package org.apache.pulsar.broker.authentication;

import java.io.IOException;
import java.net.SocketAddress;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import javax.naming.AuthenticationException;
import javax.net.ssl.SSLSession;
import lombok.Generated;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.AuthenticationProvider;
import org.apache.pulsar.broker.authentication.metrics.AuthenticationMetrics;
import org.apache.pulsar.common.api.AuthData;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.http.HttpServletRequest;
import org.apache.pulsar.functions.runtime.shaded.javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderList.class */
public class AuthenticationProviderList implements AuthenticationProvider {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(AuthenticationProviderList.class);
    private AuthenticationMetrics authenticationMetrics;
    private final List<AuthenticationProvider> providers;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderList$AuthProcessor.class */
    public interface AuthProcessor<T, W> {
        T apply(W w) throws Exception;
    }

    /* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderList$AuthenticationListState.class */
    private static class AuthenticationListState implements AuthenticationState {
        private final List<AuthenticationState> states;
        private volatile AuthenticationState authState;
        private final AuthenticationMetrics metrics;

        AuthenticationListState(List<AuthenticationState> list, AuthenticationMetrics authenticationMetrics) {
            if (list == null || list.isEmpty()) {
                throw new IllegalArgumentException("Authentication state requires at least one state");
            }
            this.states = list;
            this.authState = list.get(0);
            this.metrics = authenticationMetrics;
        }

        private AuthenticationState getAuthState() throws AuthenticationException {
            if (this.authState != null) {
                return this.authState;
            }
            throw new AuthenticationException("Authentication state is not initialized");
        }

        @Override // org.apache.pulsar.broker.authentication.AuthenticationState
        public String getAuthRole() throws AuthenticationException {
            return getAuthState().getAuthRole();
        }

        @Override // org.apache.pulsar.broker.authentication.AuthenticationState
        public CompletableFuture<AuthData> authenticateAsync(AuthData authData) {
            CompletableFuture<AuthData> completableFuture = new CompletableFuture<>();
            this.authState.authenticateAsync(authData).whenComplete((authData2, th) -> {
                if (th == null) {
                    completableFuture.complete(authData2);
                    return;
                }
                if (AuthenticationProviderList.log.isDebugEnabled()) {
                    AuthenticationProviderList.log.debug("Authentication failed for auth provider " + String.valueOf(this.authState.getClass()) + ": ", th);
                }
                authenticateRemainingAuthStates(completableFuture, authData, th, this.states.isEmpty() ? -1 : 0);
            });
            return completableFuture;
        }

        private void authenticateRemainingAuthStates(CompletableFuture<AuthData> completableFuture, AuthData authData, Throwable th, int i) {
            if (i < 0 || i >= this.states.size()) {
                if (th == null) {
                    th = new AuthenticationException("Authentication required");
                }
                this.metrics.recordFailure(AuthenticationProviderList.class.getSimpleName(), "authentication-provider-list", ErrorCode.AUTH_REQUIRED);
                completableFuture.completeExceptionally(th);
                return;
            }
            AuthenticationState authenticationState = this.states.get(i);
            if (authenticationState == this.authState) {
                authenticateRemainingAuthStates(completableFuture, authData, null, i + 1);
            } else {
                authenticationState.authenticateAsync(authData).whenComplete((authData2, th2) -> {
                    if (th2 == null) {
                        this.authState = authenticationState;
                        completableFuture.complete(authData2);
                    } else {
                        if (AuthenticationProviderList.log.isDebugEnabled()) {
                            AuthenticationProviderList.log.debug("Authentication failed for auth provider " + String.valueOf(this.authState.getClass()) + ": ", th2);
                        }
                        authenticateRemainingAuthStates(completableFuture, authData, th2, i + 1);
                    }
                });
            }
        }

        @Override // org.apache.pulsar.broker.authentication.AuthenticationState
        public AuthData authenticate(AuthData authData) throws AuthenticationException {
            return (AuthData) AuthenticationProviderList.applyAuthProcessor(this.states, this.metrics, authenticationState -> {
                AuthData authenticate = authenticationState.authenticate(authData);
                this.authState = authenticationState;
                return authenticate;
            });
        }

        @Override // org.apache.pulsar.broker.authentication.AuthenticationState
        public AuthenticationDataSource getAuthDataSource() {
            return this.authState.getAuthDataSource();
        }

        @Override // org.apache.pulsar.broker.authentication.AuthenticationState
        public boolean isComplete() {
            return this.authState.isComplete();
        }

        @Override // org.apache.pulsar.broker.authentication.AuthenticationState
        public long getStateId() {
            return null != this.authState ? this.authState.getStateId() : this.states.get(0).getStateId();
        }

        @Override // org.apache.pulsar.broker.authentication.AuthenticationState
        public boolean isExpired() {
            return this.authState.isExpired();
        }

        @Override // org.apache.pulsar.broker.authentication.AuthenticationState
        public AuthData refreshAuthentication() throws AuthenticationException {
            return getAuthState().refreshAuthentication();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderList$ErrorCode.class */
    public enum ErrorCode {
        UNKNOWN,
        AUTH_REQUIRED
    }

    private static AuthenticationException newAuthenticationException(String str, Exception exc) {
        AuthenticationException authenticationException = new AuthenticationException(str);
        if (exc != null) {
            authenticationException.initCause(exc);
        }
        return authenticationException;
    }

