package io.quarkus.test.security;

import io.quarkus.arc.Arc;
import io.quarkus.arc.ArcContainer;
import io.quarkus.arc.InjectableInstance;
import io.quarkus.security.StringPermission;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.SecurityIdentityAugmentor;
import io.quarkus.security.runtime.QuarkusPermissionSecurityIdentityAugmentor;
import io.quarkus.security.runtime.QuarkusPrincipal;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.test.junit.callback.QuarkusTestAfterEachCallback;
import io.quarkus.test.junit.callback.QuarkusTestBeforeEachCallback;
import io.quarkus.test.junit.callback.QuarkusTestMethodContext;
import io.quarkus.test.util.annotations.AnnotationContainer;
import io.quarkus.test.util.annotations.AnnotationUtils;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.inject.Instance;
import jakarta.enterprise.inject.spi.CDI;
import java.lang.annotation.Annotation;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;

/* loaded from: input_file:io/quarkus/test/security/QuarkusSecurityTestExtension.class */
public class QuarkusSecurityTestExtension implements QuarkusTestBeforeEachCallback, QuarkusTestAfterEachCallback {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.test.security.QuarkusSecurityTestExtension$1PermissionToAction, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/test/security/QuarkusSecurityTestExtension$1PermissionToAction.class */
    public static final class C1PermissionToAction extends Record {
        private final String permission;
        private final Set<String> actions;

        C1PermissionToAction(String str, Set<String> set) {
            this.permission = str;
            this.actions = set;
        }

        void addAction(String str) {
            if (str != null) {
                this.actions.add(str);
            }
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, C1PermissionToAction.class), C1PermissionToAction.class, "permission;actions", "FIELD:Lio/quarkus/test/security/QuarkusSecurityTestExtension$1PermissionToAction;->permission:Ljava/lang/String;", "FIELD:Lio/quarkus/test/security/QuarkusSecurityTestExtension$1PermissionToAction;->actions:Ljava/util/Set;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, C1PermissionToAction.class), C1PermissionToAction.class, "permission;actions", "FIELD:Lio/quarkus/test/security/QuarkusSecurityTestExtension$1PermissionToAction;->permission:Ljava/lang/String;", "FIELD:Lio/quarkus/test/security/QuarkusSecurityTestExtension$1PermissionToAction;->actions:Ljava/util/Set;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, C1PermissionToAction.class, Object.class), C1PermissionToAction.class, "permission;actions", "FIELD:Lio/quarkus/test/security/QuarkusSecurityTestExtension$1PermissionToAction;->permission:Ljava/lang/String;", "FIELD:Lio/quarkus/test/security/QuarkusSecurityTestExtension$1PermissionToAction;->actions:Ljava/util/Set;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String permission() {
            return this.permission;
        }

        public Set<String> actions() {
            return this.actions;
        }
    }

    public void afterEach(QuarkusTestMethodContext quarkusTestMethodContext) {
        try {
            if (getAnnotationContainer(quarkusTestMethodContext).isPresent()) {
                ArcContainer container = Arc.container();
                ((TestAuthController) container.select(TestAuthController.class, new Annotation[0]).get()).setEnabled(true);
                for (AbstractTestHttpAuthenticationMechanism abstractTestHttpAuthenticationMechanism : container.select(AbstractTestHttpAuthenticationMechanism.class, new Annotation[0])) {
                    abstractTestHttpAuthenticationMechanism.setAuthMechanism(null);
                    abstractTestHttpAuthenticationMechanism.setSecurityIdentityAugmentors(null);
                }
                TestIdentityAssociation testIdentityAssociation = (TestIdentityAssociation) container.select(TestIdentityAssociation.class, new Annotation[0]).get();
                testIdentityAssociation.setTestIdentity(null);
                testIdentityAssociation.setPathBasedIdentity(false);
            }
        } catch (Exception e) {
            throw new RuntimeException("Unable to reset TestAuthController, TestIdentityAssociation and TestHttpAuthenticationMechanism", e);
        }
    }

