package io.helidon.microprofile.jwt.auth;

import io.helidon.config.Config;
import io.helidon.microprofile.cdi.RuntimeStart;
import io.helidon.microprofile.security.SecurityCdiExtension;
import io.helidon.microprofile.server.JaxRsCdiExtension;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.reflect.Constructor;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Priority;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Initialized;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.AfterBeanDiscovery;
import javax.enterprise.inject.spi.AfterDeploymentValidation;
import javax.enterprise.inject.spi.AnnotatedField;
import javax.enterprise.inject.spi.AnnotatedParameter;
import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.inject.spi.BeforeBeanDiscovery;
import javax.enterprise.inject.spi.DeploymentException;
import javax.enterprise.inject.spi.Extension;
import javax.enterprise.inject.spi.InjectionPoint;
import javax.enterprise.inject.spi.ProcessInjectionPoint;
import javax.enterprise.util.AnnotationLiteral;
import javax.enterprise.util.Nonbinding;
import javax.inject.Provider;
import javax.inject.Qualifier;
import javax.json.JsonArray;
import javax.json.JsonNumber;
import javax.json.JsonObject;
import javax.json.JsonString;
import javax.json.JsonValue;
import org.eclipse.microprofile.auth.LoginConfig;
import org.eclipse.microprofile.jwt.Claim;
import org.eclipse.microprofile.jwt.ClaimValue;
import org.eclipse.microprofile.jwt.Claims;

/* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthCdiExtension.class */
public class JwtAuthCdiExtension implements Extension {
    private final List<ClaimIP> qualifiers = new LinkedList();
    private Config config;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthCdiExtension$ClaimIP.class */
    public static class ClaimIP {
        private final ClaimLiteral qualifier;
        private final Type type;

        ClaimIP(ClaimLiteral claimLiteral, Type type) {
            this.qualifier = claimLiteral;
            this.type = type;
        }

        public ClaimLiteral getQualifier() {
            return this.qualifier;
        }

        public Type getType() {
            return this.type;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthCdiExtension$ClaimLiteral.class */
    public static class ClaimLiteral extends AnnotationLiteral<MpClaimQualifier> implements MpClaimQualifier {
        private final String name;
        private final String id;
        private final boolean optional;
        private final boolean claimValue;
        private final Class<?> rawType;
        private final Class<?> typeArg;
        private final Class<?> typeArg2;
        private final Class<?> typeArg3;
        private final String fieldTypeString;

        ClaimLiteral(String str, String str2, boolean z, boolean z2, Class<?> cls, Class<?> cls2, Class<?> cls3, Class<?> cls4, String str3) {
            this.name = str;
            this.id = str2;
            this.optional = z;
            this.claimValue = z2;
            this.rawType = cls;
            this.typeArg = cls2;
            this.typeArg2 = cls3;
            this.typeArg3 = cls4;
            this.fieldTypeString = str3;
        }

        @Override // io.helidon.microprofile.jwt.auth.JwtAuthCdiExtension.MpClaimQualifier
        public String name() {
            return this.name;
        }

        @Override // io.helidon.microprofile.jwt.auth.JwtAuthCdiExtension.MpClaimQualifier
        public String id() {
            return this.id;
        }

        @Override // io.helidon.microprofile.jwt.auth.JwtAuthCdiExtension.MpClaimQualifier
        public boolean optional() {
            return this.optional;
        }

        @Override // io.helidon.microprofile.jwt.auth.JwtAuthCdiExtension.MpClaimQualifier
        public boolean claimValue() {
            return this.claimValue;
        }

        @Override // io.helidon.microprofile.jwt.auth.JwtAuthCdiExtension.MpClaimQualifier
        public Class<?> rawType() {
            return this.rawType;
        }

        @Override // io.helidon.microprofile.jwt.auth.JwtAuthCdiExtension.MpClaimQualifier
        public Class<?> typeArg() {
            return this.typeArg;
        }

        @Override // io.helidon.microprofile.jwt.auth.JwtAuthCdiExtension.MpClaimQualifier
        public Class<?> typeArg2() {
            return this.typeArg2;
        }

        @Override // io.helidon.microprofile.jwt.auth.JwtAuthCdiExtension.MpClaimQualifier
        public Class<?> typeArg3() {
            return this.typeArg3;
        }

        @Override // java.lang.annotation.Annotation
        public String toString() {
            return "ClaimLiteral{rawType=" + this.rawType + ", name=" + this.name + ", id=" + this.id + "}";
        }
    }

