package org.eclipse.ditto.services.gateway.endpoints.directives.auth;

import akka.http.javadsl.model.Uri;
import akka.http.javadsl.server.Directives;
import akka.http.javadsl.server.Route;
import akka.http.javadsl.server.directives.RouteAdapter;
import java.util.function.Function;
import org.eclipse.ditto.model.base.auth.AuthorizationContext;
import org.eclipse.ditto.model.base.common.ConditionChecker;
import org.eclipse.ditto.model.base.exceptions.DittoRuntimeException;
import org.eclipse.ditto.model.base.headers.DittoHeaders;
import org.eclipse.ditto.services.gateway.endpoints.utils.DirectivesLoggingUtils;
import org.eclipse.ditto.services.gateway.security.authentication.AuthenticationChain;
import org.eclipse.ditto.services.gateway.security.authentication.AuthenticationResult;
import org.eclipse.ditto.signals.commands.base.exceptions.GatewayAuthenticationFailedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.util.Try;

/* loaded from: input_file:org/eclipse/ditto/services/gateway/endpoints/directives/auth/GatewayAuthenticationDirective.class */
public final class GatewayAuthenticationDirective {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GatewayAuthenticationDirective.class);
    private final AuthenticationChain authenticationChain;
    private final Function<String, DittoRuntimeException> defaultUnauthorizedExceptionFactory;

    public GatewayAuthenticationDirective(AuthenticationChain authenticationChain) {
        this(authenticationChain, str -> {
            return GatewayAuthenticationFailedException.newBuilder("Unauthorized.").dittoHeaders(DittoHeaders.newBuilder().correlationId(str).build()).build();
        });
    }

    public GatewayAuthenticationDirective(AuthenticationChain authenticationChain, Function<String, DittoRuntimeException> function) {
        this.authenticationChain = (AuthenticationChain) ConditionChecker.checkNotNull(authenticationChain, "authenticationChain");
        this.defaultUnauthorizedExceptionFactory = (Function) ConditionChecker.checkNotNull(function, "defaultUnauthorizedExceptionFactory");
    }

    public Route authenticate(CharSequence charSequence, Function<AuthorizationContext, Route> function) {
        return Directives.extractRequestContext(requestContext -> {
            return (RouteAdapter) DirectivesLoggingUtils.enhanceLogWithCorrelationId(charSequence, () -> {
                Uri uri = requestContext.getRequest().getUri();
                return Directives.onComplete(this.authenticationChain.authenticate(requestContext, charSequence), r10 -> {
                    return handleAuthenticationTry(r10, uri, charSequence, function);
                });
            });
        });
    }

    private Route handleAuthenticationTry(Try<AuthenticationResult> r6, Uri uri, CharSequence charSequence, Function<AuthorizationContext, Route> function) {
        if (!r6.isSuccess()) {
            return handleFailedAuthentication(r6.failed().get(), uri, charSequence);
        }
        AuthenticationResult authenticationResult = r6.get();
        return authenticationResult.isSuccess() ? function.apply(authenticationResult.getAuthorizationContext()) : handleFailedAuthentication(authenticationResult.getReasonOfFailure(), uri, charSequence);
    }

    private Route handleFailedAuthentication(Throwable th, Uri uri, CharSequence charSequence) {
        return (Route) DirectivesLoggingUtils.enhanceLogWithCorrelationId(charSequence, () -> {
            if (th instanceof DittoRuntimeException) {
                LOGGER.debug("Authentication for URI <{}> failed. Rethrow DittoRuntimeException.", uri, th);
                throw ((DittoRuntimeException) th);
            }
            LOGGER.debug("Unexpected error during authentication for URI <{}>! Applying unauthorizedDirective", uri, th);
            throw this.defaultUnauthorizedExceptionFactory.apply(charSequence.toString());
        });
    }
}
