package io.vertx.ext.web.handler.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.Session;
import io.vertx.ext.web.handler.AuthHandler;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:BOOT-INF/lib/vertx-web-3.9.7.jar:io/vertx/ext/web/handler/impl/AuthHandlerImpl.class */
public abstract class AuthHandlerImpl implements AuthHandler {
    static final String AUTH_PROVIDER_CONTEXT_KEY = "io.vertx.ext.web.handler.AuthHandler.provider";
    static final HttpStatusException FORBIDDEN = new HttpStatusException(403);
    static final HttpStatusException UNAUTHORIZED = new HttpStatusException(401);
    static final HttpStatusException BAD_REQUEST = new HttpStatusException(400);
    protected final String realm;
    protected final AuthProvider authProvider;
    protected final Set<String> authorities;

    public AuthHandlerImpl(AuthProvider authProvider) {
        this(authProvider, "");
    }

    public AuthHandlerImpl(AuthProvider authProvider, String str) {
        this.authorities = new HashSet();
        this.authProvider = authProvider;
        this.realm = str;
    }

    @Override // io.vertx.ext.web.handler.AuthHandler
    public AuthHandler addAuthority(String str) {
        this.authorities.add(str);
        return this;
    }

    @Override // io.vertx.ext.web.handler.AuthHandler
    public AuthHandler addAuthorities(Set<String> set) {
        this.authorities.addAll(set);
        return this;
    }

    @Override // io.vertx.ext.web.handler.AuthHandler
    public void authorize(User user, Handler<AsyncResult<Void>> handler) {
        int size = this.authorities.size();
        if (size <= 0) {
            handler.handle(Future.succeededFuture());
            return;
        }
        if (user == null) {
            handler.handle(Future.failedFuture(FORBIDDEN));
            return;
        }
        AtomicInteger atomicInteger = new AtomicInteger();
        AtomicBoolean atomicBoolean = new AtomicBoolean();
        Handler handler2 = asyncResult -> {
            if (!asyncResult.succeeded()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            if (((Boolean) asyncResult.result()).booleanValue()) {
                if (atomicInteger.incrementAndGet() == size) {
                    handler.handle(Future.succeededFuture());
                }
            } else if (atomicBoolean.compareAndSet(false, true)) {
                handler.handle(Future.failedFuture(FORBIDDEN));
            }
        };
        for (String str : this.authorities) {
            if (!atomicBoolean.get()) {
                user.isAuthorized(str, handler2);
            }
        }
    }

    protected String authenticateHeader(RoutingContext routingContext) {
        return null;
    }

    @Override // io.vertx.core.Handler
    public void handle(RoutingContext routingContext) {
        if (handlePreflight(routingContext)) {
            return;
        }
        User user = routingContext.user();
        if (user != null) {
            authorizeUser(routingContext, user);
        } else {
            parseCredentials(routingContext, asyncResult -> {
                if (asyncResult.failed()) {
                    processException(routingContext, asyncResult.cause());
                    return;
                }
                User user2 = routingContext.user();
                if (user2 == null) {
                    getAuthProvider(routingContext).authenticate((JsonObject) asyncResult.result(), asyncResult -> {
                        if (asyncResult.succeeded()) {
                            User user3 = (User) asyncResult.result();
                            routingContext.setUser(user3);
                            Session session = routingContext.session();
                            if (session != null) {
                                session.regenerateId();
                            }
                            authorizeUser(routingContext, user3);
                            return;
                        }
                        String authenticateHeader = authenticateHeader(routingContext);
                        if (authenticateHeader != null) {
                            routingContext.response().putHeader("WWW-Authenticate", authenticateHeader);
                        }
                        if (asyncResult.cause() instanceof HttpStatusException) {
                            processException(routingContext, asyncResult.cause());
                        } else {
                            processException(routingContext, new HttpStatusException(401, asyncResult.cause()));
                        }
                    });
                    return;
                }
                Session session = routingContext.session();
                if (session != null) {
                    session.regenerateId();
                }
                authorizeUser(routingContext, user2);
            });
        }
    }

    protected void processException(RoutingContext routingContext, Throwable th) {
        if (th == null || !(th instanceof HttpStatusException)) {
            routingContext.fail(th);
            return;
        }
        int statusCode = ((HttpStatusException) th).getStatusCode();
        String payload = ((HttpStatusException) th).getPayload();
        switch (statusCode) {
            case 302:
                routingContext.response().putHeader(HttpHeaders.LOCATION, payload).setStatusCode(302).end("Redirecting to " + payload + ".");
                return;
            case 401:
                String authenticateHeader = authenticateHeader(routingContext);
                if (authenticateHeader != null) {
                    routingContext.response().putHeader("WWW-Authenticate", authenticateHeader);
                }
                routingContext.fail(401, th);
                return;
            default:
                routingContext.fail(statusCode, th);
                return;
        }
    }

    private void authorizeUser(RoutingContext routingContext, User user) {
        authorize(user, asyncResult -> {
            if (asyncResult.failed()) {
                processException(routingContext, asyncResult.cause());
            } else {
                routingContext.next();
            }
        });
    }

    private boolean handlePreflight(RoutingContext routingContext) {
        String header;
        if (routingContext.request().method() != HttpMethod.OPTIONS || (header = routingContext.request().getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS)) == null) {
            return false;
        }
        for (String str : header.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)) {
            if (str.equalsIgnoreCase("Authorization")) {
                routingContext.next();
                return true;
            }
        }
        return false;
    }

    private AuthProvider getAuthProvider(RoutingContext routingContext) {
        try {
            AuthProvider authProvider = (AuthProvider) routingContext.get(AUTH_PROVIDER_CONTEXT_KEY);
            if (authProvider != null) {
                return authProvider;
            }
        } catch (RuntimeException e) {
        }
        return this.authProvider;
    }
}
