package io.helidon.security.integration.webserver;

import io.helidon.common.CollectionsHelper;
import io.helidon.common.http.Http;
import io.helidon.config.Config;
import io.helidon.security.EndpointConfig;
import io.helidon.security.Security;
import io.helidon.security.SecurityContext;
import io.helidon.webserver.Handler;
import io.helidon.webserver.Routing;
import io.helidon.webserver.ServerRequest;
import io.helidon.webserver.ServerResponse;
import io.helidon.webserver.Service;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Collectors;

/* loaded from: input_file:io/helidon/security/integration/webserver/WebSecurity.class */
public final class WebSecurity implements Service {
    public static final String CONTEXT_ADD_HEADERS = "security.addHeaders";
    private static final AtomicInteger SECURITY_COUNTER = new AtomicInteger();
    private final Security security;
    private final Config config;
    private final SecurityHandler defaultHandler;

    private WebSecurity(Security security, Config config) {
        this(security, config, SecurityHandler.create());
    }

    private WebSecurity(Security security, Config config, SecurityHandler securityHandler) {
        this.security = security;
        this.config = config;
        this.defaultHandler = securityHandler;
    }

    public static WebSecurity create(Security security) {
        return new WebSecurity(security, null);
    }

    public static WebSecurity create(Config config) {
        return create(Security.create(config), config);
    }

    public static WebSecurity create(Security security, Config config) {
        return new WebSecurity(security, config);
    }

    public static SecurityHandler secure() {
        return SecurityHandler.create().authenticate().authorize();
    }

    public static SecurityHandler authenticate() {
        return SecurityHandler.create().authenticate();
    }

    public static SecurityHandler audit() {
        return SecurityHandler.create().audit();
    }

    public static SecurityHandler authenticator(String str) {
        return SecurityHandler.create().authenticate().authenticator(str);
    }

    public static SecurityHandler authorizer(String str) {
        return SecurityHandler.create().authenticate().authorize().authorizer(str);
    }

    public static SecurityHandler rolesAllowed(String... strArr) {
        return SecurityHandler.create().rolesAllowed(strArr);
    }

    public static SecurityHandler allowAnonymous() {
        return SecurityHandler.create().authenticate().authenticationOptional();
    }

    public static SecurityHandler authorize() {
        return SecurityHandler.create().authorize();
    }

    public static SecurityHandler enforce() {
        return SecurityHandler.create();
    }

    public WebSecurity securityDefaults(SecurityHandler securityHandler) {
        Objects.requireNonNull(securityHandler, "Default security handler must not be null");
        return new WebSecurity(this.security, this.config, securityHandler);
    }

    public void update(Routing.Rules rules) {
        rules.any(new Handler[]{this::registerContext});
        if (null != this.config) {
            registerRouting(rules);
        }
    }

    private void registerContext(ServerRequest serverRequest, ServerResponse serverResponse) {
        HashMap hashMap = new HashMap(serverRequest.headers().toMap());
        Optional optional = serverRequest.context().get(CONTEXT_ADD_HEADERS, Map.class);
        Objects.requireNonNull(hashMap);
        optional.ifPresent(hashMap::putAll);
        if (!serverRequest.context().get(SecurityContext.class).isPresent()) {
            serverRequest.context().register(this.security.contextBuilder(String.valueOf(SECURITY_COUNTER.incrementAndGet())).tracingSpan(serverRequest.spanContext()).env(this.security.environmentBuilder().targetUri(serverRequest.uri()).path(serverRequest.path().toString()).method(serverRequest.method().name()).addAttribute("userIp", serverRequest.remoteAddress()).addAttribute("userPort", Integer.valueOf(serverRequest.remotePort())).transport(serverRequest.isSecure() ? "https" : "http").headers(hashMap).build()).endpointConfig(EndpointConfig.builder().build()).build());
            serverRequest.context().register(this.defaultHandler);
        }
        serverRequest.next();
    }

    private void registerRouting(Routing.Rules rules) {
        Config config = this.config.get("web-server");
        SecurityHandler create = SecurityHandler.create(config.get("defaults"), this.defaultHandler);
        config.get("paths").asNodeList().ifPresent(list -> {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                Config config2 = (Config) it.next();
                List list = (List) ((List) config2.get("methods").asNodeList().orElse(CollectionsHelper.listOf())).stream().map((v0) -> {
                    return v0.asString();
                }).map((v0) -> {
                    return v0.get();
                }).map(Http.RequestMethod::create).collect(Collectors.toList());
                String str = (String) config2.get("path").asString().orElseThrow(() -> {
                    return new SecurityException(config2.key() + " must contain path key with a path to register to web server");
                });
                if (list.isEmpty()) {
                    rules.any(str, new Handler[]{SecurityHandler.create(config2, create)});
                } else {
                    rules.anyOf(list, str, new Handler[]{SecurityHandler.create(config2, create)});
                }
            }
        });
    }
}
