package io.helidon.security;

import io.helidon.security.AuthorizationResponse;
import io.helidon.security.CompositeProviderSelectionPolicy;
import io.helidon.security.SecurityResponse;
import io.helidon.security.spi.AuthorizationProvider;
import io.helidon.security.spi.ProviderConfig;
import java.lang.annotation.Annotation;
import java.util.Collection;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/security/CompositeAuthorizationProvider.class */
public final class CompositeAuthorizationProvider implements AuthorizationProvider {
    private final List<Atz> providers = new LinkedList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/helidon/security/CompositeAuthorizationProvider$AsyncAtzException.class */
    public static final class AsyncAtzException extends RuntimeException {
        private AuthorizationResponse response;

        private AsyncAtzException(AuthorizationResponse authorizationResponse) {
            this.response = authorizationResponse;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/helidon/security/CompositeAuthorizationProvider$Atz.class */
    public static class Atz {
        private final CompositeProviderSelectionPolicy.FlaggedProvider config;
        private final AuthorizationProvider provider;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Atz(CompositeProviderSelectionPolicy.FlaggedProvider flaggedProvider, AuthorizationProvider authorizationProvider) {
            this.config = flaggedProvider;
            this.provider = authorizationProvider;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompositeAuthorizationProvider(List<Atz> list) {
        this.providers.addAll(list);
    }

    @Override // io.helidon.security.spi.SecurityProvider
    public Collection<Class<? extends Annotation>> supportedAnnotations() {
        HashSet hashSet = new HashSet();
        this.providers.forEach(atz -> {
            hashSet.addAll(atz.provider.supportedAnnotations());
        });
        return hashSet;
    }

    @Override // io.helidon.security.spi.SecurityProvider
    public Collection<String> supportedConfigKeys() {
        HashSet hashSet = new HashSet();
        this.providers.forEach(atz -> {
            hashSet.addAll(atz.provider.supportedConfigKeys());
        });
        return hashSet;
    }

    @Override // io.helidon.security.spi.SecurityProvider
    public Collection<Class<? extends ProviderConfig>> supportedCustomObjects() {
        HashSet hashSet = new HashSet();
        this.providers.forEach(atz -> {
            hashSet.addAll(atz.provider.supportedCustomObjects());
        });
        return hashSet;
    }

    @Override // io.helidon.security.spi.SecurityProvider
    public Collection<String> supportedAttributes() {
        HashSet hashSet = new HashSet();
        this.providers.forEach(atz -> {
            hashSet.addAll(atz.provider.supportedAttributes());
        });
        return hashSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.util.concurrent.CompletionStage] */
    @Override // io.helidon.security.spi.AuthorizationProvider
    public CompletionStage<AuthorizationResponse> authorize(ProviderRequest providerRequest) {
        CompletableFuture completedFuture = CompletableFuture.completedFuture(AuthorizationResponse.abstain());
        for (Atz atz : this.providers) {
            completedFuture = completedFuture.thenCombine((CompletionStage) atz.provider.authorize(providerRequest), (authorizationResponse, authorizationResponse2) -> {
                return processProvider(atz, authorizationResponse, authorizationResponse2);
            });
        }
        return completedFuture.exceptionally(th -> {
            Throwable cause = th.getCause();
            if (null == cause) {
                cause = th;
            }
            return cause instanceof AsyncAtzException ? ((AsyncAtzException) cause).response : ((AuthorizationResponse.Builder) ((AuthorizationResponse.Builder) ((AuthorizationResponse.Builder) AuthorizationResponse.builder().status(SecurityResponse.SecurityStatus.FAILURE)).description("Failed processing: " + th.getMessage())).throwable(th)).m3build();
        }).thenApply(authorizationResponse3 -> {
            return authorizationResponse3.status() == SecurityResponse.SecurityStatus.ABSTAIN ? AuthorizationResponse.abstain() : authorizationResponse3;
        });
    }

    private AuthorizationResponse processProvider(Atz atz, AuthorizationResponse authorizationResponse, AuthorizationResponse authorizationResponse2) {
        CompositeProviderFlag flag = atz.config.flag();
        if (flag.isValid(authorizationResponse2.status())) {
            if (flag == CompositeProviderFlag.SUFFICIENT && authorizationResponse2.status() == SecurityResponse.SecurityStatus.SUCCESS) {
                throw new AsyncAtzException(authorizationResponse2);
            }
            return authorizationResponse.status() == SecurityResponse.SecurityStatus.ABSTAIN ? authorizationResponse2.status().isSuccess() ? authorizationResponse2 : authorizationResponse : !authorizationResponse2.status().isSuccess() ? authorizationResponse : authorizationResponse2;
        }
        switch (authorizationResponse2.status()) {
            case SUCCESS:
            case SUCCESS_FINISH:
            case ABSTAIN:
                AuthorizationResponse.Builder builder = AuthorizationResponse.builder();
                builder.status(SecurityResponse.SecurityStatus.FAILURE);
                builder.description("Composite flag forbids this response: " + authorizationResponse2.status());
                Optional<String> description = authorizationResponse2.description();
                Objects.requireNonNull(builder);
                description.map(builder::description);
                Optional<Throwable> throwable = authorizationResponse2.throwable();
                Objects.requireNonNull(builder);
                throwable.map(builder::throwable);
                throw new AsyncAtzException(builder.m3build());
            case FAILURE:
            case FAILURE_FINISH:
            default:
                throw new AsyncAtzException(authorizationResponse2);
        }
    }
}
