package io.quarkus.vertx.http.runtime.security;

import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.HttpBuildTimeConfig;
import io.quarkus.vertx.http.runtime.PolicyMappingConfig;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.quarkus.vertx.http.runtime.security.PathMatcher;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.ext.web.RoutingContext;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.BiFunction;
import java.util.function.Supplier;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/PathMatchingHttpSecurityPolicy.class */
public class PathMatchingHttpSecurityPolicy implements HttpSecurityPolicy {
    private final PathMatcher<List<HttpMatcher>> pathMatcher = new PathMatcher<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/quarkus/vertx/http/runtime/security/PathMatchingHttpSecurityPolicy$HttpMatcher.class */
    public static class HttpMatcher {
        final Set<String> methods;
        final HttpSecurityPolicy checker;

        HttpMatcher(Set<String> set, HttpSecurityPolicy httpSecurityPolicy) {
            this.methods = set;
            this.checker = httpSecurityPolicy;
        }
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy
    public CompletionStage<HttpSecurityPolicy.CheckResult> checkPermission(RoutingContext routingContext, SecurityIdentity securityIdentity, HttpSecurityPolicy.AuthorizationRequestContext authorizationRequestContext) {
        CompletableFuture<HttpSecurityPolicy.CheckResult> completableFuture = new CompletableFuture<>();
        doPermissionCheck(routingContext, completableFuture, securityIdentity, 0, findPermissionCheckers(routingContext.request()), authorizationRequestContext);
        return completableFuture;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doPermissionCheck(final RoutingContext routingContext, final CompletableFuture<HttpSecurityPolicy.CheckResult> completableFuture, final SecurityIdentity securityIdentity, final int i, final List<HttpSecurityPolicy> list, final HttpSecurityPolicy.AuthorizationRequestContext authorizationRequestContext) {
        if (i == list.size()) {
            completableFuture.complete(new HttpSecurityPolicy.CheckResult(true, securityIdentity));
        } else {
            list.get(i).checkPermission(routingContext, securityIdentity, authorizationRequestContext).handle(new BiFunction<HttpSecurityPolicy.CheckResult, Throwable, Object>() { // from class: io.quarkus.vertx.http.runtime.security.PathMatchingHttpSecurityPolicy.1
                @Override // java.util.function.BiFunction
                public Object apply(HttpSecurityPolicy.CheckResult checkResult, Throwable th) {
                    if (th != null) {
                        completableFuture.completeExceptionally(th);
                        return null;
                    }
                    if (checkResult.isPermitted()) {
                        PathMatchingHttpSecurityPolicy.this.doPermissionCheck(routingContext, completableFuture, checkResult.getAugmentedIdentity() != null ? checkResult.getAugmentedIdentity() : securityIdentity, i + 1, list, authorizationRequestContext);
                        return null;
                    }
                    completableFuture.complete(HttpSecurityPolicy.CheckResult.DENY);
                    return null;
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void init(HttpBuildTimeConfig httpBuildTimeConfig, Map<String, Supplier<HttpSecurityPolicy>> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Supplier<HttpSecurityPolicy>> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), entry.getValue().get());
        }
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, PolicyMappingConfig> entry2 : httpBuildTimeConfig.auth.permissions.entrySet()) {
            HttpSecurityPolicy httpSecurityPolicy = (HttpSecurityPolicy) hashMap.get(entry2.getValue().policy);
            if (httpSecurityPolicy == null) {
                throw new RuntimeException("Unable to find HTTP security policy " + entry2.getValue().policy);
            }
            for (String str : entry2.getValue().paths) {
                if (hashMap2.containsKey(str)) {
                    ((List) hashMap2.get(str)).add(new HttpMatcher(new HashSet(entry2.getValue().methods), httpSecurityPolicy));
                } else {
                    HttpMatcher httpMatcher = new HttpMatcher(new HashSet(entry2.getValue().methods), httpSecurityPolicy);
                    ArrayList arrayList = new ArrayList();
                    hashMap2.put(str, arrayList);
                    arrayList.add(httpMatcher);
                    if (str.endsWith("/*")) {
                        String substring = str.substring(0, str.length() - 2);
                        this.pathMatcher.addPrefixPath(substring.isEmpty() ? "/" : substring, arrayList);
                    } else if (str.endsWith("*")) {
                        this.pathMatcher.addPrefixPath(str.substring(0, str.length() - 1), arrayList);
                    } else {
                        this.pathMatcher.addExactPath(str, arrayList);
                    }
                }
            }
        }
    }

    public List<HttpSecurityPolicy> findPermissionCheckers(HttpServerRequest httpServerRequest) {
        PathMatcher.PathMatch<List<HttpMatcher>> match = this.pathMatcher.match(httpServerRequest.path());
        if (match.getValue() == null || match.getValue().isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (HttpMatcher httpMatcher : match.getValue()) {
            if (httpMatcher.methods == null || httpMatcher.methods.isEmpty()) {
                arrayList2.add(httpMatcher.checker);
            } else if (httpMatcher.methods.contains(httpServerRequest.method().toString())) {
                arrayList.add(httpMatcher.checker);
            }
        }
        return !arrayList.isEmpty() ? arrayList : !arrayList2.isEmpty() ? arrayList2 : Collections.singletonList(DenySecurityPolicy.INSTANCE);
    }
}
