package io.quarkus.opentelemetry.runtime.tracing.security;

import io.opentelemetry.api.common.Attributes;
import io.opentelemetry.api.common.AttributesBuilder;
import io.opentelemetry.api.trace.Span;
import io.opentelemetry.semconv.SemanticAttributes;
import io.quarkus.arc.Arc;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.spi.runtime.AuthenticationFailureEvent;
import io.quarkus.security.spi.runtime.AuthenticationSuccessEvent;
import io.quarkus.security.spi.runtime.AuthorizationFailureEvent;
import io.quarkus.security.spi.runtime.AuthorizationSuccessEvent;
import io.quarkus.security.spi.runtime.SecurityEvent;
import io.quarkus.vertx.http.runtime.CurrentVertxRequest;
import io.quarkus.vertx.http.runtime.security.QuarkusHttpUser;
import io.vertx.ext.auth.User;
import io.vertx.ext.web.RoutingContext;
import java.lang.annotation.Annotation;
import java.time.Instant;
import java.util.function.BiConsumer;

/* loaded from: input_file:io/quarkus/opentelemetry/runtime/tracing/security/SecurityEventUtil.class */
public final class SecurityEventUtil {
    public static final String QUARKUS_SECURITY_NAMESPACE = "quarkus.security.";
    public static final String AUTHN_SUCCESS_EVENT_NAME = "quarkus.security.authentication.success";
    public static final String AUTHN_FAILURE_EVENT_NAME = "quarkus.security.authentication.failure";
    public static final String AUTHZ_SUCCESS_EVENT_NAME = "quarkus.security.authorization.success";
    public static final String AUTHZ_FAILURE_EVENT_NAME = "quarkus.security.authorization.failure";
    public static final String OTHER_EVENT_NAME = "quarkus.security.other";
    public static final String SECURITY_IDENTITY_PRINCIPAL = "quarkus.security.identity.principal";
    public static final String SECURITY_IDENTITY_IS_ANONYMOUS = "quarkus.security.identity.anonymous";
    public static final String QUARKUS_SECURITY_OTHER_EVENTS_NAMESPACE = "quarkus.security.other.";
    public static final String FAILURE_NAME = "quarkus.security.failure.name";
    public static final String AUTHORIZATION_CONTEXT = "quarkus.security.authorization.context";

    private SecurityEventUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addEndUserAttributes(Span span) {
        if (Arc.container().requestContext().isActive()) {
            CurrentVertxRequest currentVertxRequest = (CurrentVertxRequest) Arc.container().instance(CurrentVertxRequest.class, new Annotation[0]).get();
            if (currentVertxRequest.getCurrent() != null) {
                addEndUserAttribute(currentVertxRequest.getCurrent(), span);
            }
        }
    }

    public static void updateEndUserAttributes(AuthorizationFailureEvent authorizationFailureEvent) {
        addEndUserAttribute(authorizationFailureEvent.getSecurityIdentity(), getSpan());
    }

    public static void updateEndUserAttributes(AuthorizationSuccessEvent authorizationSuccessEvent) {
        addEndUserAttribute(authorizationSuccessEvent.getSecurityIdentity(), getSpan());
    }

    public static void addEndUserAttributes(AuthenticationSuccessEvent authenticationSuccessEvent) {
        addEndUserAttribute(authenticationSuccessEvent.getSecurityIdentity(), getSpan());
    }

    public static void addAllEvents(SecurityEvent securityEvent) {
        if (securityEvent instanceof AuthenticationSuccessEvent) {
            addEvent((AuthenticationSuccessEvent) securityEvent);
            return;
        }
        if (securityEvent instanceof AuthenticationFailureEvent) {
            addEvent((AuthenticationFailureEvent) securityEvent);
            return;
        }
        if (securityEvent instanceof AuthorizationSuccessEvent) {
            addEvent((AuthorizationSuccessEvent) securityEvent);
        } else if (securityEvent instanceof AuthorizationFailureEvent) {
            addEvent((AuthorizationFailureEvent) securityEvent);
        } else {
            addOtherEventInternal(securityEvent);
        }
    }

    public static void addEvent(AuthenticationSuccessEvent authenticationSuccessEvent) {
        addEvent(AUTHN_SUCCESS_EVENT_NAME, attributesBuilder(authenticationSuccessEvent).build());
    }

    public static void addEvent(AuthenticationFailureEvent authenticationFailureEvent) {
        addEvent(AUTHN_FAILURE_EVENT_NAME, attributesBuilder(authenticationFailureEvent, AuthenticationFailureEvent.AUTHENTICATION_FAILURE_KEY).build());
    }

