package io.micronaut.security.authentication;

import io.micronaut.context.BeanContext;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.core.order.OrderUtil;
import io.micronaut.core.util.CollectionUtils;
import io.micronaut.inject.qualifiers.Qualifiers;
import io.micronaut.security.authentication.provider.ExecutorAuthenticationProvider;
import io.micronaut.security.authentication.provider.ReactiveAuthenticationProvider;
import io.micronaut.security.authentication.provider.ReactiveAuthenticationProviderAdapter;
import io.micronaut.security.config.AuthenticationStrategy;
import io.micronaut.security.config.SecurityConfiguration;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.Exceptions;
import reactor.core.publisher.Flux;
import reactor.core.publisher.FluxSink;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Scheduler;
import reactor.core.scheduler.Schedulers;

@Singleton
/* loaded from: input_file:io/micronaut/security/authentication/Authenticator.class */
public class Authenticator<T> {
    private static final Logger LOG = LoggerFactory.getLogger(Authenticator.class);

    @Deprecated(forRemoval = true, since = "4.5.0")
    protected final Collection<AuthenticationProvider<T>> authenticationProviders;
    private final List<ReactiveAuthenticationProvider<T, ?, ?>> reactiveAuthenticationProviders;
    private final BeanContext beanContext;
    private final List<io.micronaut.security.authentication.provider.AuthenticationProvider<T, ?, ?>> imperativeAuthenticationProviders;
    private final SecurityConfiguration securityConfiguration;
    private final Map<String, Scheduler> executeNameToScheduler;

    @Inject
    public Authenticator(BeanContext beanContext, List<ReactiveAuthenticationProvider<T, ?, ?>> list, List<io.micronaut.security.authentication.provider.AuthenticationProvider<T, ?, ?>> list2, List<AuthenticationProvider<T>> list3, SecurityConfiguration securityConfiguration) {
        this.executeNameToScheduler = new ConcurrentHashMap();
        this.beanContext = beanContext;
        this.reactiveAuthenticationProviders = list;
        Iterator<AuthenticationProvider<T>> it = list3.iterator();
        while (it.hasNext()) {
            list.add(new ReactiveAuthenticationProviderAdapter(it.next()));
        }
        this.securityConfiguration = securityConfiguration;
        this.imperativeAuthenticationProviders = list2;
        this.authenticationProviders = Collections.emptyList();
    }

    public Authenticator(BeanContext beanContext, List<ReactiveAuthenticationProvider<T, ?, ?>> list, List<io.micronaut.security.authentication.provider.AuthenticationProvider<T, ?, ?>> list2, SecurityConfiguration securityConfiguration) {
        this.executeNameToScheduler = new ConcurrentHashMap();
        this.beanContext = beanContext;
        this.reactiveAuthenticationProviders = list;
        this.securityConfiguration = securityConfiguration;
        this.imperativeAuthenticationProviders = list2;
        this.authenticationProviders = Collections.emptyList();
    }

    @Deprecated(forRemoval = true, since = "4.5.0")
    public Authenticator(Collection<AuthenticationProvider<T>> collection, SecurityConfiguration securityConfiguration) {
        this.executeNameToScheduler = new ConcurrentHashMap();
        this.beanContext = null;
        this.authenticationProviders = collection;
        this.reactiveAuthenticationProviders = new ArrayList();
        Iterator<AuthenticationProvider<T>> it = collection.iterator();
        while (it.hasNext()) {
            this.reactiveAuthenticationProviders.add(new ReactiveAuthenticationProviderAdapter(it.next()));
        }
        this.securityConfiguration = securityConfiguration;
        this.imperativeAuthenticationProviders = Collections.emptyList();
    }

