package io.quarkus.security.jpa.common.deployment;

import io.quarkus.arc.processor.DotNames;
import io.quarkus.gizmo.AssignableResultHandle;
import io.quarkus.gizmo.BranchResult;
import io.quarkus.gizmo.BytecodeCreator;
import io.quarkus.gizmo.FieldDescriptor;
import io.quarkus.gizmo.MethodCreator;
import io.quarkus.gizmo.MethodDescriptor;
import io.quarkus.gizmo.ResultHandle;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.request.TrustedAuthenticationRequest;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.security.jpa.PasswordType;
import io.quarkus.security.jpa.RolesValue;
import io.quarkus.security.jpa.common.deployment.JpaSecurityDefinition;
import io.quarkus.security.jpa.common.runtime.JpaIdentityProviderUtil;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.BiConsumer;
import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationTarget;
import org.jboss.jandex.AnnotationValue;
import org.jboss.jandex.ClassInfo;
import org.jboss.jandex.DotName;
import org.jboss.jandex.Index;
import org.jboss.jandex.Type;
import org.wildfly.security.password.Password;

/* loaded from: input_file:io/quarkus/security/jpa/common/deployment/JpaSecurityIdentityUtil.class */
public final class JpaSecurityIdentityUtil {
    private static final DotName DOTNAME_SET = DotName.createSimple(Set.class.getName());
    private static final DotName DOTNAME_COLLECTION = DotName.createSimple(Collection.class.getName());
    private static final DotName DOTNAME_ROLES_VALUE = DotName.createSimple(RolesValue.class.getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.security.jpa.common.deployment.JpaSecurityIdentityUtil$1, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/security/jpa/common/deployment/JpaSecurityIdentityUtil$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$quarkus$security$jpa$PasswordType;
        static final /* synthetic */ int[] $SwitchMap$org$jboss$jandex$Type$Kind = new int[Type.Kind.values().length];

        static {
            try {
                $SwitchMap$org$jboss$jandex$Type$Kind[Type.Kind.ARRAY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$jboss$jandex$Type$Kind[Type.Kind.CLASS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$jboss$jandex$Type$Kind[Type.Kind.PARAMETERIZED_TYPE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$io$quarkus$security$jpa$PasswordType = new int[PasswordType.values().length];
            try {
                $SwitchMap$io$quarkus$security$jpa$PasswordType[PasswordType.CUSTOM.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$io$quarkus$security$jpa$PasswordType[PasswordType.CLEAR.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$io$quarkus$security$jpa$PasswordType[PasswordType.MCF.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    private JpaSecurityIdentityUtil() {
    }

