package io.quarkus.security.jpa.deployment;

import io.quarkus.arc.deployment.GeneratedBeanBuildItem;
import io.quarkus.arc.deployment.GeneratedBeanGizmoAdaptor;
import io.quarkus.arc.deployment.UnremovableBeanBuildItem;
import io.quarkus.deployment.Feature;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.builditem.ApplicationIndexBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.gizmo.AssignableResultHandle;
import io.quarkus.gizmo.BranchResult;
import io.quarkus.gizmo.BytecodeCreator;
import io.quarkus.gizmo.ClassCreator;
import io.quarkus.gizmo.FieldDescriptor;
import io.quarkus.gizmo.MethodCreator;
import io.quarkus.gizmo.MethodDescriptor;
import io.quarkus.gizmo.ResultHandle;
import io.quarkus.panache.common.deployment.PanacheEntityClassesBuildItem;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TrustedAuthenticationRequest;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.security.jpa.Password;
import io.quarkus.security.jpa.PasswordProvider;
import io.quarkus.security.jpa.PasswordType;
import io.quarkus.security.jpa.Roles;
import io.quarkus.security.jpa.RolesValue;
import io.quarkus.security.jpa.UserDefinition;
import io.quarkus.security.jpa.Username;
import io.quarkus.security.jpa.deployment.JpaSecurityDefinition;
import io.quarkus.security.jpa.runtime.JpaIdentityProvider;
import io.quarkus.security.jpa.runtime.JpaTrustedIdentityProvider;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.BiConsumer;
import javax.inject.Singleton;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import org.hibernate.Session;
import org.hibernate.SimpleNaturalIdLoadAccess;
import org.hibernate.annotations.NaturalId;
import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationTarget;
import org.jboss.jandex.AnnotationValue;
import org.jboss.jandex.ClassInfo;
import org.jboss.jandex.DotName;
import org.jboss.jandex.Index;
import org.jboss.jandex.Type;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/quarkus/security/jpa/deployment/QuarkusSecurityJpaProcessor.class */
public class QuarkusSecurityJpaProcessor {
    static final DotName DOTNAME_OBJECT = DotName.createSimple(Object.class.getName());
    private static final DotName DOTNAME_STRING = DotName.createSimple(String.class.getName());
    private static final DotName DOTNAME_LIST = DotName.createSimple(List.class.getName());
    private static final DotName DOTNAME_SET = DotName.createSimple(Set.class.getName());
    private static final DotName DOTNAME_COLLECTION = DotName.createSimple(Collection.class.getName());
    private static final DotName DOTNAME_NATURAL_ID = DotName.createSimple(NaturalId.class.getName());
    private static final DotName DOTNAME_USER_DEFINITION = DotName.createSimple(UserDefinition.class.getName());
    private static final DotName DOTNAME_USERNAME = DotName.createSimple(Username.class.getName());
    private static final DotName DOTNAME_PASSWORD = DotName.createSimple(Password.class.getName());
    private static final DotName DOTNAME_ROLES = DotName.createSimple(Roles.class.getName());
    private static final DotName DOTNAME_ROLES_VALUE = DotName.createSimple(RolesValue.class.getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.security.jpa.deployment.QuarkusSecurityJpaProcessor$1, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/security/jpa/deployment/QuarkusSecurityJpaProcessor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$quarkus$security$jpa$PasswordType;
        static final /* synthetic */ int[] $SwitchMap$org$jboss$jandex$Type$Kind = new int[Type.Kind.values().length];

        static {
            try {
                $SwitchMap$org$jboss$jandex$Type$Kind[Type.Kind.ARRAY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$jboss$jandex$Type$Kind[Type.Kind.CLASS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$jboss$jandex$Type$Kind[Type.Kind.PARAMETERIZED_TYPE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$io$quarkus$security$jpa$PasswordType = new int[PasswordType.values().length];
            try {
                $SwitchMap$io$quarkus$security$jpa$PasswordType[PasswordType.CUSTOM.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$io$quarkus$security$jpa$PasswordType[PasswordType.CLEAR.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$io$quarkus$security$jpa$PasswordType[PasswordType.MCF.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    @BuildStep
    FeatureBuildItem feature() {
        return new FeatureBuildItem(Feature.SECURITY_JPA);
    }