    public Publisher<AuthenticationResponse> authenticate(T t, AuthenticationRequest<?, ?> authenticationRequest) {
        if (CollectionUtils.isEmpty(this.reactiveAuthenticationProviders) && CollectionUtils.isEmpty(this.imperativeAuthenticationProviders)) {
            return Mono.empty();
        }
        if (LOG.isDebugEnabled() && this.imperativeAuthenticationProviders != null) {
            LOG.debug((String) this.imperativeAuthenticationProviders.stream().map((v0) -> {
                return v0.getClass();
            }).map((v0) -> {
                return v0.getName();
            }).collect(Collectors.joining()));
        }
        if (LOG.isDebugEnabled() && this.reactiveAuthenticationProviders != null) {
            LOG.debug((String) this.reactiveAuthenticationProviders.stream().map((v0) -> {
                return v0.getClass();
            }).map((v0) -> {
                return v0.getName();
            }).collect(Collectors.joining()));
        }
        return (!CollectionUtils.isEmpty(this.reactiveAuthenticationProviders) || this.imperativeAuthenticationProviders == null || anyImperativeAuthenticationProviderIsBlocking()) ? authenticate(t, authenticationRequest, everyProviderSorted()) : Mono.just(authenticate(t, authenticationRequest, this.imperativeAuthenticationProviders, this.securityConfiguration));
    }

    private boolean anyImperativeAuthenticationProviderIsBlocking() {
        return this.imperativeAuthenticationProviders.stream().anyMatch(this::isImperativeAuthenticationProviderIsBlocking);
    }

    protected boolean isImperativeAuthenticationProviderIsBlocking(io.micronaut.security.authentication.provider.AuthenticationProvider<?, ?, ?> authenticationProvider) {
        if (authenticationProvider instanceof ExecutorAuthenticationProvider) {
            ExecutorAuthenticationProvider executorAuthenticationProvider = (ExecutorAuthenticationProvider) authenticationProvider;
            if (executorAuthenticationProvider.getExecutorName().equals("blocking") || executorAuthenticationProvider.getExecutorName().equals("io")) {
                return true;
            }
        }
        return false;
    }

    @NonNull
    private AuthenticationResponse authenticate(@NonNull T t, @NonNull AuthenticationRequest<?, ?> authenticationRequest, @NonNull List<io.micronaut.security.authentication.provider.AuthenticationProvider<T, ?, ?>> list, @Nullable SecurityConfiguration securityConfiguration) {
        return (securityConfiguration == null || securityConfiguration.getAuthenticationProviderStrategy() != AuthenticationStrategy.ALL) ? (AuthenticationResponse) list.stream().map(authenticationProvider -> {
            return authenticationResponse(authenticationProvider, t, authenticationRequest);
        }).filter((v0) -> {
            return v0.isAuthenticated();
        }).findFirst().orElseGet(AuthenticationResponse::failure) : authenticateAll(t, authenticationRequest, list);
    }

    @NonNull
    private AuthenticationResponse authenticateAll(@NonNull T t, @NonNull AuthenticationRequest<?, ?> authenticationRequest, @NonNull List<io.micronaut.security.authentication.provider.AuthenticationProvider<T, ?, ?>> list) {
        List list2 = list.stream().map(authenticationProvider -> {
            return authenticationResponse(authenticationProvider, t, authenticationRequest);
        }).toList();
        if (!CollectionUtils.isEmpty(list2) && list2.stream().allMatch((v0) -> {
            return v0.isAuthenticated();
        })) {
            return (AuthenticationResponse) list2.get(0);
        }
        return AuthenticationResponse.failure();
    }

    private List<ReactiveAuthenticationProvider<T, ?, ?>> everyProviderSorted() {
        ArrayList arrayList = new ArrayList(this.reactiveAuthenticationProviders);
        if (this.beanContext != null) {
            arrayList.addAll(this.imperativeAuthenticationProviders.stream().map(authenticationProvider -> {
                if (!(authenticationProvider instanceof ExecutorAuthenticationProvider)) {
                    return new AuthenticationProviderAdapter(authenticationProvider);
                }
                ExecutorAuthenticationProvider executorAuthenticationProvider = (ExecutorAuthenticationProvider) authenticationProvider;
                return new AuthenticationProviderAdapter(authenticationProvider, this.executeNameToScheduler.computeIfAbsent(executorAuthenticationProvider.getExecutorName(), str -> {
                    return (Scheduler) this.beanContext.findBean(ExecutorService.class, Qualifiers.byName(executorAuthenticationProvider.getExecutorName())).map(Schedulers::fromExecutorService).orElse(null);
                }));
            }).toList());
        }
        OrderUtil.sort(arrayList);
        return arrayList;
    }

