package io.quarkus.websockets.next.runtime;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.quarkus.security.ForbiddenException;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.spi.runtime.AuthorizationFailureEvent;
import io.quarkus.security.spi.runtime.AuthorizationSuccessEvent;
import io.quarkus.security.spi.runtime.MethodDescription;
import io.quarkus.security.spi.runtime.SecurityCheck;
import io.quarkus.security.spi.runtime.SecurityEventHelper;
import io.quarkus.websockets.next.HttpUpgradeCheck;
import io.smallrye.mutiny.Uni;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:io/quarkus/websockets/next/runtime/SecurityHttpUpgradeCheck.class */
public final class SecurityHttpUpgradeCheck implements HttpUpgradeCheck {
    public static final int BEAN_PRIORITY = 2147483547;
    public static final String SECURED_ENDPOINT_ID_KEY = SecurityHttpUpgradeCheck.class.getName() + ".ENDPOINT_ID";
    public static final String HTTP_REQUEST_KEY = SecurityHttpUpgradeCheck.class.getName() + ".HTTP_REQUEST";
    private final String redirectUrl;
    private final Map<String, SecurityCheck> endpointToCheck;
    private final SecurityEventHelper<AuthorizationSuccessEvent, AuthorizationFailureEvent> securityEventHelper;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityHttpUpgradeCheck(String str, Map<String, SecurityCheck> map, SecurityEventHelper<AuthorizationSuccessEvent, AuthorizationFailureEvent> securityEventHelper) {
        this.redirectUrl = str;
        this.endpointToCheck = Map.copyOf(map);
        this.securityEventHelper = securityEventHelper;
    }

    @Override // io.quarkus.websockets.next.HttpUpgradeCheck
    public Uni<HttpUpgradeCheck.CheckResult> perform(HttpUpgradeCheck.HttpUpgradeContext httpUpgradeContext) {
        SecurityCheck securityCheck = this.endpointToCheck.get(httpUpgradeContext.endpointId());
        return httpUpgradeContext.securityIdentity().chain(securityIdentity -> {
            return securityCheck.nonBlockingApply(securityIdentity, (MethodDescription) null, (Object[]) null).replaceWith(() -> {
                return permitUpgrade(securityIdentity, securityCheck, httpUpgradeContext);
            }).onFailure(SecurityException.class).recoverWithItem(th -> {
                return rejectUpgrade(th, securityIdentity, securityCheck, httpUpgradeContext);
            });
        });
    }

    @Override // io.quarkus.websockets.next.HttpUpgradeCheck
    public boolean appliesTo(String str) {
        return this.endpointToCheck.containsKey(str);
    }

    private HttpUpgradeCheck.CheckResult permitUpgrade(SecurityIdentity securityIdentity, SecurityCheck securityCheck, HttpUpgradeCheck.HttpUpgradeContext httpUpgradeContext) {
        if (this.securityEventHelper.fireEventOnSuccess()) {
            this.securityEventHelper.fireSuccessEvent(new AuthorizationSuccessEvent(securityIdentity, securityCheck.getClass().getName(), Map.of(SECURED_ENDPOINT_ID_KEY, httpUpgradeContext.endpointId(), HTTP_REQUEST_KEY, httpUpgradeContext.httpRequest())));
        }
        return HttpUpgradeCheck.CheckResult.permitUpgradeSync();
    }

    private HttpUpgradeCheck.CheckResult rejectUpgrade(Throwable th, SecurityIdentity securityIdentity, SecurityCheck securityCheck, HttpUpgradeCheck.HttpUpgradeContext httpUpgradeContext) {
        if (this.securityEventHelper.fireEventOnFailure()) {
            this.securityEventHelper.fireFailureEvent(new AuthorizationFailureEvent(securityIdentity, th, securityCheck.getClass().getName(), Map.of(SECURED_ENDPOINT_ID_KEY, httpUpgradeContext.endpointId(), HTTP_REQUEST_KEY, httpUpgradeContext.httpRequest())));
        }
        return this.redirectUrl != null ? HttpUpgradeCheck.CheckResult.rejectUpgradeSync(302, Map.of(HttpHeaderNames.LOCATION.toString(), List.of(this.redirectUrl), HttpHeaderNames.CACHE_CONTROL.toString(), List.of("no-store"))) : th instanceof ForbiddenException ? HttpUpgradeCheck.CheckResult.rejectUpgradeSync(403) : HttpUpgradeCheck.CheckResult.rejectUpgradeSync(401);
    }
}
