package io.quarkus.resteasy.reactive.server.runtime.security;

import io.quarkus.arc.Arc;
import io.quarkus.resteasy.reactive.server.runtime.ResteasyReactiveSecurityContext;
import io.quarkus.security.credential.Credential;
import io.quarkus.security.identity.CurrentIdentityAssociation;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.mutiny.Uni;
import java.lang.annotation.Annotation;
import java.security.Permission;
import java.security.Principal;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import javax.enterprise.inject.spi.CDI;
import javax.ws.rs.core.SecurityContext;
import org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext;
import org.jboss.resteasy.reactive.server.model.HandlerChainCustomizer;
import org.jboss.resteasy.reactive.server.spi.ServerRestHandler;

/* loaded from: input_file:io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler.class */
public class SecurityContextOverrideHandler implements ServerRestHandler {
    private volatile SecurityIdentity securityIdentity;
    private volatile CurrentIdentityAssociation currentIdentityAssociation;

    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/runtime/security/SecurityContextOverrideHandler$Customizer.class */
    public static class Customizer implements HandlerChainCustomizer {
        public List<ServerRestHandler> handlers(HandlerChainCustomizer.Phase phase) {
            return Collections.singletonList(new SecurityContextOverrideHandler());
        }
    }

    public void handle(ResteasyReactiveRequestContext resteasyReactiveRequestContext) throws Exception {
        if (resteasyReactiveRequestContext.isSecurityContextSet()) {
            SecurityContext securityContext = resteasyReactiveRequestContext.getSecurityContext();
            if (securityContext instanceof ResteasyReactiveSecurityContext) {
                return;
            }
            updateIdentity(resteasyReactiveRequestContext, securityContext);
        }
    }

    private void updateIdentity(ResteasyReactiveRequestContext resteasyReactiveRequestContext, final SecurityContext securityContext) {
        resteasyReactiveRequestContext.requireCDIRequestScope();
        CurrentIdentityAssociation currentIdentityAssociation = (CurrentIdentityAssociation) Arc.container().select(CurrentIdentityAssociation.class, new Annotation[0]).get();
        currentIdentityAssociation.setIdentity(currentIdentityAssociation.getDeferredIdentity().map(new Function<SecurityIdentity, SecurityIdentity>() { // from class: io.quarkus.resteasy.reactive.server.runtime.security.SecurityContextOverrideHandler.1
            @Override // java.util.function.Function
            public SecurityIdentity apply(SecurityIdentity securityIdentity) {
                final Set credentials = securityIdentity.getCredentials();
                final Map attributes = securityIdentity.getAttributes();
                return new SecurityIdentity() { // from class: io.quarkus.resteasy.reactive.server.runtime.security.SecurityContextOverrideHandler.1.1
                    public Principal getPrincipal() {
                        return securityContext.getUserPrincipal();
                    }

                    public boolean isAnonymous() {
                        return securityContext.getUserPrincipal() == null;
                    }

                    public Set<String> getRoles() {
                        throw new UnsupportedOperationException("retrieving all roles not supported when JAX-RS security context has been replaced");
                    }

                    public boolean hasRole(String str) {
                        return securityContext.isUserInRole(str);
                    }

                    public <T extends Credential> T getCredential(Class<T> cls) {
                        Iterator<Credential> it = getCredentials().iterator();
                        while (it.hasNext()) {
                            T t = (T) it.next();
                            if (cls.isAssignableFrom(t.getClass())) {
                                return t;
                            }
                        }
                        return null;
                    }

                    public Set<Credential> getCredentials() {
                        return credentials;
                    }

                    public <T> T getAttribute(String str) {
                        return (T) attributes.get(str);
                    }

                    public Map<String, Object> getAttributes() {
                        return attributes;
                    }

                    public Uni<Boolean> checkPermission(Permission permission) {
                        return Uni.createFrom().nullItem();
                    }
                };
            }
        }));
    }

    private CurrentIdentityAssociation getCurrentIdentityAssociation() {
        CurrentIdentityAssociation currentIdentityAssociation = this.currentIdentityAssociation;
        if (currentIdentityAssociation != null) {
            return currentIdentityAssociation;
        }
        CurrentIdentityAssociation currentIdentityAssociation2 = (CurrentIdentityAssociation) CDI.current().select(CurrentIdentityAssociation.class, new Annotation[0]).get();
        this.currentIdentityAssociation = currentIdentityAssociation2;
        return currentIdentityAssociation2;
    }

    private SecurityIdentity getSecurityIdentity() {
        SecurityIdentity securityIdentity = this.securityIdentity;
        if (securityIdentity != null) {
            return securityIdentity;
        }
        SecurityIdentity securityIdentity2 = (SecurityIdentity) CDI.current().select(SecurityIdentity.class, new Annotation[0]).get();
        this.securityIdentity = securityIdentity2;
        return securityIdentity2;
    }
}
