package io.quarkus.resteasy.runtime;

import io.quarkus.arc.Arc;
import io.quarkus.arc.InstanceHandle;
import io.quarkus.security.UnauthorizedException;
import io.quarkus.security.identity.CurrentIdentityAssociation;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.spi.runtime.AuthorizationController;
import io.quarkus.security.spi.runtime.AuthorizationFailureEvent;
import io.quarkus.security.spi.runtime.AuthorizationSuccessEvent;
import io.quarkus.security.spi.runtime.MethodDescription;
import io.quarkus.security.spi.runtime.SecurityCheck;
import io.quarkus.security.spi.runtime.SecurityCheckStorage;
import io.quarkus.vertx.http.runtime.CurrentVertxRequest;
import io.quarkus.vertx.http.runtime.security.EagerSecurityInterceptorStorage;
import io.quarkus.vertx.http.runtime.security.QuarkusHttpUser;
import io.vertx.ext.web.RoutingContext;
import jakarta.annotation.Priority;
import jakarta.inject.Inject;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.ResourceInfo;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Method;
import java.lang.runtime.ObjectMethods;
import java.util.Map;
import java.util.function.Consumer;
import org.jboss.resteasy.core.ResourceMethodInvoker;
import org.jboss.resteasy.core.interception.jaxrs.PostMatchContainerRequestContext;
import org.jboss.resteasy.spi.ResourceFactory;

@Provider
@Priority(1000)
/* loaded from: input_file:io/quarkus/resteasy/runtime/EagerSecurityFilter.class */
public class EagerSecurityFilter implements ContainerRequestFilter {
    static final String SKIP_DEFAULT_CHECK = "io.quarkus.resteasy.runtime.EagerSecurityFilter#SKIP_DEFAULT_CHECK";
    private final EagerSecurityInterceptorStorage interceptorStorage;

    @Context
    ResourceInfo resourceInfo;

    @Inject
    CurrentVertxRequest currentVertxRequest;

    @Inject
    SecurityCheckStorage securityCheckStorage;

    @Inject
    CurrentIdentityAssociation identityAssociation;

    @Inject
    AuthorizationController authorizationController;

    @Inject
    JaxRsPermissionChecker jaxRsPermissionChecker;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkus/resteasy/runtime/EagerSecurityFilter$ResourceMethodDescription.class */
    public static final class ResourceMethodDescription extends Record {
        private final MethodDescription invokedMethodDesc;
        private final MethodDescription fallbackMethodDesc;

        private ResourceMethodDescription(MethodDescription methodDescription, MethodDescription methodDescription2) {
            this.invokedMethodDesc = methodDescription;
            this.fallbackMethodDesc = methodDescription2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, ResourceMethodDescription.class), ResourceMethodDescription.class, "invokedMethodDesc;fallbackMethodDesc", "FIELD:Lio/quarkus/resteasy/runtime/EagerSecurityFilter$ResourceMethodDescription;->invokedMethodDesc:Lio/quarkus/security/spi/runtime/MethodDescription;", "FIELD:Lio/quarkus/resteasy/runtime/EagerSecurityFilter$ResourceMethodDescription;->fallbackMethodDesc:Lio/quarkus/security/spi/runtime/MethodDescription;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, ResourceMethodDescription.class), ResourceMethodDescription.class, "invokedMethodDesc;fallbackMethodDesc", "FIELD:Lio/quarkus/resteasy/runtime/EagerSecurityFilter$ResourceMethodDescription;->invokedMethodDesc:Lio/quarkus/security/spi/runtime/MethodDescription;", "FIELD:Lio/quarkus/resteasy/runtime/EagerSecurityFilter$ResourceMethodDescription;->fallbackMethodDesc:Lio/quarkus/security/spi/runtime/MethodDescription;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, ResourceMethodDescription.class, Object.class), ResourceMethodDescription.class, "invokedMethodDesc;fallbackMethodDesc", "FIELD:Lio/quarkus/resteasy/runtime/EagerSecurityFilter$ResourceMethodDescription;->invokedMethodDesc:Lio/quarkus/security/spi/runtime/MethodDescription;", "FIELD:Lio/quarkus/resteasy/runtime/EagerSecurityFilter$ResourceMethodDescription;->fallbackMethodDesc:Lio/quarkus/security/spi/runtime/MethodDescription;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public MethodDescription invokedMethodDesc() {
            return this.invokedMethodDesc;
        }

        public MethodDescription fallbackMethodDesc() {
            return this.fallbackMethodDesc;
        }
    }

    public EagerSecurityFilter() {
        InstanceHandle instance = Arc.container().instance(EagerSecurityInterceptorStorage.class, new Annotation[0]);
        this.interceptorStorage = instance.isAvailable() ? (EagerSecurityInterceptorStorage) instance.get() : null;
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (this.authorizationController.isAuthorizationEnabled()) {
            ResourceMethodDescription createResourceMethodDescription = createResourceMethodDescription(containerRequestContext, this.resourceInfo);
            if (this.interceptorStorage != null) {
                applyEagerSecurityInterceptors(createResourceMethodDescription);
            }
            MethodDescription methodSecuredWithAuthZPolicy = this.jaxRsPermissionChecker.getMethodSecuredWithAuthZPolicy(createResourceMethodDescription.invokedMethodDesc(), createResourceMethodDescription.fallbackMethodDesc());
            if (this.jaxRsPermissionChecker.shouldRunPermissionChecks()) {
                this.jaxRsPermissionChecker.applyPermissionChecks(methodSecuredWithAuthZPolicy);
            }
            if (methodSecuredWithAuthZPolicy == null) {
                applySecurityChecks(createResourceMethodDescription);
            }
        }
    }

