package io.confluent.ksql.api.auth;

import io.confluent.ksql.api.server.Server;
import io.confluent.ksql.security.KsqlAuthorizationProvider;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.Promise;
import io.vertx.core.WorkerExecutor;
import io.vertx.ext.auth.User;
import io.vertx.ext.web.RoutingContext;

/* loaded from: input_file:io/confluent/ksql/api/auth/KsqlAuthorizationProviderHandler.class */
public class KsqlAuthorizationProviderHandler implements Handler<RoutingContext> {
    private final WorkerExecutor workerExecutor;
    private final KsqlAuthorizationProvider ksqlAuthorizationProvider;

    public KsqlAuthorizationProviderHandler(Server server, KsqlAuthorizationProvider ksqlAuthorizationProvider) {
        this.workerExecutor = server.getWorkerExecutor();
        this.ksqlAuthorizationProvider = ksqlAuthorizationProvider;
    }

    public void handle(RoutingContext routingContext) {
        this.workerExecutor.executeBlocking(promise -> {
            authorize(promise, routingContext);
        }, false, asyncResult -> {
            handleAuthorizeResult(asyncResult, routingContext);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void handleAuthorizeResult(AsyncResult<Void> asyncResult, RoutingContext routingContext) {
        if (asyncResult.succeeded()) {
            routingContext.next();
        } else {
            routingContext.fail(HttpResponseStatus.FORBIDDEN.code(), asyncResult.cause());
        }
    }

    private void authorize(Promise<Void> promise, RoutingContext routingContext) {
        User user = routingContext.user();
        if (user == null) {
            promise.fail(new IllegalStateException("Null user in " + KsqlAuthorizationProviderHandler.class));
            return;
        }
        if (!(user instanceof ApiUser)) {
            throw new IllegalStateException("Not an ApiUser: " + user);
        }
        try {
            this.ksqlAuthorizationProvider.checkEndpointAccess(((ApiUser) user).getPrincipal(), routingContext.request().method().toString(), routingContext.normalisedPath());
            promise.complete();
        } catch (Exception e) {
            promise.fail(e);
        }
    }
}
