package io.quarkus.security.jpa.reactive.deployment;

import io.quarkus.arc.deployment.GeneratedBeanBuildItem;
import io.quarkus.arc.deployment.GeneratedBeanGizmoAdaptor;
import io.quarkus.deployment.Feature;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.builditem.ApplicationIndexBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.gizmo.BytecodeCreator;
import io.quarkus.gizmo.ClassCreator;
import io.quarkus.gizmo.FieldDescriptor;
import io.quarkus.gizmo.FunctionCreator;
import io.quarkus.gizmo.MethodCreator;
import io.quarkus.gizmo.MethodDescriptor;
import io.quarkus.gizmo.ResultHandle;
import io.quarkus.panache.common.deployment.PanacheEntityClassesBuildItem;
import io.quarkus.security.identity.request.TrustedAuthenticationRequest;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.security.jpa.PasswordProvider;
import io.quarkus.security.jpa.common.deployment.JpaSecurityDefinition;
import io.quarkus.security.jpa.common.deployment.JpaSecurityDefinitionBuildItem;
import io.quarkus.security.jpa.common.deployment.JpaSecurityIdentityUtil;
import io.quarkus.security.jpa.common.deployment.PanacheEntityPredicateBuildItem;
import io.quarkus.security.jpa.reactive.runtime.JpaReactiveIdentityProvider;
import io.quarkus.security.jpa.reactive.runtime.JpaReactiveTrustedIdentityProvider;
import io.smallrye.mutiny.Uni;
import jakarta.inject.Singleton;
import jakarta.persistence.CollectionTable;
import jakarta.persistence.ManyToMany;
import jakarta.persistence.ManyToOne;
import jakarta.persistence.OneToMany;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.BiConsumer;
import java.util.function.Function;
import org.hibernate.annotations.NaturalId;
import org.hibernate.reactive.common.Identifier;
import org.hibernate.reactive.mutiny.Mutiny;
import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationValue;
import org.jboss.jandex.DotName;
import org.jboss.jandex.Index;

/* loaded from: input_file:io/quarkus/security/jpa/reactive/deployment/QuarkusSecurityJpaReactiveProcessor.class */
class QuarkusSecurityJpaReactiveProcessor {
    private static final DotName NATURAL_ID = DotName.createSimple(NaturalId.class.getName());

    @BuildStep
    FeatureBuildItem feature() {
        return new FeatureBuildItem(Feature.SECURITY_JPA_REACTIVE);
    }

    @BuildStep
    void configureJpaAuthConfig(ApplicationIndexBuildItem applicationIndexBuildItem, BuildProducer<GeneratedBeanBuildItem> buildProducer, Optional<JpaSecurityDefinitionBuildItem> optional, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem) {
        if (optional.isPresent()) {
            JpaSecurityDefinition jpaSecurityDefinition = optional.get().get();
            generateIdentityProvider(applicationIndexBuildItem.getIndex(), jpaSecurityDefinition, jpaSecurityDefinition.passwordType(), jpaSecurityDefinition.customPasswordProvider(), buildProducer, panacheEntityPredicateBuildItem);
            generateTrustedIdentityProvider(applicationIndexBuildItem.getIndex(), jpaSecurityDefinition, buildProducer, panacheEntityPredicateBuildItem);
        }
    }

    @BuildStep
    PanacheEntityPredicateBuildItem panacheEntityPredicate(List<PanacheEntityClassesBuildItem> list) {
        return new PanacheEntityPredicateBuildItem(collectPanacheEntities(list));
    }

    private static Set<String> collectPanacheEntities(List<PanacheEntityClassesBuildItem> list) {
        HashSet hashSet = new HashSet();
        Iterator<PanacheEntityClassesBuildItem> it = list.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getEntityClasses());
        }
        return hashSet;
    }

