package io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal;

import io.gravitee.am.common.policy.ExtensionPoint;
import io.gravitee.am.gateway.handler.common.flow.ExecutionPredicate;
import io.gravitee.am.gateway.handler.common.flow.FlowManager;
import io.gravitee.am.gateway.handler.common.utils.RoutingContextHelper;
import io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest;
import io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerResponse;
import io.gravitee.am.gateway.handler.context.ExecutionContextFactory;
import io.gravitee.am.gateway.policy.Policy;
import io.gravitee.am.gateway.policy.PolicyChainException;
import io.gravitee.am.gateway.policy.PolicyChainProcessorFactory;
import io.gravitee.am.model.AuthenticationFlowContext;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.gateway.api.ExecutionContext;
import io.gravitee.gateway.api.context.SimpleExecutionContext;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.rxjava3.core.http.HttpServerRequest;
import io.vertx.rxjava3.ext.web.RoutingContext;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/impl/internal/PolicyChainHandlerImpl.class */
public class PolicyChainHandlerImpl implements Handler<RoutingContext> {
    private static final Logger logger = LoggerFactory.getLogger(PolicyChainHandlerImpl.class);
    private static final List<String> BLACKLIST_CONTEXT_ATTRIBUTES = Arrays.asList("X-XSRF-TOKEN", "_csrf", "__body-handled");
    private FlowManager flowManager;
    private PolicyChainProcessorFactory policyChainProcessorFactory;
    private ExecutionContextFactory executionContextFactory;
    private ExtensionPoint extensionPoint;

    public PolicyChainHandlerImpl(FlowManager flowManager, PolicyChainProcessorFactory policyChainProcessorFactory, ExecutionContextFactory executionContextFactory, ExtensionPoint extensionPoint) {
        this.flowManager = flowManager;
        this.policyChainProcessorFactory = policyChainProcessorFactory;
        this.executionContextFactory = executionContextFactory;
        this.extensionPoint = extensionPoint;
    }

    public void handle(RoutingContext routingContext) {
        HttpServerRequest request = routingContext.request();
        if (request.params() == null || !(request.params().contains("error") || request.params().contains("warning") || request.params().contains("success"))) {
            prepareContext(routingContext, asyncResult -> {
                if (asyncResult.failed()) {
                    logger.error("An error occurs while preparing execution context", asyncResult.cause());
                    routingContext.fail(asyncResult.cause());
                } else {
                    ExecutionContext executionContext = (ExecutionContext) asyncResult.result();
                    resolve(executionContext, asyncResult -> {
                        if (asyncResult.failed()) {
                            logger.error("An error occurs while resolving policies", asyncResult.cause());
                            routingContext.fail(asyncResult.cause());
                            return;
                        }
                        List<Policy> list = (List) asyncResult.result();
                        if (list.isEmpty()) {
                            routingContext.next();
                        } else {
                            executePolicyChain(list, executionContext, asyncResult -> {
                                if (!asyncResult.failed()) {
                                    ((ExecutionContext) asyncResult.result()).getAttributes().forEach((str, obj) -> {
                                        AuthenticationFlowContext authenticationFlowContext;
                                        if ("authFlowContext".equals(str) && (authenticationFlowContext = (AuthenticationFlowContext) obj) != null) {
                                            routingContext.session().put("authFlowVer", Integer.valueOf(authenticationFlowContext.getVersion()));
                                        }
                                        routingContext.put(str, obj);
                                    });
                                    routingContext.next();
                                    return;
                                }
                                PolicyChainException cause = asyncResult.cause();
                                logger.debug("An error occurs while executing the policy chain", cause);
                                if ((cause instanceof PolicyChainException) && "GATEWAY_POLICY_MFA_CHALLENGE_ERROR".equals(cause.key())) {
                                    PolicyChainException policyChainException = cause;
                                    if (policyChainException.parameters() != null) {
                                        routingContext.session().put("alternativeFactorId", policyChainException.parameters().get("alternativeFactorId"));
                                        if (policyChainException.parameters().containsKey("mfa_force_enrollment")) {
                                            routingContext.session().put("mfa_force_enrollment", policyChainException.parameters().get("mfa_force_enrollment"));
                                        }
                                    }
                                }
                                routingContext.fail(cause);
                            });
                        }
                    });
                }
            });
        } else {
            routingContext.next();
        }
    }

    private void resolve(ExecutionContext executionContext, Handler<AsyncResult<List<Policy>>> handler) {
        this.flowManager.findByExtensionPoint(this.extensionPoint, (Client) executionContext.getAttribute("client"), ExecutionPredicate.from(executionContext)).subscribe(list -> {
            handler.handle(Future.succeededFuture(list));
        }, th -> {
            handler.handle(Future.failedFuture(th));
        });
    }

    private void prepareContext(RoutingContext routingContext, Handler<AsyncResult<ExecutionContext>> handler) {
        try {
            io.vertx.core.http.HttpServerRequest delegate = routingContext.request().getDelegate();
            VertxHttpServerRequest vertxHttpServerRequest = new VertxHttpServerRequest(delegate);
            ExecutionContext create = this.executionContextFactory.create(new SimpleExecutionContext(vertxHttpServerRequest, new VertxHttpServerResponse(delegate, vertxHttpServerRequest.metrics())));
            create.getAttributes().putAll(RoutingContextHelper.getEvaluableAttributes(routingContext));
            handler.handle(Future.succeededFuture(create));
        } catch (Exception e) {
            handler.handle(Future.failedFuture(e));
        }
    }

    private void executePolicyChain(List<Policy> list, ExecutionContext executionContext, Handler<AsyncResult<ExecutionContext>> handler) {
        this.policyChainProcessorFactory.create(list, executionContext).handler(executionContext2 -> {
            handler.handle(Future.succeededFuture(executionContext2));
        }).errorHandler(processorFailure -> {
            handler.handle(Future.failedFuture(new PolicyChainException(processorFailure.message(), processorFailure.statusCode(), processorFailure.key(), processorFailure.parameters(), processorFailure.contentType())));
        }).handle(executionContext);
    }
}
