package io.quarkus.security.jpa.deployment;

import io.quarkus.arc.deployment.GeneratedBeanBuildItem;
import io.quarkus.arc.deployment.GeneratedBeanGizmoAdaptor;
import io.quarkus.arc.deployment.InjectionPointTransformerBuildItem;
import io.quarkus.arc.processor.InjectionPointsTransformer;
import io.quarkus.deployment.Feature;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.builditem.ApplicationIndexBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.gizmo.AssignableResultHandle;
import io.quarkus.gizmo.ClassCreator;
import io.quarkus.gizmo.FieldDescriptor;
import io.quarkus.gizmo.MethodCreator;
import io.quarkus.gizmo.MethodDescriptor;
import io.quarkus.gizmo.ResultHandle;
import io.quarkus.hibernate.orm.PersistenceUnit;
import io.quarkus.hibernate.orm.deployment.PersistenceUnitDescriptorBuildItem;
import io.quarkus.hibernate.orm.runtime.migration.MultiTenancyStrategy;
import io.quarkus.panache.common.deployment.PanacheEntityClassesBuildItem;
import io.quarkus.runtime.configuration.ConfigurationException;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TrustedAuthenticationRequest;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.security.jpa.PasswordProvider;
import io.quarkus.security.jpa.common.deployment.JpaSecurityDefinition;
import io.quarkus.security.jpa.common.deployment.JpaSecurityDefinitionBuildItem;
import io.quarkus.security.jpa.common.deployment.JpaSecurityIdentityUtil;
import io.quarkus.security.jpa.common.deployment.PanacheEntityPredicateBuildItem;
import io.quarkus.security.jpa.runtime.JpaIdentityProvider;
import io.quarkus.security.jpa.runtime.JpaTrustedIdentityProvider;
import jakarta.inject.Singleton;
import jakarta.persistence.EntityManager;
import jakarta.persistence.Query;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.BooleanSupplier;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.SimpleNaturalIdLoadAccess;
import org.hibernate.annotations.NaturalId;
import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationTarget;
import org.jboss.jandex.AnnotationValue;
import org.jboss.jandex.DotName;
import org.jboss.jandex.Index;
import org.jboss.jandex.Type;

/* loaded from: input_file:io/quarkus/security/jpa/deployment/QuarkusSecurityJpaProcessor.class */
class QuarkusSecurityJpaProcessor {
    private static final DotName DOTNAME_NATURAL_ID = DotName.createSimple(NaturalId.class.getName());
    private static final DotName SESSION_FACTORY_FACTORY = DotName.createSimple(SessionFactory.class.getName());
    private static final DotName JPA_IDENTITY_PROVIDER_NAME = DotName.createSimple(JpaIdentityProvider.class.getName());
    private static final DotName JPA_TRUSTED_IDENTITY_PROVIDER_NAME = DotName.createSimple(JpaTrustedIdentityProvider.class.getName());
    private static final DotName PERSISTENCE_UNIT_NAME = DotName.createSimple(PersistenceUnit.class.getName());

    /* loaded from: input_file:io/quarkus/security/jpa/deployment/QuarkusSecurityJpaProcessor$EnabledIfNonDefaultPersistenceUnit.class */
    static final class EnabledIfNonDefaultPersistenceUnit implements BooleanSupplier {
        private final boolean useNonDefaultPersistenceUnit;

        public EnabledIfNonDefaultPersistenceUnit(SecurityJpaBuildTimeConfig securityJpaBuildTimeConfig) {
            this.useNonDefaultPersistenceUnit = !"<default>".equals(securityJpaBuildTimeConfig.persistenceUnitName());
        }

        @Override // java.util.function.BooleanSupplier
        public boolean getAsBoolean() {
            return this.useNonDefaultPersistenceUnit;
        }
    }

    @BuildStep
    FeatureBuildItem feature() {
        return new FeatureBuildItem(Feature.SECURITY_JPA);
    }

    @BuildStep
    void configureJpaAuthConfig(ApplicationIndexBuildItem applicationIndexBuildItem, List<PersistenceUnitDescriptorBuildItem> list, BuildProducer<GeneratedBeanBuildItem> buildProducer, SecurityJpaBuildTimeConfig securityJpaBuildTimeConfig, Optional<JpaSecurityDefinitionBuildItem> optional, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem) {
        if (optional.isPresent()) {
            boolean shouldActivateCDIReqCtx = shouldActivateCDIReqCtx(list, securityJpaBuildTimeConfig);
            JpaSecurityDefinition jpaSecurityDefinition = optional.get().get();
            generateIdentityProvider(applicationIndexBuildItem.getIndex(), jpaSecurityDefinition, jpaSecurityDefinition.passwordType(), jpaSecurityDefinition.customPasswordProvider(), buildProducer, panacheEntityPredicateBuildItem, shouldActivateCDIReqCtx);
            generateTrustedIdentityProvider(applicationIndexBuildItem.getIndex(), jpaSecurityDefinition, buildProducer, panacheEntityPredicateBuildItem, shouldActivateCDIReqCtx);
        }
    }

