package io.quarkus.vertx.http.runtime.security;

import io.quarkus.runtime.BlockingOperationControl;
import io.quarkus.runtime.ExecutorRecorder;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AnonymousAuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.vertx.ext.web.RoutingContext;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.BiFunction;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/HttpAuthorizer.class */
public class HttpAuthorizer {

    @Inject
    HttpAuthenticator httpAuthenticator;

    @Inject
    IdentityProviderManager identityProviderManager;
    final List<HttpSecurityPolicy> policies = new ArrayList();
    private static final HttpSecurityPolicy.AuthorizationRequestContext CONTEXT = new HttpSecurityPolicy.AuthorizationRequestContext() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.1
        @Override // io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy.AuthorizationRequestContext
        public CompletionStage<HttpSecurityPolicy.CheckResult> runBlocking(final RoutingContext routingContext, final SecurityIdentity securityIdentity, final BiFunction<RoutingContext, SecurityIdentity, HttpSecurityPolicy.CheckResult> biFunction) {
            if (BlockingOperationControl.isBlockingAllowed()) {
                try {
                    return CompletableFuture.completedFuture(biFunction.apply(routingContext, securityIdentity));
                } catch (Throwable th) {
                    CompletableFuture completableFuture = new CompletableFuture();
                    completableFuture.completeExceptionally(th);
                    return completableFuture;
                }
            }
            try {
                final CompletableFuture completableFuture2 = new CompletableFuture();
                ExecutorRecorder.getCurrent().execute(new Runnable() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.1.1
                    @Override // java.lang.Runnable
                    public void run() {
                        try {
                            completableFuture2.complete((HttpSecurityPolicy.CheckResult) biFunction.apply(routingContext, securityIdentity));
                        } catch (Throwable th2) {
                            completableFuture2.completeExceptionally(th2);
                        }
                    }
                });
                return completableFuture2;
            } catch (Exception e) {
                CompletableFuture completableFuture3 = new CompletableFuture();
                completableFuture3.completeExceptionally(e);
                return completableFuture3;
            }
        }
    };

    @Inject
    HttpAuthorizer(Instance<HttpSecurityPolicy> instance) {
        Iterator<HttpSecurityPolicy> it = instance.iterator();
        while (it.hasNext()) {
            this.policies.add(it.next());
        }
    }

    public void checkPermission(RoutingContext routingContext) {
        QuarkusHttpUser quarkusHttpUser = (QuarkusHttpUser) routingContext.user();
        if (quarkusHttpUser == null) {
            attemptAnonymousAuthentication(routingContext);
        } else {
            doPermissionCheck(routingContext, quarkusHttpUser.getSecurityIdentity(), 0, this.policies);
        }
    }

    private void attemptAnonymousAuthentication(final RoutingContext routingContext) {
        this.identityProviderManager.authenticate(AnonymousAuthenticationRequest.INSTANCE).handle(new BiFunction<SecurityIdentity, Throwable, Object>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.2
            @Override // java.util.function.BiFunction
            public Object apply(SecurityIdentity securityIdentity, Throwable th) {
                if (th != null) {
                    routingContext.fail(th);
                    return null;
                }
                HttpAuthorizer.this.doPermissionCheck(routingContext, securityIdentity, 0, HttpAuthorizer.this.policies);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doPermissionCheck(final RoutingContext routingContext, final SecurityIdentity securityIdentity, final int i, final List<HttpSecurityPolicy> list) {
        if (i != list.size()) {
            list.get(i).checkPermission(routingContext, securityIdentity, CONTEXT).handle(new BiFunction<HttpSecurityPolicy.CheckResult, Throwable, Object>() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.3
                @Override // java.util.function.BiFunction
                public Object apply(HttpSecurityPolicy.CheckResult checkResult, Throwable th) {
                    if (th != null) {
                        routingContext.fail(th);
                        return null;
                    }
                    if (checkResult.isPermitted()) {
                        HttpAuthorizer.this.doPermissionCheck(routingContext, checkResult.getAugmentedIdentity() != null ? checkResult.getAugmentedIdentity() : securityIdentity, i + 1, list);
                        return null;
                    }
                    HttpAuthorizer.this.doDeny(securityIdentity, routingContext);
                    return null;
                }
            });
            return;
        }
        QuarkusHttpUser quarkusHttpUser = (QuarkusHttpUser) routingContext.user();
        if (!securityIdentity.isAnonymous() && (quarkusHttpUser == null || quarkusHttpUser.getSecurityIdentity() != securityIdentity)) {
            routingContext.setUser(new QuarkusHttpUser(securityIdentity));
        }
        routingContext.next();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doDeny(SecurityIdentity securityIdentity, final RoutingContext routingContext) {
        if (securityIdentity.isAnonymous()) {
            this.httpAuthenticator.sendChallenge(routingContext, new Runnable() { // from class: io.quarkus.vertx.http.runtime.security.HttpAuthorizer.4
                @Override // java.lang.Runnable
                public void run() {
                    routingContext.response().end();
                }
            });
        } else {
            routingContext.fail(403);
        }
    }
}
