package io.quarkus.security.runtime;

import io.quarkus.security.ForbiddenException;
import io.quarkus.security.credential.Credential;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.SecurityIdentityAugmentor;
import io.quarkus.security.spi.runtime.BlockingSecurityExecutor;
import io.smallrye.mutiny.Uni;
import java.security.Permission;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.function.Predicate;

/* loaded from: input_file:io/quarkus/security/runtime/QuarkusPermissionSecurityIdentityAugmentor.class */
public final class QuarkusPermissionSecurityIdentityAugmentor implements SecurityIdentityAugmentor {
    private static final Predicate<Throwable> NOT_A_FORBIDDEN_EXCEPTION = new Predicate<Throwable>() { // from class: io.quarkus.security.runtime.QuarkusPermissionSecurityIdentityAugmentor.1
        @Override // java.util.function.Predicate
        public boolean test(Throwable th) {
            return !(th instanceof ForbiddenException);
        }
    };
    private static final Function<Throwable, Throwable> WRAP_WITH_FORBIDDEN_EXCEPTION = new Function<Throwable, Throwable>() { // from class: io.quarkus.security.runtime.QuarkusPermissionSecurityIdentityAugmentor.2
        @Override // java.util.function.Function
        public Throwable apply(Throwable th) {
            return new ForbiddenException(th);
        }
    };
    private static final String ROUTING_CONTEXT_ATTRIBUTE = "quarkus.http.routing.context";
    private final BiFunction<SecurityIdentity, Permission, Uni<Boolean>> permissionChecker;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkus/security/runtime/QuarkusPermissionSecurityIdentityAugmentor$PermissionCheckerIdentityDecorator.class */
    public static final class PermissionCheckerIdentityDecorator implements SecurityIdentity {
        private final SecurityIdentity delegate;
        private final Object routingContext;
        private final BiFunction<SecurityIdentity, Permission, Uni<Boolean>> permissionChecker;

        private PermissionCheckerIdentityDecorator(SecurityIdentity securityIdentity, Object obj, BiFunction<SecurityIdentity, Permission, Uni<Boolean>> biFunction) {
            this.delegate = securityIdentity;
            this.routingContext = obj;
            this.permissionChecker = biFunction;
        }

        public Principal getPrincipal() {
            return this.delegate.getPrincipal();
        }

        public <T extends Principal> T getPrincipal(Class<T> cls) {
            return (T) this.delegate.getPrincipal(cls);
        }

        public boolean isAnonymous() {
            return false;
        }

        public Set<String> getRoles() {
            return this.delegate.getRoles();
        }

        public boolean hasRole(String str) {
            return this.delegate.hasRole(str);
        }

        public <T extends Credential> T getCredential(Class<T> cls) {
            return (T) this.delegate.getCredential(cls);
        }

        public Set<Credential> getCredentials() {
            return this.delegate.getCredentials();
        }

        public <T> T getAttribute(String str) {
            return QuarkusPermissionSecurityIdentityAugmentor.ROUTING_CONTEXT_ATTRIBUTE.equals(str) ? (T) this.routingContext : (T) this.delegate.getAttribute(str);
        }

        public Map<String, Object> getAttributes() {
            if (this.routingContext == null) {
                return this.delegate.getAttributes();
            }
            HashMap hashMap = new HashMap(this.delegate.getAttributes());
            hashMap.put(QuarkusPermissionSecurityIdentityAugmentor.ROUTING_CONTEXT_ATTRIBUTE, this.routingContext);
            return hashMap;
        }

        public Uni<Boolean> checkPermission(final Permission permission) {
            return this.permissionChecker.apply(this, permission).flatMap(new Function<Boolean, Uni<? extends Boolean>>() { // from class: io.quarkus.security.runtime.QuarkusPermissionSecurityIdentityAugmentor.PermissionCheckerIdentityDecorator.1
                @Override // java.util.function.Function
                public Uni<? extends Boolean> apply(Boolean bool) {
                    return Boolean.TRUE.equals(bool) ? Uni.createFrom().item(true) : PermissionCheckerIdentityDecorator.this.delegate.checkPermission(permission);
                }
            });
        }

        public boolean checkPermissionBlocking(Permission permission) {
            return ((Boolean) checkPermission(permission).await().indefinitely()).booleanValue();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public QuarkusPermissionSecurityIdentityAugmentor(final BlockingSecurityExecutor blockingSecurityExecutor) {
        this.permissionChecker = new BiFunction<SecurityIdentity, Permission, Uni<Boolean>>() { // from class: io.quarkus.security.runtime.QuarkusPermissionSecurityIdentityAugmentor.3
            @Override // java.util.function.BiFunction
            public Uni<Boolean> apply(SecurityIdentity securityIdentity, Permission permission) {
                return permission instanceof QuarkusPermission ? ((QuarkusPermission) permission).isGranted(securityIdentity, blockingSecurityExecutor).onFailure(QuarkusPermissionSecurityIdentityAugmentor.NOT_A_FORBIDDEN_EXCEPTION).transform(QuarkusPermissionSecurityIdentityAugmentor.WRAP_WITH_FORBIDDEN_EXCEPTION) : Uni.createFrom().item(false);
            }
        };
    }

    public Uni<SecurityIdentity> augment(SecurityIdentity securityIdentity, AuthenticationRequestContext authenticationRequestContext, Map<String, Object> map) {
        return securityIdentity.isAnonymous() ? Uni.createFrom().item(securityIdentity) : Uni.createFrom().item(new PermissionCheckerIdentityDecorator(securityIdentity, map.get(ROUTING_CONTEXT_ATTRIBUTE), this.permissionChecker));
    }

    public Uni<SecurityIdentity> augment(SecurityIdentity securityIdentity, AuthenticationRequestContext authenticationRequestContext) {
        return augment(securityIdentity, authenticationRequestContext, Map.of());
    }

    public int priority() {
        return Integer.MAX_VALUE;
    }
}