    public void beforeEach(QuarkusTestMethodContext quarkusTestMethodContext) {
        try {
            Optional<AnnotationContainer<TestSecurity>> annotationContainer = getAnnotationContainer(quarkusTestMethodContext);
            if (annotationContainer.isEmpty()) {
                return;
            }
            AnnotationContainer<TestSecurity> annotationContainer2 = annotationContainer.get();
            Annotation[] annotations = annotationContainer2.getElement().getAnnotations();
            TestSecurity testSecurity = (TestSecurity) annotationContainer2.getAnnotation();
            ArcContainer container = Arc.container();
            ((TestAuthController) container.select(TestAuthController.class, new Annotation[0]).get()).setEnabled(testSecurity.authorizationEnabled());
            if (!testSecurity.user().isEmpty()) {
                QuarkusSecurityIdentity.Builder addRoles = QuarkusSecurityIdentity.builder().setPrincipal(new QuarkusPrincipal(testSecurity.user())).addRoles(new HashSet(Arrays.asList(testSecurity.roles())));
                if (testSecurity.permissions().length != 0) {
                    addRoles.addPermissionChecker(createPermissionChecker(testSecurity.permissions()));
                }
                if (testSecurity.attributes() != null) {
                    addRoles.addAttributes((Map) Arrays.stream(testSecurity.attributes()).collect(Collectors.toMap(securityAttribute -> {
                        return securityAttribute.key();
                    }, securityAttribute2 -> {
                        return securityAttribute2.type().convert(securityAttribute2.value());
                    })));
                }
                ((TestIdentityAssociation) container.select(TestIdentityAssociation.class, new Annotation[0]).get()).setTestIdentity(augment(addRoles.build(), annotations));
                if (!testSecurity.authMechanism().isEmpty()) {
                    Iterator it = container.select(AbstractTestHttpAuthenticationMechanism.class, new Annotation[0]).iterator();
                    while (it.hasNext()) {
                        ((AbstractTestHttpAuthenticationMechanism) it.next()).setAuthMechanism(testSecurity.authMechanism());
                    }
                    ((TestIdentityAssociation) container.select(TestIdentityAssociation.class, new Annotation[0]).get()).setPathBasedIdentity(true);
                }
                ArrayList arrayList = new ArrayList();
                for (Class<? extends SecurityIdentityAugmentor> cls : testSecurity.augmentors()) {
                    InjectableInstance select = container.select(cls, new Annotation[0]);
                    if (!select.isResolvable()) {
                        throw new RuntimeException("SecurityIdentityAugmentor class '%s' specified with '@TestSecurity#augmentors' annotation\nattribute on method '%s' is not available as a CDI bean.\n".formatted(cls, quarkusTestMethodContext.getTestMethod() == null ? "" : quarkusTestMethodContext.getTestMethod().getName()));
                    }
                    arrayList.add(select);
                }
                InjectableInstance select2 = container.select(QuarkusPermissionSecurityIdentityAugmentor.class, new Annotation[0]);
                if (select2.isResolvable()) {
                    arrayList.add(select2);
                }
                if (!arrayList.isEmpty()) {
                    Iterator it2 = container.select(AbstractTestHttpAuthenticationMechanism.class, new Annotation[0]).iterator();
                    while (it2.hasNext()) {
                        ((AbstractTestHttpAuthenticationMechanism) it2.next()).setSecurityIdentityAugmentors(arrayList);
                    }
                }
            } else {
                if (testSecurity.roles().length != 0) {
                    throw new RuntimeException("Cannot specify roles without a username in @TestSecurity");
                }
                if (testSecurity.permissions().length != 0) {
                    throw new RuntimeException("Cannot specify permissions without a username in @TestSecurity");
                }
            }
        } catch (Exception e) {
            throw new RuntimeException("Unable to setup @TestSecurity", e);
        }
    }

    private static Function<Permission, Uni<Boolean>> createPermissionChecker(String[] strArr) {
        String substring;
        String substring2;
        HashMap hashMap = new HashMap();
        for (String str : strArr) {
            if (str.isEmpty()) {
                throw new RuntimeException("Cannot specify empty permissions attribute in @TestSecurity annotation");
            }
            int indexOf = str.indexOf(":");
            if (indexOf < 0) {
                substring = str;
                substring2 = null;
            } else {
                substring = str.substring(0, indexOf);
                substring2 = str.substring(indexOf + 1);
            }
            String str2 = substring;
            ((C1PermissionToAction) hashMap.computeIfAbsent(substring, str3 -> {
                return new C1PermissionToAction(str2, new HashSet());
            })).addAction(substring2);
        }
        List list = hashMap.values().stream().map(c1PermissionToAction -> {
            return new StringPermission(c1PermissionToAction.permission(), (String[]) c1PermissionToAction.actions().toArray(i -> {
                return new String[i];
            }));
        }).toList();
        return permission -> {
            return Uni.createFrom().item(Boolean.valueOf(list.stream().anyMatch(stringPermission -> {
                return stringPermission.implies(permission);
            })));
        };
    }

    private Optional<AnnotationContainer<TestSecurity>> getAnnotationContainer(QuarkusTestMethodContext quarkusTestMethodContext) throws Exception {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Class<?> loadClass = contextClassLoader.loadClass(quarkusTestMethodContext.getTestMethod().getDeclaringClass().getName());
        Optional<AnnotationContainer<TestSecurity>> findAnnotation = AnnotationUtils.findAnnotation(loadClass.getDeclaredMethod(quarkusTestMethodContext.getTestMethod().getName(), (Class[]) Arrays.stream(quarkusTestMethodContext.getTestMethod().getParameterTypes()).map(cls -> {
            if (cls.isPrimitive()) {
                return cls;
            }
            try {
                return Class.forName(cls.getName(), false, contextClassLoader);
            } catch (ClassNotFoundException e) {
                throw new RuntimeException(e);
            }
        }).toArray(i -> {
            return new Class[i];
        })), TestSecurity.class);
        if (findAnnotation.isEmpty()) {
            findAnnotation = AnnotationUtils.findAnnotation(loadClass, TestSecurity.class);
        }
        return findAnnotation;
    }

    private SecurityIdentity augment(SecurityIdentity securityIdentity, Annotation[] annotationArr) {
        Instance select = CDI.current().select(TestSecurityIdentityAugmentor.class, new Annotation[0]);
        return select.isResolvable() ? ((TestSecurityIdentityAugmentor) select.get()).augment(securityIdentity, annotationArr) : securityIdentity;
    }
}
