package com.mastfrog.acteur.auth;

import com.mastfrog.acteur.Acteur;
import com.mastfrog.acteur.HttpEvent;
import com.mastfrog.acteur.Page;
import com.mastfrog.acteur.headers.HeaderValueType;
import com.mastfrog.acteur.headers.Headers;
import com.mastfrog.acteur.preconditions.Authenticated;
import com.mastfrog.acteur.util.RequestID;
import com.mastfrog.acteurbase.Chain;
import com.mastfrog.util.strings.Strings;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.util.AsciiString;
import javax.inject.Inject;

/* loaded from: input_file:com/mastfrog/acteur/auth/AsyncAuthenticationActeur.class */
final class AsyncAuthenticationActeur extends AuthenticationActeur {
    private static final HeaderValueType<CharSequence> VT = Headers.header(HttpHeaderNames.WWW_AUTHENTICATE);
    private static final AsciiString BEARER = new AsciiString("Bearer");

    /* loaded from: input_file:com/mastfrog/acteur/auth/AsyncAuthenticationActeur$CheckAuth.class */
    static final class CheckAuth extends Acteur {
        @Inject
        CheckAuth(AuthenticationResult<?> authenticationResult, Page page) {
            Authenticated authenticated = (Authenticated) page.getClass().getAnnotation(Authenticated.class);
            if (authenticated != null && Authenticated.OPTIONAL.equals(authenticated.value())) {
                next(new Object[0]);
                return;
            }
            if (authenticationResult.failureStatus == null) {
                next(authenticationResult, authenticationResult.info);
                return;
            }
            add(AsyncAuthenticationActeur.VT, AsyncAuthenticationActeur.BEARER);
            if (authenticationResult.failureMessage != null) {
                reply(authenticationResult.failureStatus, authenticationResult.failureMessage);
            } else {
                reply(authenticationResult.failureStatus);
            }
        }
    }

    @Inject
    AsyncAuthenticationActeur(AsyncAuthenticator<?> asyncAuthenticator, Chain chain, HttpEvent httpEvent, RequestID requestID, Page page) {
        String header = httpEvent.header((CharSequence) HttpHeaderNames.AUTHORIZATION);
        if (header == null) {
            Authenticated authenticated = (Authenticated) page.getClass().getAnnotation(Authenticated.class);
            if (authenticated == null || !Authenticated.OPTIONAL.equals(authenticated.value())) {
                reply(HttpResponseStatus.UNAUTHORIZED, "No auth header present");
                return;
            } else if (Authenticated.OPTIONAL.equals(authenticated.value())) {
                next(new Object[0]);
                return;
            }
        }
        if (!Strings.startsWithIgnoreCase(header, "bearer ")) {
            reply(HttpResponseStatus.UNAUTHORIZED, "Invalid auth header prefix in '" + header + "'");
            return;
        }
        String urlDecode = Strings.urlDecode(header.substring("bearer ".length()));
        String validate = asyncAuthenticator.validate(httpEvent, urlDecode);
        if (validate != null) {
            reply(HttpResponseStatus.UNAUTHORIZED, validate);
            add(VT, BEARER);
        } else {
            chain.insert(CheckAuth.class);
            continueAfter(true, asyncAuthenticator.authenticate(requestID, httpEvent, urlDecode));
        }
    }
}
