package io.quarkus.security.runtime.interceptor.check;

import io.quarkus.security.ForbiddenException;
import io.quarkus.security.UnauthorizedException;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.spi.runtime.MethodDescription;
import io.quarkus.security.spi.runtime.SecurityCheck;
import io.smallrye.mutiny.Uni;
import java.lang.reflect.Method;
import java.security.Permission;
import java.util.Objects;
import java.util.function.Function;

/* loaded from: input_file:io/quarkus/security/runtime/interceptor/check/PermissionSecurityCheck.class */
public abstract class PermissionSecurityCheck<T> implements SecurityCheck {
    private static final Uni<Object> SUCCESSFUL_CHECK = Uni.createFrom().nullItem();
    private final T permissions;
    private final Function<Object[], T> computedPermissions;
    private final boolean useComputedPermissions;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck$3, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/security/runtime/interceptor/check/PermissionSecurityCheck$3.class */
    public class AnonymousClass3 extends PermissionSecurityCheck<Permission[][]> {
        AnonymousClass3(Permission[][] permissionArr, Function function) {
            super(permissionArr, function);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck
        public Uni<?> checkPermissions(final SecurityIdentity securityIdentity, final Permission[][] permissionArr, final int i) {
            return PermissionSecurityCheck.checkPermissions(securityIdentity, permissionArr[i], 0).onItem().transformToUni(new Function<Object, Uni<?>>() { // from class: io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck.3.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.function.Function
                public Uni<?> apply(Object obj) {
                    return i + 1 < permissionArr.length ? AnonymousClass3.this.checkPermissions(securityIdentity, permissionArr, i + 1) : PermissionSecurityCheck.SUCCESSFUL_CHECK;
                }
            });
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck
        public void checkPermissions(SecurityIdentity securityIdentity, Permission[][] permissionArr) {
            for (Permission[] permissionArr2 : permissionArr) {
                int length = permissionArr2.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        PermissionSecurityCheck.throwException(securityIdentity);
                        break;
                    } else if (securityIdentity.checkPermissionBlocking(permissionArr2[i])) {
                        break;
                    } else {
                        i++;
                    }
                }
            }
        }
    }

    private PermissionSecurityCheck(T t, Function<Object[], T> function) {
        if (t == null) {
            Objects.requireNonNull(function);
            this.useComputedPermissions = true;
        } else {
            if (function != null) {
                throw new IllegalStateException("PermissionSecurityCheck must be created either for computed permissionsor plain permissions, but received both");
            }
            this.useComputedPermissions = false;
        }
        this.permissions = t;
        this.computedPermissions = function;
    }

    private T getPermissions(Object[] objArr) {
        return this.useComputedPermissions ? this.computedPermissions.apply(objArr) : this.permissions;
    }

    public void apply(SecurityIdentity securityIdentity, Method method, Object[] objArr) {
        checkPermissions(securityIdentity, getPermissions(objArr));
    }

    public void apply(SecurityIdentity securityIdentity, MethodDescription methodDescription, Object[] objArr) {
        checkPermissions(securityIdentity, getPermissions(objArr));
    }

    public Uni<?> nonBlockingApply(SecurityIdentity securityIdentity, Method method, Object[] objArr) {
        return checkPermissions(securityIdentity, (SecurityIdentity) getPermissions(objArr), 0);
    }

    public Uni<?> nonBlockingApply(SecurityIdentity securityIdentity, MethodDescription methodDescription, Object[] objArr) {
        return checkPermissions(securityIdentity, (SecurityIdentity) getPermissions(objArr), 0);
    }

    public boolean requiresMethodArguments() {
        return this.useComputedPermissions;
    }

    private static void throwException(SecurityIdentity securityIdentity) {
        if (!securityIdentity.isAnonymous()) {
            throw new ForbiddenException();
        }
        throw new UnauthorizedException();
    }

    protected abstract Uni<?> checkPermissions(SecurityIdentity securityIdentity, T t, int i);

    protected abstract void checkPermissions(SecurityIdentity securityIdentity, T t);

    public static SecurityCheck of(Permission permission, Function<Object[], Permission> function) {
        return new PermissionSecurityCheck<Permission>(permission, function) { // from class: io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck
            public Uni<?> checkPermissions(final SecurityIdentity securityIdentity, Permission permission2, int i) {
                return securityIdentity.checkPermission(permission2).onItem().transformToUni(new Function<Boolean, Uni<? extends Object>>() { // from class: io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck.1.1
                    @Override // java.util.function.Function
                    public Uni<?> apply(Boolean bool) {
                        if (Boolean.FALSE.equals(bool)) {
                            PermissionSecurityCheck.throwException(securityIdentity);
                        }
                        return PermissionSecurityCheck.SUCCESSFUL_CHECK;
                    }
                });
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck
            public void checkPermissions(SecurityIdentity securityIdentity, Permission permission2) {
                if (securityIdentity.checkPermissionBlocking(permission2)) {
                    return;
                }
                PermissionSecurityCheck.throwException(securityIdentity);
            }
        };
    }

    public static SecurityCheck of(Permission[] permissionArr, Function<Object[], Permission[]> function) {
        return new PermissionSecurityCheck<Permission[]>(permissionArr, function) { // from class: io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck.2
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck
            public Uni<?> checkPermissions(SecurityIdentity securityIdentity, Permission[] permissionArr2, int i) {
                return PermissionSecurityCheck.checkPermissions(securityIdentity, permissionArr2, i);
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck
            public void checkPermissions(SecurityIdentity securityIdentity, Permission[] permissionArr2) {
                for (Permission permission : permissionArr2) {
                    if (securityIdentity.checkPermissionBlocking(permission)) {
                        return;
                    }
                }
                PermissionSecurityCheck.throwException(securityIdentity);
            }
        };
    }

    public static SecurityCheck of(Permission[][] permissionArr, Function<Object[], Permission[][]> function) {
        return new AnonymousClass3(permissionArr, function);
    }

    private static Uni<?> checkPermissions(final SecurityIdentity securityIdentity, final Permission[] permissionArr, final int i) {
        return securityIdentity.checkPermission(permissionArr[i]).onItem().transformToUni(new Function<Boolean, Uni<? extends Object>>() { // from class: io.quarkus.security.runtime.interceptor.check.PermissionSecurityCheck.4
            @Override // java.util.function.Function
            public Uni<?> apply(Boolean bool) {
                if (Boolean.TRUE.equals(bool)) {
                    return PermissionSecurityCheck.SUCCESSFUL_CHECK;
                }
                if (!(i + 1 < permissionArr.length)) {
                    PermissionSecurityCheck.throwException(securityIdentity);
                }
                return PermissionSecurityCheck.checkPermissions(securityIdentity, permissionArr, i + 1);
            }
        });
    }
}
