package io.gravitee.gateway.jupiter.handlers.api.security;

import io.gravitee.gateway.handlers.api.definition.Api;
import io.gravitee.gateway.jupiter.api.ExecutionFailure;
import io.gravitee.gateway.jupiter.api.context.RequestExecutionContext;
import io.gravitee.gateway.jupiter.handlers.api.security.handler.SecurityPlan;
import io.gravitee.gateway.jupiter.handlers.api.security.handler.SecurityPlanFactory;
import io.gravitee.gateway.jupiter.policy.PolicyManager;
import io.reactivex.Completable;
import io.reactivex.Flowable;
import io.reactivex.Single;
import java.util.Comparator;
import java.util.Objects;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/gateway/jupiter/handlers/api/security/SecurityChain.class */
public class SecurityChain {
    public static final String SKIP_SECURITY_CHAIN = "skip-security-chain";
    protected static final String PLAN_UNRESOLVABLE = "GATEWAY_PLAN_UNRESOLVABLE";
    protected static final String UNAUTHORIZED_MESSAGE = "Unauthorized";
    protected static final Single<Boolean> TRUE = Single.just(true);
    protected static final Single<Boolean> FALSE = Single.just(false);
    private static final Logger log = LoggerFactory.getLogger(SecurityChain.class);
    private final Flowable<SecurityPlan> chain;

    public SecurityChain(Api api, PolicyManager policyManager) {
        this.chain = Flowable.fromIterable((Iterable) api.getPlans().stream().map(plan -> {
            return SecurityPlanFactory.forPlan(plan, policyManager);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).sorted(Comparator.comparingInt((v0) -> {
            return v0.order();
        })).collect(Collectors.toList()));
    }

    public Completable execute(RequestExecutionContext requestExecutionContext) {
        return Completable.defer(() -> {
            if (!Objects.equals(true, requestExecutionContext.getAttribute(SKIP_SECURITY_CHAIN))) {
                return this.chain.flatMapSingle(securityPlan -> {
                    return continueChain(requestExecutionContext, securityPlan);
                }, false, 1).any((v0) -> {
                    return v0.booleanValue();
                }).flatMapCompletable(bool -> {
                    return !bool.booleanValue() ? requestExecutionContext.interruptWith(new ExecutionFailure(401).key(PLAN_UNRESOLVABLE).message(UNAUTHORIZED_MESSAGE)) : Completable.complete();
                }).doOnSubscribe(disposable -> {
                    log.debug("Executing security chain");
                });
            }
            log.debug("Skipping security chain because it has been explicitly required");
            return Completable.complete();
        });
    }

    private Single<Boolean> continueChain(RequestExecutionContext requestExecutionContext, SecurityPlan securityPlan) {
        return securityPlan.canExecute(requestExecutionContext).flatMap(bool -> {
            return bool.booleanValue() ? securityPlan.execute(requestExecutionContext).andThen(TRUE) : FALSE;
        });
    }
}
