package com.uid2.shared.middleware;

import com.uid2.shared.Const;
import com.uid2.shared.audit.Audit;
import com.uid2.shared.audit.AuditParams;
import com.uid2.shared.auth.IAuthorizable;
import com.uid2.shared.auth.IAuthorizableProvider;
import com.uid2.shared.auth.IAuthorizationProvider;
import com.uid2.shared.auth.OperatorKey;
import com.uid2.shared.auth.RoleBasedAuthorizationProvider;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.web.RoutingContext;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import org.apache.commons.collections4.CollectionUtils;

/* loaded from: input_file:com/uid2/shared/middleware/AuthMiddleware.class */
public class AuthMiddleware {
    public static final String API_CONTACT_PROP = "api-contact";
    public static final String API_CLIENT_PROP = "api-client";
    private static final String AuthorizationHeader = "Authorization";
    private static final String PrefixString = "bearer ";
    private IAuthorizableProvider authKeyStore;
    private final Audit audit;
    public static final JsonObject UnauthorizedResponse = new JsonObject(new HashMap<String, Object>() { // from class: com.uid2.shared.middleware.AuthMiddleware.1
        {
            put("status", Const.ResponseStatus.Unauthorized);
        }
    });
    private static final IAuthorizationProvider blankAuthorizationProvider = new BlankAuthorizationProvider();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/uid2/shared/middleware/AuthMiddleware$AuthHandler.class */
    public static class AuthHandler {
        private final Handler<RoutingContext> innerHandler;
        private final IAuthorizableProvider authKeyStore;
        private final IAuthorizationProvider authorizationProvider;
        private final boolean isV1Response;

        private AuthHandler(Handler<RoutingContext> handler, IAuthorizableProvider iAuthorizableProvider, IAuthorizationProvider iAuthorizationProvider, boolean z) {
            this.innerHandler = handler;
            this.authKeyStore = iAuthorizableProvider;
            this.authorizationProvider = iAuthorizationProvider;
            this.isV1Response = z;
        }

        public void handle(RoutingContext routingContext) {
            String header = routingContext.request().getHeader("X-Amzn-Trace-Id");
            if (header != null && header.length() > 0) {
                routingContext.response().headers().add("X-Amzn-Trace-Id", header);
            }
            IAuthorizable iAuthorizable = this.authKeyStore.get(extractBearerToken(routingContext.request().getHeader(AuthMiddleware.AuthorizationHeader)));
            AuthMiddleware.setAuthClient(routingContext, iAuthorizable);
            if (this.authorizationProvider.isAuthorized(iAuthorizable)) {
                this.innerHandler.handle(routingContext);
            } else {
                onFailedAuth(routingContext);
            }
        }

        private void onFailedAuth(RoutingContext routingContext) {
            if (this.isV1Response) {
                routingContext.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json").setStatusCode(401).end(AuthMiddleware.UnauthorizedResponse.encode());
            }
            routingContext.fail(401);
        }

        private static String extractBearerToken(String str) {
            if (str == null) {
                return null;
            }
            String trim = str.trim();
            if (trim.length() >= AuthMiddleware.PrefixString.length() && AuthMiddleware.PrefixString.equals(trim.substring(0, AuthMiddleware.PrefixString.length()).toLowerCase())) {
                return trim.substring(AuthMiddleware.PrefixString.length());
            }
            return null;
        }
    }

    /* loaded from: input_file:com/uid2/shared/middleware/AuthMiddleware$BlankAuthorizationProvider.class */
    private static class BlankAuthorizationProvider implements IAuthorizationProvider {
        private BlankAuthorizationProvider() {
        }

        @Override // com.uid2.shared.auth.IAuthorizationProvider
        public boolean isAuthorized(IAuthorizable iAuthorizable) {
            return true;
        }
    }

    /* loaded from: input_file:com/uid2/shared/middleware/AuthMiddleware$LoopbackOnlyHandler.class */
    private static class LoopbackOnlyHandler {
        private final Handler<RoutingContext> innerHandler;
        private final IAuthorizable clientKey;

        private LoopbackOnlyHandler(Handler<RoutingContext> handler, IAuthorizable iAuthorizable) {
            this.innerHandler = handler;
            this.clientKey = iAuthorizable;
        }

        public void handle(RoutingContext routingContext) {
            String host = routingContext.request().host();
            if (host == null || !host.startsWith("127.0.0.1")) {
                routingContext.fail(401);
            } else {
                AuthMiddleware.setAuthClient(routingContext, this.clientKey);
                this.innerHandler.handle(routingContext);
            }
        }
    }

