package io.helidon.security;

import io.helidon.security.AuditEvent;
import io.helidon.security.internal.SecurityAuditEvent;
import io.helidon.security.spi.AuthorizationProvider;

/* loaded from: input_file:io/helidon/security/AuthorizationClientImpl.class */
final class AuthorizationClientImpl implements SecurityClient<AuthorizationResponse> {
    private final Security security;
    private final SecurityContextImpl context;
    private final SecurityRequest request;
    private final String providerName;
    private final ProviderRequest providerRequest;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationClientImpl(Security security, SecurityContextImpl securityContextImpl, SecurityRequest securityRequest, String str) {
        this.security = security;
        this.context = securityContextImpl;
        this.request = securityRequest;
        this.providerName = str;
        this.providerRequest = new ProviderRequest(securityContextImpl, securityRequest.resources());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.helidon.security.SecurityClient
    public AuthorizationResponse submit() {
        return (AuthorizationResponse) this.security.resolveAtzProvider(this.providerName).map(this::authorize).orElse(AuthorizationResponse.permit());
    }

    private AuthorizationResponse authorize(AuthorizationProvider authorizationProvider) {
        AuthorizationResponse authorize = authorizationProvider.authorize(this.providerRequest);
        try {
            if (authorize.status().isSuccess()) {
                this.context.audit(SecurityAuditEvent.success("authz.authorize", "Path %s. Provider %s. Subject %s").addParam(AuditEvent.AuditParam.plain("path", this.providerRequest.env().path())).addParam(AuditEvent.AuditParam.plain("provider", authorizationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("subject", this.context.user())));
            } else {
                this.context.audit(SecurityAuditEvent.failure("authz.authorize", "Path %s. Provider %s, Description %s, Request %s. Subject %s").addParam(AuditEvent.AuditParam.plain("path", this.providerRequest.env().path())).addParam(AuditEvent.AuditParam.plain("provider", authorizationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("request", this)).addParam(AuditEvent.AuditParam.plain("subject", this.context.user())).addParam(AuditEvent.AuditParam.plain("message", authorize.description().orElse(null))).addParam(AuditEvent.AuditParam.plain("exception", authorize.throwable().orElse(null))));
            }
            return authorize;
        } catch (Exception e) {
            this.context.audit(SecurityAuditEvent.error("authz.authorize", "Path %s. Provider %s, Description %s, Request %s. Subject %s. %s: %s").addParam(AuditEvent.AuditParam.plain("path", this.providerRequest.env().path())).addParam(AuditEvent.AuditParam.plain("provider", authorizationProvider.getClass().getName())).addParam(AuditEvent.AuditParam.plain("description", "Audit failure")).addParam(AuditEvent.AuditParam.plain("request", this)).addParam(AuditEvent.AuditParam.plain("subject", this.context.user())).addParam(AuditEvent.AuditParam.plain("message", e.getMessage())).addParam(AuditEvent.AuditParam.plain("exception", e)));
            throw new SecurityException(e);
        }
    }
}
