package io.quarkus.vertx.http.runtime.security;

import io.quarkus.arc.runtime.BeanContainer;
import io.quarkus.arc.runtime.BeanContainerListener;
import io.quarkus.runtime.annotations.Recorder;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.FormAuthConfig;
import io.quarkus.vertx.http.runtime.HttpBuildTimeConfig;
import io.quarkus.vertx.http.runtime.HttpConfiguration;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.ext.web.RoutingContext;
import java.lang.annotation.Annotation;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Map;
import java.util.concurrent.CompletionException;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.enterprise.inject.spi.CDI;
import org.jboss.logging.Logger;

@Recorder
/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder.class */
public class HttpSecurityRecorder {
    private static final Logger log = Logger.getLogger(HttpSecurityRecorder.class);
    static volatile String encryptionKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder$1, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/vertx/http/runtime/security/HttpSecurityRecorder$1.class */
    public class AnonymousClass1 implements Handler<RoutingContext> {
        volatile HttpAuthenticator authenticator;

        AnonymousClass1() {
        }

        public void handle(final RoutingContext routingContext) {
            if (this.authenticator == null) {
                this.authenticator = (HttpAuthenticator) CDI.current().select(HttpAuthenticator.class, new Annotation[0]).get();
            }
            routingContext.put(HttpAuthenticator.class.getName(), this.authenticator);
            this.authenticator.attemptAuthentication(routingContext).subscribe().with(new Consumer<SecurityIdentity>() { // from class: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.1.1
                @Override // java.util.function.Consumer
                public void accept(SecurityIdentity securityIdentity) {
                    if (routingContext.response().ended()) {
                        return;
                    }
                    if (securityIdentity != null) {
                        routingContext.setUser(new QuarkusHttpUser(securityIdentity));
                    }
                    routingContext.next();
                }
            }, new Consumer<Throwable>() { // from class: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.1.2
                @Override // java.util.function.Consumer
                public void accept(Throwable th) {
                    while ((th instanceof CompletionException) && th.getCause() != null) {
                        th = th.getCause();
                    }
                    if (th instanceof AuthenticationFailedException) {
                        AnonymousClass1.this.authenticator.sendChallenge(routingContext).subscribe().with(new Consumer<Boolean>() { // from class: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.1.2.1
                            @Override // java.util.function.Consumer
                            public void accept(Boolean bool) {
                                routingContext.response().end();
                            }
                        }, new Consumer<Throwable>() { // from class: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.1.2.2
                            @Override // java.util.function.Consumer
                            public void accept(Throwable th2) {
                                routingContext.fail(th2);
                            }
                        });
                        return;
                    }
                    if (th instanceof AuthenticationCompletionException) {
                        routingContext.response().setStatusCode(401);
                        routingContext.response().end();
                    } else {
                        if (!(th instanceof AuthenticationRedirectException)) {
                            routingContext.fail(th);
                            return;
                        }
                        AuthenticationRedirectException authenticationRedirectException = (AuthenticationRedirectException) th;
                        routingContext.response().setStatusCode(authenticationRedirectException.getCode());
                        routingContext.response().headers().set(HttpHeaders.LOCATION, authenticationRedirectException.getRedirectUri());
                        routingContext.response().end();
                    }
                }
            });
        }
    }

    public Handler<RoutingContext> authenticationMechanismHandler() {
        return new AnonymousClass1();
    }

    public Handler<RoutingContext> permissionCheckHandler() {
        return new Handler<RoutingContext>() { // from class: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.2
            volatile HttpAuthorizer authorizer;

            public void handle(RoutingContext routingContext) {
                if (this.authorizer == null) {
                    this.authorizer = (HttpAuthorizer) CDI.current().select(HttpAuthorizer.class, new Annotation[0]).get();
                }
                this.authorizer.checkPermission(routingContext);
            }
        };
    }

    public BeanContainerListener initPermissions(final HttpBuildTimeConfig httpBuildTimeConfig, final Map<String, Supplier<HttpSecurityPolicy>> map) {
        return new BeanContainerListener() { // from class: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.3
            public void created(BeanContainer beanContainer) {
                ((PathMatchingHttpSecurityPolicy) beanContainer.instance(PathMatchingHttpSecurityPolicy.class, new Annotation[0])).init(httpBuildTimeConfig, map);
            }
        };
    }

    public Supplier<FormAuthenticationMechanism> setupFormAuth(final HttpConfiguration httpConfiguration, final HttpBuildTimeConfig httpBuildTimeConfig) {
        return new Supplier<FormAuthenticationMechanism>() { // from class: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public FormAuthenticationMechanism get() {
                String str;
                if (httpConfiguration.encryptionKey.isPresent()) {
                    str = httpConfiguration.encryptionKey.get();
                } else if (HttpSecurityRecorder.encryptionKey != null) {
                    str = HttpSecurityRecorder.encryptionKey;
                } else {
                    byte[] bArr = new byte[32];
                    new SecureRandom().nextBytes(bArr);
                    String encodeToString = Base64.getEncoder().encodeToString(bArr);
                    HttpSecurityRecorder.encryptionKey = encodeToString;
                    str = encodeToString;
                    HttpSecurityRecorder.log.warn("Encryption key was not specified for persistent FORM auth, using temporary key " + str);
                }
                FormAuthConfig formAuthConfig = httpBuildTimeConfig.auth.form;
                return new FormAuthenticationMechanism(formAuthConfig.loginPage.startsWith("/") ? formAuthConfig.loginPage : "/" + formAuthConfig.loginPage, formAuthConfig.errorPage.startsWith("/") ? formAuthConfig.errorPage : "/" + formAuthConfig.errorPage, formAuthConfig.landingPage.startsWith("/") ? formAuthConfig.landingPage : "/" + formAuthConfig.landingPage, formAuthConfig.redirectAfterLogin, new PersistentLoginManager(str, formAuthConfig.cookieName, formAuthConfig.timeout.toMillis(), formAuthConfig.newCookieInterval.toMillis()));
            }
        };
    }

    public Supplier<?> setupBasicAuth(final HttpBuildTimeConfig httpBuildTimeConfig) {
        return new Supplier<BasicAuthenticationMechanism>() { // from class: io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public BasicAuthenticationMechanism get() {
                return new BasicAuthenticationMechanism(httpBuildTimeConfig.auth.realm, "BASIC", httpBuildTimeConfig.auth.form.enabled);
            }
        };
    }
}