    /* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthCdiExtension$FieldTypes.class */
    static class FieldTypes {
        private boolean optional = false;
        private boolean claimValue = false;
        private TypedField field0;
        private TypedField field1;
        private TypedField field2;
        private TypedField field3;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthCdiExtension$FieldTypes$TypedField.class */
        public static final class TypedField {
            private final Class<?> rawType;
            private ParameterizedType paramType;

            private TypedField(Class<?> cls) {
                this.rawType = cls;
            }

            private TypedField(Class<?> cls, ParameterizedType parameterizedType) {
                this.rawType = cls;
                this.paramType = parameterizedType;
            }

            boolean isParameterized() {
                return this.paramType != null;
            }

            Class<?> getRawType() {
                return this.rawType;
            }

            ParameterizedType getParamType() {
                return this.paramType;
            }

            public boolean equals(Object obj) {
                if (this == obj) {
                    return true;
                }
                if (obj == null || !getClass().equals(obj.getClass())) {
                    return false;
                }
                TypedField typedField = (TypedField) obj;
                return Objects.equals(this.rawType, typedField.rawType) && Objects.equals(this.paramType, typedField.paramType);
            }

            public int hashCode() {
                return Objects.hash(this.rawType, this.paramType);
            }

            public String toString() {
                return "TypedField{rawType=" + this.rawType + ", paramType=" + this.paramType + "}";
            }
        }

        FieldTypes() {
        }

        static FieldTypes forType(Type type) {
            FieldTypes fieldTypes = new FieldTypes();
            TypedField typedField = getTypedField(type);
            if (typedField.rawType.equals(Instance.class) || typedField.rawType.equals(Provider.class)) {
                fieldTypes.field0 = getTypedField(typedField);
            } else {
                fieldTypes.field0 = typedField;
            }
            fieldTypes.field1 = getTypedField(fieldTypes.field0);
            fieldTypes.field2 = getTypedField(fieldTypes.field1);
            fieldTypes.field3 = getTypedField(fieldTypes.field2);
            if (fieldTypes.field0.getRawType().equals(ClaimValue.class)) {
                fieldTypes.claimValue = true;
            }
            if (fieldTypes.field0.getRawType().equals(Optional.class) || fieldTypes.field1.getRawType().equals(Optional.class)) {
                fieldTypes.optional = true;
            }
            return fieldTypes;
        }

        static TypedField getTypedField(Type type) {
            if (type instanceof Class) {
                return new TypedField((Class) type);
            }
            if (!(type instanceof ParameterizedType)) {
                throw new UnsupportedOperationException("No idea how to handle " + type);
            }
            ParameterizedType parameterizedType = (ParameterizedType) type;
            return new TypedField((Class) parameterizedType.getRawType(), parameterizedType);
        }

        private static TypedField getTypedField(TypedField typedField) {
            if (!typedField.isParameterized()) {
                return new TypedField(NoType.class);
            }
            Type[] actualTypeArguments = typedField.paramType.getActualTypeArguments();
            if (actualTypeArguments.length == 1) {
                return getTypedField(actualTypeArguments[0]);
            }
            if (actualTypeArguments.length == 2 && typedField.rawType.equals(Map.class) && actualTypeArguments[0].equals(actualTypeArguments[1]) && actualTypeArguments[0].equals(String.class)) {
                return new TypedField(String.class);
            }
            throw new DeploymentException("Cannot create config property for " + typedField.rawType + ", params: " + Arrays.toString(actualTypeArguments));
        }

        TypedField getField0() {
            return this.field0;
        }

        TypedField getField1() {
            return this.field1;
        }

        TypedField getField2() {
            return this.field2;
        }

        TypedField getField3() {
            return this.field3;
        }

        public boolean isOptional() {
            return this.optional;
        }

        public boolean isClaimValue() {
            return this.claimValue;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Qualifier
    @Target({ElementType.METHOD, ElementType.FIELD, ElementType.PARAMETER, ElementType.TYPE})
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthCdiExtension$MpClaimQualifier.class */
    public @interface MpClaimQualifier {
        @Nonbinding
        String name();

        String id();

        @Nonbinding
        boolean optional();

        @Nonbinding
        boolean claimValue();

        @Nonbinding
        Class<?> rawType();

        @Nonbinding
        Class<?> typeArg();

        @Nonbinding
        Class<?> typeArg2();

