package org.wildfly.swarm.microprofile.jwtauth.runtime;

import java.io.File;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import javax.inject.Inject;
import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationTarget;
import org.jboss.jandex.AnnotationValue;
import org.jboss.jandex.ClassInfo;
import org.jboss.jandex.DotName;
import org.jboss.jandex.IndexView;
import org.jboss.jandex.MethodInfo;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.FileAsset;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.wildfly.swarm.microprofile.jwtauth.MicroProfileJWTAuthFraction;
import org.wildfly.swarm.spi.api.DeploymentProcessor;
import org.wildfly.swarm.spi.runtime.annotations.DeploymentScoped;
import org.wildfly.swarm.undertow.WARArchive;
import org.wildfly.swarm.undertow.descriptors.SecurityConstraint;
import org.wildfly.swarm.undertow.descriptors.WebXmlAsset;

@DeploymentScoped
/* loaded from: input_file:org/wildfly/swarm/microprofile/jwtauth/runtime/MPJWTAuthExtensionArchivePreparer.class */
public class MPJWTAuthExtensionArchivePreparer implements DeploymentProcessor {
    private static Logger log = Logger.getLogger(MPJWTAuthExtensionArchivePreparer.class);
    private static final DotName LOGIN_CONFIG = DotName.createSimple("org.eclipse.microprofile.auth.LoginConfig");
    private static final DotName ROLES_ALLOWED = DotName.createSimple("javax.annotation.security.RolesAllowed");
    private static final DotName DENY_ALL = DotName.createSimple("javax.annotation.security.DenyAll");
    private static final DotName PERMIT_ALL = DotName.createSimple("javax.annotation.security.PermitAll");
    private static final DotName PATH = DotName.createSimple("javax.ws.rs.Path");
    private static final DotName APP_PATH = DotName.createSimple("javax.ws.rs.ApplicationPath");
    private static final DotName HTTP_METHOD = DotName.createSimple("javax.ws.rs.HttpMethod");
    private static final DotName GET = DotName.createSimple("javax.ws.rs.GET");
    private static final DotName POST = DotName.createSimple("javax.ws.rs.POST");
    private static final DotName PUT = DotName.createSimple("javax.ws.rs.PUT");
    private static final DotName DELETE = DotName.createSimple("javax.ws.rs.DELETE");
    private static final DotName HEAD = DotName.createSimple("javax.ws.rs.HEAD");
    private static final DotName OPTIONS = DotName.createSimple("javax.ws.rs.OPTIONS");
    private static final String[] EMPTY_ROLES = new String[0];
    private final Archive archive;
    private final IndexView index;

    @Inject
    private MicroProfileJWTAuthFraction fraction;

    @Inject
    public MPJWTAuthExtensionArchivePreparer(Archive archive, IndexView indexView) {
        this.archive = archive;
        this.index = indexView;
    }

