package io.vertx.ext.web.handler.impl;

import io.vertx.core.Future;
import io.vertx.core.internal.logging.Logger;
import io.vertx.core.internal.logging.LoggerFactory;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.audit.Marker;
import io.vertx.ext.auth.audit.SecurityAudit;
import io.vertx.ext.auth.authorization.Authorization;
import io.vertx.ext.auth.authorization.AuthorizationContext;
import io.vertx.ext.auth.authorization.AuthorizationProvider;
import io.vertx.ext.auth.authorization.PermissionBasedAuthorization;
import io.vertx.ext.web.Route;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.AuthorizationHandler;
import io.vertx.ext.web.handler.HttpException;
import io.vertx.ext.web.impl.RoutingContextInternal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import java.util.function.BiConsumer;

/* loaded from: input_file:io/vertx/ext/web/handler/impl/AuthorizationHandlerImpl.class */
public class AuthorizationHandlerImpl implements AuthorizationHandler {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizationHandler.class);
    private static final int FORBIDDEN_CODE = 403;
    private static final HttpException FORBIDDEN_EXCEPTION = new HttpException(FORBIDDEN_CODE);
    private final Authorization authorization;
    private final Collection<AuthorizationProvider> authorizationProviders;
    private BiConsumer<RoutingContext, AuthorizationContext> variableHandler;

    public AuthorizationHandlerImpl(Authorization authorization) {
        this.authorization = (Authorization) Objects.requireNonNull(authorization);
        this.authorizationProviders = new ArrayList();
    }

    public AuthorizationHandlerImpl() {
        this.authorization = null;
        this.authorizationProviders = new ArrayList();
    }

    private Authorization computeAuthorizationIfNeeded(RoutingContext routingContext) {
        if (this.authorization != null) {
            return this.authorization;
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        Route currentRoute = routingContext.currentRoute();
        if (currentRoute != null) {
            str = (String) currentRoute.getMetadata("X-ABAC-Domain");
            str2 = (String) currentRoute.getMetadata("X-ABAC-Operation");
            str3 = (String) currentRoute.getMetadata("X-ABAC-Resource");
        }
        if (str == null) {
            str = "web";
        }
        return (str2 == null || str3 == null) ? PermissionBasedAuthorization.create(str + ":" + routingContext.request().method().name()).setResource(routingContext.normalizedPath()) : PermissionBasedAuthorization.create(str + ":" + str2).setResource(str3);
    }

    public void handle(RoutingContext routingContext) {
        AuthorizationContext create;
        User user = routingContext.user().get();
        if (user == null) {
            routingContext.fail(FORBIDDEN_CODE, FORBIDDEN_EXCEPTION);
            return;
        }
        try {
            if (!routingContext.request().isEnded()) {
                routingContext.request().pause();
            }
            if (this.variableHandler == null) {
                create = AuthorizationContext.create(user, routingContext.request().params());
            } else {
                create = AuthorizationContext.create(user);
                this.variableHandler.accept(routingContext, create);
            }
            checkOrFetchAuthorizations(routingContext, computeAuthorizationIfNeeded(routingContext), create, this.authorizationProviders.iterator());
        } catch (RuntimeException e) {
            if (!routingContext.request().isEnded()) {
                routingContext.request().resume();
            }
            routingContext.fail(e);
        }
    }

    @Override // io.vertx.ext.web.handler.AuthorizationHandler
    public AuthorizationHandler variableConsumer(BiConsumer<RoutingContext, AuthorizationContext> biConsumer) {
        this.variableHandler = biConsumer;
        return this;
    }

    private void checkOrFetchAuthorizations(RoutingContext routingContext, Authorization authorization, AuthorizationContext authorizationContext, Iterator<AuthorizationProvider> it) {
        User user = routingContext.user().get();
        SecurityAudit securityAudit = ((RoutingContextInternal) routingContext).securityAudit();
        securityAudit.authorization(authorization);
        securityAudit.user(user);
        if (authorization.match(authorizationContext)) {
            securityAudit.audit(Marker.AUTHORIZATION, true);
            if (!routingContext.request().isEnded()) {
                routingContext.request().resume();
            }
            routingContext.next();
            return;
        }
        if (user == null || !it.hasNext()) {
            if (!routingContext.request().isEnded()) {
                routingContext.request().resume();
            }
            securityAudit.audit(Marker.AUTHORIZATION, false);
            routingContext.fail(FORBIDDEN_CODE, FORBIDDEN_EXCEPTION);
            return;
        }
        do {
            AuthorizationProvider next = it.next();
            if (!user.authorizations().contains(next.getId())) {
                next.getAuthorizations(user).onFailure(th -> {
                    LOG.warn("An error occurred getting authorization - providerId: " + next.getId(), th);
                }).eventually(() -> {
                    checkOrFetchAuthorizations(routingContext, authorization, authorizationContext, it);
                    return Future.succeededFuture();
                });
                return;
            }
        } while (it.hasNext());
        if (!routingContext.request().isEnded()) {
            routingContext.request().resume();
        }
        securityAudit.audit(Marker.AUTHORIZATION, false);
        routingContext.fail(FORBIDDEN_CODE, FORBIDDEN_EXCEPTION);
    }

    @Override // io.vertx.ext.web.handler.AuthorizationHandler
    public AuthorizationHandler addAuthorizationProvider(AuthorizationProvider authorizationProvider) {
        Objects.requireNonNull(authorizationProvider);
        this.authorizationProviders.add(authorizationProvider);
        return this;
    }
}
