package io.quarkus.resteasy.reactive.server.runtime.security;

import io.quarkus.arc.InjectableInstance;
import io.quarkus.runtime.ShutdownEvent;
import io.quarkus.runtime.StartupEvent;
import io.quarkus.security.ForbiddenException;
import io.quarkus.security.UnauthorizedException;
import io.quarkus.security.identity.CurrentIdentityAssociation;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.spi.runtime.AuthorizationController;
import io.quarkus.security.spi.runtime.AuthorizationFailureEvent;
import io.quarkus.security.spi.runtime.AuthorizationSuccessEvent;
import io.quarkus.security.spi.runtime.BlockingSecurityExecutor;
import io.quarkus.security.spi.runtime.MethodDescription;
import io.quarkus.security.spi.runtime.SecurityCheckStorage;
import io.quarkus.security.spi.runtime.SecurityEventHelper;
import io.quarkus.vertx.http.runtime.HttpBuildTimeConfig;
import io.quarkus.vertx.http.runtime.HttpConfiguration;
import io.quarkus.vertx.http.runtime.PolicyMappingConfig;
import io.quarkus.vertx.http.runtime.security.AbstractPathMatchingHttpSecurityPolicy;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.quarkus.vertx.http.runtime.security.QuarkusHttpUser;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import jakarta.enterprise.event.Event;
import jakarta.enterprise.event.Observes;
import jakarta.enterprise.inject.Instance;
import jakarta.enterprise.inject.spi.BeanManager;
import jakarta.inject.Singleton;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Map;
import java.util.function.Function;
import java.util.function.Supplier;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext;
import org.jboss.resteasy.reactive.server.spi.ResteasyReactiveResourceInfo;

@Singleton
/* loaded from: input_file:io/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityContext.class */
public class EagerSecurityContext {
    static EagerSecurityContext instance = null;
    private final HttpSecurityPolicy.AuthorizationRequestContext authorizationRequestContext;
    final AbstractPathMatchingHttpSecurityPolicy jaxRsPathMatchingPolicy;
    final SecurityEventHelper<AuthorizationSuccessEvent, AuthorizationFailureEvent> eventHelper;
    final InjectableInstance<CurrentIdentityAssociation> identityAssociation;
    final AuthorizationController authorizationController;
    final SecurityCheckStorage securityCheckStorage;
    final boolean doNotRunPermissionSecurityCheck;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.resteasy.reactive.server.runtime.security.EagerSecurityContext$1SecurityCheckWithIdentity, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityContext$1SecurityCheckWithIdentity.class */
    public static final class C1SecurityCheckWithIdentity extends Record {
        private final SecurityIdentity identity;
        private final HttpSecurityPolicy.CheckResult checkResult;

        C1SecurityCheckWithIdentity(SecurityIdentity securityIdentity, HttpSecurityPolicy.CheckResult checkResult) {
            this.identity = securityIdentity;
            this.checkResult = checkResult;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, C1SecurityCheckWithIdentity.class), C1SecurityCheckWithIdentity.class, "identity;checkResult", "FIELD:Lio/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityContext$1SecurityCheckWithIdentity;->identity:Lio/quarkus/security/identity/SecurityIdentity;", "FIELD:Lio/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityContext$1SecurityCheckWithIdentity;->checkResult:Lio/quarkus/vertx/http/runtime/security/HttpSecurityPolicy$CheckResult;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, C1SecurityCheckWithIdentity.class), C1SecurityCheckWithIdentity.class, "identity;checkResult", "FIELD:Lio/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityContext$1SecurityCheckWithIdentity;->identity:Lio/quarkus/security/identity/SecurityIdentity;", "FIELD:Lio/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityContext$1SecurityCheckWithIdentity;->checkResult:Lio/quarkus/vertx/http/runtime/security/HttpSecurityPolicy$CheckResult;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, C1SecurityCheckWithIdentity.class, Object.class), C1SecurityCheckWithIdentity.class, "identity;checkResult", "FIELD:Lio/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityContext$1SecurityCheckWithIdentity;->identity:Lio/quarkus/security/identity/SecurityIdentity;", "FIELD:Lio/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityContext$1SecurityCheckWithIdentity;->checkResult:Lio/quarkus/vertx/http/runtime/security/HttpSecurityPolicy$CheckResult;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public SecurityIdentity identity() {
            return this.identity;
        }

        public HttpSecurityPolicy.CheckResult checkResult() {
            return this.checkResult;
        }
    }

    EagerSecurityContext(Event<AuthorizationFailureEvent> event, @ConfigProperty(name = "quarkus.security.events.enabled") boolean z, Event<AuthorizationSuccessEvent> event2, BeanManager beanManager, InjectableInstance<CurrentIdentityAssociation> injectableInstance, AuthorizationController authorizationController, SecurityCheckStorage securityCheckStorage, HttpConfiguration httpConfiguration, BlockingSecurityExecutor blockingSecurityExecutor, HttpBuildTimeConfig httpBuildTimeConfig, Instance<HttpSecurityPolicy> instance2) {
        this.identityAssociation = injectableInstance;
        this.authorizationController = authorizationController;
        this.securityCheckStorage = securityCheckStorage;
        this.eventHelper = new SecurityEventHelper<>(event2, event, SecurityEventHelper.AUTHORIZATION_SUCCESS, SecurityEventHelper.AUTHORIZATION_FAILURE, beanManager, z);
        AbstractPathMatchingHttpSecurityPolicy abstractPathMatchingHttpSecurityPolicy = new AbstractPathMatchingHttpSecurityPolicy(httpConfiguration.auth.permissions, httpConfiguration.auth.rolePolicy, httpBuildTimeConfig.rootPath, instance2, PolicyMappingConfig.AppliesTo.JAXRS);
        if (abstractPathMatchingHttpSecurityPolicy.hasNoPermissions()) {
            this.jaxRsPathMatchingPolicy = null;
            this.authorizationRequestContext = null;
            this.doNotRunPermissionSecurityCheck = true;
        } else {
            this.jaxRsPathMatchingPolicy = abstractPathMatchingHttpSecurityPolicy;
            this.authorizationRequestContext = new HttpSecurityPolicy.DefaultAuthorizationRequestContext(blockingSecurityExecutor);
            this.doNotRunPermissionSecurityCheck = false;
        }
    }

