package org.eclipse.ditto.gateway.service.endpoints.directives;

import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Supplier;
import javax.annotation.Nullable;
import org.apache.pekko.http.javadsl.model.HttpHeader;
import org.apache.pekko.http.javadsl.model.HttpRequest;
import org.apache.pekko.http.javadsl.model.StatusCodes;
import org.apache.pekko.http.javadsl.model.Uri;
import org.apache.pekko.http.javadsl.server.Directives;
import org.apache.pekko.http.javadsl.server.RequestContext;
import org.apache.pekko.http.javadsl.server.Route;
import org.eclipse.ditto.base.model.common.ConditionChecker;
import org.eclipse.ditto.gateway.service.util.config.endpoints.HttpConfig;
import org.eclipse.ditto.internal.utils.pekko.logging.DittoLoggerFactory;
import org.eclipse.ditto.internal.utils.pekko.logging.ThreadSafeDittoLogger;
import org.slf4j.Logger;

/* loaded from: input_file:org/eclipse/ditto/gateway/service/endpoints/directives/HttpsEnsuringDirective.class */
public final class HttpsEnsuringDirective {
    private static final String HTTPS_PROTO = "https";
    private static final String HTTPS_TEXT = "Connection via plain HTTP not supported, please connect via HTTPS instead";
    private static final AtomicBoolean FORCE_HTTPS_DISABLED_ALREADY_LOGGED = new AtomicBoolean(false);
    private static final ThreadSafeDittoLogger LOGGER = DittoLoggerFactory.getThreadSafeLogger((Class<?>) HttpsEnsuringDirective.class);
    private final HttpConfig httpConfig;

    private HttpsEnsuringDirective(HttpConfig httpConfig) {
        this.httpConfig = (HttpConfig) ConditionChecker.checkNotNull(httpConfig, "HTTP config");
    }

    public static HttpsEnsuringDirective getInstance(HttpConfig httpConfig) {
        return new HttpsEnsuringDirective(httpConfig);
    }

    public Route ensureHttps(@Nullable CharSequence charSequence, Supplier<Route> supplier) {
        ThreadSafeDittoLogger withCorrelationId = null != charSequence ? LOGGER.withCorrelationId(charSequence) : LOGGER;
        return Directives.extractActorSystem(actorSystem -> {
            return Directives.extractRequestContext(requestContext -> {
                if (this.httpConfig.isForceHttps()) {
                    Uri uri = requestContext.getRequest().getUri();
                    return !HTTPS_PROTO.equalsIgnoreCase(getForwardedProtoHeaderOrNull(uri, requestContext, withCorrelationId)) ? handleNonHttpsRequest(uri, withCorrelationId) : (Route) supplier.get();
                }
                if (FORCE_HTTPS_DISABLED_ALREADY_LOGGED.compareAndSet(false, true)) {
                    withCorrelationId.warn("No HTTPS is enforced!");
                }
                return (Route) supplier.get();
            });
        });
    }

    private String getForwardedProtoHeaderOrNull(Uri uri, RequestContext requestContext, Logger logger) {
        Optional<String> header = getHeader(requestContext.getRequest(), this.httpConfig.getProtocolHeaders());
        Objects.requireNonNull(uri);
        String orElseGet = header.orElseGet(uri::getScheme);
        logger.debug("Read protocol <{}> from headers <{}> or from URI <{}>.", orElseGet, uri, this.httpConfig.getProtocolHeaders());
        return orElseGet;
    }

    private Route handleNonHttpsRequest(Uri uri, Logger logger) {
        return (!this.httpConfig.isRedirectToHttps() || isBlocked(uri.getPathString())) ? disallowRequest(uri, logger) : redirectToHttps(uri, logger);
    }

    private boolean isBlocked(CharSequence charSequence) {
        return this.httpConfig.getRedirectToHttpsBlocklistPattern().matcher(charSequence).matches();
    }

    private static Route redirectToHttps(Uri uri, Logger logger) {
        Uri scheme = uri.scheme(HTTPS_PROTO);
        logger.debug("Redirecting URI <{}> to <{}>.", uri, scheme);
        return Directives.redirect(scheme, StatusCodes.MOVED_PERMANENTLY);
    }

    private static Route disallowRequest(Uri uri, Logger logger) {
        logger.info("REST request on URI <{}> did not originate via HTTPS, sending back <{}>.", uri, StatusCodes.NOT_FOUND);
        return Directives.complete(StatusCodes.NOT_FOUND, HTTPS_TEXT);
    }

    private static Optional<String> getHeader(HttpRequest httpRequest, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            Optional<HttpHeader> header = httpRequest.getHeader(it.next());
            if (header.isPresent()) {
                return header.map((v0) -> {
                    return v0.value();
                });
            }
        }
        return Optional.empty();
    }
}