    public static void buildIdentity(Index index, JpaSecurityDefinition jpaSecurityDefinition, AnnotationValue annotationValue, AnnotationValue annotationValue2, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem, FieldDescriptor fieldDescriptor, MethodCreator methodCreator, ResultHandle resultHandle, BytecodeCreator bytecodeCreator) {
        ResultHandle invokeStaticMethod;
        PasswordType valueOf = annotationValue != null ? PasswordType.valueOf(annotationValue.asEnum()) : PasswordType.MCF;
        BytecodeCreator trueBranch = bytecodeCreator.ifNull(resultHandle).trueBranch();
        try {
            ResultHandle newInstance = trueBranch.newInstance(MethodDescriptor.ofConstructor(AuthenticationFailedException.class, new Class[0]), new ResultHandle[0]);
            trueBranch.invokeStaticMethod(passwordActionMethod(), new ResultHandle[]{trueBranch.load(valueOf)});
            trueBranch.throwException(newInstance);
            if (trueBranch != null) {
                trueBranch.close();
            }
            ResultHandle readValue = jpaSecurityDefinition.password.readValue(bytecodeCreator, resultHandle);
            if (valueOf == PasswordType.CUSTOM && annotationValue2 == null) {
                throw new RuntimeException("Missing password provider for password type: " + valueOf);
            }
            switch (AnonymousClass1.$SwitchMap$io$quarkus$security$jpa$PasswordType[valueOf.ordinal()]) {
                case 1:
                    String asString = annotationValue2.asString();
                    BytecodeCreator trueBranch2 = bytecodeCreator.ifNull(bytecodeCreator.readInstanceField(fieldDescriptor, methodCreator.getThis())).trueBranch();
                    trueBranch2.writeInstanceField(fieldDescriptor, methodCreator.getThis(), trueBranch2.newInstance(MethodDescriptor.ofConstructor(asString, new String[0]), new ResultHandle[0]));
                    trueBranch2.close();
                    invokeStaticMethod = bytecodeCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(asString, "getPassword", Password.class, new Object[]{String.class}), bytecodeCreator.readInstanceField(fieldDescriptor, methodCreator.getThis()), new ResultHandle[]{readValue});
                    break;
                case 2:
                    invokeStaticMethod = bytecodeCreator.invokeStaticMethod(getUtilMethod("getClearPassword"), new ResultHandle[]{readValue});
                    break;
                case 3:
                    invokeStaticMethod = bytecodeCreator.invokeStaticMethod(getUtilMethod("getMcfPassword"), new ResultHandle[]{readValue});
                    break;
                default:
                    throw new RuntimeException("Unknown password type: " + valueOf);
            }
            ResultHandle invokeStaticMethod2 = bytecodeCreator.invokeStaticMethod(MethodDescriptor.ofMethod(JpaIdentityProviderUtil.class, "checkPassword", QuarkusSecurityIdentity.Builder.class, new Class[]{Password.class, UsernamePasswordAuthenticationRequest.class}), new ResultHandle[]{invokeStaticMethod, methodCreator.getMethodParam(1)});
            AssignableResultHandle createVariable = bytecodeCreator.createVariable(QuarkusSecurityIdentity.Builder.class);
            bytecodeCreator.assign(createVariable, invokeStaticMethod2);
            setupRoles(index, jpaSecurityDefinition, panacheEntityPredicateBuildItem, resultHandle, createVariable, bytecodeCreator);
        } catch (Throwable th) {
            if (trueBranch != null) {
                try {
                    trueBranch.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static void buildTrustedIdentity(Index index, JpaSecurityDefinition jpaSecurityDefinition, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem, MethodCreator methodCreator, ResultHandle resultHandle, BytecodeCreator bytecodeCreator) {
        BytecodeCreator trueBranch = bytecodeCreator.ifNull(resultHandle).trueBranch();
        try {
            trueBranch.returnValue(trueBranch.loadNull());
            if (trueBranch != null) {
                trueBranch.close();
            }
            ResultHandle invokeStaticMethod = bytecodeCreator.invokeStaticMethod(MethodDescriptor.ofMethod(JpaIdentityProviderUtil.class, "trusted", QuarkusSecurityIdentity.Builder.class, new Class[]{TrustedAuthenticationRequest.class}), new ResultHandle[]{methodCreator.getMethodParam(1)});
            AssignableResultHandle createVariable = bytecodeCreator.createVariable(QuarkusSecurityIdentity.Builder.class);
            bytecodeCreator.assign(createVariable, invokeStaticMethod);
            setupRoles(index, jpaSecurityDefinition, panacheEntityPredicateBuildItem, resultHandle, createVariable, bytecodeCreator);
        } catch (Throwable th) {
            if (trueBranch != null) {
                try {
                    trueBranch.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AnnotationTarget getSingleAnnotatedElement(Index index, DotName dotName) {
        List annotations = index.getAnnotations(dotName);
        if (annotations.isEmpty()) {
            return null;
        }
        if (annotations.size() > 1) {
            throw new RuntimeException("You can only annotate one field or method with @" + dotName);
        }
        return ((AnnotationInstance) annotations.get(0)).target();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void setupRoles(Index index, JpaSecurityDefinition jpaSecurityDefinition, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem, ResultHandle resultHandle, AssignableResultHandle assignableResultHandle, BytecodeCreator bytecodeCreator) {
        JpaSecurityDefinition.FieldOrMethod fieldOrMethod;
        ResultHandle readValue = jpaSecurityDefinition.roles.readValue(bytecodeCreator, resultHandle);
        boolean z = false;
        Type type = jpaSecurityDefinition.roles.type();
        switch (AnonymousClass1.$SwitchMap$org$jboss$jandex$Type$Kind[type.kind().ordinal()]) {
            case 2:
                if (type.name().equals(DotNames.STRING)) {
                    bytecodeCreator.invokeStaticMethod(MethodDescriptor.ofMethod(JpaIdentityProviderUtil.class, "addRoles", Void.TYPE, new Class[]{QuarkusSecurityIdentity.Builder.class, String.class}), new ResultHandle[]{assignableResultHandle, readValue});
                    z = true;
                    break;
                }
                break;
            case 3:
                DotName name = type.name();
                if (name.equals(DotNames.LIST) || name.equals(DOTNAME_COLLECTION) || name.equals(DOTNAME_SET)) {
                    Type type2 = (Type) type.asParameterizedType().arguments().get(0);
                    String str = "L" + type2.name().toString().replace('.', '/') + ";";
                    if (type2.name().equals(DotNames.STRING)) {
                        fieldOrMethod = null;
                    } else {
                        ClassInfo classByName = index.getClassByName(type2.name());
                        if (classByName == null) {
                            throw new RuntimeException("The role element type must be indexed by Jandex: " + type2);
                        }
                        fieldOrMethod = JpaSecurityDefinition.getFieldOrMethod(index, classByName, getSingleAnnotatedElement(index, DOTNAME_ROLES_VALUE), panacheEntityPredicateBuildItem.isPanache(classByName));
                        if (fieldOrMethod == null) {
                            throw new RuntimeException("Missing @RoleValue annotation on (non-String) role element type: " + type2);
                        }
                    }
                    JpaSecurityDefinition.FieldOrMethod fieldOrMethod2 = fieldOrMethod;
                    foreach(bytecodeCreator, readValue, str, (bytecodeCreator2, assignableResultHandle2) -> {
                        bytecodeCreator2.invokeStaticMethod(MethodDescriptor.ofMethod(JpaIdentityProviderUtil.class, "addRoles", Void.TYPE, new Class[]{QuarkusSecurityIdentity.Builder.class, String.class}), new ResultHandle[]{assignableResultHandle, fieldOrMethod2 != null ? fieldOrMethod2.readValue(bytecodeCreator2, assignableResultHandle2) : assignableResultHandle2});
                    });
                    z = true;
                    break;
                }
                break;
        }
        if (!z) {
            throw new RuntimeException("Unsupported @Roles field/getter type: " + type);
        }
        bytecodeCreator.returnValue(bytecodeCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(QuarkusSecurityIdentity.Builder.class, "build", QuarkusSecurityIdentity.class, new Class[0]), assignableResultHandle, new ResultHandle[0]));
    }

