package ratpack.pac4j;

import com.google.common.collect.ImmutableList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.function.Consumer;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.profile.UserProfile;
import ratpack.exec.Blocking;
import ratpack.exec.Downstream;
import ratpack.exec.Operation;
import ratpack.exec.Promise;
import ratpack.func.Block;
import ratpack.handling.Context;
import ratpack.handling.Handler;
import ratpack.handling.UserId;
import ratpack.http.Request;
import ratpack.pac4j.internal.Pac4jAuthenticator;
import ratpack.pac4j.internal.Pac4jSessionKeys;
import ratpack.pac4j.internal.RatpackWebContext;
import ratpack.util.Types;

/* loaded from: input_file:ratpack/pac4j/RatpackPac4j.class */
public class RatpackPac4j {
    public static final String DEFAULT_AUTHENTICATOR_PATH = "authenticator";

    /* loaded from: input_file:ratpack/pac4j/RatpackPac4j$ClientsProvider.class */
    public interface ClientsProvider {
        Iterable<? extends Client> get(Context context);
    }

    private RatpackPac4j() {
    }

    public static Handler authenticator(Client... clientArr) {
        return authenticator(DEFAULT_AUTHENTICATOR_PATH, clientArr);
    }

    public static Handler authenticator(String str, Client... clientArr) {
        ImmutableList copyOf = ImmutableList.copyOf(clientArr);
        return authenticator(str, context -> {
            return copyOf;
        });
    }

    public static Handler authenticator(String str, ClientsProvider clientsProvider) {
        return new Pac4jAuthenticator(str, clientsProvider);
    }

    public static Handler requireAuth(String str, Consumer<Context> consumer, Authorizer... authorizerArr) {
        List asList = Arrays.asList(authorizerArr);
        return context -> {
            login(context, str).then(userProfile -> {
                if (!asList.isEmpty()) {
                    RatpackWebContext.from(context, false).then(ratpackWebContext -> {
                        try {
                            boolean z = true;
                            Iterator it = asList.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                Authorizer authorizer = (Authorizer) it.next();
                                if (authorizer != null && !authorizer.isAuthorized(ratpackWebContext, ratpackWebContext.getSessionStore(), ImmutableList.of(userProfile))) {
                                    z = false;
                                    break;
                                }
                            }
                            if (z) {
                                context.getRequest().add(userProfile);
                                context.next();
                            } else {
                                consumer.accept(context);
                            }
                        } catch (HttpAction e) {
                            ratpackWebContext.sendResponse(e);
                        }
                    });
                } else {
                    context.getRequest().add(userProfile);
                    context.next();
                }
            });
        };
    }

    public static Handler requireAuth(String str, Authorizer... authorizerArr) {
        return requireAuth(str, context -> {
            context.clientError(403);
        }, authorizerArr);
    }

    public static Promise<UserProfile> login(Context context, String str) {
        return isDirect(getClient(context, str)) ? userProfile(context).flatMap(optional -> {
            return optional.isPresent() ? Promise.value(optional) : performDirectAuthentication(context, str);
        }).route(optional2 -> {
            return !optional2.isPresent();
        }, optional3 -> {
            context.clientError(401);
        }).map((v0) -> {
            return v0.get();
        }) : userProfile(context).route(optional4 -> {
            return !optional4.isPresent();
        }, optional5 -> {
            initiateAuthentication(context, str);
        }).map((v0) -> {
            return v0.get();
        });
    }

    public static Promise<Optional<UserProfile>> userProfile(Context context) {
        return userProfile(context, UserProfile.class);
    }

    public static <T extends UserProfile> Promise<Optional<T>> userProfile(Context context, Class<T> cls) {
        return Promise.async(downstream -> {
            toProfile(cls, downstream, context.maybeGet(UserProfile.class), () -> {
                webContext(context).map(ratpackWebContext -> {
                    return ratpackWebContext.getProfileManager().getProfile();
                }).then(optional -> {
                    optional.ifPresent(userProfile -> {
                        context.getRequest().add(UserId.class, UserId.of(userProfile.getId()));
                    });
                    toProfile(cls, downstream, optional, () -> {
                        downstream.success(Optional.empty());
                    });
                });
            });
        });
    }

    public static Operation logout(Context context) {
        return webContext(context).operation(ratpackWebContext -> {
            ratpackWebContext.getProfileManager().removeProfiles();
        });
    }

    public static Promise<RatpackWebContext> webContext(Context context) {
        return (Promise) Types.cast(RatpackWebContext.from(context, false));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T extends UserProfile> void toProfile(Class<T> cls, Downstream<? super Optional<T>> downstream, Optional<UserProfile> optional, Block block) throws Exception {
        if (!optional.isPresent()) {
            block.execute();
            return;
        }
        UserProfile userProfile = optional.get();
        if (cls.isInstance(userProfile)) {
            downstream.success(Optional.of(cls.cast(userProfile)));
        } else {
            downstream.error(new ClassCastException("UserProfile is of type " + userProfile.getClass() + ", and is not compatible with " + cls));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void initiateAuthentication(Context context, String str) {
        Request request = context.getRequest();
        Client client = getClient(context, str);
        RatpackWebContext.from(context, false).then(ratpackWebContext -> {
            ratpackWebContext.getSessionStore().set(ratpackWebContext, Pac4jSessionKeys.REQUESTED_URL.getName(), request.getUri());
            try {
                Optional redirectionAction = client.getRedirectionAction(ratpackWebContext.callContext());
                if (redirectionAction.isPresent()) {
                    ratpackWebContext.sendResponse((HttpAction) redirectionAction.get());
                } else {
                    context.error(new TechnicalException("Failed to redirect, no redirect action"));
                }
            } catch (Exception e) {
                if (e instanceof HttpAction) {
                    ratpackWebContext.sendResponse((HttpAction) e);
                } else {
                    context.error(new TechnicalException("Failed to redirect", e));
                }
            }
        });
    }

    private static Promise<Optional<UserProfile>> performDirectAuthentication(Context context, String str) {
        return RatpackWebContext.from(context, false).flatMap(ratpackWebContext -> {
            return Blocking.get(() -> {
                return ((Clients) context.get(Clients.class)).findClient(str).flatMap(client -> {
                    return userProfileFromCredentials(client, ratpackWebContext);
                });
            });
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Optional<UserProfile> userProfileFromCredentials(Client client, RatpackWebContext ratpackWebContext) throws HttpAction {
        return client.getCredentials(ratpackWebContext.callContext()).flatMap(credentials -> {
            return client.validateCredentials(ratpackWebContext.callContext(), credentials);
        }).flatMap(credentials2 -> {
            return client.getUserProfile(ratpackWebContext.callContext(), credentials2);
        });
    }

    private static boolean isDirect(Client client) {
        return client instanceof DirectClient;
    }

    private static Client getClient(Context context, String str) {
        return (Client) ((Clients) context.get(Clients.class)).findClient(str).orElseThrow(() -> {
            return new IllegalStateException("No client with name \"%s\" in context".formatted(str));
        });
    }
}
