package org.jooby.internal.pac4j;

import java.util.Iterator;
import java.util.Objects;
import java.util.function.Predicate;
import org.jooby.Err;
import org.jooby.Request;
import org.jooby.Response;
import org.jooby.Route;
import org.jooby.Status;
import org.jooby.funzy.Throwing;
import org.jooby.pac4j.Auth;
import org.jooby.pac4j.AuthStore;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.client.finder.ClientFinder;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jooby/internal/pac4j/AuthFilter.class */
public class AuthFilter implements Route.Handler {
    private static final Predicate<Client> useSession = client -> {
        return client instanceof IndirectClient;
    };
    private final Logger log = LoggerFactory.getLogger(getClass());
    private String clientName;
    private Class<? extends CommonProfile> profileType;

    public AuthFilter(Class<? extends Client<?, ?>> cls, Class<? extends CommonProfile> cls2) {
        this.clientName = cls.getSimpleName();
        this.profileType = (Class) Objects.requireNonNull(cls2, "ProfileType is required.");
    }

    public AuthFilter setName(String str) {
        this.clientName += "," + str;
        return this;
    }

    public String getName() {
        return this.clientName;
    }

    public void handle(Request request, Response response) throws Throwable {
        Clients clients = (Clients) request.require(Clients.class);
        String value = request.param(clients.getClientNameParameter()).value(this.clientName);
        WebContext webContext = (WebContext) request.require(WebContext.class);
        ClientFinder clientFinder = (ClientFinder) request.require(ClientFinder.class);
        AuthStore authStore = (AuthStore) request.require(AuthStore.class);
        CommonProfile commonProfile = (CommonProfile) find(clientFinder, clients, webContext, null, value, client -> {
            String profileID = profileID(useSession.test(client), request);
            CommonProfile commonProfile2 = profileID == null ? null : (CommonProfile) authStore.get(profileID).orElse(null);
            if (commonProfile2 == null && (client instanceof DirectClient)) {
                this.log.debug("Performing authentication for client: {}", client);
                try {
                    Credentials credentials = client.getCredentials(webContext);
                    this.log.debug("credentials: {}", credentials);
                    commonProfile2 = client.getUserProfile(credentials, webContext);
                    this.log.debug("profile: {}", commonProfile2);
                    if (commonProfile2 != null) {
                        request.set(Auth.ID, commonProfile2.getId());
                        request.set(Auth.CNAME, client.getName());
                        authStore.set(commonProfile2);
                    }
                } catch (HttpAction e) {
                    throw new TechnicalException("Unexpected HTTP action", e);
                }
            }
            return commonProfile2;
        });
        if (commonProfile == null) {
            if (((Boolean) find(clientFinder, clients, webContext, null, value, client2 -> {
                if (!useSession.test(client2)) {
                    return null;
                }
                try {
                    String str = request.path() + ((String) request.queryString().map(str2 -> {
                        return "?" + str2;
                    }).orElse(""));
                    this.log.debug("requestedUrl: {}", str);
                    webContext.setSessionAttribute("pac4jRequestedUrl", str);
                    client2.redirect(webContext);
                    response.end();
                } catch (HttpAction e) {
                    new AuthResponse(response).handle(client2, e);
                }
                return Boolean.TRUE;
            })) != Boolean.TRUE) {
                throw new Err(Status.UNAUTHORIZED);
            }
        } else {
            this.log.debug("profile found: {}", commonProfile);
            seed(request, this.profileType, commonProfile);
        }
    }

    private String profileID(boolean z, Request request) {
        return (String) request.ifGet(Auth.ID).orElseGet(() -> {
            if (z) {
                return request.session().get(Auth.ID).value((String) null);
            }
            return null;
        });
    }

    private <T> T find(ClientFinder clientFinder, Clients clients, WebContext webContext, Class<? extends Client<?, ?>> cls, String str, Throwing.Function<Client, T> function) throws Throwable {
        Iterator it = clientFinder.find(clients, webContext, str).iterator();
        while (it.hasNext()) {
            T t = (T) function.apply((Client) it.next());
            if (t != null) {
                return t;
            }
        }
        return null;
    }

    private void seed(Request request, Class cls, Object obj) {
        while (cls != Object.class) {
            request.set(cls, obj);
            cls = cls.getSuperclass();
        }
    }
}
