package org.eclipse.ditto.gateway.service.endpoints.directives.auth;

import akka.http.javadsl.model.Uri;
import akka.http.javadsl.server.Directives;
import akka.http.javadsl.server.Route;
import java.util.function.Function;
import org.eclipse.ditto.base.model.common.ConditionChecker;
import org.eclipse.ditto.base.model.exceptions.DittoRuntimeException;
import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.gateway.api.GatewayAuthenticationFailedException;
import org.eclipse.ditto.gateway.service.security.authentication.AuthenticationChain;
import org.eclipse.ditto.gateway.service.security.authentication.AuthenticationResult;
import org.eclipse.ditto.internal.utils.akka.logging.DittoLogger;
import org.eclipse.ditto.internal.utils.akka.logging.DittoLoggerFactory;
import scala.util.Try;

/* loaded from: input_file:org/eclipse/ditto/gateway/service/endpoints/directives/auth/GatewayAuthenticationDirective.class */
public final class GatewayAuthenticationDirective {
    private static final DittoLogger LOGGER = DittoLoggerFactory.getLogger(GatewayAuthenticationDirective.class);
    private final AuthenticationChain authenticationChain;
    private final Function<DittoHeaders, DittoRuntimeException> defaultUnauthorizedExceptionFactory;

    public GatewayAuthenticationDirective(AuthenticationChain authenticationChain) {
        this(authenticationChain, dittoHeaders -> {
            return GatewayAuthenticationFailedException.newBuilder("Unauthorized.").dittoHeaders(dittoHeaders).build();
        });
    }

    public GatewayAuthenticationDirective(AuthenticationChain authenticationChain, Function<DittoHeaders, DittoRuntimeException> function) {
        this.authenticationChain = (AuthenticationChain) ConditionChecker.checkNotNull(authenticationChain, "authenticationChain");
        this.defaultUnauthorizedExceptionFactory = (Function) ConditionChecker.checkNotNull(function, "defaultUnauthorizedExceptionFactory");
    }

    public Route authenticate(DittoHeaders dittoHeaders, Function<AuthenticationResult, Route> function) {
        return Directives.extractRequestContext(requestContext -> {
            Uri uri = requestContext.getRequest().getUri();
            return Directives.onComplete(this.authenticationChain.authenticate(requestContext, dittoHeaders), r10 -> {
                return handleAuthenticationTry(r10, uri, dittoHeaders, function);
            });
        });
    }

    private Route handleAuthenticationTry(Try<AuthenticationResult> r6, Uri uri, DittoHeaders dittoHeaders, Function<AuthenticationResult, Route> function) {
        if (!r6.isSuccess()) {
            return handleFailedAuthentication((Throwable) r6.failed().get(), uri, dittoHeaders);
        }
        AuthenticationResult authenticationResult = (AuthenticationResult) r6.get();
        return authenticationResult.isSuccess() ? function.apply(authenticationResult) : handleFailedAuthentication(authenticationResult.getReasonOfFailure(), uri, dittoHeaders);
    }

    private Route handleFailedAuthentication(Throwable th, Uri uri, DittoHeaders dittoHeaders) {
        if (th instanceof DittoRuntimeException) {
            DittoRuntimeException dittoRuntimeException = (DittoRuntimeException) th;
            LOGGER.withCorrelationId(dittoHeaders).debug("Authentication for URI <{}> failed. Rethrow DittoRuntimeException.", uri, th);
            throw dittoRuntimeException;
        }
        LOGGER.withCorrelationId(dittoHeaders).warn("Unexpected authentication failure for URI <{}>: <{}: {}>", new Object[]{uri, th.getClass().getSimpleName(), th.getMessage(), th});
        LOGGER.debug("Unexpected error during authentication for URI <{}>! Applying unauthorizedDirective", uri, th);
        throw this.defaultUnauthorizedExceptionFactory.apply(dittoHeaders);
    }
}
