package feast.common.auth.providers.http;

import feast.common.auth.authorization.AuthorizationProvider;
import feast.common.auth.authorization.AuthorizationResult;
import feast.common.auth.config.CacheConfiguration;
import feast.common.auth.config.SecurityProperties;
import feast.common.auth.providers.http.client.api.DefaultApi;
import feast.common.auth.providers.http.client.invoker.ApiClient;
import feast.common.auth.providers.http.client.invoker.ApiException;
import feast.common.auth.providers.http.client.model.CheckAccessRequest;
import feast.common.auth.utils.AuthUtils;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.jwt.Jwt;

/* loaded from: input_file:feast/common/auth/providers/http/HttpAuthorizationProvider.class */
public class HttpAuthorizationProvider implements AuthorizationProvider {
    private static final Logger log = LoggerFactory.getLogger(HttpAuthorizationProvider.class);
    private final DefaultApi defaultApiClient;
    private final String subjectClaim;

    public HttpAuthorizationProvider(Map<String, String> map) {
        if (map == null) {
            throw new IllegalArgumentException("Cannot pass empty or null options to HTTPAuthorizationProvider");
        }
        ApiClient apiClient = new ApiClient();
        apiClient.setBasePath(map.get("authorizationUrl"));
        this.defaultApiClient = new DefaultApi(apiClient);
        this.subjectClaim = map.get(SecurityProperties.AuthenticationProperties.SUBJECT_CLAIM);
    }

    @Override // feast.common.auth.authorization.AuthorizationProvider
    @Cacheable(value = {CacheConfiguration.AUTHORIZATION_CACHE}, keyGenerator = "authKeyGenerator")
    public AuthorizationResult checkAccessToProject(String str, Authentication authentication) {
        feast.common.auth.providers.http.client.model.AuthorizationResult checkAccessPost;
        CheckAccessRequest checkAccessRequest = new CheckAccessRequest();
        Object context = getContext(authentication);
        String subjectFromAuth = AuthUtils.getSubjectFromAuth(authentication, this.subjectClaim);
        checkAccessRequest.setAction("ALL");
        checkAccessRequest.setContext(context);
        checkAccessRequest.setResource("projects:" + str);
        checkAccessRequest.setSubject(subjectFromAuth);
        try {
            checkAccessPost = this.defaultApiClient.checkAccessPost(checkAccessRequest, "Bearer " + ((Jwt) authentication.getCredentials()).getTokenValue());
        } catch (ApiException e) {
            log.error("API exception has occurred during authorization: {}", e.getMessage(), e);
        }
        if (checkAccessPost == null) {
            throw new RuntimeException(String.format("Empty response returned for access to project %s for subject %s", str, subjectFromAuth));
        }
        if (checkAccessPost.getAllowed().booleanValue()) {
            return AuthorizationResult.success();
        }
        return AuthorizationResult.failed(String.format("Access denied to project %s for subject %s", str, subjectFromAuth));
    }

    private Object getContext(Authentication authentication) {
        return new Object();
    }
}
