package io.streamthoughts.azkarra.http.security.authorizer;

import io.streamthoughts.azkarra.http.security.SecurityMechanism;
import io.streamthoughts.azkarra.http.security.UnauthorizedAccessException;
import io.streamthoughts.azkarra.http.security.auth.AuthenticationContext;
import io.streamthoughts.azkarra.http.security.auth.AuthenticationContextHolder;
import io.streamthoughts.azkarra.http.security.auth.AzkarraPrincipalBuilder;
import io.streamthoughts.azkarra.http.security.auth.GrantedAuthority;
import io.streamthoughts.azkarra.http.security.auth.UserDetails;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.net.InetAddress;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Objects;

/* loaded from: input_file:io/streamthoughts/azkarra/http/security/authorizer/AuthorizationHandler.class */
public class AuthorizationHandler implements HttpHandler {
    private final HttpHandler next;
    private final AuthorizationManager authorizationManager;
    private final AzkarraPrincipalBuilder principalBuilder;

    public AuthorizationHandler(HttpHandler httpHandler, AuthorizationManager authorizationManager, AzkarraPrincipalBuilder azkarraPrincipalBuilder) {
        Objects.requireNonNull(authorizationManager, "authorizationManager cannot be null");
        Objects.requireNonNull(httpHandler, "next cannot be null");
        this.next = httpHandler;
        this.authorizationManager = authorizationManager;
        this.principalBuilder = azkarraPrincipalBuilder;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        final HttpResource httpResource = new HttpResource(httpServerExchange.getResolvedPath(), httpServerExchange.getRequestMethod().toString());
        final AuthenticationContext authenticationContext = AuthenticationContextHolder.getAuthenticationContext();
        if (this.authorizationManager.authenticate(new AuthorizationContext() { // from class: io.streamthoughts.azkarra.http.security.authorizer.AuthorizationHandler.1
            @Override // io.streamthoughts.azkarra.http.security.authorizer.AuthorizationContext
            public Principal principal() {
                return AuthorizationHandler.this.principalBuilder != null ? AuthorizationHandler.this.principalBuilder.buildPrincipal(authenticationContext) : authenticationContext.getAuthentication().getPrincipal();
            }

            @Override // io.streamthoughts.azkarra.http.security.authorizer.AuthorizationContext
            public Collection<GrantedAuthority> authorities() {
                UserDetails userDetails = authenticationContext.getAuthentication().getUserDetails();
                return userDetails != null ? userDetails.allGrantedAuthorities() : Collections.emptyList();
            }

            @Override // io.streamthoughts.azkarra.http.security.authorizer.AuthorizationContext
            public InetAddress clientAddress() {
                return authenticationContext.getClientAddress();
            }

            @Override // io.streamthoughts.azkarra.http.security.authorizer.AuthorizationContext
            public SecurityMechanism securityMechanism() {
                return authenticationContext.getSecurityMechanism();
            }

            @Override // io.streamthoughts.azkarra.http.security.authorizer.AuthorizationContext
            public HttpResource resource() {
                return httpResource;
            }
        }) != AuthorizationResult.ALLOWED) {
            throw new UnauthorizedAccessException("Access not authorize for this resource");
        }
        this.next.handleRequest(httpServerExchange);
    }
}