        @Nonbinding
        Class<?> typeArg3();
    }

    /* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthCdiExtension$NoType.class */
    private static final class NoType {
        private NoType() {
        }
    }

    void before(@Observes BeforeBeanDiscovery beforeBeanDiscovery) {
        beforeBeanDiscovery.addAnnotatedType(JsonWebTokenProducer.class, "TokenProducer");
    }

    void collectClaimProducer(@Observes ProcessInjectionPoint<?, ?> processInjectionPoint) {
        Claim annotation = processInjectionPoint.getInjectionPoint().getAnnotated().getAnnotation(Claim.class);
        if (annotation != null) {
            if (annotation.standard() != Claims.UNKNOWN && !annotation.value().isEmpty()) {
                throw new DeploymentException("Claim annotation should not have both values at value and standard! @Claim(value=" + annotation.value() + ", standard=Claims." + annotation.standard().name() + ")");
            }
            InjectionPoint injectionPoint = processInjectionPoint.getInjectionPoint();
            Type type = injectionPoint.getType();
            FieldTypes forType = FieldTypes.forType(type);
            ClaimLiteral claimLiteral = new ClaimLiteral(annotation.standard() == Claims.UNKNOWN ? annotation.value() : annotation.standard().name(), injectionPoint.getMember().getDeclaringClass().getName() + "." + getFieldName(injectionPoint), forType.isOptional(), forType.isClaimValue(), forType.getField0().getRawType(), forType.getField1().getRawType(), forType.getField2().getRawType(), forType.getField3().getRawType(), type.toString());
            processInjectionPoint.configureInjectionPoint().addQualifier(claimLiteral);
            this.qualifiers.add(new ClaimIP(claimLiteral, type));
        }
    }

    void registerClaimProducers(@Observes AfterBeanDiscovery afterBeanDiscovery, BeanManager beanManager) {
        this.qualifiers.forEach(claimIP -> {
            afterBeanDiscovery.addBean(new ClaimProducer(claimIP.qualifier, claimIP.type, beanManager));
        });
    }

    void validate(@Observes AfterDeploymentValidation afterDeploymentValidation) {
        this.qualifiers.forEach(claimIP -> {
            validate(claimIP.getQualifier());
        });
    }

    void configured(@Observes @RuntimeStart Config config) {
        this.config = config;
    }

    void registerProvider(@Observes @Initialized(ApplicationScoped.class) @Priority(5) Object obj, BeanManager beanManager) {
        SecurityCdiExtension extension = beanManager.getExtension(SecurityCdiExtension.class);
        if (extension.securityBuilder().hasProvider("mp-jwt-auth")) {
            return;
        }
        String str = "MP-JWT";
        if (beanManager.getExtension(JaxRsCdiExtension.class).applicationsToRun().stream().map((v0) -> {
            return v0.applicationClass();
        }).flatMap((v0) -> {
            return v0.stream();
        }).map(cls -> {
            return cls.getAnnotation(LoginConfig.class);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.authMethod();
        }).noneMatch((v1) -> {
            return r1.equals(v1);
        })) {
            return;
        }
        extension.securityBuilder().addProvider(JwtAuthProvider.create(this.config), "mp-jwt-auth");
    }

    private String getFieldName(InjectionPoint injectionPoint) {
        AnnotatedField annotated = injectionPoint.getAnnotated();
        if (annotated instanceof AnnotatedField) {
            return annotated.getJavaMember().getName();
        }
        if (annotated instanceof AnnotatedParameter) {
            AnnotatedParameter annotatedParameter = (AnnotatedParameter) annotated;
            Member member = injectionPoint.getMember();
            if (member instanceof Method) {
                return member.getName() + "_" + annotatedParameter.getPosition();
            }
            if (member instanceof Constructor) {
                return "new_" + annotatedParameter.getPosition();
            }
        }
        return injectionPoint.getMember().getName();
    }

    private void validate(ClaimLiteral claimLiteral) {
        Class<?> rawType = claimLiteral.rawType();
        if (ClaimValue.class.equals(rawType)) {
            validateClaimValue(claimLiteral, claimLiteral.typeArg(), claimLiteral.typeArg2(), claimLiteral.typeArg3());
            return;
        }
        if (Optional.class.equals(rawType)) {
            validateOptional(claimLiteral, claimLiteral.typeArg(), claimLiteral.typeArg2());
        } else if (Set.class.equals(rawType) || JsonArray.class.equals(rawType)) {
            validateSet(claimLiteral, rawType, claimLiteral.typeArg());
        } else {
            validateBaseType(claimLiteral, rawType);
        }
    }

