package io.quarkus.security.runtime;

import io.quarkus.arc.Arc;
import io.quarkus.arc.ArcContainer;
import io.quarkus.runtime.RuntimeValue;
import io.quarkus.runtime.ShutdownContext;
import io.quarkus.runtime.annotations.Recorder;
import io.quarkus.security.StringPermission;
import io.quarkus.security.runtime.interceptor.SecurityCheckStorageBuilder;
import io.quarkus.security.runtime.interceptor.SecurityConstrainer;
import io.quarkus.security.runtime.interceptor.check.AuthenticatedCheck;
import io.quarkus.security.runtime.interceptor.check.DenyAllCheck;
import io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck;
import io.quarkus.security.runtime.interceptor.check.PermitAllCheck;
import io.quarkus.security.runtime.interceptor.check.RolesAllowedCheck;
import io.quarkus.security.runtime.interceptor.check.SupplierRolesAllowedCheck;
import io.quarkus.security.spi.runtime.AuthorizationFailureEvent;
import io.quarkus.security.spi.runtime.AuthorizationSuccessEvent;
import io.quarkus.security.spi.runtime.SecurityCheck;
import io.quarkus.security.spi.runtime.SecurityCheckStorage;
import io.smallrye.config.Expressions;
import io.smallrye.config.common.utils.StringUtil;
import jakarta.enterprise.inject.spi.BeanManager;
import java.lang.annotation.Annotation;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.BiConsumer;
import java.util.function.Function;
import java.util.function.Supplier;
import org.eclipse.microprofile.config.Config;
import org.eclipse.microprofile.config.spi.ConfigProviderResolver;

@Recorder
/* loaded from: input_file:io/quarkus/security/runtime/SecurityCheckRecorder.class */
public class SecurityCheckRecorder {
    private static volatile SecurityCheckStorage storage;
    private static final Set<SupplierRolesAllowedCheck> configExpRolesAllowedChecks = ConcurrentHashMap.newKeySet();
    private static volatile boolean runtimeConfigReady = false;

    public static SecurityCheckStorage getStorage() {
        return storage;
    }

    public SecurityCheck denyAll() {
        return DenyAllCheck.INSTANCE;
    }

    public SecurityCheck permitAll() {
        return PermitAllCheck.INSTANCE;
    }

    public SecurityCheck rolesAllowed(String... strArr) {
        return RolesAllowedCheck.of(strArr);
    }

    public SecurityCheck rolesAllowedSupplier(String[] strArr, int[] iArr, int[] iArr2) {
        for (int i = 0; i < iArr.length; i++) {
            QuarkusSecurityRolesAllowedConfigBuilder.addProperty(iArr2[i], strArr[iArr[i]]);
        }
        SupplierRolesAllowedCheck supplierRolesAllowedCheck = new SupplierRolesAllowedCheck(resolveRolesAllowedConfigExp(strArr, iArr, iArr2));
        configExpRolesAllowedChecks.add(supplierRolesAllowedCheck);
        return supplierRolesAllowedCheck;
    }

    public void recordRolesAllowedConfigExpression(String str, int i, BiConsumer<String, Supplier<String[]>> biConsumer) {
        QuarkusSecurityRolesAllowedConfigBuilder.addProperty(i, str);
        biConsumer.accept(str, resolveRolesAllowedConfigExp(new String[]{str}, new int[]{0}, new int[]{i}));
    }

    private static Supplier<String[]> resolveRolesAllowedConfigExp(String[] strArr, final int[] iArr, final int[] iArr2) {
        final ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
        return new Supplier<String[]>() { // from class: io.quarkus.security.runtime.SecurityCheckRecorder.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public String[] get() {
                Config config = ConfigProviderResolver.instance().getConfig(Thread.currentThread().getContextClassLoader());
                if (((Boolean) config.getOptionalValue("mp.config.property.expressions.enabled", Boolean.class).orElse(Boolean.TRUE)).booleanValue() && Expressions.isEnabled()) {
                    for (int i = 0; i < iArr.length; i++) {
                        String str = (String) config.getValue(QuarkusSecurityRolesAllowedConfigBuilder.transformToKey(iArr2[i]), String.class);
                        if (str != null && str.contains(",")) {
                            String[] split = StringUtil.split(str);
                            if (split.length >= 1) {
                                str = split[0];
                                if (split.length > 1) {
                                    for (int i2 = 1; i2 < split.length; i2++) {
                                        arrayList.add(split[i2]);
                                    }
                                }
                            }
                        }
                        arrayList.set(iArr[i], str);
                    }
                }
                return (String[]) arrayList.toArray(i3 -> {
                    return new String[i3];
                });
            }
        };
    }

