package com.authlete.jaxrs;

import com.authlete.common.api.AuthleteApi;
import com.authlete.common.dto.AuthorizationFailRequest;
import com.authlete.common.dto.Property;
import com.authlete.jaxrs.spi.AuthorizationDecisionHandlerSpi;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeSet;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

/* loaded from: input_file:com/authlete/jaxrs/AuthorizationDecisionHandler.class */
public class AuthorizationDecisionHandler extends BaseHandler {
    private final AuthorizationDecisionHandlerSpi mSpi;

    public AuthorizationDecisionHandler(AuthleteApi authleteApi, AuthorizationDecisionHandlerSpi authorizationDecisionHandlerSpi) {
        super(authleteApi);
        this.mSpi = authorizationDecisionHandlerSpi;
    }

    public Response handle(String str, String[] strArr, String[] strArr2) throws WebApplicationException {
        try {
            return process(str, strArr, strArr2);
        } catch (WebApplicationException e) {
            throw e;
        } catch (Throwable th) {
            throw unexpected("Unexpected error in AuthorizationDecisionHandler", th);
        }
    }

    private Response process(String str, String[] strArr, String[] strArr2) {
        if (!this.mSpi.isClientAuthorized()) {
            return fail(str, AuthorizationFailRequest.Reason.DENIED);
        }
        String userSubject = this.mSpi.getUserSubject();
        return (userSubject == null || userSubject.length() == 0) ? fail(str, AuthorizationFailRequest.Reason.NOT_AUTHENTICATED) : authorize(str, userSubject, this.mSpi.getUserAuthenticatedAt(), this.mSpi.getAcr(), collectClaims(userSubject, strArr, strArr2), this.mSpi.getProperties(), this.mSpi.getScopes());
    }

    private Map<String, Object> collectClaims(String str, String[] strArr, String[] strArr2) {
        Object claim;
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        String[] normalizeClaimLocales = normalizeClaimLocales(strArr2);
        HashMap hashMap = new HashMap();
        for (String str2 : strArr) {
            if (str2 != null && str2.length() != 0) {
                String[] split = str2.split("#", 2);
                String str3 = split[0];
                String str4 = split.length == 2 ? split[1] : null;
                if (str3 != null && str3.length() != 0 && (claim = getClaim(str3, str4, normalizeClaimLocales)) != null) {
                    if (str4 == null) {
                        str2 = str3;
                    }
                    hashMap.put(str2, claim);
                }
            }
        }
        if (hashMap.size() == 0) {
            return null;
        }
        return hashMap;
    }

    private String[] normalizeClaimLocales(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (str != null && str.length() != 0 && !treeSet.contains(str)) {
                treeSet.add(str);
                arrayList.add(str);
            }
        }
        int size = arrayList.size();
        if (size == 0) {
            return null;
        }
        if (size == strArr.length) {
            return strArr;
        }
        String[] strArr2 = new String[size];
        arrayList.toArray(strArr2);
        return strArr2;
    }

    private Object getClaim(String str, String str2, String[] strArr) {
        if (str2 != null && str2.length() != 0) {
            return this.mSpi.getUserClaim(str, str2);
        }
        if (strArr == null || strArr.length == 0) {
            return this.mSpi.getUserClaim(str, null);
        }
        for (String str3 : strArr) {
            Object userClaim = this.mSpi.getUserClaim(str, str3);
            if (userClaim != null) {
                return userClaim;
            }
        }
        return this.mSpi.getUserClaim(str, null);
    }

    private Response authorize(String str, String str2, long j, String str3, Map<String, Object> map, Property[] propertyArr, String[] strArr) {
        try {
            return getApiCaller().authorizationIssue(str, str2, j, str3, map, propertyArr, strArr);
        } catch (WebApplicationException e) {
            return e.getResponse();
        }
    }

    private Response fail(String str, AuthorizationFailRequest.Reason reason) {
        try {
            return getApiCaller().authorizationFail(str, reason).getResponse();
        } catch (WebApplicationException e) {
            return e.getResponse();
        }
    }
}