    void initSingleton(@Observes StartupEvent startupEvent) {
        instance = this;
    }

    void destroySingleton(@Observes ShutdownEvent shutdownEvent) {
        instance = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Uni<SecurityIdentity> getDeferredIdentity() {
        return Uni.createFrom().deferred(new Supplier<Uni<? extends SecurityIdentity>>() { // from class: io.quarkus.resteasy.reactive.server.runtime.security.EagerSecurityContext.1
            @Override // java.util.function.Supplier
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public Uni<? extends SecurityIdentity> get2() {
                return ((CurrentIdentityAssociation) EagerSecurityContext.instance.identityAssociation.get()).getDeferredIdentity();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Uni<SecurityIdentity> getPermissionCheck(ResteasyReactiveRequestContext resteasyReactiveRequestContext, final SecurityIdentity securityIdentity) {
        final RoutingContext routingContext = (RoutingContext) resteasyReactiveRequestContext.unwrap(RoutingContext.class);
        if (routingContext == null) {
            throw new IllegalStateException("HTTP Security policy applied only on Quarkus REST cannot be run as 'RoutingContext' is null");
        }
        return this.jaxRsPathMatchingPolicy.checkPermission(routingContext, securityIdentity == null ? getDeferredIdentity() : Uni.createFrom().item(securityIdentity), this.authorizationRequestContext).flatMap(new Function<HttpSecurityPolicy.CheckResult, Uni<? extends C1SecurityCheckWithIdentity>>() { // from class: io.quarkus.resteasy.reactive.server.runtime.security.EagerSecurityContext.3
            @Override // java.util.function.Function
            public Uni<C1SecurityCheckWithIdentity> apply(final HttpSecurityPolicy.CheckResult checkResult) {
                return securityIdentity != null ? Uni.createFrom().item(new C1SecurityCheckWithIdentity(securityIdentity, checkResult)) : (checkResult.isPermitted() && checkResult.getAugmentedIdentity() == null) ? Uni.createFrom().item(new C1SecurityCheckWithIdentity(null, checkResult)) : EagerSecurityContext.this.getDeferredIdentity().map(new Function<SecurityIdentity, C1SecurityCheckWithIdentity>() { // from class: io.quarkus.resteasy.reactive.server.runtime.security.EagerSecurityContext.3.1
                    @Override // java.util.function.Function
                    public C1SecurityCheckWithIdentity apply(SecurityIdentity securityIdentity2) {
                        return new C1SecurityCheckWithIdentity(securityIdentity2, checkResult);
                    }
                });
            }
        }).map(new Function<C1SecurityCheckWithIdentity, SecurityIdentity>() { // from class: io.quarkus.resteasy.reactive.server.runtime.security.EagerSecurityContext.2
            @Override // java.util.function.Function
            public SecurityIdentity apply(C1SecurityCheckWithIdentity c1SecurityCheckWithIdentity) {
                SecurityIdentity augmentedIdentity;
                HttpSecurityPolicy.CheckResult checkResult = c1SecurityCheckWithIdentity.checkResult();
                if (checkResult.getAugmentedIdentity() == null) {
                    augmentedIdentity = c1SecurityCheckWithIdentity.identity();
                } else if (checkResult.getAugmentedIdentity() != c1SecurityCheckWithIdentity.identity()) {
                    augmentedIdentity = checkResult.getAugmentedIdentity();
                    routingContext.setUser(new QuarkusHttpUser(augmentedIdentity));
                    ((CurrentIdentityAssociation) EagerSecurityContext.this.identityAssociation.get()).setIdentity(augmentedIdentity);
                } else {
                    augmentedIdentity = checkResult.getAugmentedIdentity();
                }
                if (checkResult.isPermitted()) {
                    if (EagerSecurityContext.this.eventHelper.fireEventOnSuccess()) {
                        EagerSecurityContext.this.eventHelper.fireSuccessEvent(new AuthorizationSuccessEvent(augmentedIdentity, AbstractPathMatchingHttpSecurityPolicy.class.getName(), Map.of(RoutingContext.class.getName(), routingContext)));
                    }
                    return augmentedIdentity;
                }
                UnauthorizedException unauthorizedException = augmentedIdentity.isAnonymous() ? new UnauthorizedException() : new ForbiddenException();
                if (EagerSecurityContext.this.eventHelper.fireEventOnFailure()) {
                    EagerSecurityContext.this.eventHelper.fireFailureEvent(new AuthorizationFailureEvent(augmentedIdentity, unauthorizedException, AbstractPathMatchingHttpSecurityPolicy.class.getName(), Map.of(RoutingContext.class.getName(), routingContext)));
                }
                throw unauthorizedException;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static MethodDescription lazyMethodToMethodDescription(ResteasyReactiveResourceInfo resteasyReactiveResourceInfo) {
        return new MethodDescription(resteasyReactiveResourceInfo.getActualDeclaringClassName(), resteasyReactiveResourceInfo.getName(), MethodDescription.typesAsStrings(resteasyReactiveResourceInfo.getParameterTypes()));
    }
}