    @BuildStep
    void configureJpaAuthConfig(ApplicationIndexBuildItem applicationIndexBuildItem, BuildProducer<UnremovableBeanBuildItem> buildProducer, BuildProducer<GeneratedBeanBuildItem> buildProducer2, List<PanacheEntityClassesBuildItem> list) throws Exception {
        List annotations = applicationIndexBuildItem.getIndex().getAnnotations(DOTNAME_USER_DEFINITION);
        if (annotations.size() > 1) {
            throw new RuntimeException("You can only annotate one class with @UserDefinition");
        }
        if (annotations.isEmpty()) {
            return;
        }
        ClassInfo asClass = ((AnnotationInstance) annotations.get(0)).target().asClass();
        AnnotationTarget singleAnnotatedElement = getSingleAnnotatedElement(applicationIndexBuildItem.getIndex(), DOTNAME_USERNAME);
        AnnotationTarget singleAnnotatedElement2 = getSingleAnnotatedElement(applicationIndexBuildItem.getIndex(), DOTNAME_PASSWORD);
        AnnotationTarget singleAnnotatedElement3 = getSingleAnnotatedElement(applicationIndexBuildItem.getIndex(), DOTNAME_ROLES);
        Set<String> collectPanacheEntities = collectPanacheEntities(list);
        JpaSecurityDefinition jpaSecurityDefinition = new JpaSecurityDefinition(applicationIndexBuildItem.getIndex(), asClass, isPanache(asClass, collectPanacheEntities), singleAnnotatedElement, singleAnnotatedElement2, singleAnnotatedElement3);
        AnnotationInstance annotation = jpaSecurityDefinition.password.annotation(DOTNAME_PASSWORD);
        generateIdentityProvider(applicationIndexBuildItem.getIndex(), jpaSecurityDefinition, annotation.value(), annotation.value("provider"), buildProducer2, collectPanacheEntities);
        generateTrustedIdentityProvider(applicationIndexBuildItem.getIndex(), jpaSecurityDefinition, buildProducer2, collectPanacheEntities);
    }

    private boolean isPanache(ClassInfo classInfo, Set<String> set) {
        return set.contains(classInfo.name().toString());
    }

    private Set<String> collectPanacheEntities(List<PanacheEntityClassesBuildItem> list) {
        HashSet hashSet = new HashSet();
        Iterator<PanacheEntityClassesBuildItem> it = list.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getEntityClasses());
        }
        return hashSet;
    }

    private AnnotationTarget getSingleAnnotatedElement(Index index, DotName dotName) {
        List annotations = index.getAnnotations(dotName);
        if (annotations.isEmpty()) {
            return null;
        }
        if (annotations.size() > 1) {
            throw new RuntimeException("You can only annotate one field or method with @" + dotName);
        }
        return ((AnnotationInstance) annotations.get(0)).target();
    }