    public AuthMiddleware(IAuthorizableProvider iAuthorizableProvider) {
        this(iAuthorizableProvider, "unknown");
    }

    public AuthMiddleware(IAuthorizableProvider iAuthorizableProvider, String str) {
        this.authKeyStore = iAuthorizableProvider;
        this.audit = new Audit(str);
    }

    public static String getAuthToken(RoutingContext routingContext) {
        return AuthHandler.extractBearerToken(routingContext.request().getHeader(AuthorizationHeader));
    }

    public static boolean isAuthenticated(RoutingContext routingContext) {
        return routingContext.data().get(API_CLIENT_PROP) != null;
    }

    public static IAuthorizable getAuthClient(RoutingContext routingContext) {
        return (IAuthorizable) routingContext.data().get(API_CLIENT_PROP);
    }

    public static <U extends IAuthorizable> U getAuthClient(Class<U> cls, RoutingContext routingContext) {
        return (U) routingContext.data().get(API_CLIENT_PROP);
    }

    public static void setAuthClient(RoutingContext routingContext, IAuthorizable iAuthorizable) {
        routingContext.data().put(API_CLIENT_PROP, iAuthorizable);
        if (iAuthorizable != null) {
            routingContext.data().put(API_CONTACT_PROP, iAuthorizable.getContact());
            if (iAuthorizable instanceof OperatorKey) {
                OperatorKey operatorKey = (OperatorKey) iAuthorizable;
                JsonObject jsonObject = new JsonObject();
                jsonObject.put("operator_key_name", operatorKey.getName());
                jsonObject.put("operator_key_contact", operatorKey.getContact());
                jsonObject.put("operator_key_site_id", operatorKey.getSiteId());
                routingContext.put(Audit.USER_DETAILS, jsonObject);
            }
        }
    }

    public <E> Handler<RoutingContext> handleV1(Handler<RoutingContext> handler, E... eArr) {
        if (eArr == null || eArr.length == 0) {
            throw new IllegalArgumentException("must specify at least one role");
        }
        AuthHandler authHandler = new AuthHandler(handler, this.authKeyStore, new RoleBasedAuthorizationProvider(Collections.unmodifiableSet(new HashSet(Arrays.asList(eArr)))), true);
        Objects.requireNonNull(authHandler);
        return authHandler::handle;
    }

    private Handler<RoutingContext> logAndHandle(Handler<RoutingContext> handler, AuditParams auditParams) {
        return routingContext -> {
            routingContext.addBodyEndHandler(r7 -> {
                this.audit.log(routingContext, auditParams);
            });
            handler.handle(routingContext);
        };
    }

    public <E> Handler<RoutingContext> handle(Handler<RoutingContext> handler, E... eArr) {
        if (eArr == null || eArr.length == 0) {
            throw new IllegalArgumentException("must specify at least one role");
        }
        return handleWithAudit(handler, null, false, Arrays.asList(eArr));
    }

    public final <E> Handler<RoutingContext> handleWithAudit(Handler<RoutingContext> handler, List<E> list) {
        return handleWithAudit(handler, new AuditParams(), true, list);
    }

    public final <E> Handler<RoutingContext> handleWithAudit(Handler<RoutingContext> handler, AuditParams auditParams, boolean z, List<E> list) {
        if (CollectionUtils.isEmpty(list)) {
            throw new IllegalArgumentException("must specify at least one role");
        }
        RoleBasedAuthorizationProvider roleBasedAuthorizationProvider = new RoleBasedAuthorizationProvider(Collections.unmodifiableSet(new HashSet(list)));
        AuthHandler authHandler = z ? new AuthHandler(logAndHandle(handler, auditParams), this.authKeyStore, roleBasedAuthorizationProvider, false) : new AuthHandler(handler, this.authKeyStore, roleBasedAuthorizationProvider, false);
        Objects.requireNonNull(authHandler);
        return authHandler::handle;
    }

    public Handler<RoutingContext> handleWithOptionalAuth(Handler<RoutingContext> handler) {
        AuthHandler authHandler = new AuthHandler(handler, this.authKeyStore, blankAuthorizationProvider, true);
        Objects.requireNonNull(authHandler);
        return authHandler::handle;
    }

    public Handler<RoutingContext> loopbackOnly(Handler<RoutingContext> handler, IAuthorizable iAuthorizable) {
        LoopbackOnlyHandler loopbackOnlyHandler = new LoopbackOnlyHandler(handler, iAuthorizable);
        Objects.requireNonNull(loopbackOnlyHandler);
        return loopbackOnlyHandler::handle;
    }
}
