package io.helidon.security;

import io.helidon.security.AuthenticationResponse;
import io.helidon.security.CompositeProviderSelectionPolicy;
import io.helidon.security.SecurityResponse;
import io.helidon.security.spi.AuthenticationProvider;
import io.helidon.security.spi.ProviderConfig;
import java.lang.annotation.Annotation;
import java.util.Collection;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/security/CompositeAuthenticationProvider.class */
public final class CompositeAuthenticationProvider implements AuthenticationProvider {
    private static final AuthenticationResponse ABSTAIN_RESPONSE = AuthenticationResponse.abstain();
    private final List<Atn> providers = new LinkedList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/helidon/security/CompositeAuthenticationProvider$AsyncAtnException.class */
    public static final class AsyncAtnException extends RuntimeException {
        private final AuthenticationResponse response;

        private AsyncAtnException(AuthenticationResponse authenticationResponse) {
            this.response = authenticationResponse;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/helidon/security/CompositeAuthenticationProvider$Atn.class */
    public static class Atn {
        private final CompositeProviderSelectionPolicy.FlaggedProvider config;
        private final AuthenticationProvider provider;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Atn(CompositeProviderSelectionPolicy.FlaggedProvider flaggedProvider, AuthenticationProvider authenticationProvider) {
            this.config = flaggedProvider;
            this.provider = authenticationProvider;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/helidon/security/CompositeAuthenticationProvider$AtnResponse.class */
    public static final class AtnResponse {
        private final List<AuthenticationResponse> successResponses;
        private final AuthenticationResponse response;

        AtnResponse(AuthenticationResponse authenticationResponse) {
            this.successResponses = new LinkedList();
            this.response = authenticationResponse;
        }

        AtnResponse(AuthenticationResponse authenticationResponse, List<AuthenticationResponse> list) {
            this(authenticationResponse);
            this.successResponses.addAll(list);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompositeAuthenticationProvider(List<Atn> list) {
        this.providers.addAll(list);
    }

    @Override // io.helidon.security.spi.SecurityProvider
    public Collection<Class<? extends Annotation>> supportedAnnotations() {
        HashSet hashSet = new HashSet();
        this.providers.forEach(atn -> {
            hashSet.addAll(atn.provider.supportedAnnotations());
        });
        return hashSet;
    }

    @Override // io.helidon.security.spi.SecurityProvider
    public Collection<String> supportedConfigKeys() {
        HashSet hashSet = new HashSet();
        this.providers.forEach(atn -> {
            hashSet.addAll(atn.provider.supportedConfigKeys());
        });
        return hashSet;
    }

    @Override // io.helidon.security.spi.SecurityProvider
    public Collection<Class<? extends ProviderConfig>> supportedCustomObjects() {
        HashSet hashSet = new HashSet();
        this.providers.forEach(atn -> {
            hashSet.addAll(atn.provider.supportedCustomObjects());
        });
        return hashSet;
    }

    @Override // io.helidon.security.spi.SecurityProvider
    public Collection<String> supportedAttributes() {
        HashSet hashSet = new HashSet();
        this.providers.forEach(atn -> {
            hashSet.addAll(atn.provider.supportedAttributes());
        });
        return hashSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.util.concurrent.CompletionStage] */
    @Override // io.helidon.security.spi.AuthenticationProvider
    public CompletionStage<AuthenticationResponse> authenticate(ProviderRequest providerRequest) {
        CompletableFuture completedFuture = CompletableFuture.completedFuture(new AtnResponse(ABSTAIN_RESPONSE));
        for (Atn atn : this.providers) {
            completedFuture = completedFuture.thenCompose(atnResponse -> {
                return invokeProvider(atnResponse, atn, providerRequest);
            });
        }
        return completedFuture.thenApply(atnResponse2 -> {
            List<AuthenticationResponse> list = atnResponse2.successResponses;
            if (list.isEmpty()) {
                return ABSTAIN_RESPONSE;
            }
            AuthenticationResponse.Builder builder = (AuthenticationResponse.Builder) AuthenticationResponse.builder().status(SecurityResponse.SecurityStatus.SUCCESS);
            combineSubjects(list, builder);
            return builder.m1build();
        }).exceptionally(th -> {
            Throwable cause = th.getCause();
            if (null == cause) {
                cause = th;
            }
            return cause instanceof AsyncAtnException ? ((AsyncAtnException) cause).response : AuthenticationResponse.failed("Failed processing: " + th.getMessage(), th);
        });
    }

    private CompletionStage<AtnResponse> invokeProvider(AtnResponse atnResponse, Atn atn, ProviderRequest providerRequest) {
        List<AuthenticationResponse> list = atnResponse.successResponses;
        CompositeProviderFlag flag = atn.config.flag();
        return atn.provider.authenticate(providerRequest).thenApply(authenticationResponse -> {
            checkAtnResponseStatus(flag, authenticationResponse, authenticationResponse.status());
            if (authenticationResponse.status() == SecurityResponse.SecurityStatus.SUCCESS) {
                list.add(authenticationResponse);
            }
            if (flag != CompositeProviderFlag.SUFFICIENT || authenticationResponse.status() != SecurityResponse.SecurityStatus.SUCCESS) {
                return authenticationResponse.status() == SecurityResponse.SecurityStatus.ABSTAIN ? new AtnResponse(atnResponse.response, list) : new AtnResponse(authenticationResponse, list);
            }
            AuthenticationResponse.Builder builder = AuthenticationResponse.builder();
            combineSubjects(list, builder);
            throw new AsyncAtnException(((AuthenticationResponse.Builder) builder.status(SecurityResponse.SecurityStatus.SUCCESS)).m1build());
        });
    }

    private void combineSubjects(List<AuthenticationResponse> list, AuthenticationResponse.Builder builder) {
        Subject subject = null;
        Subject subject2 = null;
        for (AuthenticationResponse authenticationResponse : list) {
            Optional<Subject> user = authenticationResponse.user();
            Optional<Subject> service = authenticationResponse.service();
            if (user.isPresent()) {
                Subject subject3 = user.get();
                subject = null == subject ? subject3 : subject3.combine(subject);
            }
            if (service.isPresent()) {
                Subject subject4 = service.get();
                subject2 = null == subject2 ? subject4 : subject4.combine(subject2);
            }
        }
        if (null != subject) {
            builder.user(subject);
        }
        if (null != subject2) {
            builder.service(subject2);
        }
    }

    private void checkAtnResponseStatus(CompositeProviderFlag compositeProviderFlag, AuthenticationResponse authenticationResponse, SecurityResponse.SecurityStatus securityStatus) {
        if (compositeProviderFlag.isValid(securityStatus)) {
            return;
        }
        switch (securityStatus) {
            case SUCCESS:
            case SUCCESS_FINISH:
            case ABSTAIN:
                AuthenticationResponse.Builder builder = AuthenticationResponse.builder();
                builder.status(SecurityResponse.SecurityStatus.FAILURE);
                builder.description("Composite flag forbids this response: " + authenticationResponse.status());
                Optional<String> description = authenticationResponse.description();
                Objects.requireNonNull(builder);
                description.map(builder::description);
                Optional<Throwable> throwable = authenticationResponse.throwable();
                Objects.requireNonNull(builder);
                throwable.map(builder::throwable);
                throw new AsyncAtnException(builder.m1build());
            case FAILURE:
            case FAILURE_FINISH:
            default:
                throw new AsyncAtnException(authenticationResponse);
        }
    }
}