    private void generateIdentityProvider(Index index, JpaSecurityDefinition jpaSecurityDefinition, AnnotationValue annotationValue, AnnotationValue annotationValue2, BuildProducer<GeneratedBeanBuildItem> buildProducer, Set<String> set) {
        String str;
        String str2;
        ResultHandle resultHandle;
        GeneratedBeanGizmoAdaptor generatedBeanGizmoAdaptor = new GeneratedBeanGizmoAdaptor(buildProducer);
        String str3 = jpaSecurityDefinition.annotatedClass.name() + "__JpaIdentityProviderImpl";
        ClassCreator build = ClassCreator.builder().className(str3).superClass(JpaIdentityProvider.class).classOutput(generatedBeanGizmoAdaptor).build();
        try {
            build.addAnnotation(Singleton.class);
            FieldDescriptor fieldDescriptor = build.getFieldCreator("passwordProvider", PasswordProvider.class).setModifiers(2).getFieldDescriptor();
            BytecodeCreator methodCreator = build.getMethodCreator("authenticate", SecurityIdentity.class, new Class[]{EntityManager.class, UsernamePasswordAuthenticationRequest.class});
            try {
                methodCreator.setModifiers(1);
                ResultHandle lookupUserById = lookupUserById(jpaSecurityDefinition, str3, methodCreator, methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(UsernamePasswordAuthenticationRequest.class, "getUsername", String.class, new Class[0]), methodCreator.getMethodParam(1), new ResultHandle[0]), jpaSecurityDefinition.username.annotation(DOTNAME_NATURAL_ID));
                String dotName = jpaSecurityDefinition.annotatedClass.name().toString();
                AssignableResultHandle createVariable = methodCreator.createVariable("L" + dotName.replace('.', '/') + ";");
                methodCreator.assign(createVariable, methodCreator.checkCast(lookupUserById, dotName));
                BytecodeCreator trueBranch = methodCreator.ifNull(createVariable).trueBranch();
                try {
                    trueBranch.throwException(trueBranch.newInstance(MethodDescriptor.ofConstructor(AuthenticationFailedException.class, new Class[0]), new ResultHandle[0]));
                    if (trueBranch != null) {
                        trueBranch.close();
                    }
                    ResultHandle readValue = jpaSecurityDefinition.password.readValue(methodCreator, createVariable);
                    PasswordType valueOf = annotationValue != null ? PasswordType.valueOf(annotationValue.asEnum()) : PasswordType.MCF;
                    if (valueOf == PasswordType.CUSTOM && annotationValue2 == null) {
                        throw new RuntimeException("Missing password provider for password type: " + valueOf);
                    }
                    switch (AnonymousClass1.$SwitchMap$io$quarkus$security$jpa$PasswordType[valueOf.ordinal()]) {
                        case 1:
                            str = annotationValue2.asString();
                            str2 = "getPassword";
                            BytecodeCreator trueBranch2 = methodCreator.ifNull(methodCreator.readInstanceField(fieldDescriptor, methodCreator.getThis())).trueBranch();
                            trueBranch2.writeInstanceField(fieldDescriptor, trueBranch2.getThis(), trueBranch2.newInstance(MethodDescriptor.ofConstructor(str, new String[0]), new ResultHandle[0]));
                            trueBranch2.close();
                            resultHandle = methodCreator.readInstanceField(fieldDescriptor, methodCreator.getThis());
                            break;
                        case 2:
                            str = str3;
                            str2 = "getClearPassword";
                            resultHandle = methodCreator.getThis();
                            break;
                        case 3:
                            str = str3;
                            str2 = "getMcfPassword";
                            resultHandle = methodCreator.getThis();
                            break;
                        default:
                            throw new RuntimeException("Unknown password type: " + valueOf);
                    }
                    ResultHandle invokeVirtualMethod = methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(str3, "checkPassword", QuarkusSecurityIdentity.Builder.class, new Object[]{org.wildfly.security.password.Password.class, UsernamePasswordAuthenticationRequest.class}), methodCreator.getThis(), new ResultHandle[]{methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(str, str2, org.wildfly.security.password.Password.class, new Object[]{String.class}), resultHandle, new ResultHandle[]{readValue}), methodCreator.getMethodParam(1)});
                    AssignableResultHandle createVariable2 = methodCreator.createVariable(QuarkusSecurityIdentity.Builder.class);
                    methodCreator.assign(createVariable2, invokeVirtualMethod);
                    setupRoles(index, jpaSecurityDefinition, set, str3, methodCreator, createVariable, createVariable2);
                    if (methodCreator != null) {
                        methodCreator.close();
                    }
                    if (build != null) {
                        build.close();
                    }
                } catch (Throwable th) {
                    if (trueBranch != null) {
                        try {
                            trueBranch.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    private void generateTrustedIdentityProvider(Index index, JpaSecurityDefinition jpaSecurityDefinition, BuildProducer<GeneratedBeanBuildItem> buildProducer, Set<String> set) {
        GeneratedBeanGizmoAdaptor generatedBeanGizmoAdaptor = new GeneratedBeanGizmoAdaptor(buildProducer);
        String str = jpaSecurityDefinition.annotatedClass.name() + "__JpaTrustedIdentityProviderImpl";
        ClassCreator build = ClassCreator.builder().className(str).superClass(JpaTrustedIdentityProvider.class).classOutput(generatedBeanGizmoAdaptor).build();
        try {
            build.addAnnotation(Singleton.class);
            MethodCreator methodCreator = build.getMethodCreator("authenticate", SecurityIdentity.class, new Class[]{EntityManager.class, TrustedAuthenticationRequest.class});
            try {
                methodCreator.setModifiers(1);
                ResultHandle lookupUserById = lookupUserById(jpaSecurityDefinition, str, methodCreator, methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(TrustedAuthenticationRequest.class, "getPrincipal", String.class, new Class[0]), methodCreator.getMethodParam(1), new ResultHandle[0]), jpaSecurityDefinition.username.annotation(DOTNAME_NATURAL_ID));
                String dotName = jpaSecurityDefinition.annotatedClass.name().toString();
                AssignableResultHandle createVariable = methodCreator.createVariable("L" + dotName.replace('.', '/') + ";");
                methodCreator.assign(createVariable, methodCreator.checkCast(lookupUserById, dotName));
                BytecodeCreator trueBranch = methodCreator.ifNull(createVariable).trueBranch();
                try {
                    trueBranch.returnValue(trueBranch.loadNull());
                    if (trueBranch != null) {
                        trueBranch.close();
                    }
                    ResultHandle invokeVirtualMethod = methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(str, "trusted", QuarkusSecurityIdentity.Builder.class, new Object[]{TrustedAuthenticationRequest.class}), methodCreator.getThis(), new ResultHandle[]{methodCreator.getMethodParam(1)});
                    AssignableResultHandle createVariable2 = methodCreator.createVariable(QuarkusSecurityIdentity.Builder.class);
                    methodCreator.assign(createVariable2, invokeVirtualMethod);
                    setupRoles(index, jpaSecurityDefinition, set, str, methodCreator, createVariable, createVariable2);
                    if (methodCreator != null) {
                        methodCreator.close();
                    }
                    if (build != null) {
                        build.close();
                    }
                } catch (Throwable th) {
                    if (trueBranch != null) {
                        try {
                            trueBranch.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void setupRoles(Index index, JpaSecurityDefinition jpaSecurityDefinition, Set<String> set, String str, MethodCreator methodCreator, AssignableResultHandle assignableResultHandle, AssignableResultHandle assignableResultHandle2) {
        JpaSecurityDefinition.FieldOrMethod fieldOrMethod;
        ResultHandle readValue = jpaSecurityDefinition.roles.readValue(methodCreator, assignableResultHandle);
        boolean z = false;
        Type type = jpaSecurityDefinition.roles.type();
        switch (AnonymousClass1.$SwitchMap$org$jboss$jandex$Type$Kind[type.kind().ordinal()]) {
            case 2:
                if (type.name().equals(DOTNAME_STRING)) {
                    methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(str, "addRoles", Void.TYPE, new Object[]{QuarkusSecurityIdentity.Builder.class, String.class}), methodCreator.getThis(), new ResultHandle[]{assignableResultHandle2, readValue});
                    z = true;
                    break;
                }
                break;
            case 3:
                DotName name = type.name();
                if (name.equals(DOTNAME_LIST) || name.equals(DOTNAME_COLLECTION) || name.equals(DOTNAME_SET)) {
                    Type type2 = (Type) type.asParameterizedType().arguments().get(0);
                    String str2 = "L" + type2.name().toString().replace('.', '/') + ";";
                    if (type2.name().equals(DOTNAME_STRING)) {
                        fieldOrMethod = null;
                    } else {
                        ClassInfo classByName = index.getClassByName(type2.name());
                        if (classByName == null) {
                            throw new RuntimeException("The role element type must be indexed by Jandex: " + type2);
                        }
                        fieldOrMethod = JpaSecurityDefinition.getFieldOrMethod(index, classByName, getSingleAnnotatedElement(index, DOTNAME_ROLES_VALUE), isPanache(classByName, set));
                        if (fieldOrMethod == null) {
                            throw new RuntimeException("Missing @RoleValue annotation on (non-String) role element type: " + type2);
                        }
                    }
                    JpaSecurityDefinition.FieldOrMethod fieldOrMethod2 = fieldOrMethod;
                    foreach(methodCreator, readValue, str2, (bytecodeCreator, assignableResultHandle3) -> {
                        bytecodeCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(str, "addRoles", Void.TYPE, new Object[]{QuarkusSecurityIdentity.Builder.class, String.class}), methodCreator.getThis(), new ResultHandle[]{assignableResultHandle2, fieldOrMethod2 != null ? fieldOrMethod2.readValue(bytecodeCreator, assignableResultHandle3) : assignableResultHandle3});
                    });
                    z = true;
                    break;
                }
                break;
        }
        if (!z) {
            throw new RuntimeException("Unsupported @Roles field/getter type: " + type);
        }
        methodCreator.returnValue(methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(QuarkusSecurityIdentity.Builder.class, "build", QuarkusSecurityIdentity.class, new Class[0]), assignableResultHandle2, new ResultHandle[0]));
    }

