package pl.allegro.tech.hermes.frontend.publishing.handlers;

import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.util.Deque;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import pl.allegro.tech.hermes.api.ErrorCode;
import pl.allegro.tech.hermes.api.ErrorDescription;
import pl.allegro.tech.hermes.api.Topic;
import pl.allegro.tech.hermes.frontend.cache.topic.TopicsCache;
import pl.allegro.tech.hermes.frontend.metric.CachedTopic;
import pl.allegro.tech.hermes.frontend.publishing.handlers.end.MessageErrorProcessor;
import pl.allegro.tech.hermes.frontend.publishing.message.MessageIdGenerator;
import pl.allegro.tech.hermes.frontend.publishing.message.MessageState;
import pl.allegro.tech.hermes.frontend.server.auth.Roles;

/* loaded from: input_file:pl/allegro/tech/hermes/frontend/publishing/handlers/TopicHandler.class */
class TopicHandler implements HttpHandler {
    private static final String UNKNOWN_TOPIC_NAME = "unknown";
    private final HttpHandler next;
    private final TopicsCache topicsCache;
    private final MessageErrorProcessor messageErrorProcessor;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TopicHandler(HttpHandler httpHandler, TopicsCache topicsCache, MessageErrorProcessor messageErrorProcessor) {
        this.next = httpHandler;
        this.topicsCache = topicsCache;
        this.messageErrorProcessor = messageErrorProcessor;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (httpServerExchange.isInIoThread()) {
            httpServerExchange.dispatch(this);
        } else {
            String generate = MessageIdGenerator.generate();
            onRequestValid(httpServerExchange, generate, cachedTopic -> {
                httpServerExchange.addExchangeCompleteListener(new ExchangeMetrics(cachedTopic));
                httpServerExchange.putAttachment(AttachmentContent.KEY, new AttachmentContent(cachedTopic, new MessageState(), generate));
                setDefaultResponseCode(httpServerExchange);
                try {
                    this.next.handleRequest(httpServerExchange);
                } catch (Exception e) {
                    this.messageErrorProcessor.sendAndLog(httpServerExchange, cachedTopic.getTopic(), generate, e);
                }
            });
        }
    }

    private void onRequestValid(HttpServerExchange httpServerExchange, String str, Consumer<CachedTopic> consumer) {
        String str2 = (String) ((Deque) httpServerExchange.getQueryParameters().get("qualifiedTopicName")).getFirst();
        Optional<CachedTopic> topic = this.topicsCache.getTopic(str2);
        if (!topic.isPresent()) {
            unknownTopic(httpServerExchange, str2, str);
            return;
        }
        CachedTopic cachedTopic = topic.get();
        if (cachedTopic.isBlacklisted()) {
            blacklistedTopic(httpServerExchange, str2, str);
            return;
        }
        Topic topic2 = cachedTopic.getTopic();
        if (!topic2.isAuthEnabled() || hasPermission(httpServerExchange, topic2)) {
            consumer.accept(cachedTopic);
        } else {
            requestForbidden(httpServerExchange, str, str2);
        }
    }

    private boolean hasPermission(HttpServerExchange httpServerExchange, Topic topic) {
        Optional<U> map = extractAccount(httpServerExchange).map(account -> {
            return Boolean.valueOf(hasPermission(topic, account));
        });
        Objects.requireNonNull(topic);
        return ((Boolean) map.orElseGet(topic::isUnauthenticatedAccessEnabled)).booleanValue();
    }

    private boolean hasPermission(Topic topic, Account account) {
        return account.getRoles().contains(Roles.PUBLISHER) && topic.hasPermission(account.getPrincipal().getName());
    }

    private Optional<Account> extractAccount(HttpServerExchange httpServerExchange) {
        SecurityContext securityContext = httpServerExchange.getSecurityContext();
        return Optional.ofNullable(securityContext != null ? securityContext.getAuthenticatedAccount() : null);
    }

    private void unknownTopic(HttpServerExchange httpServerExchange, String str, String str2) {
        this.messageErrorProcessor.sendQuietly(httpServerExchange, ErrorDescription.error("Topic not found: " + str, ErrorCode.TOPIC_NOT_EXISTS), str2, UNKNOWN_TOPIC_NAME);
    }

    private void requestForbidden(HttpServerExchange httpServerExchange, String str, String str2) {
        this.messageErrorProcessor.sendQuietly(httpServerExchange, ErrorDescription.error("Permission denied.", ErrorCode.AUTH_ERROR), str, str2);
    }

    private void blacklistedTopic(HttpServerExchange httpServerExchange, String str, String str2) {
        this.messageErrorProcessor.sendQuietly(httpServerExchange, ErrorDescription.error("Topic blacklisted: " + str, ErrorCode.TOPIC_BLACKLISTED), str2, str);
    }

    private void setDefaultResponseCode(HttpServerExchange httpServerExchange) {
        httpServerExchange.setStatusCode(500);
    }
}
