package org.sdase.commons.server.opa;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Lists;
import io.dropwizard.Configuration;
import io.dropwizard.ConfiguredBundle;
import io.dropwizard.client.JerseyClientBuilder;
import io.dropwizard.jackson.Jackson;
import io.dropwizard.setup.Bootstrap;
import io.dropwizard.setup.Environment;
import io.dropwizard.util.Duration;
import io.opentracing.Tracer;
import io.opentracing.util.GlobalTracer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.WebTarget;
import org.glassfish.hk2.utilities.binding.AbstractBinder;
import org.glassfish.jersey.process.internal.RequestScoped;
import org.sdase.commons.server.opa.config.OpaClientConfiguration;
import org.sdase.commons.server.opa.config.OpaConfig;
import org.sdase.commons.server.opa.config.OpaConfigProvider;
import org.sdase.commons.server.opa.extension.OpaInputExtension;
import org.sdase.commons.server.opa.extension.OpaInputHeadersExtension;
import org.sdase.commons.server.opa.filter.OpaAuthFilter;
import org.sdase.commons.server.opa.filter.model.OpaInput;
import org.sdase.commons.server.opa.health.PolicyExistsHealthCheck;
import org.sdase.commons.server.opa.internal.OpaJwtPrincipalFactory;
import org.sdase.commons.server.opentracing.client.ClientTracingUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  
 */
/* loaded from: input_file:org/sdase/commons/server/opa/OpaBundle.class */
public class OpaBundle<T extends Configuration> implements ConfiguredBundle<T> {
    private static final Logger LOG = LoggerFactory.getLogger(OpaBundle.class);
    private final OpaConfigProvider<T> configProvider;
    private final Map<String, OpaInputExtension<?>> inputExtensions;
    private final Tracer tracer;

    /* JADX WARN: Classes with same name are omitted:
      
     */
    /* loaded from: input_file:org/sdase/commons/server/opa/OpaBundle$Builder.class */
    public static class Builder<C extends Configuration> implements ProviderBuilder, OpaExtensionsBuilder<C>, OpaBuilder<C> {
        private OpaConfigProvider<C> opaConfigProvider;
        private Tracer tracer;
        private final Map<String, OpaInputExtension<?>> inputExtensions;
        private boolean addHeadersExtension;

        private Builder() {
            this.inputExtensions = new HashMap();
            this.addHeadersExtension = true;
        }

        private Builder(OpaConfigProvider<C> opaConfigProvider) {
            this.inputExtensions = new HashMap();
            this.addHeadersExtension = true;
            this.opaConfigProvider = opaConfigProvider;
        }

        @Override // org.sdase.commons.server.opa.OpaBundle.ProviderBuilder
        public <T extends Configuration> OpaExtensionsBuilder<T> withOpaConfigProvider(OpaConfigProvider<T> opaConfigProvider) {
            return new Builder(opaConfigProvider);
        }

        @Override // org.sdase.commons.server.opa.OpaBundle.OpaExtensionsBuilder
        public OpaExtensionsBuilder<C> withoutHeadersExtension() {
            this.addHeadersExtension = false;
            return this;
        }

        @Override // org.sdase.commons.server.opa.OpaBundle.OpaBuilder
        public <T> OpaBuilder<C> withInputExtension(String str, OpaInputExtension<T> opaInputExtension) {
            if (Arrays.stream(OpaInput.class.getDeclaredFields()).anyMatch(field -> {
                return field.getName().equals(str);
            })) {
                throw new HiddenOriginalPropertyException(str, opaInputExtension);
            }
            if (this.inputExtensions.containsKey(str)) {
                throw new DuplicatePropertyException(str, opaInputExtension, this.inputExtensions.get(str));
            }
            this.inputExtensions.put(str, opaInputExtension);
            return this;
        }

        @Override // org.sdase.commons.server.opa.OpaBundle.OpaBuilder
        public OpaBuilder<C> withTracer(Tracer tracer) {
            this.tracer = tracer;
            return this;
        }

        @Override // org.sdase.commons.server.opa.OpaBundle.OpaBuilder
        public OpaBundle<C> build() {
            if (this.addHeadersExtension) {
                withInputExtension("headers", OpaInputHeadersExtension.builder().build());
            }
            return new OpaBundle<>(this.opaConfigProvider, this.inputExtensions, this.tracer);
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      
     */
    /* loaded from: input_file:org/sdase/commons/server/opa/OpaBundle$DuplicatePropertyException.class */
    public static class DuplicatePropertyException extends RuntimeException {
        public DuplicatePropertyException(String str, OpaInputExtension<?> opaInputExtension, OpaInputExtension<?> opaInputExtension2) {
            super(String.format("There is already an extension \"%s\" registered for the field \"%s\". The extension \"%s\" would override this field.", opaInputExtension2.getClass().getName(), str, opaInputExtension.getClass().getName()));
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      
     */
    /* loaded from: input_file:org/sdase/commons/server/opa/OpaBundle$HiddenOriginalPropertyException.class */
    public static class HiddenOriginalPropertyException extends RuntimeException {
        public HiddenOriginalPropertyException(String str, OpaInputExtension<?> opaInputExtension) {
            super(String.format("The extension \"%s\" would override the original field \"%s\" of the OpaInput. This is not allowed!", opaInputExtension.getClass().getName(), str));
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      
     */
    /* loaded from: input_file:org/sdase/commons/server/opa/OpaBundle$OpaBuilder.class */
    public interface OpaBuilder<C extends Configuration> {
        <T> OpaBuilder<C> withInputExtension(String str, OpaInputExtension<T> opaInputExtension);

