package ch.raffael.meldioc.library.http.server.undertow.handler;

import ch.raffael.meldioc.library.http.server.undertow.security.Role;
import ch.raffael.meldioc.library.http.server.undertow.util.HttpStatusException;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.vavr.collection.Array;
import io.vavr.collection.Map;
import io.vavr.collection.Set;
import io.vavr.control.Option;
import java.util.Objects;
import java.util.function.Function;

/* loaded from: input_file:ch/raffael/meldioc/library/http/server/undertow/handler/AccessCheckHandler.class */
public class AccessCheckHandler implements HttpHandler {
    private final AccessRestriction restriction;
    private final HttpHandler next;

    /* loaded from: input_file:ch/raffael/meldioc/library/http/server/undertow/handler/AccessCheckHandler$AccessByRole.class */
    public static class AccessByRole<R extends Role> implements AccessRestriction {
        private final Function<? super String, ? extends Option<? extends R>> mapper;
        private final Set<? extends R> roles;

        public AccessByRole(Function<? super String, ? extends Option<? extends R>> function, Set<? extends R> set) {
            this.mapper = function;
            this.roles = set;
        }

        @Override // ch.raffael.meldioc.library.http.server.undertow.handler.AccessCheckHandler.AccessRestriction
        public boolean accessPermitted(Account account) {
            return account.getRoles().stream().map(this.mapper).flatMap((v0) -> {
                return v0.toJavaStream();
            }).anyMatch(role -> {
                Set<? extends R> set = this.roles;
                Objects.requireNonNull(role);
                return set.exists(role::implies);
            });
        }

        public String toString() {
            return getClass().getName() + "[" + this.roles + "]";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ch/raffael/meldioc/library/http/server/undertow/handler/AccessCheckHandler$AccessByRoleEnum.class */
    public static class AccessByRoleEnum<R extends Enum<?> & Role> extends AccessByRole<R> {
        public AccessByRoleEnum(Class<R> cls, Set<? extends R> set) {
            super(AccessCheckHandler.enumMapper(cls), set);
        }
    }

    /* loaded from: input_file:ch/raffael/meldioc/library/http/server/undertow/handler/AccessCheckHandler$AccessRestriction.class */
    public interface AccessRestriction {
        boolean accessPermitted(Account account);
    }

    public AccessCheckHandler(AccessRestriction accessRestriction, HttpHandler httpHandler) {
        this.restriction = accessRestriction;
        this.next = httpHandler;
    }

    public static <R extends Role> AccessByRole<R> accessByRole(Function<? super String, ? extends Option<? extends R>> function, Set<? extends R> set) {
        return new AccessByRole<>(function, set);
    }

    public static <R extends Enum<?> & Role> AccessByRoleEnum<R> accessByRole(Class<R> cls, Set<? extends R> set) {
        return new AccessByRoleEnum<>(cls, set);
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        boolean z = true;
        Account authenticatedAccount = ((SecurityContext) Objects.requireNonNull(httpServerExchange.getSecurityContext(), "exchange.getSecurityContext()")).getAuthenticatedAccount();
        if (authenticatedAccount != null) {
            z = !this.restriction.accessPermitted(authenticatedAccount);
        }
        if (z) {
            new HttpStatusException(403, "Forbidden").endRequest(httpServerExchange);
        } else {
            this.next.handleRequest(httpServerExchange);
        }
    }

    private static <T extends Enum<?> & Role> Function<String, Option<T>> enumMapper(Class<T> cls) {
        Map map = Array.of((Enum[]) cls.getEnumConstants()).toMap(obj -> {
            return ((Role) obj).name();
        }, Function.identity());
        Objects.requireNonNull(map);
        return (v1) -> {
            return r0.get(v1);
        };
    }
}
