package org.eclipse.ditto.services.gateway.endpoints.directives.auth.dummy;

import akka.http.javadsl.model.StatusCodes;
import akka.http.javadsl.server.Directives;
import akka.http.javadsl.server.RequestContext;
import akka.http.javadsl.server.Route;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.eclipse.ditto.model.base.auth.AuthorizationContext;
import org.eclipse.ditto.model.base.auth.AuthorizationModelFactory;
import org.eclipse.ditto.model.base.auth.AuthorizationSubject;
import org.eclipse.ditto.services.gateway.endpoints.directives.auth.AuthenticationProvider;
import org.eclipse.ditto.services.gateway.endpoints.utils.DirectivesLoggingUtils;
import org.eclipse.ditto.services.gateway.endpoints.utils.HttpUtils;
import org.eclipse.ditto.services.gateway.security.HttpHeader;
import org.eclipse.ditto.signals.commands.base.exceptions.GatewayAuthenticationFailedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/ditto/services/gateway/endpoints/directives/auth/dummy/DummyAuthenticationProvider.class */
public final class DummyAuthenticationProvider implements AuthenticationProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DummyAuthenticationProvider.class);
    public static final DummyAuthenticationProvider INSTANCE = new DummyAuthenticationProvider();

    private DummyAuthenticationProvider() {
    }

    @Override // org.eclipse.ditto.services.gateway.endpoints.directives.auth.AuthenticationProvider
    public boolean isApplicable(RequestContext requestContext) {
        return HttpUtils.getRequestHeader(requestContext, HttpHeader.X_DITTO_DUMMY_AUTH.getName()).isPresent();
    }

    @Override // org.eclipse.ditto.services.gateway.endpoints.directives.auth.AuthenticationProvider
    public Route unauthorized(String str) {
        return Directives.complete(StatusCodes.UNAUTHORIZED);
    }

    @Override // org.eclipse.ditto.services.gateway.endpoints.directives.auth.AuthenticationProvider
    public Route authenticate(String str, Function<AuthorizationContext, Route> function) {
        return Directives.extractRequestContext(requestContext -> {
            return (Route) DirectivesLoggingUtils.enhanceLogWithCorrelationId(str, () -> {
                String orElseThrow = HttpUtils.getRequestHeader(requestContext, HttpHeader.X_DITTO_DUMMY_AUTH.getName()).orElseThrow(() -> {
                    return new IllegalStateException("This method must not be called if header'" + HttpHeader.X_DITTO_DUMMY_AUTH.getName() + "' is not set");
                });
                List<AuthorizationSubject> extractAuthorizationSubjects = extractAuthorizationSubjects(orElseThrow);
                if (extractAuthorizationSubjects.isEmpty()) {
                    throw GatewayAuthenticationFailedException.newBuilder("Failed to extract AuthorizationSubjects from " + HttpHeader.X_DITTO_DUMMY_AUTH.getName() + " header value '" + orElseThrow + "'.").build();
                }
                AuthorizationContext newAuthContext = AuthorizationModelFactory.newAuthContext(extractAuthorizationSubjects);
                LOGGER.warn("Dummy authentication has been applied for the following subjects: {}", orElseThrow);
                return (Route) function.apply(newAuthContext);
            });
        });
    }

    private List<AuthorizationSubject> extractAuthorizationSubjects(String str) {
        return (str == null || str.isEmpty()) ? Collections.emptyList() : (List) Arrays.stream(str.split(",")).map((v0) -> {
            return AuthorizationModelFactory.newAuthSubject(v0);
        }).collect(Collectors.toList());
    }
}
