package io.quarkus.security.deployment;

import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.AnnotationsTransformerBuildItem;
import io.quarkus.arc.deployment.BeanArchiveIndexBuildItem;
import io.quarkus.arc.deployment.BeanRegistrarBuildItem;
import io.quarkus.arc.deployment.InterceptorBindingRegistrarBuildItem;
import io.quarkus.arc.processor.AnnotationStore;
import io.quarkus.arc.processor.BeanConfigurator;
import io.quarkus.arc.processor.BeanRegistrar;
import io.quarkus.arc.processor.BuildExtension;
import io.quarkus.arc.processor.BuiltinScope;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.builditem.ApplicationClassPredicateBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
import io.quarkus.gizmo.MethodCreator;
import io.quarkus.gizmo.MethodDescriptor;
import io.quarkus.gizmo.ResultHandle;
import io.quarkus.security.runtime.IdentityProviderManagerCreator;
import io.quarkus.security.runtime.SecurityBuildTimeConfig;
import io.quarkus.security.runtime.SecurityIdentityAssociation;
import io.quarkus.security.runtime.SecurityIdentityProxy;
import io.quarkus.security.runtime.interceptor.AuthenticatedInterceptor;
import io.quarkus.security.runtime.interceptor.DenyAllInterceptor;
import io.quarkus.security.runtime.interceptor.PermitAllInterceptor;
import io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor;
import io.quarkus.security.runtime.interceptor.SecurityCheckStorage;
import io.quarkus.security.runtime.interceptor.SecurityCheckStorageBuilder;
import io.quarkus.security.runtime.interceptor.SecurityConstrainer;
import io.quarkus.security.runtime.interceptor.SecurityHandler;
import io.quarkus.security.spi.AdditionalSecuredClassesBuildIem;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationTarget;
import org.jboss.jandex.AnnotationValue;
import org.jboss.jandex.ClassInfo;
import org.jboss.jandex.DotName;
import org.jboss.jandex.IndexView;
import org.jboss.jandex.MethodInfo;
import org.jboss.jandex.Type;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/security/deployment/SecurityProcessor.class */
public class SecurityProcessor {
    private static final Logger log = Logger.getLogger(SecurityProcessor.class);
    SecurityConfig security;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.security.deployment.SecurityProcessor$2, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/security/deployment/SecurityProcessor$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$jboss$jandex$AnnotationTarget$Kind = new int[AnnotationTarget.Kind.values().length];

        static {
            try {
                $SwitchMap$org$jboss$jandex$AnnotationTarget$Kind[AnnotationTarget.Kind.CLASS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$jboss$jandex$AnnotationTarget$Kind[AnnotationTarget.Kind.METHOD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @BuildStep
    void services(BuildProducer<JCAProviderBuildItem> buildProducer) {
        if (this.security.securityProviders != null) {
            for (String str : this.security.securityProviders) {
                buildProducer.produce(new JCAProviderBuildItem(str));
                log.debugf("Added providerName: %s", str);
            }
        }
    }

    @BuildStep
    void registerJCAProviders(BuildProducer<ReflectiveClassBuildItem> buildProducer, List<JCAProviderBuildItem> list) {
        Iterator<JCAProviderBuildItem> it = list.iterator();
        while (it.hasNext()) {
            for (String str : registerProvider(it.next().getProviderName())) {
                buildProducer.produce(new ReflectiveClassBuildItem(true, true, new String[]{str}));
                log.debugf("Register JCA class: %s", str);
            }
        }
    }

    @BuildStep
    void transformSecurityAnnotations(BuildProducer<AnnotationsTransformerBuildItem> buildProducer, SecurityBuildTimeConfig securityBuildTimeConfig) {
        if (securityBuildTimeConfig.denyUnannotated) {
            buildProducer.produce(new AnnotationsTransformerBuildItem(new DenyingUnannotatedTransformer()));
        }
    }

