package com.predic8.membrane.core.interceptor.apikey;

import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCChildElement;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.core.exceptions.ProblemDetails;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.apikey.extractors.ApiKeyExtractor;
import com.predic8.membrane.core.interceptor.apikey.extractors.LocationNameValue;
import com.predic8.membrane.core.interceptor.apikey.stores.ApiKeyStore;
import com.predic8.membrane.core.interceptor.apikey.stores.UnauthorizedApiKeyException;
import com.predic8.membrane.core.security.ApiKeySecurityScheme;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;

@MCElement(name = "apiKey")
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.12.jar:com/predic8/membrane/core/interceptor/apikey/ApiKeysInterceptor.class */
public class ApiKeysInterceptor extends AbstractInterceptor {
    public static final String SCOPES = "membrane-scopes";
    public static final String TYPE_4XX = "authorization-denied";
    public static final String TITLE_4XX = "Access Denied";
    private final List<ApiKeyStore> stores = new ArrayList();
    private final List<ApiKeyExtractor> extractors = new ArrayList();
    private boolean required = true;

    public ApiKeysInterceptor() {
        this.name = "Api Key";
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getShortDescription() {
        return "Secures access with ApiKeys and RBAC with Scopes. ";
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getLongDescription() {
        return getShortDescription() + "<br/>" + ((String) this.extractors.stream().map(apiKeyExtractor -> {
            return apiKeyExtractor.getDescription() + "<br/>";
        }).collect(Collectors.joining()));
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor
    public void init() {
        this.stores.addAll(this.router.getBeanFactory().getBeansOfType(ApiKeyStore.class).values());
        this.stores.forEach(apiKeyStore -> {
            apiKeyStore.init(this.router);
        });
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) {
        Optional<LocationNameValue> key = getKey(exchange);
        if (this.required && key.isEmpty()) {
            exchange.setResponse(ProblemDetails.security(false).statusCode(401).addSubType(TYPE_4XX).title(TITLE_4XX).detail("Tried to access apiKey protected resource without key.").build());
            return Outcome.RETURN;
        }
        if (key.isPresent()) {
            try {
                LocationNameValue locationNameValue = key.get();
                new ApiKeySecurityScheme(locationNameValue.location(), locationNameValue.name()).scopes(getScopes(locationNameValue.key())).add(exchange);
            } catch (UnauthorizedApiKeyException e) {
                if (!this.required) {
                    return Outcome.CONTINUE;
                }
                exchange.setResponse(ProblemDetails.security(false).statusCode(403).addSubType(TYPE_4XX).title(TITLE_4XX).detail("The provided API key is invalid.").build());
                return Outcome.RETURN;
            }
        }
        return Outcome.CONTINUE;
    }

    public Set<String> getScopes(String str) throws UnauthorizedApiKeyException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean z = false;
        Iterator<ApiKeyStore> it = this.stores.iterator();
        while (it.hasNext()) {
            try {
                Optional<List<String>> scopes = it.next().getScopes(str);
                Objects.requireNonNull(linkedHashSet);
                scopes.ifPresent((v1) -> {
                    r1.addAll(v1);
                });
                z = true;
            } catch (Exception e) {
            }
        }
        if (z) {
            return new HashSet(linkedHashSet);
        }
        throw new UnauthorizedApiKeyException();
    }

    public Optional<LocationNameValue> getKey(Exchange exchange) {
        return this.extractors.stream().flatMap(apiKeyExtractor -> {
            return Stream.ofNullable(apiKeyExtractor.extract(exchange).orElse(null));
        }).findFirst();
    }

    @MCAttribute
    public void setRequired(boolean z) {
        this.required = z;
    }

    public boolean isRequired() {
        return this.required;
    }

    @MCChildElement(allowForeign = true)
    public void setStores(List<ApiKeyStore> list) {
        this.stores.addAll(list);
    }

    public List<ApiKeyStore> getStores() {
        return this.stores;
    }

    @MCChildElement(allowForeign = true, order = 1)
    public void setExtractors(List<ApiKeyExtractor> list) {
        this.extractors.addAll(list);
    }

    public List<ApiKeyExtractor> getExtractors() {
        return this.extractors;
    }
}
