package org.eclipse.ditto.gateway.service.endpoints.directives.auth;

import akka.http.javadsl.server.Directives;
import akka.http.javadsl.server.Route;
import java.util.Collection;
import org.eclipse.ditto.base.model.common.ConditionChecker;
import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtAuthenticationProvider;
import org.eclipse.ditto.gateway.service.util.config.security.DevOpsConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/ditto/gateway/service/endpoints/directives/auth/DevOpsOAuth2AuthenticationDirective.class */
public final class DevOpsOAuth2AuthenticationDirective implements DevopsAuthenticationDirective {
    private static final Logger LOGGER = LoggerFactory.getLogger(DevOpsOAuth2AuthenticationDirective.class);
    public static final String REALM_DEVOPS = "DITTO-DEVOPS";
    public static final String REALM_STATUS = "DITTO-STATUS";
    private final JwtAuthenticationProvider jwtAuthenticationProvider;
    private final Collection<String> expectedSubjects;

    private DevOpsOAuth2AuthenticationDirective(JwtAuthenticationProvider jwtAuthenticationProvider, Collection<String> collection) {
        this.jwtAuthenticationProvider = (JwtAuthenticationProvider) ConditionChecker.checkNotNull(jwtAuthenticationProvider, "jwtAuthenticationProvider");
        this.expectedSubjects = collection;
    }

    public static DevOpsOAuth2AuthenticationDirective status(DevOpsConfig devOpsConfig, JwtAuthenticationProvider jwtAuthenticationProvider) {
        return new DevOpsOAuth2AuthenticationDirective(jwtAuthenticationProvider, devOpsConfig.getStatusOAuth2Subjects());
    }

    public static DevOpsOAuth2AuthenticationDirective devops(DevOpsConfig devOpsConfig, JwtAuthenticationProvider jwtAuthenticationProvider) {
        return new DevOpsOAuth2AuthenticationDirective(jwtAuthenticationProvider, devOpsConfig.getDevopsOAuth2Subjects());
    }

