package io.quarkus.vertx.http.runtime.security;

import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.HttpBuildTimeConfig;
import io.quarkus.vertx.http.runtime.PolicyMappingConfig;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.quarkus.vertx.http.runtime.security.PathMatcher;
import io.smallrye.mutiny.Uni;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.ext.web.RoutingContext;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/PathMatchingHttpSecurityPolicy.class */
public class PathMatchingHttpSecurityPolicy implements HttpSecurityPolicy {
    private final PathMatcher<List<HttpMatcher>> pathMatcher = new PathMatcher<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/quarkus/vertx/http/runtime/security/PathMatchingHttpSecurityPolicy$HttpMatcher.class */
    public static class HttpMatcher {
        final String authMechanism;
        final Set<String> methods;
        final HttpSecurityPolicy checker;

        HttpMatcher(String str, Set<String> set, HttpSecurityPolicy httpSecurityPolicy) {
            this.methods = set;
            this.checker = httpSecurityPolicy;
            this.authMechanism = str;
        }
    }

    public String getAuthMechanismName(RoutingContext routingContext) {
        PathMatcher.PathMatch<List<HttpMatcher>> match = this.pathMatcher.match(routingContext.request().path());
        if (match.getValue() == null || match.getValue().isEmpty()) {
            return null;
        }
        for (HttpMatcher httpMatcher : match.getValue()) {
            if (httpMatcher.authMechanism != null) {
                return httpMatcher.authMechanism;
            }
        }
        return null;
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy
    public Uni<HttpSecurityPolicy.CheckResult> checkPermission(RoutingContext routingContext, Uni<SecurityIdentity> uni, HttpSecurityPolicy.AuthorizationRequestContext authorizationRequestContext) {
        return doPermissionCheck(routingContext, uni, 0, null, findPermissionCheckers(routingContext.request()), authorizationRequestContext);
    }

    private Uni<HttpSecurityPolicy.CheckResult> doPermissionCheck(final RoutingContext routingContext, final Uni<SecurityIdentity> uni, final int i, final SecurityIdentity securityIdentity, final List<HttpSecurityPolicy> list, final HttpSecurityPolicy.AuthorizationRequestContext authorizationRequestContext) {
        return i == list.size() ? Uni.createFrom().item(new HttpSecurityPolicy.CheckResult(true, securityIdentity)) : list.get(i).checkPermission(routingContext, uni, authorizationRequestContext).flatMap(new Function<HttpSecurityPolicy.CheckResult, Uni<? extends HttpSecurityPolicy.CheckResult>>() { // from class: io.quarkus.vertx.http.runtime.security.PathMatchingHttpSecurityPolicy.1
            @Override // java.util.function.Function
            public Uni<? extends HttpSecurityPolicy.CheckResult> apply(HttpSecurityPolicy.CheckResult checkResult) {
                return !checkResult.isPermitted() ? Uni.createFrom().item(HttpSecurityPolicy.CheckResult.DENY) : checkResult.getAugmentedIdentity() != null ? PathMatchingHttpSecurityPolicy.this.doPermissionCheck(routingContext, Uni.createFrom().item(checkResult.getAugmentedIdentity()), i + 1, checkResult.getAugmentedIdentity(), list, authorizationRequestContext) : PathMatchingHttpSecurityPolicy.this.doPermissionCheck(routingContext, uni, i + 1, securityIdentity, list, authorizationRequestContext);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void init(HttpBuildTimeConfig httpBuildTimeConfig, Map<String, Supplier<HttpSecurityPolicy>> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Supplier<HttpSecurityPolicy>> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), entry.getValue().get());
        }
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, PolicyMappingConfig> entry2 : httpBuildTimeConfig.auth.permissions.entrySet()) {
            HttpSecurityPolicy httpSecurityPolicy = (HttpSecurityPolicy) hashMap.get(entry2.getValue().policy);
            if (httpSecurityPolicy == null) {
                throw new RuntimeException("Unable to find HTTP security policy " + entry2.getValue().policy);
            }
            if (entry2.getValue().enabled.orElse(Boolean.TRUE).booleanValue()) {
                Iterator<String> it = entry2.getValue().paths.orElse(Collections.emptyList()).iterator();
                while (it.hasNext()) {
                    String trim = it.next().trim();
                    if (hashMap2.containsKey(trim)) {
                        ((List) hashMap2.get(trim)).add(new HttpMatcher(entry2.getValue().authMechanism.orElse(null), new HashSet(entry2.getValue().methods.orElse(Collections.emptyList())), httpSecurityPolicy));
                    } else {
                        HttpMatcher httpMatcher = new HttpMatcher(entry2.getValue().authMechanism.orElse(null), new HashSet(entry2.getValue().methods.orElse(Collections.emptyList())), httpSecurityPolicy);
                        ArrayList arrayList = new ArrayList();
                        hashMap2.put(trim, arrayList);
                        arrayList.add(httpMatcher);
                        if (trim.endsWith("/*")) {
                            String substring = trim.substring(0, trim.length() - 2);
                            this.pathMatcher.addPrefixPath(substring.isEmpty() ? "/" : substring, arrayList);
                        } else if (trim.endsWith("*")) {
                            this.pathMatcher.addPrefixPath(trim.substring(0, trim.length() - 1), arrayList);
                        } else {
                            this.pathMatcher.addExactPath(trim, arrayList);
                        }
                    }
                }
            }
        }
    }

    public List<HttpSecurityPolicy> findPermissionCheckers(HttpServerRequest httpServerRequest) {
        PathMatcher.PathMatch<List<HttpMatcher>> match = this.pathMatcher.match(httpServerRequest.path());
        if (match.getValue() == null || match.getValue().isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (HttpMatcher httpMatcher : match.getValue()) {
            if (httpMatcher.methods == null || httpMatcher.methods.isEmpty()) {
                arrayList2.add(httpMatcher.checker);
            } else if (httpMatcher.methods.contains(httpServerRequest.method().toString())) {
                arrayList.add(httpMatcher.checker);
            }
        }
        return !arrayList.isEmpty() ? arrayList : !arrayList2.isEmpty() ? arrayList2 : Collections.singletonList(DenySecurityPolicy.INSTANCE);
    }
}
