package org.apache.rocketmq.auth.authorization.chain;

import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.Supplier;
import org.apache.rocketmq.auth.authentication.enums.SubjectType;
import org.apache.rocketmq.auth.authentication.enums.UserStatus;
import org.apache.rocketmq.auth.authentication.enums.UserType;
import org.apache.rocketmq.auth.authentication.exception.AuthenticationException;
import org.apache.rocketmq.auth.authentication.factory.AuthenticationFactory;
import org.apache.rocketmq.auth.authentication.model.Subject;
import org.apache.rocketmq.auth.authentication.model.User;
import org.apache.rocketmq.auth.authentication.provider.AuthenticationMetadataProvider;
import org.apache.rocketmq.auth.authorization.context.DefaultAuthorizationContext;
import org.apache.rocketmq.auth.authorization.exception.AuthorizationException;
import org.apache.rocketmq.auth.config.AuthConfig;
import org.apache.rocketmq.common.chain.Handler;
import org.apache.rocketmq.common.chain.HandlerChain;

/* loaded from: input_file:org/apache/rocketmq/auth/authorization/chain/UserAuthorizationHandler.class */
public class UserAuthorizationHandler implements Handler<DefaultAuthorizationContext, CompletableFuture<Void>> {
    private final AuthenticationMetadataProvider authenticationMetadataProvider;

    public UserAuthorizationHandler(AuthConfig authConfig, Supplier<?> supplier) {
        this.authenticationMetadataProvider = AuthenticationFactory.getMetadataProvider(authConfig, supplier);
    }

    public CompletableFuture<Void> handle(DefaultAuthorizationContext defaultAuthorizationContext, HandlerChain<DefaultAuthorizationContext, CompletableFuture<Void>> handlerChain) {
        return !defaultAuthorizationContext.getSubject().isSubject(SubjectType.USER) ? (CompletableFuture) handlerChain.handle(defaultAuthorizationContext) : getUser(defaultAuthorizationContext.getSubject()).thenCompose(user -> {
            return user.getUserType() == UserType.SUPER ? CompletableFuture.completedFuture(null) : (CompletionStage) handlerChain.handle(defaultAuthorizationContext);
        });
    }

    private CompletableFuture<User> getUser(Subject subject) {
        if (this.authenticationMetadataProvider == null) {
            throw new AuthorizationException("The authenticationMetadataProvider is not configured");
        }
        User user = (User) subject;
        return this.authenticationMetadataProvider.getUser(user.getUsername()).thenApply(user2 -> {
            if (user2 == null) {
                throw new AuthorizationException("User:{} not found.", user.getUsername());
            }
            if (user.getUserStatus() == UserStatus.DISABLE) {
                throw new AuthenticationException("User:{} is disabled.", user.getUsername());
            }
            return user2;
        });
    }

    public /* bridge */ /* synthetic */ Object handle(Object obj, HandlerChain handlerChain) {
        return handle((DefaultAuthorizationContext) obj, (HandlerChain<DefaultAuthorizationContext, CompletableFuture<Void>>) handlerChain);
    }
}
