package io.quarkus.vertx.http.runtime.security;

import io.quarkus.runtime.BlockingOperationControl;
import io.quarkus.runtime.ExecutorRecorder;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.spi.runtime.AuthorizationController;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.groups.UniCreate;
import io.smallrye.mutiny.subscription.UniEmitter;
import io.smallrye.mutiny.subscription.UniSubscriber;
import io.smallrye.mutiny.subscription.UniSubscription;
import io.vertx.ext.web.RoutingContext;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.function.BiFunction;
import java.util.function.Consumer;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.jboss.logging.Logger;

@Singleton
/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/HttpAuthorizer.class */
public class HttpAuthorizer {

    @Inject
    HttpAuthenticator httpAuthenticator;

    @Inject
    IdentityProviderManager identityProviderManager;

    @Inject
    AuthorizationController controller;
    final List<HttpSecurityPolicy> policies = new ArrayList();
    private static final Logger log = Logger.getLogger((Class<?>) HttpAuthorizer.class);
    private static final HttpSecurityPolicy.AuthorizationRequestContext CONTEXT = new HttpSecurityPolicy.AuthorizationRequestContext() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.1
        @Override // io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy.AuthorizationRequestContext
        public Uni<HttpSecurityPolicy.CheckResult> runBlocking(final RoutingContext routingContext, final Uni<SecurityIdentity> uni, final BiFunction<RoutingContext, SecurityIdentity, HttpSecurityPolicy.CheckResult> biFunction) {
            if (!BlockingOperationControl.isBlockingAllowed()) {
                try {
                    return Uni.createFrom().emitter(new Consumer<UniEmitter<? super HttpSecurityPolicy.CheckResult>>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.1.1
                        @Override // java.util.function.Consumer
                        public void accept(final UniEmitter<? super HttpSecurityPolicy.CheckResult> uniEmitter) {
                            ExecutorRecorder.getCurrent().execute(new Runnable() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.1.1.1
                                @Override // java.lang.Runnable
                                public void run() {
                                    try {
                                        uniEmitter.complete((HttpSecurityPolicy.CheckResult) biFunction.apply(routingContext, (SecurityIdentity) uni.await().indefinitely()));
                                    } catch (Throwable th) {
                                        uniEmitter.fail(th);
                                    }
                                }
                            });
                        }
                    });
                } catch (Exception e) {
                    return Uni.createFrom().failure(e);
                }
            }
            try {
                return Uni.createFrom().item((UniCreate) biFunction.apply(routingContext, uni.await().indefinitely()));
            } catch (Throwable th) {
                return Uni.createFrom().failure(th);
            }
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public HttpAuthorizer(Instance<HttpSecurityPolicy> instance) {
        Iterator<HttpSecurityPolicy> it = instance.iterator();
        while (it.hasNext()) {
            this.policies.add(it.next());
        }
    }

    public void checkPermission(RoutingContext routingContext) {
        if (this.controller.isAuthorizationEnabled()) {
            doPermissionCheck(routingContext, QuarkusHttpUser.getSecurityIdentity(routingContext, this.identityProviderManager), 0, null, this.policies);
        } else {
            routingContext.next();
        }
    }

    private void doPermissionCheck(final RoutingContext routingContext, final Uni<SecurityIdentity> uni, final int i, final SecurityIdentity securityIdentity, final List<HttpSecurityPolicy> list) {
        if (i != list.size()) {
            list.get(i).checkPermission(routingContext, uni, CONTEXT).subscribe().with(new Consumer<HttpSecurityPolicy.CheckResult>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.2
                @Override // java.util.function.Consumer
                public void accept(HttpSecurityPolicy.CheckResult checkResult) {
                    if (!checkResult.isPermitted()) {
                        HttpAuthorizer.this.doDeny(uni, routingContext);
                    } else if (checkResult.getAugmentedIdentity() != null) {
                        HttpAuthorizer.this.doPermissionCheck(routingContext, Uni.createFrom().item((UniCreate) checkResult.getAugmentedIdentity()), i + 1, checkResult.getAugmentedIdentity(), list);
                    } else {
                        HttpAuthorizer.this.doPermissionCheck(routingContext, uni, i + 1, securityIdentity, list);
                    }
                }
            }, new Consumer<Throwable>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.3
                @Override // java.util.function.Consumer
                public void accept(Throwable th) {
                    if (!routingContext.response().ended()) {
                        routingContext.fail(th);
                    } else {
                        if (th instanceof AuthenticationFailedException) {
                            return;
                        }
                        HttpAuthorizer.log.error("Exception occurred during authorization", th);
                    }
                }
            });
            return;
        }
        QuarkusHttpUser quarkusHttpUser = (QuarkusHttpUser) routingContext.user();
        if (securityIdentity != null && !securityIdentity.isAnonymous() && (quarkusHttpUser == null || quarkusHttpUser.getSecurityIdentity() != securityIdentity)) {
            routingContext.setUser(new QuarkusHttpUser(securityIdentity));
            routingContext.put(QuarkusHttpUser.DEFERRED_IDENTITY_KEY, Uni.createFrom().item((UniCreate) securityIdentity));
        }
        routingContext.next();
    }

    private void doDeny(Uni<SecurityIdentity> uni, final RoutingContext routingContext) {
        uni.subscribe().withSubscriber(new UniSubscriber<SecurityIdentity>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.4
            @Override // io.smallrye.mutiny.subscription.UniSubscriber
            public void onSubscribe(UniSubscription uniSubscription) {
            }

            @Override // io.smallrye.mutiny.subscription.UniSubscriber
            public void onItem(SecurityIdentity securityIdentity) {
                if (securityIdentity.isAnonymous()) {
                    HttpAuthorizer.this.httpAuthenticator.sendChallenge(routingContext).subscribe().withSubscriber(new UniSubscriber<Boolean>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.4.1
                        @Override // io.smallrye.mutiny.subscription.UniSubscriber
                        public void onSubscribe(UniSubscription uniSubscription) {
                        }

                        @Override // io.smallrye.mutiny.subscription.UniSubscriber
                        public void onItem(Boolean bool) {
                            if (routingContext.response().ended()) {
                                return;
                            }
                            routingContext.response().end();
                        }

                        @Override // io.smallrye.mutiny.subscription.UniSubscriber
                        public void onFailure(Throwable th) {
                            if (!routingContext.response().ended()) {
                                routingContext.fail(th);
                            } else if (th instanceof IOException) {
                                HttpAuthorizer.log.debug("Failed to send challenge", th);
                            } else {
                                HttpAuthorizer.log.error("Failed to send challenge", th);
                            }
                        }
                    });
                } else {
                    routingContext.fail(403);
                }
            }

            @Override // io.smallrye.mutiny.subscription.UniSubscriber
            public void onFailure(Throwable th) {
                routingContext.fail(th);
            }
        });
    }
}
