package no.unit.commons.apigateway.authentication;

import com.amazonaws.services.lambda.runtime.Context;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Optional;
import nva.commons.apigateway.RequestInfo;
import nva.commons.apigateway.RestRequestHandler;
import nva.commons.apigateway.exceptions.ApiGatewayException;
import nva.commons.apigateway.exceptions.ForbiddenException;
import nva.commons.core.Environment;
import nva.commons.core.JsonUtils;
import nva.commons.core.attempt.Failure;
import nva.commons.core.attempt.Try;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/unit/commons/apigateway/authentication/RequestAuthorizer.class */
public abstract class RequestAuthorizer extends RestRequestHandler<Void, AuthorizerResponse> {
    public static final String EXECUTE_API_ACTION = "execute-api:Invoke";
    public static final String ALLOW_EFFECT = "Allow";
    public static final String ANY_RESOURCE = "*";
    public static final String ANY_HTTP_METHOD = "*";
    public static final String ALL_PATHS = "*";
    public static final String PATH_DELIMITER = "/";
    public static final int API_GATEWAY_IDENTIFIER_INDEX = 0;
    public static final int STAGE_INDEX = 1;
    public static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String DENY_EFFECT = "Deny";
    private static final Logger logger = LoggerFactory.getLogger(RequestAuthorizer.class);

    public RequestAuthorizer(Environment environment) {
        super(Void.class, environment);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthorizerResponse processInput(Void r4, RequestInfo requestInfo, Context context) throws ApiGatewayException {
        logger.debug("Requesting authorizing: " + principalId());
        secretCheck(requestInfo);
        return createResponse(createAllowAuthPolicy(formatPolicyResource(requestInfo.getMethodArn())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Integer getSuccessStatusCode(Void r3, AuthorizerResponse authorizerResponse) {
        return 200;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeOutput(Void r8, AuthorizerResponse authorizerResponse) throws IOException {
        BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(this.outputStream, StandardCharsets.UTF_8));
        try {
            bufferedWriter.write(JsonUtils.objectMapper.writeValueAsString(authorizerResponse));
            bufferedWriter.close();
        } catch (Throwable th) {
            try {
                bufferedWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeExpectedFailure(Void r5, ApiGatewayException apiGatewayException, String str) throws IOException {
        try {
            writeFailure();
        } catch (ForbiddenException e) {
            throw new IOException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeUnexpectedFailure(Void r5, Exception exc, String str) throws IOException {
        try {
            writeFailure();
        } catch (ForbiddenException e) {
            throw new IOException((Throwable) e);
        }
    }

    protected String formatPolicyResource(String str) {
        String[] split = str.split(PATH_DELIMITER);
        return String.join(PATH_DELIMITER, split[0], split[1], "*", "*");
    }

    protected AuthPolicy createAllowAuthPolicy(String str) throws ForbiddenException {
        logger.info("Allowed to access: " + principalId());
        return AuthPolicy.newBuilder().withStatement(Collections.singletonList(StatementElement.newBuilder().withResource(str).withAction(EXECUTE_API_ACTION).withEffect(ALLOW_EFFECT).build())).build();
    }

    protected AuthPolicy createDenyAuthPolicy() throws ForbiddenException {
        logger.info("Denied access: " + principalId());
        return AuthPolicy.newBuilder().withStatement(Collections.singletonList(StatementElement.newBuilder().withResource("*").withAction(EXECUTE_API_ACTION).withEffect(DENY_EFFECT).build())).build();
    }

    protected abstract String principalId() throws ForbiddenException;

    protected abstract String fetchSecret() throws ForbiddenException;

    protected void secretCheck(RequestInfo requestInfo) throws ForbiddenException {
        Optional.ofNullable((String) requestInfo.getHeaders().get(AUTHORIZATION_HEADER)).map(this::validateSecret).filter(this::validationSucceeded).orElseThrow(ForbiddenException::new);
    }

    private Boolean validationSucceeded(Boolean bool) {
        return bool;
    }

    private boolean validateSecret(String str) {
        return str.equals((String) Try.attempt(this::fetchSecret).orElseThrow(this::logErrorAndThrowException));
    }

    private void writeFailure() throws IOException, ForbiddenException {
        BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(this.outputStream, StandardCharsets.UTF_8));
        try {
            bufferedWriter.write(JsonUtils.objectMapper.writeValueAsString(AuthorizerResponse.newBuilder().withPrincipalId((String) Try.attempt(this::principalId).orElseThrow(this::logErrorAndThrowException)).withPolicyDocument(createDenyAuthPolicy()).build()));
            bufferedWriter.close();
        } catch (Throwable th) {
            try {
                bufferedWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private AuthorizerResponse createResponse(AuthPolicy authPolicy) throws ForbiddenException {
        return AuthorizerResponse.newBuilder().withPrincipalId(principalId()).withPolicyDocument(authPolicy).build();
    }

    private RuntimeException logErrorAndThrowException(Failure<String> failure) {
        logger.error(failure.getException().getMessage(), failure.getException());
        return new RuntimeException(failure.getException());
    }

    protected void checkHeaders(RequestInfo requestInfo) {
    }
}
