package io.helidon.security;

import io.helidon.config.Config;
import io.helidon.config.ConfigValue;
import io.helidon.security.CompositeAuthenticationProvider;
import io.helidon.security.CompositeAuthorizationProvider;
import io.helidon.security.spi.AuthenticationProvider;
import io.helidon.security.spi.AuthorizationProvider;
import io.helidon.security.spi.OutboundSecurityProvider;
import io.helidon.security.spi.ProviderSelectionPolicy;
import io.helidon.security.spi.SecurityProvider;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;

/* loaded from: input_file:io/helidon/security/CompositeProviderSelectionPolicy.class */
public final class CompositeProviderSelectionPolicy implements ProviderSelectionPolicy {
    private final CompositeOutboundProvider outbound;
    private final CompositeAuthenticationProvider atn;
    private final CompositeAuthorizationProvider atz;
    private final Set<String> configuredOutbound = new HashSet();
    private final List<NamedProvider<OutboundSecurityProvider>> allOutbound = new LinkedList();
    private final boolean isDefault;
    private final String name;
    private final FirstProviderSelectionPolicy fallback;

    /* loaded from: input_file:io/helidon/security/CompositeProviderSelectionPolicy$Builder.class */
    public static final class Builder implements io.helidon.common.Builder<Builder, Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy>> {
        private final List<FlaggedProvider> authenticators = new LinkedList();
        private final List<FlaggedProvider> authorizers = new LinkedList();
        private final List<String> outbound = new LinkedList();
        private String name = "composite";
        private boolean isDefault = true;

        private Builder() {
        }

        public Builder name(String str) {
            this.name = str;
            return this;
        }

        public Builder isDefault(boolean z) {
            this.isDefault = z;
            return this;
        }

        public Builder addAuthenticationProvider(String str) {
            this.authenticators.add(new FlaggedProvider(CompositeProviderFlag.REQUIRED, str));
            return this;
        }

        public Builder addAuthenticationProvider(String str, CompositeProviderFlag compositeProviderFlag) {
            this.authenticators.add(new FlaggedProvider(compositeProviderFlag, str));
            return this;
        }

        public Builder addAuthorizationProvider(String str) {
            this.authorizers.add(new FlaggedProvider(CompositeProviderFlag.REQUIRED, str));
            return this;
        }

        public Builder addAuthorizationProvider(String str, CompositeProviderFlag compositeProviderFlag) {
            this.authorizers.add(new FlaggedProvider(compositeProviderFlag, str));
            return this;
        }

        public Builder addOutboundProvider(String str) {
            this.outbound.add(str);
            return this;
        }

        public Builder config(Config config) {
            config.get("name").asString().ifPresent(this::name);
            config.get("default").asBoolean().ifPresent((v1) -> {
                isDefault(v1);
            });
            ConfigValue asList = config.get("authentication").asList(FlaggedProvider::create);
            List<FlaggedProvider> list = this.authenticators;
            Objects.requireNonNull(list);
            asList.ifPresent((v1) -> {
                r1.addAll(v1);
            });
            ConfigValue asList2 = config.get("authorization").asList(FlaggedProvider::create);
            List<FlaggedProvider> list2 = this.authorizers;
            Objects.requireNonNull(list2);
            asList2.ifPresent((v1) -> {
                r1.addAll(v1);
            });
            config.get("outbound").asNodeList().ifPresent(list3 -> {
                list3.forEach(config2 -> {
                    addOutboundProvider(config2.get("name").asString().get());
                });
            });
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // io.helidon.common.Builder
        /* renamed from: build */
        public Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> build2() {
            return providers -> {
                return new CompositeProviderSelectionPolicy(providers, this);
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/helidon/security/CompositeProviderSelectionPolicy$FlaggedProvider.class */
    public static class FlaggedProvider {
        private final CompositeProviderFlag flag;
        private final String providerName;

        FlaggedProvider(CompositeProviderFlag compositeProviderFlag, String str) {
            this.flag = compositeProviderFlag;
            this.providerName = str;
        }

        static FlaggedProvider create(Config config) {
            return new FlaggedProvider((CompositeProviderFlag) config.get("flag").asString().as(CompositeProviderFlag::valueOf).orElse(CompositeProviderFlag.REQUIRED), config.get("name").asString().get());
        }