    @BuildStep(onlyIf = {EnabledIfNonDefaultPersistenceUnit.class})
    InjectionPointTransformerBuildItem transformer(final SecurityJpaBuildTimeConfig securityJpaBuildTimeConfig) {
        return new InjectionPointTransformerBuildItem(new InjectionPointsTransformer() { // from class: io.quarkus.security.jpa.deployment.QuarkusSecurityJpaProcessor.1
            public boolean appliesTo(Type type) {
                return type.name().equals(QuarkusSecurityJpaProcessor.SESSION_FACTORY_FACTORY);
            }

            public void transform(InjectionPointsTransformer.TransformationContext transformationContext) {
                if (transformationContext.getAnnotationTarget().kind() == AnnotationTarget.Kind.FIELD) {
                    DotName name = transformationContext.getAnnotationTarget().asField().declaringClass().name();
                    if (QuarkusSecurityJpaProcessor.JPA_IDENTITY_PROVIDER_NAME.equals(name) || QuarkusSecurityJpaProcessor.JPA_TRUSTED_IDENTITY_PROVIDER_NAME.equals(name)) {
                        transformationContext.transform().add(QuarkusSecurityJpaProcessor.PERSISTENCE_UNIT_NAME, new AnnotationValue[]{AnnotationValue.createStringValue("value", securityJpaBuildTimeConfig.persistenceUnitName())}).done();
                    }
                }
            }
        });
    }

    @BuildStep
    PanacheEntityPredicateBuildItem panacheEntityPredicate(List<PanacheEntityClassesBuildItem> list) {
        return new PanacheEntityPredicateBuildItem(collectPanacheEntities(list));
    }

    private Set<String> collectPanacheEntities(List<PanacheEntityClassesBuildItem> list) {
        HashSet hashSet = new HashSet();
        Iterator<PanacheEntityClassesBuildItem> it = list.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getEntityClasses());
        }
        return hashSet;
    }

