package io.helidon.security;

import io.helidon.security.AuditEvent;
import io.helidon.security.SecurityResponse;
import io.helidon.security.internal.SecurityAuditEvent;
import io.helidon.security.spi.AuthenticationProvider;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;

/* loaded from: input_file:io/helidon/security/AuthenticationClientImpl.class */
final class AuthenticationClientImpl implements SecurityClient<AuthenticationResponse> {
    private final Security security;
    private final SecurityContextImpl context;
    private final SecurityRequest request;
    private final String providerName;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationClientImpl(Security security, SecurityContextImpl securityContextImpl, SecurityRequest securityRequest, String str) {
        this.security = security;
        this.context = securityContextImpl;
        this.request = securityRequest;
        this.providerName = str;
    }

    @Override // io.helidon.security.SecurityClient
    public CompletionStage<AuthenticationResponse> submit() {
        return ((CompletionStage) this.security.resolveAtnProvider(this.providerName).map(this::authenticate).orElseThrow(() -> {
            return new SecurityException("Could not find any authentication provider. Security is not configured");
        })).thenCompose(authenticationResponse -> {
            return mapSubject(authenticationResponse);
        });
    }

    private CompletionStage<AuthenticationResponse> mapSubject(AuthenticationResponse authenticationResponse) {
        ProviderRequest providerRequest = new ProviderRequest(this.context, this.request.resources());
        return authenticationResponse.status() == SecurityResponse.SecurityStatus.SUCCESS ? ((CompletionStage) this.security.subjectMapper().map(subjectMappingProvider -> {
            return subjectMappingProvider.map(providerRequest, authenticationResponse);
        }).orElseGet(() -> {
            return CompletableFuture.completedFuture(authenticationResponse);
        })).thenApply(authenticationResponse2 -> {
            if (authenticationResponse2 == authenticationResponse) {
                return authenticationResponse;
            }
            Optional<Subject> user = authenticationResponse2.user();
            SecurityContextImpl securityContextImpl = this.context;
            Objects.requireNonNull(securityContextImpl);
            user.ifPresent(securityContextImpl::setUser);
            Optional<Subject> service = authenticationResponse2.service();
            SecurityContextImpl securityContextImpl2 = this.context;
            Objects.requireNonNull(securityContextImpl2);
            service.ifPresent(securityContextImpl2::setService);
            return authenticationResponse2;
        }) : CompletableFuture.completedFuture(authenticationResponse);
    }

    private CompletionStage<AuthenticationResponse> authenticate(AuthenticationProvider authenticationProvider) {
        ProviderRequest providerRequest = new ProviderRequest(this.context, this.request.resources());
        return authenticationProvider.authenticate(providerRequest).thenApply(authenticationResponse -> {
            if (!authenticationResponse.status().isSuccess()) {
                SecurityAuditEvent addParam = SecurityAuditEvent.failure("authn.authenticate", "Provider %s. Message: %s").addParam(AuditEvent.AuditParam.plain("provider", authenticationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("message", authenticationResponse.description().orElse(null)));
                authenticationResponse.throwable().map(th -> {
                    return addParam.addParam(AuditEvent.AuditParam.plain("exception", authenticationResponse.throwable()));
                });
                this.context.audit(addParam);
                return authenticationResponse;
            }
            Optional<Subject> user = authenticationResponse.user();
            SecurityContextImpl securityContextImpl = this.context;
            Objects.requireNonNull(securityContextImpl);
            user.ifPresent(securityContextImpl::setUser);
            Optional<Subject> service = authenticationResponse.service();
            SecurityContextImpl securityContextImpl2 = this.context;
            Objects.requireNonNull(securityContextImpl2);
            service.ifPresent(securityContextImpl2::setService);
            this.context.audit(SecurityAuditEvent.success("authn.authenticate", "Path %s. Provider %s. Subject %s").addParam(AuditEvent.AuditParam.plain("path", providerRequest.env().path())).addParam(AuditEvent.AuditParam.plain("provider", authenticationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("subject", authenticationResponse.user())));
            return authenticationResponse;
        }).exceptionally(th -> {
            this.context.audit(SecurityAuditEvent.error("authn.authenticate", "Provider %s. Message: %s").addParam(AuditEvent.AuditParam.plain("provider", authenticationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("message", th.getMessage())).addParam(AuditEvent.AuditParam.plain("exception", th)));
            throw new SecurityException(th);
        });
    }
}