    public void process() throws Exception {
        WARArchive as = this.archive.as(WARArchive.class);
        for (AnnotationInstance annotationInstance : this.index.getAnnotations(LOGIN_CONFIG)) {
            AnnotationValue value = annotationInstance.value("authMethod");
            AnnotationValue value2 = annotationInstance.value("realmName");
            String asString = value2 != null ? value2.asString() : "";
            if (value != null) {
                as.findWebXmlAsset().setLoginConfig(value.asString(), asString);
            }
            if (asString.length() > 0) {
                as.findJbossWebAsset().setSecurityDomain(asString);
            }
        }
        WebXmlAsset findWebXmlAsset = as.findWebXmlAsset();
        Collection annotations = this.index.getAnnotations(APP_PATH);
        String asString2 = annotations.isEmpty() ? "/" : ((AnnotationInstance) annotations.iterator().next()).value().asString();
        Iterable<DotName> collectHttpMethods = collectHttpMethods();
        HashSet hashSet = new HashSet();
        ArrayList<AnnotationInstance> arrayList = new ArrayList();
        arrayList.addAll(this.index.getAnnotations(ROLES_ALLOWED));
        arrayList.addAll(this.index.getAnnotations(PERMIT_ALL));
        arrayList.addAll(this.index.getAnnotations(DENY_ALL));
        for (AnnotationInstance annotationInstance2 : arrayList) {
            if (annotationInstance2.target().kind() == AnnotationTarget.Kind.CLASS) {
                ClassInfo asClass = annotationInstance2.target().asClass();
                if (!hashSet.contains(asClass.name())) {
                    generateSecurityConstraints(findWebXmlAsset, asClass, asString2, collectHttpMethods, hashSet);
                }
            } else if (annotationInstance2.target().kind() == AnnotationTarget.Kind.METHOD) {
                ClassInfo declaringClass = annotationInstance2.target().asMethod().declaringClass();
                if (!hashSet.contains(declaringClass.name())) {
                    generateSecurityConstraints(findWebXmlAsset, declaringClass, asString2, collectHttpMethods, hashSet);
                }
            }
        }
        if (this.fraction.getTokenIssuer().isPresent()) {
            log.debugf("Issuer: %s", this.fraction.getTokenIssuer().get());
            as.addAsManifestResource(new StringAsset((String) this.fraction.getTokenIssuer().get()), "MP-JWT-ISSUER");
        }
        String publicKey = this.fraction.getPublicKey();
        if (publicKey != null) {
            log.debugf("PublicKey: %s", publicKey);
            if (publicKey.startsWith("file:")) {
                as.addAsManifestResource(new FileAsset(new File(publicKey.substring(5, publicKey.length()))), "MP-JWT-SIGNER");
            } else if (publicKey.startsWith("classpath:")) {
                as.addAsManifestResource(this.archive.get("WEB-INF/classes/" + publicKey.substring(10, publicKey.length())).getAsset(), "MP-JWT-SIGNER");
            } else {
                as.addAsManifestResource(new StringAsset(publicKey), "MP-JWT-SIGNER");
            }
        }
        if (this.fraction.getJwksUri() != null) {
            log.debugf("JwksUri: %s", this.fraction.getJwksUri());
            as.addAsManifestResource(new StringAsset(this.fraction.getJwksUri()), "MP-JWT-JWKS");
            as.addAsManifestResource(new StringAsset(((Integer) this.fraction.getJwksRefreshInterval().get()).toString()), "MP-JWT-JWKS-REFRESH");
            if (this.fraction.getPublicKey() != null) {
                log.warn("The 'signer-pub-key' and 'jwks-uri' configuration options are mutually exclusive, the 'jwks-uri' will be ignored.");
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("war: " + as.toString(true));
        }
    }

