package io.helidon.security;

import io.helidon.common.context.Contexts;
import io.helidon.security.AuditEvent;
import io.helidon.security.SecurityContext;
import io.helidon.security.internal.SecurityAuditEvent;
import io.helidon.security.spi.AuthorizationProvider;
import io.helidon.tracing.SpanContext;
import io.helidon.tracing.Tracer;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.stream.Stream;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/security/SecurityContextImpl.class */
public final class SecurityContextImpl implements SecurityContext {
    private final Security security;
    private final String tracingId;
    private final SpanContext requestSpan;
    private final Tracer securityTracer;
    private final SecurityTime serverTime;
    private volatile SecurityEnvironment environment;
    private volatile EndpointConfig ec;
    private volatile Subject serviceSubject;
    private volatile Subject currentSubject;
    private final ReadWriteLock envLock = new ReentrantReadWriteLock();
    private final ReadWriteLock ecLock = new ReentrantReadWriteLock();
    private volatile AtomicBoolean atzChecked = new AtomicBoolean(false);

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityContextImpl(SecurityContext.Builder builder) {
        this.security = builder.security();
        this.tracingId = builder.id();
        this.requestSpan = builder.tracingSpan();
        this.securityTracer = builder.tracingTracer();
        this.serverTime = builder.serverTime();
        this.environment = builder.env();
        this.ec = builder.endpointConfig();
    }

    @Override // io.helidon.security.SecurityContext
    public SpanContext tracingSpan() {
        return this.requestSpan;
    }

    @Override // io.helidon.security.SecurityContext
    public Tracer tracer() {
        return this.securityTracer;
    }

    @Override // io.helidon.security.SecurityContext
    public String id() {
        return this.tracingId;
    }

    @Override // io.helidon.security.SecurityContext
    public SecurityTime serverTime() {
        return this.serverTime;
    }

    @Override // io.helidon.security.SecurityContext
    public SecurityRequestBuilder<?> securityRequestBuilder() {
        return securityRequestBuilder(env());
    }

    @Override // io.helidon.security.SecurityContext
    public SecurityRequestBuilder<?> securityRequestBuilder(SecurityEnvironment securityEnvironment) {
        return new SecurityRequestBuilder<>(this);
    }

    @Override // io.helidon.security.SecurityContext
    public SecurityClientBuilder<AuthenticationResponse> atnClientBuilder() {
        return new SecurityClientBuilder<>(this.security, this, AuthenticationClientImpl::new);
    }

    @Override // io.helidon.security.SecurityContext
    public AuthenticationResponse authenticate() {
        return atnClientBuilder().buildAndGet();
    }

    @Override // io.helidon.security.SecurityContext
    public SecurityClientBuilder<AuthorizationResponse> atzClientBuilder() {
        this.atzChecked.set(true);
        return new SecurityClientBuilder<>(this.security, this, AuthorizationClientImpl::new);
    }

    @Override // io.helidon.security.SecurityContext
    public OutboundSecurityClientBuilder outboundClientBuilder() {
        return new OutboundSecurityClientBuilder(this.security, this);
    }

    @Override // io.helidon.security.SecurityContext
    public boolean isAuthenticated() {
        return user().isPresent();
    }

    @Override // io.helidon.security.SecurityContext
    public void logout() {
        this.currentSubject = ANONYMOUS;
    }

    @Override // io.helidon.security.SecurityContext
    public boolean isUserInRole(String str) {
        if (isAuthenticated()) {
            return ((Boolean) this.security.providerSelectionPolicy().selectProvider(AuthorizationProvider.class).map(authorizationProvider -> {
                return Boolean.valueOf(authorizationProvider.isUserInRole(this.currentSubject, str));
            }).orElseGet(() -> {
                Stream stream = ((Set) user().map(Security::getRoles).orElse(Set.of())).stream();
                Objects.requireNonNull(str);
                return Boolean.valueOf(stream.anyMatch((v1) -> {
                    return r1.equals(v1);
                }));
            })).booleanValue();
        }
        return false;
    }

    @Override // io.helidon.security.SecurityContext
    public boolean isUserInRole(String str, String str2) {
        return ((Boolean) this.security.resolveAtzProvider(str2).map(authorizationProvider -> {
            return Boolean.valueOf(authorizationProvider.isUserInRole(this.currentSubject, str));
        }).orElse(false)).booleanValue();
    }

    @Override // io.helidon.security.SecurityContext
    public AuthorizationResponse authorize(Object... objArr) {
        this.atzChecked.set(true);
        SecurityClientBuilder<AuthorizationResponse> atzClientBuilder = atzClientBuilder();
        for (int i = 0; i < objArr.length; i++) {
            if (i == 0) {
                atzClientBuilder.object(objArr[i]);
            }
            atzClientBuilder.object("object" + i, objArr[i]);
        }
        return atzClientBuilder.buildAndGet();
    }

    @Override // io.helidon.security.SecurityContext
    public void audit(AuditEvent auditEvent) {
        this.security.audit(this.tracingId, auditEvent);
    }

    @Override // io.helidon.security.SecurityContext
    public void runAs(Subject subject, Runnable runnable) {
        audit(SecurityAuditEvent.info("security.runAs", "runAs(Subject,Runnable) invoked for %s").addParam(AuditEvent.AuditParam.plain("subject", subject)));
        Subject subject2 = this.currentSubject;
        try {
            this.currentSubject = subject;
            runnable.run();
            this.currentSubject = subject2;
        } catch (Throwable th) {
            this.currentSubject = subject2;
            throw th;
        }
    }

    @Override // io.helidon.security.SecurityContext
    public void runAs(String str, Runnable runnable) {
        runAs(Subject.builder().principal(this.currentSubject.principal()).addGrant(Role.create(str)).m32build(), runnable);
    }

    @Override // io.helidon.security.SecurityContext
    public Optional<Subject> service() {
        return this.serviceSubject == ANONYMOUS ? Optional.empty() : Optional.ofNullable(this.serviceSubject);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setService(Subject subject) {
        Objects.requireNonNull(subject);
        this.serviceSubject = subject;
    }

    @Override // io.helidon.security.SecurityContext
    public Optional<Subject> user() {
        return this.currentSubject == ANONYMOUS ? Optional.empty() : Optional.ofNullable(this.currentSubject);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setUser(Subject subject) {
        Objects.requireNonNull(subject);
        this.currentSubject = subject;
        Contexts.context().ifPresent(context -> {
            context.register(this.currentSubject.principal());
        });
    }

    @Override // io.helidon.security.SecurityContext
    public EndpointConfig endpointConfig() {
        Lock readLock = this.ecLock.readLock();
        try {
            readLock.lock();
            return this.ec;
        } finally {
            readLock.unlock();
        }
    }

    @Override // io.helidon.security.SecurityContext
    public void endpointConfig(EndpointConfig endpointConfig) {
        Lock writeLock = this.ecLock.writeLock();
        try {
            writeLock.lock();
            this.ec = endpointConfig;
        } finally {
            writeLock.unlock();
        }
    }

    @Override // io.helidon.security.SecurityContext
    public SecurityEnvironment env() {
        Lock readLock = this.envLock.readLock();
        try {
            readLock.lock();
            return this.environment;
        } finally {
            readLock.unlock();
        }
    }

    @Override // io.helidon.security.SecurityContext
    public void env(SecurityEnvironment securityEnvironment) {
        Lock writeLock = this.envLock.writeLock();
        try {
            writeLock.lock();
            this.environment = securityEnvironment;
        } finally {
            writeLock.unlock();
        }
    }

    public boolean isAuthorized() {
        return this.atzChecked.get();
    }
}
