf);
        });
        return this;
    }

    public <C extends Credentials, U extends UserProfile> Auth client(String str, Class<? extends Client<C, U>> cls) {
        this.bindings.put(str, (binder, config) -> {
            Multibinder.newSetBinder(binder, Client.class).addBinding().to(cls);
            Class<? extends UserProfile> typeOf = ClientType.typeOf(cls);
            bindProfile(binder, typeOf);
            return new AuthFilter(cls, typeOf);
        });
        return this;
    }

    public <U extends UserProfile> Auth store(Class<? extends AuthStore<U>> cls) {
        this.storeClass = (Class) Objects.requireNonNull(cls, "Store is required.");
        return this;
    }

    public Auth logout(String str, String str2) {
        this.logoutUrl = Optional.of(str);
        this.redirecTo = Optional.of(str2);
        return this;
    }

    public Auth logout(String str) {
        this.logoutUrl = Optional.of(str);
        this.redirecTo = Optional.empty();
        return this;
    }

    public void configure(Env env, Config config, Binder binder) {
        binder.bind(Clients.class).toProvider(ClientsProvider.class);
        binder.bind(org.pac4j.core.config.Config.class).toProvider(ConfigProvider.class);
        OptionalBinder.newOptionalBinder(binder, AuthorizationChecker.class).setDefault().toInstance(new DefaultAuthorizationChecker());
        OptionalBinder.newOptionalBinder(binder, ClientFinder.class).setDefault().toInstance(new DefaultClientFinder());
        String path = URI.create(config.getString("auth.callback")).getPath();
        Routes routes = env.routes();
        MapBinder newMapBinder = MapBinder.newMapBinder(binder, String.class, Authorizer.class);
        routes.use("*", path, (request, response, chain) -> {
            ((AuthCallback) request.require(AuthCallback.class)).handle(request, response, chain);
        }).excludes(new String[]{"/favicon.ico"}).name("auth(Callback)");
        routes.use("*", this.logoutUrl.orElse(config.getString("auth.logout.url")), new AuthLogout(this.redirecTo.orElse(config.getString("auth.logout.redirectTo")))).name("auth(Logout)");
        if (this.bindings.size() == 0) {
            form();
        }
        this.bindings.asMap().entrySet().forEach(entry -> {
            String str = (String) entry.getKey();
            ArrayList arrayList = new ArrayList();
            ((Collection) entry.getValue()).forEach(biFunction -> {
                AuthFilter authFilter = (AuthFilter) biFunction.apply(binder, config);
                if (arrayList.size() == 0) {
                    arrayList.add(authFilter);
                } else {
                    ((AuthFilter) arrayList.get(0)).setName(authFilter.getName());
                }
            });
            AuthFilter authFilter = (AuthFilter) arrayList.get(0);
            routes.use("*", str, authFilter).name("auth(" + authFilter.getName() + ")").excludes(new String[]{"/favicon.ico"});
        });
        binder.bind(AuthCallback.class);
        binder.bind(AuthStore.class).to(this.storeClass);
        binder.bind(WebContext.class).to(AuthContext.class).in(RequestScoped.class);
        this.authorizers.asMap().entrySet().forEach(entry2 -> {
            String str = (String) entry2.getKey();
            String str2 = (String) ((Collection) entry2.getValue()).stream().map((v0) -> {
                return v0.getKey();
            }).collect(Collectors.joining(","));
            routes.use("*", str, new AuthorizerFilter(str2)).name("auth(" + str2 + ")");
            ((Collection) entry2.getValue()).forEach(entry2 -> {
                String str3 = (String) entry2.getKey();
                Object value = entry2.getValue();
                if (value instanceof Authorizer) {
                    newMapBinder.addBinding(str3).toInstance((Authorizer) value);
                } else {
                    newMapBinder.addBinding(str3).to((Class) value);
                }
            });
        });
    }

    public Config config() {
        return ConfigFactory.parseResources(getClass(), "auth.conf");
    }

    private void bindProfile(Binder binder, Class cls) {
        Class cls2 = cls;
        while (true) {
            Class cls3 = cls2;
            if (cls3 == Object.class) {
                return;
            }
            if (this.bindedProfiles.add(cls3)) {
                binder.bind(cls3).toProvider(Providers.outOfScope(cls3)).in(RequestScoped.class);
            }
            cls2 = cls3.getSuperclass();
        }
    }
}