    private ResultHandle lookupUserById(JpaSecurityDefinition jpaSecurityDefinition, String str, MethodCreator methodCreator, ResultHandle resultHandle, AnnotationInstance annotationInstance) {
        ResultHandle invokeVirtualMethod;
        if (annotationInstance != null) {
            invokeVirtualMethod = methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(SimpleNaturalIdLoadAccess.class, "load", Object.class, new Class[]{Object.class}), methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Session.class, "bySimpleNaturalId", SimpleNaturalIdLoadAccess.class, new Class[]{Class.class}), methodCreator.checkCast(methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(EntityManager.class, "unwrap", Object.class, new Class[]{Class.class}), methodCreator.getMethodParam(0), new ResultHandle[]{methodCreator.loadClass(Session.class)}), Session.class), new ResultHandle[]{methodCreator.loadClass(jpaSecurityDefinition.annotatedClass.name().toString())}), new ResultHandle[]{resultHandle});
        } else {
            invokeVirtualMethod = methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(str, "getSingleUser", Object.class, new Object[]{Query.class}), methodCreator.getThis(), new ResultHandle[]{methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Query.class, "setParameter", Query.class, new Class[]{String.class, Object.class}), methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(EntityManager.class, "createQuery", Query.class, new Class[]{String.class}), methodCreator.getMethodParam(0), new ResultHandle[]{methodCreator.load("FROM " + jpaSecurityDefinition.annotatedClass.simpleName() + " WHERE " + jpaSecurityDefinition.username.name() + " = :name")}), new ResultHandle[]{methodCreator.load("name"), resultHandle})});
        }
        return invokeVirtualMethod;
    }

