package io.helidon.security;

import io.helidon.security.AuditEvent;
import io.helidon.security.internal.SecurityAuditEvent;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import org.apache.logging.log4j.core.jackson.JsonConstants;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/security/AuthorizationClientImpl.class */
public final class AuthorizationClientImpl implements SecurityClient<AuthorizationResponse> {
    private final Security security;
    private final SecurityContextImpl context;
    private final SecurityRequest request;
    private final String providerName;
    private final ProviderRequest providerRequest;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationClientImpl(Security security, SecurityContextImpl securityContextImpl, SecurityRequest securityRequest, String str) {
        this.security = security;
        this.context = securityContextImpl;
        this.request = securityRequest;
        this.providerName = str;
        this.providerRequest = new ProviderRequest(securityContextImpl, securityRequest.resources());
    }

    @Override // io.helidon.security.SecurityClient
    public CompletionStage<AuthorizationResponse> submit() {
        return (CompletionStage) this.security.resolveAtzProvider(this.providerName).map(authorizationProvider -> {
            return authorizationProvider.authorize(this.providerRequest).thenApply(authorizationResponse -> {
                if (authorizationResponse.status().isSuccess()) {
                    this.context.audit(SecurityAuditEvent.success("authz.authorize", "Path %s. Provider %s. Subject %s").addParam(AuditEvent.AuditParam.plain("path", this.providerRequest.env().path())).addParam(AuditEvent.AuditParam.plain("provider", authorizationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("subject", this.context.user())));
                } else {
                    this.context.audit(SecurityAuditEvent.failure("authz.authorize", "Path %s. Provider %s, Description %s, Request %s. Subject %s").addParam(AuditEvent.AuditParam.plain("path", this.providerRequest.env().path())).addParam(AuditEvent.AuditParam.plain("provider", authorizationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("request", this)).addParam(AuditEvent.AuditParam.plain("subject", this.context.user())).addParam(AuditEvent.AuditParam.plain(JsonConstants.ELT_MESSAGE, authorizationResponse.description().orElse(null))).addParam(AuditEvent.AuditParam.plain("exception", authorizationResponse.throwable().orElse(null))));
                }
                return authorizationResponse;
            }).exceptionally(th -> {
                this.context.audit(SecurityAuditEvent.error("authz.authorize", "Path %s. Provider %s, Description %s, Request %s. Subject %s. %s: %s").addParam(AuditEvent.AuditParam.plain("path", this.providerRequest.env().path())).addParam(AuditEvent.AuditParam.plain("provider", authorizationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("description", "Audit failure")).addParam(AuditEvent.AuditParam.plain("request", this)).addParam(AuditEvent.AuditParam.plain("subject", this.context.user())).addParam(AuditEvent.AuditParam.plain(JsonConstants.ELT_MESSAGE, th.getMessage())).addParam(AuditEvent.AuditParam.plain("exception", th)));
                throw new SecurityException(th);
            });
        }).orElse(CompletableFuture.completedFuture(AuthorizationResponse.permit()));
    }
}