    private static void foreach(BytecodeCreator bytecodeCreator, ResultHandle resultHandle, String str, BiConsumer<BytecodeCreator, AssignableResultHandle> biConsumer) {
        ResultHandle invokeInterfaceMethod = bytecodeCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Iterable.class, "iterator", Iterator.class, new Class[0]), resultHandle, new ResultHandle[0]);
        BytecodeCreator createScope = bytecodeCreator.createScope();
        try {
            BranchResult ifNonZero = createScope.ifNonZero(createScope.invokeInterfaceMethod(MethodDescriptor.ofMethod(Iterator.class, "hasNext", Boolean.TYPE, new Class[0]), invokeInterfaceMethod, new ResultHandle[0]));
            BytecodeCreator trueBranch = ifNonZero.trueBranch();
            try {
                ResultHandle invokeInterfaceMethod2 = trueBranch.invokeInterfaceMethod(MethodDescriptor.ofMethod(Iterator.class, "next", Object.class, new Class[0]), invokeInterfaceMethod, new ResultHandle[0]);
                AssignableResultHandle createVariable = trueBranch.createVariable(str);
                trueBranch.assign(createVariable, invokeInterfaceMethod2);
                biConsumer.accept(trueBranch, createVariable);
                trueBranch.continueScope(createScope);
                if (trueBranch != null) {
                    trueBranch.close();
                }
                BytecodeCreator falseBranch = ifNonZero.falseBranch();
                try {
                    falseBranch.breakScope(createScope);
                    if (falseBranch != null) {
                        falseBranch.close();
                    }
                    if (createScope != null) {
                        createScope.close();
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            if (createScope != null) {
                try {
                    createScope.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static MethodDescriptor getUtilMethod(String str) {
        return MethodDescriptor.ofMethod(JpaIdentityProviderUtil.class, str, Password.class, new Class[]{String.class});
    }

    private static MethodDescriptor passwordActionMethod() {
        return MethodDescriptor.ofMethod(JpaIdentityProviderUtil.class, "passwordAction", Void.TYPE, new Class[]{PasswordType.class});
    }
}