    private void generateIdentityProvider(Index index, JpaSecurityDefinition jpaSecurityDefinition, AnnotationValue annotationValue, AnnotationValue annotationValue2, BuildProducer<GeneratedBeanBuildItem> buildProducer, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem, boolean z) {
        GeneratedBeanGizmoAdaptor generatedBeanGizmoAdaptor = new GeneratedBeanGizmoAdaptor(buildProducer);
        String str = String.valueOf(jpaSecurityDefinition.annotatedClass.name()) + "__JpaIdentityProviderImpl";
        ClassCreator build = ClassCreator.builder().className(str).superClass(JpaIdentityProvider.class).classOutput(generatedBeanGizmoAdaptor).build();
        try {
            build.addAnnotation(Singleton.class);
            FieldDescriptor fieldDescriptor = build.getFieldCreator("passwordProvider", PasswordProvider.class).setModifiers(2).getFieldDescriptor();
            if (z) {
                activateCDIRequestContext(build);
            }
            MethodCreator methodCreator = build.getMethodCreator("authenticate", SecurityIdentity.class, new Class[]{EntityManager.class, UsernamePasswordAuthenticationRequest.class});
            try {
                methodCreator.setModifiers(1);
                ResultHandle lookupUserById = lookupUserById(jpaSecurityDefinition, str, methodCreator, methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(UsernamePasswordAuthenticationRequest.class, "getUsername", String.class, new Class[0]), methodCreator.getMethodParam(1), new ResultHandle[0]), jpaSecurityDefinition.username.annotation(DOTNAME_NATURAL_ID));
                String dotName = jpaSecurityDefinition.annotatedClass.name().toString();
                AssignableResultHandle createVariable = methodCreator.createVariable("L" + dotName.replace('.', '/') + ";");
                methodCreator.assign(createVariable, methodCreator.checkCast(lookupUserById, dotName));
                JpaSecurityIdentityUtil.buildIdentity(index, jpaSecurityDefinition, annotationValue, annotationValue2, panacheEntityPredicateBuildItem, fieldDescriptor, methodCreator, createVariable, methodCreator);
                if (methodCreator != null) {
                    methodCreator.close();
                }
                if (build != null) {
                    build.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void generateTrustedIdentityProvider(Index index, JpaSecurityDefinition jpaSecurityDefinition, BuildProducer<GeneratedBeanBuildItem> buildProducer, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem, boolean z) {
        GeneratedBeanGizmoAdaptor generatedBeanGizmoAdaptor = new GeneratedBeanGizmoAdaptor(buildProducer);
        String str = String.valueOf(jpaSecurityDefinition.annotatedClass.name()) + "__JpaTrustedIdentityProviderImpl";
        ClassCreator build = ClassCreator.builder().className(str).superClass(JpaTrustedIdentityProvider.class).classOutput(generatedBeanGizmoAdaptor).build();
        try {
            build.addAnnotation(Singleton.class);
            MethodCreator methodCreator = build.getMethodCreator("authenticate", SecurityIdentity.class, new Class[]{EntityManager.class, TrustedAuthenticationRequest.class});
            try {
                methodCreator.setModifiers(1);
                if (z) {
                    activateCDIRequestContext(build);
                }
                ResultHandle lookupUserById = lookupUserById(jpaSecurityDefinition, str, methodCreator, methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(TrustedAuthenticationRequest.class, "getPrincipal", String.class, new Class[0]), methodCreator.getMethodParam(1), new ResultHandle[0]), jpaSecurityDefinition.username.annotation(DOTNAME_NATURAL_ID));
                String dotName = jpaSecurityDefinition.annotatedClass.name().toString();
                AssignableResultHandle createVariable = methodCreator.createVariable("L" + dotName.replace('.', '/') + ";");
                methodCreator.assign(createVariable, methodCreator.checkCast(lookupUserById, dotName));
                JpaSecurityIdentityUtil.buildTrustedIdentity(index, jpaSecurityDefinition, panacheEntityPredicateBuildItem, methodCreator, createVariable, methodCreator);
                if (methodCreator != null) {
                    methodCreator.close();
                }
                if (build != null) {
                    build.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private ResultHandle lookupUserById(JpaSecurityDefinition jpaSecurityDefinition, String str, MethodCreator methodCreator, ResultHandle resultHandle, AnnotationInstance annotationInstance) {
        ResultHandle invokeVirtualMethod;
        if (annotationInstance != null) {
            invokeVirtualMethod = methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(SimpleNaturalIdLoadAccess.class, "load", Object.class, new Class[]{Object.class}), methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Session.class, "bySimpleNaturalId", SimpleNaturalIdLoadAccess.class, new Class[]{Class.class}), methodCreator.checkCast(methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(EntityManager.class, "unwrap", Object.class, new Class[]{Class.class}), methodCreator.getMethodParam(0), new ResultHandle[]{methodCreator.loadClassFromTCCL(Session.class)}), Session.class), new ResultHandle[]{methodCreator.loadClassFromTCCL(jpaSecurityDefinition.annotatedClass.name().toString())}), new ResultHandle[]{resultHandle});
        } else {
            invokeVirtualMethod = methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(str, "getSingleUser", Object.class, new Object[]{Query.class}), methodCreator.getThis(), new ResultHandle[]{methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Query.class, "setParameter", Query.class, new Class[]{String.class, Object.class}), methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(EntityManager.class, "createQuery", Query.class, new Class[]{String.class}), methodCreator.getMethodParam(0), new ResultHandle[]{methodCreator.load("FROM " + jpaSecurityDefinition.annotatedClass.simpleName() + " WHERE " + jpaSecurityDefinition.username.name() + " = :name")}), new ResultHandle[]{methodCreator.load("name"), resultHandle})});
        }
        return invokeVirtualMethod;
    }

    private static void activateCDIRequestContext(ClassCreator classCreator) {
        MethodCreator methodCreator = classCreator.getMethodCreator("requireActiveCDIRequestContext", DotName.createSimple(Boolean.TYPE.getName()).toString(), new String[0]);
        try {
            methodCreator.setModifiers(4);
            methodCreator.returnBoolean(true);
            if (methodCreator != null) {
                methodCreator.close();
            }
        } catch (Throwable th) {
            if (methodCreator != null) {
                try {
                    methodCreator.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static boolean shouldActivateCDIReqCtx(List<PersistenceUnitDescriptorBuildItem> list, SecurityJpaBuildTimeConfig securityJpaBuildTimeConfig) {
        Optional<PersistenceUnitDescriptorBuildItem> findFirst = list.stream().filter(persistenceUnitDescriptorBuildItem -> {
            return securityJpaBuildTimeConfig.persistenceUnitName().equals(persistenceUnitDescriptorBuildItem.getPersistenceUnitName());
        }).findFirst();
        if (findFirst.isEmpty()) {
            throw new ConfigurationException("Persistence unit '" + securityJpaBuildTimeConfig.persistenceUnitName() + "' specified with the 'quarkus.security-jpa.persistence-unit-name' configuration property does not exist. Please set valid persistence unit name.");
        }
        return findFirst.get().getConfig().getMultiTenancyStrategy() != MultiTenancyStrategy.NONE;
    }
}
