package org.pac4j.vertx.handler.impl;

import io.vertx.core.Vertx;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.User;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.impl.AuthHandlerImpl;
import java.util.List;
import java.util.Optional;
import org.pac4j.core.authorization.AuthorizationChecker;
import org.pac4j.core.authorization.DefaultAuthorizationChecker;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.ClientFinder;
import org.pac4j.core.client.DefaultClientFinder;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.client.RedirectAction;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.RequiresHttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.matching.DefaultMatchingChecker;
import org.pac4j.core.matching.MatchingChecker;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.vertx.VertxProfileManager;
import org.pac4j.vertx.VertxWebContext;
import org.pac4j.vertx.auth.Pac4jAuthProvider;
import org.pac4j.vertx.auth.Pac4jUser;
import org.pac4j.vertx.http.DefaultHttpActionAdapter;
import org.pac4j.vertx.http.HttpActionAdapter;

/* loaded from: input_file:org/pac4j/vertx/handler/impl/RequiresAuthenticationHandler.class */
public class RequiresAuthenticationHandler extends AuthHandlerImpl {
    private static final Logger LOG = LoggerFactory.getLogger(RequiresAuthenticationHandler.class);
    protected final Config config;
    protected final String clientName;
    protected final String authorizerName;
    protected final String matcherName;
    protected final Vertx vertx;
    protected HttpActionAdapter httpActionAdapter;
    protected ClientFinder clientFinder;
    protected AuthorizationChecker authorizationChecker;
    protected MatchingChecker matchingChecker;

    public RequiresAuthenticationHandler(Vertx vertx, Config config, Pac4jAuthProvider pac4jAuthProvider, Pac4jAuthHandlerOptions pac4jAuthHandlerOptions) {
        super(pac4jAuthProvider);
        this.httpActionAdapter = new DefaultHttpActionAdapter();
        this.clientFinder = new DefaultClientFinder();
        this.authorizationChecker = new DefaultAuthorizationChecker();
        this.matchingChecker = new DefaultMatchingChecker();
        CommonHelper.assertNotNull("vertx", vertx);
        CommonHelper.assertNotNull("config", config);
        CommonHelper.assertNotNull("config.getClients()", config.getClients());
        CommonHelper.assertNotNull("authProvider", pac4jAuthProvider);
        CommonHelper.assertNotNull("options", pac4jAuthHandlerOptions);
        this.clientName = pac4jAuthHandlerOptions.clientName();
        this.authorizerName = pac4jAuthHandlerOptions.authorizerName();
        this.matcherName = pac4jAuthHandlerOptions.matcherName();
        this.vertx = vertx;
        this.config = config;
    }

    public void handle(RoutingContext routingContext) {
        User user = routingContext.user();
        if (user != null) {
            authorise(user, routingContext);
            return;
        }
        VertxWebContext vertxWebContext = new VertxWebContext(routingContext);
        if (!this.matchingChecker.matches(vertxWebContext, this.matcherName, this.config.getMatchers())) {
            LOG.debug("no matching for this request -> grant access");
            routingContext.next();
            return;
        }
        List<Client> find = this.clientFinder.find(this.config.getClients(), vertxWebContext, this.clientName);
        VertxProfileManager vertxProfileManager = new VertxProfileManager(vertxWebContext);
        UserProfile userProfile = vertxProfileManager.get(useSession(vertxWebContext, find));
        if (userProfile != null) {
            authorise(new Pac4jUser(userProfile), routingContext);
        } else {
            this.vertx.executeBlocking(future -> {
                future.complete(find.stream().filter(client -> {
                    return client instanceof DirectClient;
                }).map(client2 -> {
                    try {
                        return client2.getUserProfile(client2.getCredentials(vertxWebContext), vertxWebContext);
                    } catch (RequiresHttpAction e) {
                        throw new TechnicalException("Unexpected HTTP action", e);
                    }
                }).filter(userProfile2 -> {
                    return userProfile2 != null;
                }).findFirst());
            }, asyncResult -> {
                if (!asyncResult.succeeded()) {
                    unexpectedFailure(routingContext, asyncResult.cause());
                    return;
                }
                Optional optional = (Optional) asyncResult.result();
                if (optional.isPresent()) {
                    UserProfile userProfile2 = (UserProfile) optional.get();
                    vertxProfileManager.save(useSession(vertxWebContext, find), userProfile2);
                    authorise(new Pac4jUser(userProfile2), routingContext);
                } else if (!startAuthentication(vertxWebContext, find)) {
                    LOG.debug("unauthorized");
                    unauthorized(vertxWebContext, find);
                } else {
                    LOG.debug("Starting authentication");
                    saveRequestedUrl(vertxWebContext, find);
                    redirectToIdentityProvider(vertxWebContext, find);
                }
            });
        }
    }

    protected void authorise(User user, RoutingContext routingContext) {
        if (!(user instanceof Pac4jUser)) {
            throw new TechnicalException("Wrong user type in authorise");
        }
        this.vertx.executeBlocking(future -> {
            future.complete(Boolean.valueOf(this.authorizationChecker.isAuthorized(new VertxWebContext(routingContext), ((Pac4jUser) user).pac4jUserProfile(), this.authorizerName, this.config.getAuthorizers())));
        }, asyncResult -> {
            if (!asyncResult.succeeded()) {
                unexpectedFailure(routingContext, asyncResult.cause());
            } else if (((Boolean) asyncResult.result()).booleanValue()) {
                routingContext.next();
            } else {
                forbidden(routingContext);
            }
        });
    }

    protected boolean useSession(WebContext webContext, List<Client> list) {
        return list == null || list.size() == 0 || (list.get(0) instanceof IndirectClient);
    }

    protected boolean startAuthentication(VertxWebContext vertxWebContext, List<Client> list) {
        return list != null && list.size() > 0 && (list.get(0) instanceof IndirectClient);
    }

    protected void saveRequestedUrl(WebContext webContext, List<Client> list) {
        String fullRequestURL = webContext.getFullRequestURL();
        LOG.debug("requestedUrl: " + fullRequestURL);
        webContext.setSessionAttribute("pac4jRequestedUrl", fullRequestURL);
    }

    protected void redirectToIdentityProvider(VertxWebContext vertxWebContext, List<Client> list) {
        try {
            RedirectAction redirectAction = list.get(0).getRedirectAction(vertxWebContext, true);
            LOG.debug("redirectAction: " + redirectAction);
            this.httpActionAdapter.handleRedirect(redirectAction, vertxWebContext);
        } catch (RequiresHttpAction e) {
            LOG.debug("extra HTTP action required: " + e.getCode());
            this.httpActionAdapter.handle(e.getCode(), vertxWebContext);
        }
    }

    protected void unauthorized(VertxWebContext vertxWebContext, List<Client> list) {
        this.httpActionAdapter.handle(401, vertxWebContext);
    }

    protected void forbidden(RoutingContext routingContext) {
        this.httpActionAdapter.handle(403, new VertxWebContext(routingContext));
    }

    protected void unexpectedFailure(RoutingContext routingContext, Throwable th) {
        routingContext.fail(toTechnicalException(th));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final TechnicalException toTechnicalException(Throwable th) {
        return th instanceof TechnicalException ? (TechnicalException) th : new TechnicalException(th);
    }
}