    @Override // org.eclipse.ditto.gateway.service.endpoints.directives.auth.DevopsAuthenticationDirective
    public Route authenticateDevOps(String str, Route route) {
        LOGGER.debug("DevOps OAuth authentication is enabled for {}.", str);
        return Directives.extractRequestContext(requestContext -> {
            LOGGER.debug("Trying to use OAuth2 authentication for authorization header <{}>", (String) requestContext.getRequest().getHeader("authorization").map((v0) -> {
                return v0.value();
            }).orElse(""));
            return Directives.onComplete(this.jwtAuthenticationProvider.authenticate(requestContext, DittoHeaders.empty()), r8 -> {
                return handleAuthenticationTry(r8, route, requestContext);
            });
        });
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0080  */
    /* JADX WARN: Removed duplicated region for block: B:17:0x008c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private akka.http.javadsl.server.Route handleAuthenticationTry(scala.util.Try<org.eclipse.ditto.gateway.service.security.authentication.AuthenticationResult> r7, akka.http.javadsl.server.Route r8, akka.http.javadsl.server.RequestContext r9) {
        /*
            r6 = this;
            r0 = r7
            boolean r0 = r0.isSuccess()
            if (r0 == 0) goto Lbf
            r0 = r7
            java.lang.Object r0 = r0.get()
            org.eclipse.ditto.gateway.service.security.authentication.AuthenticationResult r0 = (org.eclipse.ditto.gateway.service.security.authentication.AuthenticationResult) r0
            r10 = r0
            r0 = r10
            boolean r0 = r0.isSuccess()
            if (r0 != 0) goto L3d
            org.slf4j.Logger r0 = org.eclipse.ditto.gateway.service.endpoints.directives.auth.DevOpsOAuth2AuthenticationDirective.LOGGER
            java.lang.String r1 = "DevOps Oauth authentication was not successful for request: '{}' because of '{}'."
            r2 = r9
            akka.http.javadsl.model.HttpRequest r2 = r2.getRequest()
            r3 = r10
            java.lang.Throwable r3 = r3.getReasonOfFailure()
            java.lang.String r3 = r3.getMessage()
            r0.warn(r1, r2, r3)
            r0 = r10
            java.lang.Throwable r0 = r0.getReasonOfFailure()
            akka.http.javadsl.server.Route r0 = akka.http.javadsl.server.Directives.failWith(r0)
            return r0
        L3d:
            r0 = r10
            org.eclipse.ditto.base.model.auth.AuthorizationContext r0 = r0.getAuthorizationContext()
            java.util.List r0 = r0.getAuthorizationSubjectIds()
            r11 = r0
            r0 = r6
            java.util.Collection<java.lang.String> r0 = r0.expectedSubjects
            boolean r0 = r0.isEmpty()
            if (r0 != 0) goto L74
            r0 = r11
            java.util.stream.Stream r0 = r0.stream()
            r1 = r6
            java.util.Collection<java.lang.String> r1 = r1.expectedSubjects
            r2 = r1
            java.lang.Object r2 = java.util.Objects.requireNonNull(r2)
            akka.http.javadsl.server.Route r1 = (v1) -> { // java.util.function.Predicate.test(java.lang.Object):boolean
                return r1.contains(v1);
            }
            boolean r0 = r0.anyMatch(r1)
            if (r0 == 0) goto L78
        L74:
            r0 = 1
            goto L79
        L78:
            r0 = 0
        L79:
            r12 = r0
            r0 = r12
            if (r0 == 0) goto L8c
            org.slf4j.Logger r0 = org.eclipse.ditto.gateway.service.endpoints.directives.auth.DevOpsOAuth2AuthenticationDirective.LOGGER
            java.lang.String r1 = "DevOps Oauth authentication was successful."
            r0.info(r1)
            r0 = r8
            return r0
        L8c:
            java.lang.String r0 = "Unauthorized subject(s): <%s>. Expected: <%s>"
            r1 = 2
            java.lang.Object[] r1 = new java.lang.Object[r1]
            r2 = r1
            r3 = 0
            r4 = r11
            r2[r3] = r4
            r2 = r1
            r3 = 1
            r4 = r6
            java.util.Collection<java.lang.String> r4 = r4.expectedSubjects
            r2[r3] = r4
            java.lang.String r0 = java.lang.String.format(r0, r1)
            r13 = r0
            r0 = r13
            org.eclipse.ditto.base.model.headers.DittoHeaders r1 = org.eclipse.ditto.base.model.headers.DittoHeaders.empty()
            org.eclipse.ditto.gateway.api.GatewayAuthenticationFailedException r0 = org.eclipse.ditto.gateway.api.GatewayAuthenticationFailedException.fromMessage(r0, r1)
            r14 = r0
            org.slf4j.Logger r0 = org.eclipse.ditto.gateway.service.endpoints.directives.auth.DevOpsOAuth2AuthenticationDirective.LOGGER
            java.lang.String r1 = "DevOps Oauth authentication failed."
            r2 = r14
            r0.warn(r1, r2)
            r0 = r14
            akka.http.javadsl.server.Route r0 = akka.http.javadsl.server.Directives.failWith(r0)
            return r0
        Lbf:
            akka.http.scaladsl.server.AuthorizationFailedRejection$ r0 = akka.http.javadsl.server.AuthorizationFailedRejection.get()
            r1 = 0
            akka.http.javadsl.server.Rejection[] r1 = new akka.http.javadsl.server.Rejection[r1]
            akka.http.javadsl.server.Route r0 = akka.http.javadsl.server.Directives.reject(r0, r1)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.ditto.gateway.service.endpoints.directives.auth.DevOpsOAuth2AuthenticationDirective.handleAuthenticationTry(scala.util.Try, akka.http.javadsl.server.Route, akka.http.javadsl.server.RequestContext):akka.http.javadsl.server.Route");
    }
}
