package io.helidon.webclient.security;

import io.helidon.common.HelidonFeatures;
import io.helidon.common.HelidonFlavor;
import io.helidon.security.EndpointConfig;
import io.helidon.security.OutboundSecurityResponse;
import io.helidon.security.Security;
import io.helidon.security.SecurityContext;
import io.helidon.security.SecurityEnvironment;
import io.helidon.security.SecurityResponse;
import io.helidon.webclient.WebClientRequestHeaders;
import io.helidon.webclient.WebClientServiceRequest;
import io.helidon.webclient.spi.WebClientService;
import io.opentracing.Span;
import io.opentracing.SpanContext;
import io.opentracing.Tracer;
import io.opentracing.tag.Tags;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.logging.Logger;

/* loaded from: input_file:io/helidon/webclient/security/WebClientSecurity.class */
public class WebClientSecurity implements WebClientService {
    private static final Logger LOGGER = Logger.getLogger(WebClientSecurity.class.getName());
    private static final String PROVIDER_NAME = "io.helidon.security.rest.client.security.providerName";
    private Security security;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.helidon.webclient.security.WebClientSecurity$1, reason: invalid class name */
    /* loaded from: input_file:io/helidon/webclient/security/WebClientSecurity$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus = new int[SecurityResponse.SecurityStatus.values().length];

        static {
            try {
                $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[SecurityResponse.SecurityStatus.FAILURE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[SecurityResponse.SecurityStatus.FAILURE_FINISH.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[SecurityResponse.SecurityStatus.ABSTAIN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[SecurityResponse.SecurityStatus.SUCCESS.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[SecurityResponse.SecurityStatus.SUCCESS_FINISH.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    private WebClientSecurity() {
    }

    public static WebClientSecurity create() {
        return new WebClientSecurity();
    }

    public static WebClientSecurity create(Security security) {
        WebClientSecurity create = create();
        create.security = security;
        return create;
    }

    public CompletionStage<WebClientServiceRequest> request(WebClientServiceRequest webClientServiceRequest) {
        Optional optional = webClientServiceRequest.context().get(SecurityContext.class);
        if (null == this.security && optional.isEmpty()) {
            return CompletableFuture.completedFuture(webClientServiceRequest);
        }
        SecurityContext securityContext = (SecurityContext) optional.orElseGet(() -> {
            return createContext(webClientServiceRequest);
        });
        Span start = securityContext.tracer().buildSpan("security:outbound").asChildOf(securityContext.tracingSpan()).start();
        String str = (String) webClientServiceRequest.properties().get(PROVIDER_NAME);
        try {
            SecurityEnvironment.Builder derive = securityContext.env().derive();
            derive.method(webClientServiceRequest.method().name()).path(webClientServiceRequest.path().toString()).targetUri(webClientServiceRequest.uri()).headers(webClientServiceRequest.headers().toMap());
            EndpointConfig.Builder derive2 = securityContext.endpointConfig().derive();
            for (String str2 : webClientServiceRequest.properties().keySet()) {
                Optional.ofNullable((String) webClientServiceRequest.properties().get(str2)).ifPresent(str3 -> {
                    derive2.addAtribute(str2, str3);
                });
            }
            return securityContext.outboundClientBuilder().outboundEnvironment(derive).outboundEndpointConfig(derive2).explicitProvider(str).submit().thenApply(outboundSecurityResponse -> {
                return processResponse(webClientServiceRequest, start, outboundSecurityResponse);
            });
        } catch (Exception e) {
            traceError(start, e, null);
            throw e;
        }
    }

    private WebClientServiceRequest processResponse(WebClientServiceRequest webClientServiceRequest, Span span, OutboundSecurityResponse outboundSecurityResponse) {
        try {
            switch (AnonymousClass1.$SwitchMap$io$helidon$security$SecurityResponse$SecurityStatus[outboundSecurityResponse.status().ordinal()]) {
                case 1:
                case 2:
                    traceError(span, (Throwable) outboundSecurityResponse.throwable().orElse(null), (String) outboundSecurityResponse.description().orElse(outboundSecurityResponse.status().toString()));
                    break;
            }
            Map requestHeaders = outboundSecurityResponse.requestHeaders();
            LOGGER.finest(() -> {
                return "Client filter header(s). SIZE: " + requestHeaders.size();
            });
            WebClientRequestHeaders headers = webClientServiceRequest.headers();
            for (Map.Entry entry : requestHeaders.entrySet()) {
                LOGGER.finest(() -> {
                    return "    + Header: " + ((String) entry.getKey()) + ": " + entry.getValue();
                });
                headers.remove((String) entry.getKey());
                Iterator it = ((List) entry.getValue()).iterator();
                while (it.hasNext()) {
                    headers.put((String) entry.getKey(), new String[]{(String) it.next()});
                }
            }
            span.finish();
            return webClientServiceRequest;
        } catch (Exception e) {
            traceError(span, e, null);
            throw e;
        }
    }

    private SecurityContext createContext(WebClientServiceRequest webClientServiceRequest) {
        SecurityContext.Builder env = this.security.contextBuilder(UUID.randomUUID().toString()).endpointConfig(EndpointConfig.builder().build()).env(SecurityEnvironment.builder().path(webClientServiceRequest.path().toString()).build());
        Optional optional = webClientServiceRequest.context().get(Tracer.class);
        Objects.requireNonNull(env);
        optional.ifPresent(env::tracingTracer);
        Optional optional2 = webClientServiceRequest.context().get(SpanContext.class);
        Objects.requireNonNull(env);
        optional2.ifPresent(env::tracingSpan);
        return env.build();
    }

    static void traceError(Span span, Throwable th, String str) {
        if (null != th) {
            Tags.ERROR.set(span, true);
            span.log(Map.of("event", "error", "error.object", th));
        } else {
            Tags.ERROR.set(span, true);
            span.log(Map.of("event", "error", "message", str, "error.kind", "SecurityException"));
        }
        span.finish();
    }

    static {
        HelidonFeatures.register(HelidonFlavor.SE, new String[]{"WebClient", "Security"});
    }
}
