package io.helidon.security.providers.header;

import io.helidon.config.Config;
import io.helidon.security.AuthenticationResponse;
import io.helidon.security.EndpointConfig;
import io.helidon.security.OutboundSecurityResponse;
import io.helidon.security.Principal;
import io.helidon.security.ProviderRequest;
import io.helidon.security.SecurityEnvironment;
import io.helidon.security.SubjectType;
import io.helidon.security.spi.AuthenticationProvider;
import io.helidon.security.spi.OutboundSecurityProvider;
import io.helidon.security.spi.SynchronousProvider;
import io.helidon.security.util.TokenHandler;
import java.util.HashMap;

/* loaded from: input_file:io/helidon/security/providers/header/HeaderAtnProvider.class */
public class HeaderAtnProvider extends SynchronousProvider implements AuthenticationProvider, OutboundSecurityProvider {
    private final boolean optional;
    private final boolean authenticate;
    private final boolean propagate;
    private final SubjectType subjectType;
    private final TokenHandler atnTokenHandler;
    private final TokenHandler outboundTokenHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.helidon.security.providers.header.HeaderAtnProvider$1, reason: invalid class name */
    /* loaded from: input_file:io/helidon/security/providers/header/HeaderAtnProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$helidon$security$SubjectType = new int[SubjectType.values().length];

        static {
            try {
                $SwitchMap$io$helidon$security$SubjectType[SubjectType.USER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$helidon$security$SubjectType[SubjectType.SERVICE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:io/helidon/security/providers/header/HeaderAtnProvider$Builder.class */
    public static final class Builder implements io.helidon.common.Builder<HeaderAtnProvider> {
        private boolean optional;
        private boolean authenticate;
        private boolean propagate;
        private SubjectType subjectType;
        private TokenHandler atnTokenHandler;
        private TokenHandler outboundTokenHandler;

        private Builder() {
            this.optional = false;
            this.authenticate = true;
            this.propagate = true;
            this.subjectType = SubjectType.USER;
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public HeaderAtnProvider m1build() {
            if (null == this.outboundTokenHandler) {
                this.outboundTokenHandler = this.atnTokenHandler;
            }
            return new HeaderAtnProvider(this, null);
        }

        public Builder config(Config config) {
            config.get("optional").as(Boolean.class).ifPresent((v1) -> {
                optional(v1);
            });
            config.get("authenticate").as(Boolean.class).ifPresent((v1) -> {
                authenticate(v1);
            });
            config.get("propagate").as(Boolean.class).ifPresent((v1) -> {
                propagate(v1);
            });
            config.get("principal-type").as(SubjectType.class).ifPresent(this::subjectType);
            config.get("atn-token").as(TokenHandler.class).ifPresent(this::atnTokenHandler);
            config.get("outbound-token").as(TokenHandler.class).ifPresent(this::outboundTokenHandler);
            return this;
        }

        public Builder subjectType(SubjectType subjectType) {
            this.subjectType = subjectType;
            switch (AnonymousClass1.$SwitchMap$io$helidon$security$SubjectType[subjectType.ordinal()]) {
                case 1:
                case 2:
                    return this;
                default:
                    throw new SecurityException("Invalid configuration. Principal type not supported: " + subjectType);
            }
        }

        public Builder propagate(boolean z) {
            this.propagate = z;
            return this;
        }

        public Builder authenticate(boolean z) {
            this.authenticate = z;
            return this;
        }

        public Builder atnTokenHandler(TokenHandler tokenHandler) {
            this.atnTokenHandler = tokenHandler;
            return this;
        }

        public Builder outboundTokenHandler(TokenHandler tokenHandler) {
            this.outboundTokenHandler = tokenHandler;
            return this;
        }

        public Builder optional(boolean z) {
            this.optional = z;
            return this;
        }

        /* synthetic */ Builder(AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    private HeaderAtnProvider(Builder builder) {
        this.optional = builder.optional;
        this.authenticate = builder.authenticate;
        this.propagate = builder.propagate;
        this.subjectType = builder.subjectType;
        this.atnTokenHandler = builder.atnTokenHandler;
        this.outboundTokenHandler = builder.outboundTokenHandler;
    }

    public static HeaderAtnProvider create(Config config) {
        return builder().config(config).m1build();
    }

    public static Builder builder() {
        return new Builder(null);
    }

    protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest) {
        if (!this.authenticate) {
            return AuthenticationResponse.abstain();
        }
        try {
            return (AuthenticationResponse) this.atnTokenHandler.extractToken(providerRequest.env().headers()).map(Principal::create).map(principal -> {
                return this.subjectType == SubjectType.USER ? AuthenticationResponse.success(principal) : AuthenticationResponse.successService(principal);
            }).orElseGet(() -> {
                return this.optional ? AuthenticationResponse.abstain() : AuthenticationResponse.failed("Header not available or in a wrong format");
            });
        } catch (Exception e) {
            return this.optional ? AuthenticationResponse.abstain() : AuthenticationResponse.failed("Header not available or in a wrong format", e);
        }
    }

    public boolean isOutboundSupported(ProviderRequest providerRequest, SecurityEnvironment securityEnvironment, EndpointConfig endpointConfig) {
        return this.propagate;
    }

    protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest, SecurityEnvironment securityEnvironment, EndpointConfig endpointConfig) {
        return (OutboundSecurityResponse) (this.subjectType == SubjectType.USER ? providerRequest.securityContext().user() : providerRequest.securityContext().service()).map((v0) -> {
            return v0.principal();
        }).map((v0) -> {
            return v0.id();
        }).map(str -> {
            HashMap hashMap = new HashMap();
            this.outboundTokenHandler.header(hashMap, str);
            return OutboundSecurityResponse.withHeaders(hashMap);
        }).orElse(OutboundSecurityResponse.abstain());
    }

    /* synthetic */ HeaderAtnProvider(Builder builder, AnonymousClass1 anonymousClass1) {
        this(builder);
    }
}