    public SecurityCheck authenticated() {
        return AuthenticatedCheck.INSTANCE;
    }

    public SecurityCheck permissionsAllowed(Function<Object[], Permission> function, RuntimeValue<Permission> runtimeValue) {
        Permission permission;
        if (function == null) {
            Objects.requireNonNull(runtimeValue);
            permission = (Permission) runtimeValue.getValue();
        } else {
            permission = null;
        }
        return PermissionSecurityCheck.of(permission, function);
    }

    public SecurityCheck permissionsAllowed(final List<Function<Object[], Permission>> list, List<RuntimeValue<Permission>> list2) {
        Permission[] permissionArr;
        Function<Object[], Permission[]> function;
        if (list == null) {
            Objects.requireNonNull(list2);
            function = null;
            permissionArr = new Permission[list2.size()];
            for (int i = 0; i < list2.size(); i++) {
                permissionArr[i] = (Permission) Objects.requireNonNull((Permission) list2.get(i).getValue());
            }
        } else {
            permissionArr = null;
            function = new Function<Object[], Permission[]>() { // from class: io.quarkus.security.runtime.SecurityCheckRecorder.2
                @Override // java.util.function.Function
                public Permission[] apply(Object[] objArr) {
                    Permission[] permissionArr2 = new Permission[list.size()];
                    for (int i2 = 0; i2 < list.size(); i2++) {
                        permissionArr2[i2] = (Permission) ((Function) list.get(i2)).apply(objArr);
                    }
                    return permissionArr2;
                }
            };
        }
        return PermissionSecurityCheck.of(permissionArr, function);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.security.Permission[]] */
    public SecurityCheck permissionsAllowedGroups(final List<List<Function<Object[], Permission>>> list, List<List<RuntimeValue<Permission>>> list2) {
        Permission[][] permissionArr;
        Function<Object[], Permission[][]> function;
        if (list == null) {
            Objects.requireNonNull(list2);
            function = null;
            permissionArr = new Permission[list2.size()];
            for (int i = 0; i < list2.size(); i++) {
                List<RuntimeValue<Permission>> list3 = list2.get(i);
                permissionArr[i] = new Permission[list3.size()];
                for (int i2 = 0; i2 < list3.size(); i2++) {
                    permissionArr[i][i2] = (Permission) list3.get(i2).getValue();
                }
            }
        } else {
            permissionArr = null;
            function = new Function<Object[], Permission[][]>() { // from class: io.quarkus.security.runtime.SecurityCheckRecorder.3
                /* JADX WARN: Multi-variable type inference failed */
                /* JADX WARN: Type inference failed for: r0v3, types: [java.security.Permission[], java.security.Permission[][]] */
                @Override // java.util.function.Function
                public Permission[][] apply(Object[] objArr) {
                    ?? r0 = new Permission[list.size()];
                    for (int i3 = 0; i3 < list.size(); i3++) {
                        List list4 = (List) list.get(i3);
                        r0[i3] = new Permission[list4.size()];
                        for (int i4 = 0; i4 < list4.size(); i4++) {
                            r0[i3][i4] = (Permission) ((Function) list4.get(i4)).apply(objArr);
                        }
                    }
                    return r0;
                }
            };
        }
        return PermissionSecurityCheck.of(permissionArr, function);
    }

    public Function<Object[], Permission> toComputedPermission(final RuntimeValue<Permission> runtimeValue) {
        return new Function<Object[], Permission>() { // from class: io.quarkus.security.runtime.SecurityCheckRecorder.4
            @Override // java.util.function.Function
            public Permission apply(Object[] objArr) {
                return (Permission) runtimeValue.getValue();
            }
        };
    }

    public RuntimeValue<Permission> createStringPermission(String str, String[] strArr) {
        return new RuntimeValue<>(new StringPermission(str, strArr));
    }

    public RuntimeValue<Permission> createPermission(String str, String str2, String[] strArr, boolean z) {
        try {
            return new RuntimeValue<>(z ? (Permission) loadClass(str2).getConstructors()[0].newInstance(str, strArr) : (Permission) loadClass(str2).getConstructors()[0].newInstance(str));
        } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) {
            throw new RuntimeException(String.format("Failed to create Permission - class '%s', name '%s', actions '%s'", str2, str, Arrays.toString(strArr)), e);
        }
    }