    private void generateSecurityConstraints(WebXmlAsset webXmlAsset, ClassInfo classInfo, String str, Iterable<DotName> iterable, Set<DotName> set) {
        List<MethodInfo> resourceMethods = getResourceMethods(classInfo, iterable);
        if (resourceMethods.isEmpty()) {
            return;
        }
        StringBuilder sb = new StringBuilder(str);
        if (sb.charAt(sb.length() - 1) != '/') {
            sb.append('/');
        }
        ArrayList<SecurityConstraint> arrayList = new ArrayList();
        Optional findFirst = classInfo.classAnnotations().stream().filter(annotationInstance -> {
            return annotationInstance.name().equals(PATH);
        }).findFirst();
        if (findFirst.isPresent()) {
            String asString = ((AnnotationInstance) findFirst.get()).value().asString();
            if (asString.charAt(0) == '/') {
                sb.append(asString.substring(1));
            } else {
                sb.append(asString);
            }
            if (sb.charAt(sb.length() - 1) != '/') {
                sb.append('/');
            }
        }
        Iterator<MethodInfo> it = resourceMethods.iterator();
        while (it.hasNext()) {
            MethodInfo next = it.next();
            AnnotationInstance annotation = next.annotation(PATH);
            String asString2 = annotation != null ? annotation.value().asString() : "";
            AnnotationInstance annotation2 = next.annotation(ROLES_ALLOWED);
            AnnotationInstance annotation3 = next.annotation(DENY_ALL);
            AnnotationInstance annotation4 = next.annotation(PERMIT_ALL);
            if (annotation2 != null || annotation3 != null || annotation4 != null) {
                String[] strArr = null;
                if (annotation4 != null) {
                    strArr = EMPTY_ROLES;
                } else if (annotation2 != null) {
                    strArr = annotation2.value().asStringArray();
                }
                arrayList.add(createSecurityConstraint(webXmlAsset, getUriPath(asString2, sb.toString()), strArr));
                it.remove();
            }
        }
        if (!resourceMethods.isEmpty()) {
            AnnotationInstance annotationInstance2 = (AnnotationInstance) classInfo.classAnnotations().stream().filter(annotationInstance3 -> {
                return annotationInstance3.name().equals(ROLES_ALLOWED);
            }).findFirst().orElse(null);
            AnnotationInstance annotationInstance4 = (AnnotationInstance) classInfo.classAnnotations().stream().filter(annotationInstance5 -> {
                return annotationInstance5.name().equals(DENY_ALL);
            }).findFirst().orElse(null);
            AnnotationInstance annotationInstance6 = (AnnotationInstance) classInfo.classAnnotations().stream().filter(annotationInstance7 -> {
                return annotationInstance7.name().equals(PERMIT_ALL);
            }).findFirst().orElse(null);
            if (arrayList.isEmpty()) {
                String str2 = sb.toString() + "*";
                if (annotationInstance4 != null) {
                    arrayList.add(createSecurityConstraint(webXmlAsset, str2, null));
                } else if (annotationInstance6 != null) {
                    arrayList.add(createSecurityConstraint(webXmlAsset, str2, EMPTY_ROLES));
                } else if (annotationInstance2 != null) {
                    arrayList.add(createSecurityConstraint(webXmlAsset, str2, annotationInstance2.value().asStringArray()));
                }
            } else {
                Iterator<MethodInfo> it2 = resourceMethods.iterator();
                while (it2.hasNext()) {
                    AnnotationInstance annotation5 = it2.next().annotation(PATH);
                    String asString3 = annotation5 != null ? annotation5.value().asString() : "";
                    String[] strArr2 = null;
                    if (annotationInstance6 != null) {
                        strArr2 = EMPTY_ROLES;
                    } else if (annotationInstance2 != null) {
                        strArr2 = annotationInstance2.value().asStringArray();
                    }
                    if (strArr2 != null || (strArr2 == null && (annotationInstance4 != null || this.fraction.isDefaultMissingMethodPermissionsDenyAccess()))) {
                        arrayList.add(createSecurityConstraint(webXmlAsset, getUriPath(asString3, sb.toString()), strArr2));
                    }
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debugf("SecurityConstraints introduced by class: %s", classInfo.name());
            for (SecurityConstraint securityConstraint : arrayList) {
                log.debugf("SecurityConstraint(%s), roles=%s, isPermitAll=%s", securityConstraint.urlPattern(), securityConstraint.roles(), Boolean.valueOf(securityConstraint.isPermitAll()));
            }
        }
        set.add(classInfo.name());
    }

    private SecurityConstraint createSecurityConstraint(WebXmlAsset webXmlAsset, String str, String[] strArr) {
        SecurityConstraint protect = webXmlAsset.protect(str);
        if (strArr == null) {
            protect.withRole("");
        } else if (strArr.length == 0) {
            protect.permitAll();
        } else {
            protect.withRole(strArr);
        }
        return protect;
    }

    private String getUriPath(String str, String str2) {
        String substring = str.isEmpty() ? str2.substring(0, str2.length() - 1) : str.charAt(0) == '/' ? str2 + str.substring(1) : str2 + str;
        int indexOf = substring.indexOf(123);
        if (indexOf >= 0) {
            String substring2 = substring.substring(0, indexOf);
            if (substring2.charAt(substring2.length() - 1) != '/') {
                substring2 = substring2 + '/';
            }
            substring = substring2 + "*";
        }
        return substring;
    }

    private List<MethodInfo> getResourceMethods(ClassInfo classInfo, Iterable<DotName> iterable) {
        ArrayList arrayList = new ArrayList();
        for (MethodInfo methodInfo : classInfo.methods()) {
            if (isResourceMethod(methodInfo, iterable)) {
                arrayList.add(methodInfo);
            }
        }
        return arrayList;
    }

    private boolean isResourceMethod(MethodInfo methodInfo, Iterable<DotName> iterable) {
        Iterator<DotName> it = iterable.iterator();
        while (it.hasNext()) {
            if (methodInfo.hasAnnotation(it.next())) {
                return true;
            }
        }
        return false;
    }

    private Iterable<DotName> collectHttpMethods() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(GET);
        arrayList.add(POST);
        arrayList.add(PUT);
        arrayList.add(DELETE);
        arrayList.add(HEAD);
        arrayList.add(OPTIONS);
        Iterator it = this.index.getAnnotations(HTTP_METHOD).iterator();
        while (it.hasNext()) {
            arrayList.add(((AnnotationInstance) it.next()).name());
        }
        return arrayList;
    }
}