    private void applySecurityChecks(ResourceMethodDescription resourceMethodDescription) {
        MethodDescription invokedMethodDesc = resourceMethodDescription.invokedMethodDesc();
        SecurityCheck securityCheck = this.securityCheckStorage.getSecurityCheck(invokedMethodDesc);
        if (securityCheck == null && resourceMethodDescription.fallbackMethodDesc() != null) {
            invokedMethodDesc = resourceMethodDescription.fallbackMethodDesc();
            securityCheck = this.securityCheckStorage.getSecurityCheck(invokedMethodDesc);
        }
        if (securityCheck == null && this.securityCheckStorage.getDefaultSecurityCheck() != null && routingContext().get(EagerSecurityFilter.class.getName()) == null && routingContext().get(SKIP_DEFAULT_CHECK) == null) {
            securityCheck = this.securityCheckStorage.getDefaultSecurityCheck();
        }
        if (securityCheck != null) {
            if (securityCheck.isPermitAll()) {
                QuarkusHttpUser user = routingContext().user();
                fireEventOnAuthZSuccess(securityCheck, user instanceof QuarkusHttpUser ? user.getSecurityIdentity() : null, invokedMethodDesc);
            } else {
                if (securityCheck.requiresMethodArguments()) {
                    if (this.identityAssociation.getIdentity().isAnonymous()) {
                        UnauthorizedException unauthorizedException = new UnauthorizedException();
                        if (this.jaxRsPermissionChecker.getEventHelper().fireEventOnFailure()) {
                            fireEventOnAuthZFailure(unauthorizedException, securityCheck, invokedMethodDesc);
                        }
                        throw unauthorizedException;
                    }
                    return;
                }
                if (this.jaxRsPermissionChecker.getEventHelper().fireEventOnFailure()) {
                    try {
                        securityCheck.apply(this.identityAssociation.getIdentity(), invokedMethodDesc, (Object[]) null);
                    } catch (Exception e) {
                        fireEventOnAuthZFailure(e, securityCheck, invokedMethodDesc);
                        throw e;
                    }
                } else {
                    securityCheck.apply(this.identityAssociation.getIdentity(), invokedMethodDesc, (Object[]) null);
                }
                fireEventOnAuthZSuccess(securityCheck, this.identityAssociation.getIdentity(), invokedMethodDesc);
            }
            routingContext().put(EagerSecurityFilter.class.getName(), this.resourceInfo.getResourceMethod());
        }
    }

    private void fireEventOnAuthZFailure(Exception exc, SecurityCheck securityCheck, MethodDescription methodDescription) {
        this.jaxRsPermissionChecker.getEventHelper().fireFailureEvent(new AuthorizationFailureEvent(this.identityAssociation.getIdentity(), exc, securityCheck.getClass().getName(), Map.of(RoutingContext.class.getName(), routingContext()), methodDescription));
    }

    private void fireEventOnAuthZSuccess(SecurityCheck securityCheck, SecurityIdentity securityIdentity, MethodDescription methodDescription) {
        if (this.jaxRsPermissionChecker.getEventHelper().fireEventOnSuccess()) {
            this.jaxRsPermissionChecker.getEventHelper().fireSuccessEvent(new AuthorizationSuccessEvent(securityIdentity, securityCheck.getClass().getName(), Map.of(RoutingContext.class.getName(), routingContext()), methodDescription));
        }
    }

    private RoutingContext routingContext() {
        return this.currentVertxRequest.getCurrent();
    }

    private void applyEagerSecurityInterceptors(ResourceMethodDescription resourceMethodDescription) {
        Consumer interceptor = this.interceptorStorage.getInterceptor(resourceMethodDescription.invokedMethodDesc());
        if (resourceMethodDescription.fallbackMethodDesc() != null && interceptor == null) {
            interceptor = this.interceptorStorage.getInterceptor(resourceMethodDescription.fallbackMethodDesc());
        }
        if (interceptor != null) {
            interceptor.accept(routingContext());
        }
    }

    private static Class<?> getScannableClass(ResourceMethodInvoker resourceMethodInvoker) {
        ResourceFactory resourceFactory = getResourceFactory(resourceMethodInvoker);
        if (resourceFactory == null) {
            return null;
        }
        return resourceFactory.getScannableClass();
    }

    private static ResourceMethodDescription createResourceMethodDescription(ContainerRequestContext containerRequestContext, ResourceInfo resourceInfo) {
        Class<?> scannableClass;
        Method resourceMethod = resourceInfo.getResourceMethod();
        MethodDescription ofMethod = MethodDescription.ofMethod(resourceMethod);
        if ((containerRequestContext instanceof PostMatchContainerRequestContext) && (scannableClass = getScannableClass(((PostMatchContainerRequestContext) containerRequestContext).getResourceMethod())) != null && !resourceMethod.getDeclaringClass().equals(scannableClass)) {
            try {
                MethodDescription ofMethod2 = MethodDescription.ofMethod(scannableClass.getMethod(resourceMethod.getName(), resourceMethod.getParameterTypes()));
                if (!ofMethod2.equals(ofMethod)) {
                    return new ResourceMethodDescription(ofMethod2, ofMethod);
                }
            } catch (NoSuchMethodException e) {
            }
        }
        return new ResourceMethodDescription(ofMethod, null);
    }

    static native ResourceFactory getResourceFactory(ResourceMethodInvoker resourceMethodInvoker);
}
