package org.eclipse.ditto.gateway.service.endpoints.directives.auth;

import akka.actor.ActorSystem;
import com.mongodb.lang.Nullable;
import com.typesafe.config.Config;
import java.util.ArrayList;
import java.util.concurrent.Executor;
import org.eclipse.ditto.gateway.service.security.authentication.AuthenticationChain;
import org.eclipse.ditto.gateway.service.security.authentication.AuthenticationFailureAggregators;
import org.eclipse.ditto.gateway.service.security.authentication.AuthenticationProvider;
import org.eclipse.ditto.gateway.service.security.authentication.AuthenticationResult;
import org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtAuthenticationFactory;
import org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtAuthenticationProvider;
import org.eclipse.ditto.gateway.service.security.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.eclipse.ditto.gateway.service.util.config.DittoGatewayConfig;
import org.eclipse.ditto.gateway.service.util.config.security.AuthenticationConfig;
import org.eclipse.ditto.internal.utils.config.DefaultScopedConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/ditto/gateway/service/endpoints/directives/auth/DittoGatewayAuthenticationDirectiveFactory.class */
public final class DittoGatewayAuthenticationDirectiveFactory implements GatewayAuthenticationDirectiveFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(DittoGatewayAuthenticationDirectiveFactory.class);
    private static final String AUTHENTICATION_DISPATCHER_NAME = "authentication-dispatcher";
    private final AuthenticationConfig authConfig;
    private final Executor authenticationDispatcher;

    @Nullable
    private GatewayAuthenticationDirective gatewayHttpAuthenticationDirective;

    @Nullable
    private GatewayAuthenticationDirective gatewayWsAuthenticationDirective;

    public DittoGatewayAuthenticationDirectiveFactory(ActorSystem actorSystem, Config config) {
        this.authConfig = DittoGatewayConfig.of(DefaultScopedConfig.dittoScoped(actorSystem.settings().config())).getAuthenticationConfig();
        this.authenticationDispatcher = actorSystem.dispatchers().lookup(AUTHENTICATION_DISPATCHER_NAME);
    }

    @Override // org.eclipse.ditto.gateway.service.endpoints.directives.auth.GatewayAuthenticationDirectiveFactory
    public GatewayAuthenticationDirective buildHttpAuthentication(JwtAuthenticationFactory jwtAuthenticationFactory) {
        if (null == this.gatewayHttpAuthenticationDirective) {
            this.gatewayHttpAuthenticationDirective = generateGatewayAuthenticationDirective(this.authConfig, JwtAuthenticationProvider.newInstance(jwtAuthenticationFactory.newJwtAuthenticationResultProvider("ditto.gateway.authentication.oauth"), jwtAuthenticationFactory.getJwtValidator()), this.authenticationDispatcher);
        }
        return this.gatewayHttpAuthenticationDirective;
    }

    @Override // org.eclipse.ditto.gateway.service.endpoints.directives.auth.GatewayAuthenticationDirectiveFactory
    public GatewayAuthenticationDirective buildWsAuthentication(JwtAuthenticationFactory jwtAuthenticationFactory) {
        if (null == this.gatewayWsAuthenticationDirective) {
            this.gatewayWsAuthenticationDirective = generateGatewayAuthenticationDirective(this.authConfig, JwtAuthenticationProvider.newWsInstance(jwtAuthenticationFactory.newJwtAuthenticationResultProvider("ditto.gateway.authentication.oauth"), jwtAuthenticationFactory.getJwtValidator()), this.authenticationDispatcher);
        }
        return this.gatewayWsAuthenticationDirective;
    }

    private static GatewayAuthenticationDirective generateGatewayAuthenticationDirective(AuthenticationConfig authenticationConfig, AuthenticationProvider<AuthenticationResult> authenticationProvider, Executor executor) {
        ArrayList arrayList = new ArrayList();
        if (authenticationConfig.isPreAuthenticationEnabled()) {
            LOGGER.info("Pre-authentication is enabled!");
            arrayList.add(PreAuthenticatedAuthenticationProvider.getInstance());
        }
        arrayList.add(authenticationProvider);
        return new GatewayAuthenticationDirective(AuthenticationChain.getInstance(arrayList, AuthenticationFailureAggregators.getDefault(), executor));
    }
}