    public static void addEvent(AuthorizationSuccessEvent authorizationSuccessEvent) {
        addEvent(AUTHZ_SUCCESS_EVENT_NAME, withAuthorizationContext(authorizationSuccessEvent, attributesBuilder(authorizationSuccessEvent), AuthorizationSuccessEvent.AUTHORIZATION_CONTEXT));
    }

    public static void addEvent(AuthorizationFailureEvent authorizationFailureEvent) {
        addEvent(AUTHZ_FAILURE_EVENT_NAME, withAuthorizationContext(authorizationFailureEvent, attributesBuilder(authorizationFailureEvent, AuthorizationFailureEvent.AUTHORIZATION_FAILURE_KEY), AuthorizationFailureEvent.AUTHORIZATION_CONTEXT_KEY));
    }

    public static void addEvent(SecurityEvent securityEvent) {
        if ((securityEvent instanceof AuthenticationSuccessEvent) || (securityEvent instanceof AuthenticationFailureEvent) || (securityEvent instanceof AuthorizationSuccessEvent) || (securityEvent instanceof AuthorizationFailureEvent)) {
            return;
        }
        addOtherEventInternal(securityEvent);
    }

    private static void addOtherEventInternal(SecurityEvent securityEvent) {
        final AttributesBuilder attributesBuilder = attributesBuilder(securityEvent);
        securityEvent.getEventProperties().forEach(new BiConsumer<String, Object>() { // from class: io.quarkus.opentelemetry.runtime.tracing.security.SecurityEventUtil.1
            @Override // java.util.function.BiConsumer
            public void accept(String str, Object obj) {
                if (obj instanceof String) {
                    AttributesBuilder.this.put("quarkus.security.other." + str, (String) obj);
                }
            }
        });
        addEvent(OTHER_EVENT_NAME, attributesBuilder.build());
    }

    private static void addEvent(String str, Attributes attributes) {
        Span span = getSpan();
        if (spanIsValidAndRecording(span)) {
            span.addEvent(str, attributes, Instant.now());
        }
    }

    private static AttributesBuilder attributesBuilder(SecurityEvent securityEvent, String str) {
        Object obj = securityEvent.getEventProperties().get(str);
        if (!(obj instanceof Throwable)) {
            return attributesBuilder(securityEvent);
        }
        return attributesBuilder(securityEvent).put(FAILURE_NAME, ((Throwable) obj).getClass().getName());
    }

    private static AttributesBuilder attributesBuilder(SecurityEvent securityEvent) {
        AttributesBuilder builder = Attributes.builder();
        SecurityIdentity securityIdentity = securityEvent.getSecurityIdentity();
        if (securityIdentity != null) {
            builder.put(SECURITY_IDENTITY_IS_ANONYMOUS, securityIdentity.isAnonymous());
            if (securityIdentity.getPrincipal() != null) {
                builder.put(SECURITY_IDENTITY_PRINCIPAL, securityIdentity.getPrincipal().getName());
            }
        }
        return builder;
    }

    private static Attributes withAuthorizationContext(SecurityEvent securityEvent, AttributesBuilder attributesBuilder, String str) {
        if (securityEvent.getEventProperties().containsKey(str)) {
            attributesBuilder.put(AUTHORIZATION_CONTEXT, (String) securityEvent.getEventProperties().get(str));
        }
        return attributesBuilder.build();
    }

    private static void addEndUserAttribute(RoutingContext routingContext, Span span) {
        User user = routingContext.user();
        if (user instanceof QuarkusHttpUser) {
            addEndUserAttribute(((QuarkusHttpUser) user).getSecurityIdentity(), span);
        }
    }

    private static void addEndUserAttribute(SecurityIdentity securityIdentity, Span span) {
        if (securityIdentity == null || securityIdentity.isAnonymous() || !spanIsValidAndRecording(span)) {
            return;
        }
        span.setAllAttributes(Attributes.of(SemanticAttributes.ENDUSER_ID, securityIdentity.getPrincipal().getName(), SemanticAttributes.ENDUSER_ROLE, getRoles(securityIdentity)));
    }

    private static String getRoles(SecurityIdentity securityIdentity) {
        try {
            return securityIdentity.getRoles().toString();
        } catch (UnsupportedOperationException e) {
            return "";
        }
    }

    private static Span getSpan() {
        return Arc.container().requestContext().isActive() ? (Span) Arc.container().select(Span.class, new Annotation[0]).get() : Span.current();
    }

    private static boolean spanIsValidAndRecording(Span span) {
        return span.isRecording() && span.getSpanContext().isValid();
    }
}