        String providerName() {
            return this.providerName;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CompositeProviderFlag flag() {
            return this.flag;
        }
    }

    private CompositeProviderSelectionPolicy(ProviderSelectionPolicy.Providers providers, Builder builder) {
        this.fallback = new FirstProviderSelectionPolicy(providers);
        this.isDefault = builder.isDefault;
        this.name = builder.name;
        if (builder.authenticators.isEmpty()) {
            this.atn = null;
        } else {
            LinkedList linkedList = new LinkedList();
            builder.authenticators.forEach(flaggedProvider -> {
                linkedList.add(new CompositeAuthenticationProvider.Atn(flaggedProvider, (AuthenticationProvider) providers.getProviders(AuthenticationProvider.class).stream().filter(namedProvider -> {
                    return namedProvider.getName().equals(flaggedProvider.providerName());
                }).findFirst().map((v0) -> {
                    return v0.getProvider();
                }).orElseThrow(() -> {
                    return new SecurityException("Misconfigured composite provider selection policy. There is no authentication provider named " + flaggedProvider.providerName() + " configured.");
                })));
            });
            this.atn = new CompositeAuthenticationProvider(linkedList);
        }
        if (builder.authorizers.isEmpty()) {
            this.atz = null;
        } else {
            LinkedList linkedList2 = new LinkedList();
            builder.authorizers.forEach(flaggedProvider2 -> {
                linkedList2.add(new CompositeAuthorizationProvider.Atz(flaggedProvider2, (AuthorizationProvider) providers.getProviders(AuthorizationProvider.class).stream().filter(namedProvider -> {
                    return namedProvider.getName().equals(flaggedProvider2.providerName());
                }).findFirst().map((v0) -> {
                    return v0.getProvider();
                }).orElseThrow(() -> {
                    return new SecurityException("Misconfigured composite provider selection policy. There is no authorization provider named " + flaggedProvider2.providerName() + " configured.");
                })));
            });
            this.atz = new CompositeAuthorizationProvider(linkedList2);
        }
        this.allOutbound.addAll(providers.getProviders(OutboundSecurityProvider.class));
        if (builder.outbound.isEmpty()) {
            this.outbound = null;
            return;
        }
        LinkedList linkedList3 = new LinkedList();
        this.configuredOutbound.addAll(builder.outbound);
        builder.outbound.forEach(str -> {
            linkedList3.add((OutboundSecurityProvider) providers.getProviders(OutboundSecurityProvider.class).stream().filter(namedProvider -> {
                return namedProvider.getName().equals(str);
            }).findFirst().map((v0) -> {
                return v0.getProvider();
            }).orElseThrow(() -> {
                return new SecurityException("Misconfigured composite provider selection policy. There is no outbound security provider provider named " + str + " configured.");
            }));
        });
        this.outbound = new CompositeOutboundProvider(linkedList3);
    }

    public static Builder builder() {
        return new Builder();
    }

    public static Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> create(Config config) {
        return builder().config(config).build2();
    }

    @Override // io.helidon.security.spi.ProviderSelectionPolicy
    public <T extends SecurityProvider> Optional<T> selectProvider(Class<T> cls) {
        if (this.isDefault) {
            if (null != this.atn && cls.equals(AuthenticationProvider.class)) {
                return Optional.of(cls.cast(this.atn));
            }
            if (null != this.atz && cls.equals(AuthorizationProvider.class)) {
                return Optional.of(cls.cast(this.atz));
            }
        }
        return this.fallback.selectProvider(cls);
    }

    @Override // io.helidon.security.spi.ProviderSelectionPolicy
    public List<OutboundSecurityProvider> selectOutboundProviders() {
        LinkedList linkedList = new LinkedList();
        this.allOutbound.stream().filter(namedProvider -> {
            return !this.configuredOutbound.contains(namedProvider.getName());
        }).forEach(namedProvider2 -> {
            linkedList.add((OutboundSecurityProvider) namedProvider2.getProvider());
        });
        if (null != this.outbound) {
            if (this.isDefault) {
                linkedList.addFirst(this.outbound);
            } else {
                linkedList.addLast(this.outbound);
            }
        }
        return linkedList;
    }

    @Override // io.helidon.security.spi.ProviderSelectionPolicy
    public <T extends SecurityProvider> Optional<T> selectProvider(Class<T> cls, String str) {
        if (this.name.equals(str)) {
            if (null != this.atn && cls.equals(AuthenticationProvider.class)) {
                return Optional.of(cls.cast(this.atn));
            }
            if (null != this.atz && cls.equals(AuthorizationProvider.class)) {
                return Optional.of(cls.cast(this.atz));
            }
            if (null != this.outbound && cls.equals(OutboundSecurityProvider.class)) {
                return Optional.of(cls.cast(this.outbound));
            }
        }
        return this.fallback.selectProvider(cls, str);
    }
}