    private Publisher<AuthenticationResponse> authenticate(T t, AuthenticationRequest authenticationRequest, List<ReactiveAuthenticationProvider<T, ?, ?>> list) {
        if (list == null) {
            return Flux.empty();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug((String) list.stream().map((v0) -> {
                return v0.getClass();
            }).map((v0) -> {
                return v0.getName();
            }).collect(Collectors.joining()));
        }
        Flux[] fluxArr = new Flux[0];
        if (this.securityConfiguration != null && this.securityConfiguration.getAuthenticationProviderStrategy() == AuthenticationStrategy.ALL) {
            return Flux.mergeDelayError(1, (Publisher[]) list.stream().map(reactiveAuthenticationProvider -> {
                return Flux.from(reactiveAuthenticationProvider.authenticate(t, authenticationRequest)).switchMap(obj -> {
                    return handleResponse((AuthenticationResponse) obj);
                }).switchIfEmpty(Flux.error(() -> {
                    return new AuthenticationException("Provider did not respond. Authentication rejected");
                }));
            }).toList().toArray(fluxArr)).last().onErrorResume(th -> {
                return Mono.just(authenticationResponseForThrowable(th));
            }).flux();
        }
        AtomicReference atomicReference = new AtomicReference();
        return Flux.mergeDelayError(1, (Publisher[]) list.stream().map(reactiveAuthenticationProvider2 -> {
            return Flux.from(reactiveAuthenticationProvider2.authenticate(t, authenticationRequest));
        }).map(flux -> {
            return flux.switchMap(obj -> {
                return handleResponse((AuthenticationResponse) obj);
            }).onErrorResume(th2 -> {
                atomicReference.set(th2);
                return Flux.empty();
            });
        }).toList().toArray(fluxArr)).take(1L).switchIfEmpty(Flux.create(fluxSink -> {
            Throwable th2 = (Throwable) atomicReference.get();
            if (th2 == null) {
                fluxSink.complete();
                return;
            }
            if (!(th2 instanceof AuthenticationException)) {
                fluxSink.error(th2);
                return;
            }
            AuthenticationResponse response = ((AuthenticationException) th2).getResponse();
            if (response == null) {
                fluxSink.error(th2);
            } else {
                fluxSink.next(response);
                fluxSink.complete();
            }
        }, FluxSink.OverflowStrategy.ERROR));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Mono<AuthenticationResponse> handleResponse(AuthenticationResponse authenticationResponse) {
        return authenticationResponse.isAuthenticated() ? Mono.just(authenticationResponse) : Mono.error(new AuthenticationException(authenticationResponse));
    }

    @NonNull
    private AuthenticationResponse authenticationResponse(@NonNull io.micronaut.security.authentication.provider.AuthenticationProvider<T, ?, ?> authenticationProvider, @NonNull T t, @NonNull AuthenticationRequest authenticationRequest) {
        try {
            return authenticationProvider.authenticate(t, authenticationRequest);
        } catch (Exception e) {
            return authenticationResponseForThrowable(e);
        }
    }

    @NonNull
    private static AuthenticationResponse authenticationResponseForThrowable(Throwable th) {
        if (!Exceptions.isMultiple(th)) {
            return new AuthenticationFailed(th.getMessage());
        }
        List unwrapMultiple = Exceptions.unwrapMultiple(th);
        return new AuthenticationFailed(((Throwable) unwrapMultiple.get(unwrapMultiple.size() - 1)).getMessage());
    }
}