    @BuildStep
    void registerSecurityInterceptors(BuildProducer<InterceptorBindingRegistrarBuildItem> buildProducer, BuildProducer<AdditionalBeanBuildItem> buildProducer2) {
        buildProducer.produce(new InterceptorBindingRegistrarBuildItem(new SecurityAnnotationsRegistrar()));
        buildProducer2.produce(new AdditionalBeanBuildItem(new Class[]{AuthenticatedInterceptor.class, DenyAllInterceptor.class, PermitAllInterceptor.class, RolesAllowedInterceptor.class}));
        buildProducer2.produce(new AdditionalBeanBuildItem(new Class[]{SecurityHandler.class, SecurityConstrainer.class}));
    }

    @BuildStep
    void gatherSecurityChecks(BuildProducer<BeanRegistrarBuildItem> buildProducer, final BeanArchiveIndexBuildItem beanArchiveIndexBuildItem, BuildProducer<ApplicationClassPredicateBuildItem> buildProducer2, List<AdditionalSecuredClassesBuildIem> list) {
        buildProducer2.produce(new ApplicationClassPredicateBuildItem(new SecurityCheckStorage.AppPredicate()));
        final HashSet hashSet = new HashSet();
        if (list != null) {
            Iterator<AdditionalSecuredClassesBuildIem> it = list.iterator();
            while (it.hasNext()) {
                hashSet.addAll(it.next().additionalSecuredClasses);
            }
        }
        buildProducer.produce(new BeanRegistrarBuildItem(new BeanRegistrar() { // from class: io.quarkus.security.deployment.SecurityProcessor.1
            public void register(BeanRegistrar.RegistrationContext registrationContext) {
                Map gatherSecurityAnnotationsByLooping = SecurityProcessor.this.gatherSecurityAnnotationsByLooping(beanArchiveIndexBuildItem.getIndex(), registrationContext, hashSet);
                DotName createSimple = DotName.createSimple(SecurityCheckStorage.class.getName());
                BeanConfigurator configure = registrationContext.configure(createSimple);
                configure.addType(createSimple);
                configure.scope(BuiltinScope.APPLICATION.getInfo());
                configure.creator(methodCreator -> {
                    ResultHandle newInstance = methodCreator.newInstance(MethodDescriptor.ofConstructor(SecurityCheckStorageBuilder.class, new Class[0]), new ResultHandle[0]);
                    Iterator it2 = gatherSecurityAnnotationsByLooping.entrySet().iterator();
                    while (it2.hasNext()) {
                        SecurityProcessor.this.registerSecuredMethod(newInstance, methodCreator, (Map.Entry) it2.next());
                    }
                    methodCreator.returnValue(methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(SecurityCheckStorageBuilder.class, "create", SecurityCheckStorage.class, new Class[0]), newInstance, new ResultHandle[0]));
                });
                configure.done();
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void registerSecuredMethod(ResultHandle resultHandle, MethodCreator methodCreator, Map.Entry<MethodInfo, AnnotationInstance> entry) {
        try {
            MethodInfo key = entry.getKey();
            ResultHandle load = methodCreator.load(key.declaringClass().name().toString());
            ResultHandle load2 = methodCreator.load(key.name());
            ResultHandle paramTypes = paramTypes(methodCreator, key.parameters());
            AnnotationInstance value = entry.getValue();
            methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(SecurityCheckStorageBuilder.class.getDeclaredMethod("registerAnnotation", String.class, String.class, String[].class, String.class, String[].class)), resultHandle, new ResultHandle[]{load, load2, paramTypes, methodCreator.load(value.name().toString()), annotationValues(methodCreator, value)});
        } catch (NoSuchMethodException e) {
            throw new IllegalStateException("registerAnnotation method not found on on SecurityCheckStorage", e);
        }
    }

    private ResultHandle annotationValues(MethodCreator methodCreator, AnnotationInstance annotationInstance) {
        AnnotationValue value = annotationInstance.value();
        if (value == null || value.asStringArray() == null) {
            return methodCreator.loadNull();
        }
        String[] asStringArray = value.asStringArray();
        ResultHandle newArray = methodCreator.newArray(String.class, methodCreator.load(asStringArray.length));
        int i = 0;
        for (String str : asStringArray) {
            int i2 = i;
            i++;
            methodCreator.writeArrayValue(newArray, i2, methodCreator.load(str));
        }
        return newArray;
    }