    public Function<Object[], Permission> createComputedPermission(final String str, final String str2, final String[] strArr, final boolean z, final int[] iArr) {
        int i = z ? 1 : 0;
        final int length = 1 + i + iArr.length;
        final int i2 = 1 + i;
        final Constructor<?> constructor = loadClass(str2).getConstructors()[0];
        return new Function<Object[], Permission>() { // from class: io.quarkus.security.runtime.SecurityCheckRecorder.5
            @Override // java.util.function.Function
            public Permission apply(Object[] objArr) {
                try {
                    return (Permission) constructor.newInstance(initArgs(objArr));
                } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) {
                    throw new RuntimeException(String.format("Failed to create computed Permission - class '%s', name '%s', actions '%s', ", str2, str, Arrays.toString(strArr)), e);
                }
            }

            private Object[] initArgs(Object[] objArr) {
                Object[] objArr2 = new Object[length];
                objArr2[0] = str;
                if (z) {
                    objArr2[1] = strArr;
                }
                for (int i3 = 0; i3 < iArr.length; i3++) {
                    objArr2[i2 + i3] = objArr[iArr[i3]];
                }
                return objArr2;
            }
        };
    }

    public RuntimeValue<SecurityCheckStorageBuilder> newBuilder() {
        return new RuntimeValue<>(new SecurityCheckStorageBuilder());
    }

    public void addMethod(RuntimeValue<SecurityCheckStorageBuilder> runtimeValue, String str, String str2, String[] strArr, SecurityCheck securityCheck) {
        ((SecurityCheckStorageBuilder) runtimeValue.getValue()).registerCheck(str, str2, strArr, securityCheck);
    }

    public void create(RuntimeValue<SecurityCheckStorageBuilder> runtimeValue) {
        storage = ((SecurityCheckStorageBuilder) runtimeValue.getValue()).create();
    }

    public void resolveRolesAllowedConfigExpRoles() {
        if (configExpRolesAllowedChecks.isEmpty()) {
            return;
        }
        Iterator<SupplierRolesAllowedCheck> it = configExpRolesAllowedChecks.iterator();
        while (it.hasNext()) {
            it.next().resolveAllowedRoles();
        }
        configExpRolesAllowedChecks.clear();
    }

    private Class<?> loadClass(String str) {
        try {
            return Thread.currentThread().getContextClassLoader().loadClass(str);
        } catch (ClassNotFoundException e) {
            throw new RuntimeException("Unable to load class '" + str + "' for creating permission", e);
        }
    }

    public void registerDefaultSecurityCheck(RuntimeValue<SecurityCheckStorageBuilder> runtimeValue, SecurityCheck securityCheck) {
        ((SecurityCheckStorageBuilder) runtimeValue.getValue()).registerDefaultSecurityCheck(securityCheck);
    }

    public Supplier<SecurityConstrainer> createSecurityConstrainer(final Supplier<Map<String, Object>> supplier) {
        return new Supplier<SecurityConstrainer>() { // from class: io.quarkus.security.runtime.SecurityCheckRecorder.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public SecurityConstrainer get() {
                ArcContainer container = Arc.container();
                BeanManager beanManager = container.beanManager();
                return new SecurityConstrainer((SecurityCheckStorage) container.instance(SecurityCheckStorage.class, new Annotation[0]).get(), beanManager, beanManager.getEvent().select(AuthorizationFailureEvent.class, new Annotation[0]), beanManager.getEvent().select(AuthorizationSuccessEvent.class, new Annotation[0]), SecurityCheckRecorder.runtimeConfigReady, container.select(SecurityIdentityAssociation.class, new Annotation[0]), supplier == null ? new Supplier<Map<String, Object>>() { // from class: io.quarkus.security.runtime.SecurityCheckRecorder.6.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.function.Supplier
                    public Map<String, Object> get() {
                        return Map.of();
                    }
                } : supplier);
            }
        };
    }

    public void setRuntimeConfigReady() {
        runtimeConfigReady = true;
    }

    public void unsetRuntimeConfigReady(ShutdownContext shutdownContext) {
        shutdownContext.addShutdownTask(new Runnable() { // from class: io.quarkus.security.runtime.SecurityCheckRecorder.7
            @Override // java.lang.Runnable
            public void run() {
                SecurityCheckRecorder.runtimeConfigReady = false;
            }
        });
    }
}