        OpaBuilder<C> withTracer(Tracer tracer);

        OpaBundle<C> build();
    }

    /* JADX WARN: Classes with same name are omitted:
      
     */
    /* loaded from: input_file:org/sdase/commons/server/opa/OpaBundle$OpaExtensionsBuilder.class */
    public interface OpaExtensionsBuilder<C extends Configuration> extends OpaBuilder<C> {
        OpaExtensionsBuilder<C> withoutHeadersExtension();
    }

    /* JADX WARN: Classes with same name are omitted:
      
     */
    /* loaded from: input_file:org/sdase/commons/server/opa/OpaBundle$ProviderBuilder.class */
    public interface ProviderBuilder {
        <C extends Configuration> OpaExtensionsBuilder<C> withOpaConfigProvider(OpaConfigProvider<C> opaConfigProvider);
    }

    private OpaBundle(OpaConfigProvider<T> opaConfigProvider, Map<String, OpaInputExtension<?>> map, Tracer tracer) {
        this.configProvider = opaConfigProvider;
        this.inputExtensions = map;
        this.tracer = tracer;
    }

    public static ProviderBuilder builder() {
        return new Builder();
    }

    @VisibleForTesting
    public Map<String, OpaInputExtension<?>> getInputExtensions() {
        return this.inputExtensions;
    }

    public void initialize(Bootstrap<?> bootstrap) {
    }

    public void run(T t, Environment environment) {
        OpaConfig apply = this.configProvider.apply(t);
        if (apply.isDisableOpa()) {
            LOG.warn("Authorization is disabled. This setting should NEVER be used in production.");
        }
        Tracer tracer = this.tracer == null ? GlobalTracer.get() : this.tracer;
        ObjectMapper createObjectMapper = createObjectMapper();
        WebTarget target = createClient(environment, apply, createObjectMapper, tracer).target(buildUrl(apply));
        ArrayList arrayList = new ArrayList();
        if (excludeSwagger()) {
            arrayList.addAll(getSwaggerExcludePatterns());
        }
        environment.jersey().register(new OpaAuthFilter(target, apply, arrayList, createObjectMapper, this.inputExtensions, tracer));
        if (!apply.isDisableOpa()) {
            environment.healthChecks().register(PolicyExistsHealthCheck.DEFAULT_NAME, new PolicyExistsHealthCheck(target));
        }
        environment.jersey().register(new AbstractBinder() { // from class: org.sdase.commons.server.opa.OpaBundle.1
            protected void configure() {
                bindFactory(OpaJwtPrincipalFactory.class).to(OpaJwtPrincipal.class).proxy(true).proxyForSameScope(true).in(RequestScoped.class);
            }
        });
    }

    private Client createClient(Environment environment, OpaConfig opaConfig, ObjectMapper objectMapper, Tracer tracer) {
        OpaClientConfiguration opaClientConfiguration = opaConfig.getOpaClient() == null ? new OpaClientConfiguration() : opaConfig.getOpaClient();
        if (opaConfig.getReadTimeout() != null) {
            opaClientConfiguration.setTimeout(Duration.milliseconds(opaConfig.getReadTimeout().intValue()));
        }
        Client build = new JerseyClientBuilder(environment).using(opaClientConfiguration).using(objectMapper).build("opaClient");
        ClientTracingUtil.registerTracing(build, tracer);
        return build;
    }

    private ObjectMapper createObjectMapper() {
        ObjectMapper newObjectMapper = Jackson.newObjectMapper();
        newObjectMapper.disable(SerializationFeature.FAIL_ON_EMPTY_BEANS).disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES).disable(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES).disable(DeserializationFeature.FAIL_ON_INVALID_SUBTYPE).enable(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY);
        return newObjectMapper;
    }

    private List<String> getSwaggerExcludePatterns() {
        return Lists.newArrayList(new String[]{"swagger\\.(json|yaml)"});
    }

    private boolean excludeSwagger() {
        try {
            return getClass().getClassLoader().loadClass("org.sdase.commons.server.swagger.SwaggerBundle") != null;
        } catch (ClassNotFoundException e) {
            return false;
        }
    }

    private String buildUrl(OpaConfig opaConfig) {
        return String.format("%s/v1/data/%s", opaConfig.getBaseUrl(), opaConfig.getPolicyPackagePath());
    }
}
