package io.quarkus.vertx.http.runtime.security;

import io.quarkus.security.credential.Credential;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.mutiny.Uni;
import java.security.Permission;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/RolesMapping.class */
public class RolesMapping implements Function<SecurityIdentity, SecurityIdentity> {
    static final String ROLES_MAPPING_KEY = "io.quarkus.vertx.http.runtime.security.RolesMapping";
    private final Map<String, Set<Permission>> roleToPermissions;
    private final Map<String, List<String>> roleToRoles;
    protected final boolean grantPermissions;
    protected final boolean grantRoles;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RolesMapping(Map<String, Set<Permission>> map, Map<String, List<String>> map2) {
        if (map == null || map.isEmpty()) {
            this.grantPermissions = false;
            this.roleToPermissions = null;
        } else {
            this.grantPermissions = true;
            this.roleToPermissions = Map.copyOf(map);
        }
        if (map2 == null || map2.isEmpty()) {
            this.grantRoles = false;
            this.roleToRoles = null;
        } else {
            this.grantRoles = true;
            this.roleToRoles = Map.copyOf(map2);
        }
    }

    public static RolesMapping of(Map<String, List<String>> map) {
        if (map.isEmpty()) {
            return null;
        }
        return new RolesMapping(null, map);
    }

    @Override // java.util.function.Function
    public SecurityIdentity apply(SecurityIdentity securityIdentity) {
        SecurityIdentity augmentIdentity;
        if (!securityIdentity.isAnonymous() && (augmentIdentity = augmentIdentity(securityIdentity)) != null) {
            return augmentIdentity;
        }
        return securityIdentity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityIdentity augmentIdentity(SecurityIdentity securityIdentity) {
        Set<String> roles = securityIdentity.getRoles();
        if (roles == null || roles.isEmpty()) {
            return null;
        }
        HashSet hashSet = this.grantPermissions ? new HashSet() : null;
        HashSet hashSet2 = this.grantRoles ? new HashSet() : null;
        for (String str : roles) {
            if (this.grantPermissions && this.roleToPermissions.containsKey(str)) {
                hashSet.addAll(this.roleToPermissions.get(str));
            }
            if (this.grantRoles && this.roleToRoles.containsKey(str)) {
                hashSet2.addAll(this.roleToRoles.get(str));
            }
        }
        boolean z = this.grantPermissions && !hashSet.isEmpty();
        if (this.grantRoles && !hashSet2.isEmpty()) {
            hashSet2.addAll(roles);
            return augmentIdentity(securityIdentity, hashSet, Set.copyOf(hashSet2), z);
        }
        if (z) {
            return augmentIdentity(securityIdentity, hashSet, roles, true);
        }
        return null;
    }

    private static SecurityIdentity augmentIdentity(final SecurityIdentity securityIdentity, final Set<Permission> set, final Set<String> set2, final boolean z) {
        return new SecurityIdentity() { // from class: io.quarkus.vertx.http.runtime.security.RolesMapping.1
            public Principal getPrincipal() {
                return securityIdentity.getPrincipal();
            }

            public boolean isAnonymous() {
                return securityIdentity.isAnonymous();
            }

            public Set<String> getRoles() {
                return set2;
            }

            public boolean hasRole(String str) {
                return set2.contains(str);
            }

            public <T extends Credential> T getCredential(Class<T> cls) {
                return (T) securityIdentity.getCredential(cls);
            }

            public Set<Credential> getCredentials() {
                return securityIdentity.getCredentials();
            }

            public <T> T getAttribute(String str) {
                return (T) securityIdentity.getAttribute(str);
            }

            public Map<String, Object> getAttributes() {
                return securityIdentity.getAttributes();
            }

            public Uni<Boolean> checkPermission(Permission permission) {
                if (z) {
                    Iterator it = set.iterator();
                    while (it.hasNext()) {
                        if (((Permission) it.next()).implies(permission)) {
                            return Uni.createFrom().item(true);
                        }
                    }
                }
                return securityIdentity.checkPermission(permission);
            }

            public boolean checkPermissionBlocking(Permission permission) {
                if (z) {
                    Iterator it = set.iterator();
                    while (it.hasNext()) {
                        if (((Permission) it.next()).implies(permission)) {
                            return true;
                        }
                    }
                }
                return securityIdentity.checkPermissionBlocking(permission);
            }
        };
    }
}