    private void foreach(MethodCreator methodCreator, ResultHandle resultHandle, String str, BiConsumer<BytecodeCreator, AssignableResultHandle> biConsumer) {
        ResultHandle invokeInterfaceMethod = methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Iterable.class, "iterator", Iterator.class, new Class[0]), resultHandle, new ResultHandle[0]);
        BytecodeCreator createScope = methodCreator.createScope();
        try {
            BranchResult ifNonZero = createScope.ifNonZero(createScope.invokeInterfaceMethod(MethodDescriptor.ofMethod(Iterator.class, "hasNext", Boolean.TYPE, new Class[0]), invokeInterfaceMethod, new ResultHandle[0]));
            BytecodeCreator trueBranch = ifNonZero.trueBranch();
            try {
                ResultHandle invokeInterfaceMethod2 = trueBranch.invokeInterfaceMethod(MethodDescriptor.ofMethod(Iterator.class, "next", Object.class, new Class[0]), invokeInterfaceMethod, new ResultHandle[0]);
                AssignableResultHandle createVariable = trueBranch.createVariable(str);
                trueBranch.assign(createVariable, invokeInterfaceMethod2);
                biConsumer.accept(trueBranch, createVariable);
                trueBranch.continueScope(createScope);
                if (trueBranch != null) {
                    trueBranch.close();
                }
                BytecodeCreator falseBranch = ifNonZero.falseBranch();
                try {
                    falseBranch.breakScope(createScope);
                    if (falseBranch != null) {
                        falseBranch.close();
                    }
                    if (createScope != null) {
                        createScope.close();
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            if (createScope != null) {
                try {
                    createScope.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
