package io.quarkus.vertx.http.runtime.security;

import io.quarkus.security.credential.Credential;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.groups.UniCreate;
import io.vertx.ext.web.RoutingContext;
import java.security.Permission;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/RolesAllowedHttpSecurityPolicy.class */
public class RolesAllowedHttpSecurityPolicy implements HttpSecurityPolicy {
    private List<String> rolesAllowed;
    private final boolean grantPermissions;
    private final Map<String, Set<Permission>> roleToPermissions;

    public RolesAllowedHttpSecurityPolicy(List<String> list) {
        this.rolesAllowed = list;
        this.grantPermissions = false;
        this.roleToPermissions = null;
    }

    public RolesAllowedHttpSecurityPolicy() {
        this.grantPermissions = false;
        this.roleToPermissions = null;
    }

    public RolesAllowedHttpSecurityPolicy(List<String> list, Map<String, Set<Permission>> map) {
        this.rolesAllowed = list;
        this.grantPermissions = true;
        this.roleToPermissions = map;
    }

    public List<String> getRolesAllowed() {
        return this.rolesAllowed;
    }

    public RolesAllowedHttpSecurityPolicy setRolesAllowed(List<String> list) {
        this.rolesAllowed = list;
        return this;
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy
    public Uni<HttpSecurityPolicy.CheckResult> checkPermission(RoutingContext routingContext, Uni<SecurityIdentity> uni, HttpSecurityPolicy.AuthorizationRequestContext authorizationRequestContext) {
        return uni.map(new Function<SecurityIdentity, HttpSecurityPolicy.CheckResult>() { // from class: io.quarkus.vertx.http.runtime.security.RolesAllowedHttpSecurityPolicy.1
            @Override // java.util.function.Function
            public HttpSecurityPolicy.CheckResult apply(SecurityIdentity securityIdentity) {
                for (String str : RolesAllowedHttpSecurityPolicy.this.rolesAllowed) {
                    if (securityIdentity.hasRole(str) || ("**".equals(str) && !securityIdentity.isAnonymous())) {
                        return RolesAllowedHttpSecurityPolicy.this.grantPermissions ? RolesAllowedHttpSecurityPolicy.this.grantPermissions(securityIdentity) : HttpSecurityPolicy.CheckResult.PERMIT;
                    }
                }
                return HttpSecurityPolicy.CheckResult.DENY;
            }
        });
    }

    private HttpSecurityPolicy.CheckResult grantPermissions(SecurityIdentity securityIdentity) {
        Set<String> roles = securityIdentity.getRoles();
        if (roles != null && !roles.isEmpty()) {
            HashSet hashSet = new HashSet();
            for (String str : roles) {
                if (this.roleToPermissions.containsKey(str)) {
                    hashSet.addAll(this.roleToPermissions.get(str));
                }
            }
            if (!hashSet.isEmpty()) {
                return new HttpSecurityPolicy.CheckResult(true, augmentIdentity(securityIdentity, hashSet));
            }
        }
        return HttpSecurityPolicy.CheckResult.PERMIT;
    }

    private static SecurityIdentity augmentIdentity(final SecurityIdentity securityIdentity, final Set<Permission> set) {
        return new SecurityIdentity() { // from class: io.quarkus.vertx.http.runtime.security.RolesAllowedHttpSecurityPolicy.2
            @Override // io.quarkus.security.identity.SecurityIdentity
            public Principal getPrincipal() {
                return SecurityIdentity.this.getPrincipal();
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public boolean isAnonymous() {
                return SecurityIdentity.this.isAnonymous();
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public Set<String> getRoles() {
                return SecurityIdentity.this.getRoles();
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public boolean hasRole(String str) {
                return SecurityIdentity.this.hasRole(str);
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public <T extends Credential> T getCredential(Class<T> cls) {
                return (T) SecurityIdentity.this.getCredential(cls);
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public Set<Credential> getCredentials() {
                return SecurityIdentity.this.getCredentials();
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public <T> T getAttribute(String str) {
                return (T) SecurityIdentity.this.getAttribute(str);
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public Map<String, Object> getAttributes() {
                return SecurityIdentity.this.getAttributes();
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public Uni<Boolean> checkPermission(Permission permission) {
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    if (((Permission) it.next()).implies(permission)) {
                        return Uni.createFrom().item((UniCreate) true);
                    }
                }
                return SecurityIdentity.this.checkPermission(permission);
            }

            @Override // io.quarkus.security.identity.SecurityIdentity
            public boolean checkPermissionBlocking(Permission permission) {
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    if (((Permission) it.next()).implies(permission)) {
                        return true;
                    }
                }
                return SecurityIdentity.this.checkPermissionBlocking(permission);
            }
        };
    }
}
