package io.vertx.up.secure.authorization;

import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authorization.Authorization;
import io.vertx.ext.auth.authorization.AuthorizationContext;
import io.vertx.ext.auth.authorization.AuthorizationProvider;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.AuthorizationHandler;
import io.vertx.up.atom.secure.Aegis;
import io.vertx.up.exception.web._403ForbiddenException;
import io.vertx.up.log.Annal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import java.util.function.BiConsumer;

/* loaded from: input_file:io/vertx/up/secure/authorization/AuthorizationBuiltInHandler.class */
public class AuthorizationBuiltInHandler implements AuthorizationHandler {
    private static final Annal LOGGER = Annal.get(AuthorizationBuiltInHandler.class);
    private final transient Collection<AuthorizationProvider> providers = new ArrayList();
    private final transient AuthorizationResource resource;
    private BiConsumer<RoutingContext, AuthorizationContext> consumer;

    private AuthorizationBuiltInHandler(AuthorizationResource authorizationResource) {
        this.resource = authorizationResource;
    }

    public static AuthorizationBuiltInHandler create(Aegis aegis) {
        return new AuthorizationBuiltInHandler(AuthorizationResource.buildIn(aegis));
    }

    public static AuthorizationBuiltInHandler create(AuthorizationResource authorizationResource) {
        return new AuthorizationBuiltInHandler(authorizationResource);
    }

    public AuthorizationHandler variableConsumer(BiConsumer<RoutingContext, AuthorizationContext> biConsumer) {
        this.consumer = biConsumer;
        return this;
    }

    public void handle(RoutingContext routingContext) {
        _403ForbiddenException _403forbiddenexception = new _403ForbiddenException(getClass());
        if (Objects.isNull(routingContext.user())) {
            routingContext.fail(_403forbiddenexception);
            return;
        }
        routingContext.request().pause();
        try {
            AuthorizationContext authorizationContext = getAuthorizationContext(routingContext);
            this.resource.requestResource(routingContext, asyncResult -> {
                if (asyncResult.succeeded()) {
                    checkOrFetchAuthorizations(routingContext, (Authorization) asyncResult.result(), authorizationContext, this.providers.iterator());
                    return;
                }
                Throwable cause = asyncResult.cause();
                routingContext.request().resume();
                if (Objects.nonNull(cause)) {
                    routingContext.fail(cause);
                } else {
                    routingContext.fail(_403forbiddenexception);
                }
            });
        } catch (RuntimeException e) {
            routingContext.request().resume();
            routingContext.fail(e);
        }
    }

    private void checkOrFetchAuthorizations(RoutingContext routingContext, Authorization authorization, AuthorizationContext authorizationContext, Iterator<AuthorizationProvider> it) {
        if (authorization.match(authorizationContext)) {
            User user = authorizationContext.user();
            LOGGER.info("[ Auth ]\u001b[0;32m 403 Authorized successfully \u001b[m for user: principal = {0}, attribute = {1}", new Object[]{user.principal(), user.attributes()});
            routingContext.request().resume();
            routingContext.next();
            return;
        }
        if (!it.hasNext()) {
            routingContext.request().resume();
            routingContext.fail(new _403ForbiddenException(getClass()));
        } else {
            while (it.hasNext()) {
                AuthorizationProvider next = it.next();
                if (!routingContext.user().authorizations().getProviderIds().contains(next.getId())) {
                    next.getAuthorizations(routingContext.user(), asyncResult -> {
                        if (asyncResult.failed()) {
                            LOGGER.warn("[ Auth ] Error occurs when getting authorization - providerId: {0}", new Object[]{next.getId()});
                            LOGGER.jvm(asyncResult.cause());
                        }
                        checkOrFetchAuthorizations(routingContext, authorization, authorizationContext, it);
                    });
                }
            }
        }
    }

    private AuthorizationContext getAuthorizationContext(RoutingContext routingContext) {
        AuthorizationContext create = AuthorizationContext.create(routingContext.user());
        if (this.consumer != null) {
            this.consumer.accept(routingContext, create);
        }
        return create;
    }

    public AuthorizationHandler addAuthorizationProvider(AuthorizationProvider authorizationProvider) {
        Objects.requireNonNull(authorizationProvider);
        this.providers.add(authorizationProvider);
        return this;
    }
}