    private ResultHandle paramTypes(MethodCreator methodCreator, List<Type> list) {
        ResultHandle newArray = methodCreator.newArray(String.class, methodCreator.load(list.size()));
        for (int i = 0; i < list.size(); i++) {
            methodCreator.writeArrayValue(newArray, i, methodCreator.load(list.get(i).toString()));
        }
        return newArray;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<MethodInfo, AnnotationInstance> gatherSecurityAnnotationsByLooping(IndexView indexView, BeanRegistrar.RegistrationContext registrationContext, Set<ClassInfo> set) {
        Set<DotName> keySet = SecurityAnnotationsRegistrar.SECURITY_BINDINGS.keySet();
        AnnotationStore annotationStore = (AnnotationStore) registrationContext.get(BuildExtension.Key.ANNOTATION_STORE);
        HashSet hashSet = new HashSet(set);
        Iterator<DotName> it = SecurityAnnotationsRegistrar.SECURITY_BINDINGS.keySet().iterator();
        while (it.hasNext()) {
            Iterator it2 = indexView.getAnnotations(it.next()).iterator();
            while (it2.hasNext()) {
                AnnotationTarget target = ((AnnotationInstance) it2.next()).target();
                switch (AnonymousClass2.$SwitchMap$org$jboss$jandex$AnnotationTarget$Kind[target.kind().ordinal()]) {
                    case 1:
                        hashSet.add(target.asClass());
                        break;
                    case 2:
                        hashSet.add(target.asMethod().declaringClass());
                        break;
                    default:
                        throw new IllegalStateException("Security annotation discovered on unsupported target: " + target);
                }
            }
        }
        return gatherSecurityAnnotations(keySet, hashSet, annotationStore);
    }

    private Map<MethodInfo, AnnotationInstance> gatherSecurityAnnotations(Set<DotName> set, Set<ClassInfo> set2, AnnotationStore annotationStore) {
        HashMap hashMap = new HashMap();
        for (ClassInfo classInfo : set2) {
            AnnotationInstance single = getSingle(annotationStore.getAnnotations(classInfo), set);
            for (MethodInfo methodInfo : classInfo.methods()) {
                AnnotationInstance single2 = getSingle(annotationStore.getAnnotations(methodInfo), set);
                AnnotationInstance annotationInstance = single2 == null ? single : single2;
                if (annotationInstance != null) {
                    hashMap.put(methodInfo, annotationInstance);
                }
            }
        }
        return hashMap;
    }

    private AnnotationInstance getSingle(Collection<AnnotationInstance> collection, Set<DotName> set) {
        AnnotationInstance annotationInstance = null;
        for (AnnotationInstance annotationInstance2 : collection) {
            if (set.contains(annotationInstance2.name())) {
                if (annotationInstance != null) {
                    throw new IllegalStateException("Multiple security annotations on target: " + annotationInstance2.target());
                }
                annotationInstance = annotationInstance2;
            }
        }
        return annotationInstance;
    }

    private List<String> registerProvider(String str) {
        ArrayList arrayList = new ArrayList();
        Provider provider = Security.getProvider(str);
        arrayList.add(provider.getClass().getName());
        for (Provider.Service service : provider.getServices()) {
            arrayList.add(service.getClassName());
            String attribute = service.getAttribute("SupportedKeyClasses");
            if (attribute != null) {
                arrayList.addAll(Arrays.asList(attribute.split("\\|")));
            }
        }
        return arrayList;
    }

    @BuildStep(providesCapabilities = {"io.quarkus.security"})
    FeatureBuildItem feature() {
        return new FeatureBuildItem("security");
    }

    @BuildStep
    void registerAdditionalBeans(BuildProducer<AdditionalBeanBuildItem> buildProducer) {
        buildProducer.produce(AdditionalBeanBuildItem.unremovableOf(SecurityIdentityAssociation.class));
        buildProducer.produce(AdditionalBeanBuildItem.unremovableOf(IdentityProviderManagerCreator.class));
        buildProducer.produce(AdditionalBeanBuildItem.unremovableOf(SecurityIdentityProxy.class));
    }
}