    private static <T, W> T applyAuthProcessor(List<W> list, AuthenticationMetrics authenticationMetrics, AuthProcessor<T, W> authProcessor) throws AuthenticationException {
        Exception exc = null;
        String name = ErrorCode.UNKNOWN.name();
        for (W w : list) {
            try {
                return authProcessor.apply(w);
            } catch (Exception e) {
                if (log.isDebugEnabled()) {
                    log.debug("Authentication failed for auth provider " + String.valueOf(w.getClass()) + ": ", e);
                }
                exc = e;
                if (e instanceof AuthenticationException) {
                    name = w.getClass().getSimpleName() + "-INVALID-AUTH";
                }
            }
        }
        if (null == exc) {
            authenticationMetrics.recordFailure(AuthenticationProviderList.class.getSimpleName(), "authentication-provider-list", ErrorCode.AUTH_REQUIRED);
            throw new AuthenticationException("Authentication required");
        }
        authenticationMetrics.recordFailure(AuthenticationProviderList.class.getSimpleName(), "authentication-provider-list", name);
        throw newAuthenticationException("Authentication failed", exc);
    }

    public AuthenticationProviderList(List<AuthenticationProvider> list) {
        this.providers = list;
    }

    public List<AuthenticationProvider> getProviders() {
        return this.providers;
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public void initialize(ServiceConfiguration serviceConfiguration) throws IOException {
        initialize(AuthenticationProvider.Context.builder().config(serviceConfiguration).build());
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public void initialize(AuthenticationProvider.Context context) throws IOException {
        this.authenticationMetrics = new AuthenticationMetrics(context.getOpenTelemetry(), getClass().getSimpleName(), getAuthMethodName());
        Iterator<AuthenticationProvider> it = this.providers.iterator();
        while (it.hasNext()) {
            it.next().initialize(context);
        }
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public String getAuthMethodName() {
        return this.providers.get(0).getAuthMethodName();
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public void incrementFailureMetric(Enum<?> r4) {
        this.authenticationMetrics.recordFailure(r4);
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public CompletableFuture<String> authenticateAsync(AuthenticationDataSource authenticationDataSource) {
        CompletableFuture<String> completableFuture = new CompletableFuture<>();
        authenticateRemainingAuthProviders(completableFuture, authenticationDataSource, null, this.providers.isEmpty() ? -1 : 0);
        return completableFuture;
    }

    private void authenticateRemainingAuthProviders(CompletableFuture<String> completableFuture, AuthenticationDataSource authenticationDataSource, Throwable th, int i) {
        if (i >= 0 && i < this.providers.size()) {
            AuthenticationProvider authenticationProvider = this.providers.get(i);
            authenticationProvider.authenticateAsync(authenticationDataSource).whenComplete((str, th2) -> {
                if (th2 == null) {
                    completableFuture.complete(str);
                    return;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Authentication failed for auth provider " + String.valueOf(authenticationProvider.getClass()) + ": ", th2);
                }
                authenticateRemainingAuthProviders(completableFuture, authenticationDataSource, th2, i + 1);
            });
        } else {
            if (th == null) {
                th = new AuthenticationException("Authentication required");
            }
            this.authenticationMetrics.recordFailure(AuthenticationProvider.class.getSimpleName(), "authentication-provider-list", ErrorCode.AUTH_REQUIRED);
            completableFuture.completeExceptionally(th);
        }
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public String authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
        return (String) applyAuthProcessor(this.providers, this.authenticationMetrics, authenticationProvider -> {
            return authenticationProvider.authenticate(authenticationDataSource);
        });
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public AuthenticationState newAuthState(AuthData authData, SocketAddress socketAddress, SSLSession sSLSession) throws AuthenticationException {
        ArrayList arrayList = new ArrayList(this.providers.size());
        Exception exc = null;
        for (AuthenticationProvider authenticationProvider : this.providers) {
            try {
                arrayList.add(authenticationProvider.newAuthState(authData, socketAddress, sSLSession));
            } catch (Exception e) {
                if (log.isDebugEnabled()) {
                    log.debug("Authentication failed for auth provider " + String.valueOf(authenticationProvider.getClass()) + ": ", e);
                }
                exc = e;
            }
        }
        if (!arrayList.isEmpty()) {
            return new AuthenticationListState(arrayList, this.authenticationMetrics);
        }
        log.debug("Failed to initialize a new auth state from {}", socketAddress, exc);
        throw newAuthenticationException("Failed to initialize a new auth state from " + String.valueOf(socketAddress), exc);
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public AuthenticationState newHttpAuthState(HttpServletRequest httpServletRequest) throws AuthenticationException {
        ArrayList arrayList = new ArrayList(this.providers.size());
        Exception exc = null;
        for (AuthenticationProvider authenticationProvider : this.providers) {
            try {
                arrayList.add(authenticationProvider.newHttpAuthState(httpServletRequest));
            } catch (Exception e) {
                if (log.isDebugEnabled()) {
                    log.debug("Authentication failed for auth provider " + String.valueOf(authenticationProvider.getClass()) + ": ", e);
                }
                exc = e;
            }
        }
        if (!arrayList.isEmpty()) {
            return new AuthenticationListState(arrayList, this.authenticationMetrics);
        }
        log.debug("Failed to initialize a new http auth state from {}", httpServletRequest.getRemoteHost(), exc);
        throw newAuthenticationException("Failed to initialize a new http auth state from " + httpServletRequest.getRemoteHost(), exc);
    }

    @Override // org.apache.pulsar.broker.authentication.AuthenticationProvider
    public boolean authenticateHttpRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        return ((Boolean) applyAuthProcessor(this.providers, this.authenticationMetrics, authenticationProvider -> {
            return Boolean.valueOf(authenticationProvider.authenticateHttpRequest(httpServletRequest, httpServletResponse));
        })).booleanValue();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        Iterator<AuthenticationProvider> it = this.providers.iterator();
        while (it.hasNext()) {
            it.next().close();
        }
    }
}