    private void validateClaimValue(ClaimLiteral claimLiteral, Class<?> cls, Class<?> cls2, Class<?> cls3) {
        if (ClaimValue.class.equals(cls)) {
            throw new DeploymentException("ClaimValue has to be used as top level wrapper type. It cannot be parameter as it is in the field " + claimLiteral.id + " of type " + claimLiteral.fieldTypeString);
        }
        if (Optional.class.equals(cls)) {
            validateOptional(claimLiteral, cls2, cls3);
        } else if (Set.class.equals(cls) || JsonArray.class.equals(cls)) {
            validateSet(claimLiteral, cls, cls2);
        } else {
            validateBaseType(claimLiteral, cls);
        }
    }

    private void validateOptional(ClaimLiteral claimLiteral, Class<?> cls, Class<?> cls2) {
        if (ClaimValue.class.equals(cls)) {
            throw new DeploymentException("ClaimValue has to be used as top level wrapper type. It cannot be parameter of Optional as it is in the field " + claimLiteral.id + " of type " + claimLiteral.fieldTypeString);
        }
        if (Optional.class.equals(cls)) {
            throw new DeploymentException("Optional has to be used as top/second level wrapper type. It cannot be parameter of another Optional as it is in the field " + claimLiteral.id + " of type " + claimLiteral.fieldTypeString);
        }
        if (Set.class.equals(cls) || JsonArray.class.equals(cls)) {
            validateSet(claimLiteral, cls, cls2);
        } else {
            validateBaseType(claimLiteral, cls);
        }
    }

    private void validateSet(ClaimLiteral claimLiteral, Class<?> cls, Class<?> cls2) {
        if (!String.class.equals(cls2) && !NoType.class.equals(cls2)) {
            throw new DeploymentException("Set<" + cls2.getName() + "> is not supported type. Field has to have a Set with a String parameter.");
        }
        try {
            Claims valueOf = Claims.valueOf(claimLiteral.name);
            if (Set.class.isAssignableFrom(valueOf.getType()) || JsonArray.class.isAssignableFrom(valueOf.getType())) {
            } else {
                throw new DeploymentException("Cannot assign value of claim " + claimLiteral.name + " (claim type: " + valueOf.getType().getName() + ")  to the field " + claimLiteral.id + " of type " + claimLiteral.fieldTypeString);
            }
        } catch (IllegalArgumentException e) {
            if (!JsonArray.class.equals(cls)) {
                throw new DeploymentException("Field type has to be JsonArray (instead of Set<String>) while using custom claim name. Field " + claimLiteral.id + " can not be type: " + claimLiteral.fieldTypeString);
            }
        }
    }

    private void validateBaseType(ClaimLiteral claimLiteral, Class<?> cls) {
        if (NoType.class.equals(cls)) {
            return;
        }
        try {
            Claims valueOf = Claims.valueOf(claimLiteral.name);
            if ((cls.equals(Long.class) || cls.equals(Long.TYPE) || JsonNumber.class.isAssignableFrom(cls)) && (Long.class.equals(valueOf.getType()) || JsonNumber.class.isAssignableFrom(valueOf.getType()))) {
                return;
            }
            if ((cls.equals(String.class) || JsonString.class.isAssignableFrom(cls)) && (String.class.equals(valueOf.getType()) || JsonString.class.isAssignableFrom(valueOf.getType()))) {
                return;
            }
            if ((cls.equals(Boolean.class) || cls.equals(Boolean.TYPE) || JsonValue.class.isAssignableFrom(cls)) && (Boolean.class.equals(valueOf.getType()) || JsonValue.class.isAssignableFrom(valueOf.getType()))) {
                return;
            }
            if (cls.equals(JsonObject.class) && JsonObject.class.isAssignableFrom(valueOf.getType())) {
                return;
            }
            if (cls.equals(JsonArray.class) && Set.class.isAssignableFrom(valueOf.getType())) {
            } else {
                throw new DeploymentException("Cannot assign value of claim " + claimLiteral.name + " (claim type: " + valueOf.getType().getName() + ")  to the field " + claimLiteral.id + " of type " + claimLiteral.fieldTypeString);
            }
        } catch (IllegalArgumentException e) {
            if (!JsonValue.class.isAssignableFrom(cls)) {
                throw new DeploymentException("Field type has to be JsonValue or its subtype while using custom claim name. Field " + claimLiteral.id + " can not be type: " + claimLiteral.fieldTypeString);
            }
        }
    }
}