    private static void generateIdentityProvider(Index index, JpaSecurityDefinition jpaSecurityDefinition, AnnotationValue annotationValue, AnnotationValue annotationValue2, BuildProducer<GeneratedBeanBuildItem> buildProducer, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem) {
        ClassCreator build = ClassCreator.builder().className(jpaSecurityDefinition.annotatedClass.name() + "__JpaReactiveIdentityProviderImpl").superClass(JpaReactiveIdentityProvider.class).classOutput(new GeneratedBeanGizmoAdaptor(buildProducer)).build();
        try {
            build.addAnnotation(Singleton.class);
            FieldDescriptor fieldDescriptor = build.getFieldCreator("passwordProvider", PasswordProvider.class).setModifiers(0).getFieldDescriptor();
            MethodCreator methodCreator = build.getMethodCreator(MethodDescriptor.ofMethod(JpaReactiveIdentityProvider.class, "authenticate", Uni.class, new Class[]{Mutiny.Session.class, UsernamePasswordAuthenticationRequest.class}));
            try {
                methodCreator.setModifiers(1);
                methodCreator.returnValue(uniMap(methodCreator, lookupUserById(jpaSecurityDefinition, methodCreator, methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(UsernamePasswordAuthenticationRequest.class, "getUsername", String.class, new Class[0]), methodCreator.getMethodParam(1), new ResultHandle[0])), (bytecodeCreator, resultHandle) -> {
                    JpaSecurityIdentityUtil.buildIdentity(index, jpaSecurityDefinition, annotationValue, annotationValue2, panacheEntityPredicateBuildItem, fieldDescriptor, methodCreator, resultHandle, bytecodeCreator);
                }));
                if (methodCreator != null) {
                    methodCreator.close();
                }
                if (build != null) {
                    build.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void generateTrustedIdentityProvider(Index index, JpaSecurityDefinition jpaSecurityDefinition, BuildProducer<GeneratedBeanBuildItem> buildProducer, PanacheEntityPredicateBuildItem panacheEntityPredicateBuildItem) {
        ClassCreator build = ClassCreator.builder().className(jpaSecurityDefinition.annotatedClass.name() + "__JpaReactiveTrustedIdentityProviderImpl").superClass(JpaReactiveTrustedIdentityProvider.class).classOutput(new GeneratedBeanGizmoAdaptor(buildProducer)).build();
        try {
            build.addAnnotation(Singleton.class);
            MethodCreator methodCreator = build.getMethodCreator(MethodDescriptor.ofMethod(JpaReactiveTrustedIdentityProvider.class, "authenticate", Uni.class, new Class[]{Mutiny.Session.class, TrustedAuthenticationRequest.class}));
            try {
                methodCreator.setModifiers(1);
                methodCreator.returnValue(uniMap(methodCreator, lookupUserById(jpaSecurityDefinition, methodCreator, methodCreator.invokeVirtualMethod(MethodDescriptor.ofMethod(TrustedAuthenticationRequest.class, "getPrincipal", String.class, new Class[0]), methodCreator.getMethodParam(1), new ResultHandle[0])), (bytecodeCreator, resultHandle) -> {
                    JpaSecurityIdentityUtil.buildTrustedIdentity(index, jpaSecurityDefinition, panacheEntityPredicateBuildItem, methodCreator, resultHandle, bytecodeCreator);
                }));
                if (methodCreator != null) {
                    methodCreator.close();
                }
                if (build != null) {
                    build.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static ResultHandle lookupUserById(JpaSecurityDefinition jpaSecurityDefinition, MethodCreator methodCreator, ResultHandle resultHandle) {
        ResultHandle invokeInterfaceMethod;
        AnnotationInstance annotation = jpaSecurityDefinition.username.annotation(NATURAL_ID);
        ResultHandle loadClass = methodCreator.loadClass(jpaSecurityDefinition.annotatedClass.name().toString());
        ResultHandle methodParam = methodCreator.getMethodParam(0);
        boolean shouldFetchJoinRoles = shouldFetchJoinRoles(jpaSecurityDefinition);
        if (annotation != null) {
            invokeInterfaceMethod = methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Mutiny.Session.class, "find", Uni.class, new Class[]{Class.class, Identifier.class}), methodParam, new ResultHandle[]{loadClass, methodCreator.invokeStaticMethod(MethodDescriptor.ofMethod(Identifier.class, "id", Identifier.Id.class, new Class[]{String.class, Object.class}), new ResultHandle[]{methodCreator.load(jpaSecurityDefinition.username.name()), resultHandle})});
            if (shouldFetchJoinRoles) {
                String dotName = jpaSecurityDefinition.annotatedClass.name().toString();
                invokeInterfaceMethod = uniFlatMap(methodCreator, invokeInterfaceMethod, (bytecodeCreator, resultHandle2) -> {
                    bytecodeCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Mutiny.Session.class, "fetch", Uni.class, new Object[]{dotName}), methodParam, new ResultHandle[]{resultHandle2});
                });
            }
        } else {
            invokeInterfaceMethod = methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Mutiny.SelectionQuery.class, "getSingleResultOrNull", Uni.class, new Class[0]), methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Mutiny.SelectionQuery.class, "setParameter", Mutiny.SelectionQuery.class, new Class[]{String.class, Object.class}), methodCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Mutiny.Session.class, "createQuery", Mutiny.SelectionQuery.class, new Class[]{String.class, Class.class}), methodParam, new ResultHandle[]{methodCreator.load(shouldFetchJoinRoles ? "FROM " + jpaSecurityDefinition.annotatedClass.simpleName() + " en LEFT JOIN FETCH en." + jpaSecurityDefinition.roles.name() + " WHERE en." + jpaSecurityDefinition.username.name() + " = :name" : "FROM " + jpaSecurityDefinition.annotatedClass.simpleName() + " WHERE " + jpaSecurityDefinition.username.name() + " = :name"), loadClass}), new ResultHandle[]{methodCreator.load("name"), resultHandle}), new ResultHandle[0]);
        }
        return invokeInterfaceMethod;
    }

    private static boolean shouldFetchJoinRoles(JpaSecurityDefinition jpaSecurityDefinition) {
        return jpaSecurityDefinition.haveRolesAnnotation(new DotName[]{DotName.createSimple(CollectionTable.class), DotName.createSimple(ManyToMany.class), DotName.createSimple(OneToMany.class), DotName.createSimple(ManyToOne.class)});
    }

    private static ResultHandle uniMap(MethodCreator methodCreator, ResultHandle resultHandle, BiConsumer<BytecodeCreator, ResultHandle> biConsumer) {
        return uniLambda(methodCreator, resultHandle, biConsumer, "map");
    }

    private static ResultHandle uniFlatMap(BytecodeCreator bytecodeCreator, ResultHandle resultHandle, BiConsumer<BytecodeCreator, ResultHandle> biConsumer) {
        return uniLambda(bytecodeCreator, resultHandle, biConsumer, "flatMap");
    }

    private static ResultHandle uniLambda(BytecodeCreator bytecodeCreator, ResultHandle resultHandle, BiConsumer<BytecodeCreator, ResultHandle> biConsumer, String str) {
        FunctionCreator createFunction = bytecodeCreator.createFunction(Function.class);
        BytecodeCreator bytecode = createFunction.getBytecode();
        biConsumer.accept(bytecode, bytecode.getMethodParam(0));
        return bytecodeCreator.invokeInterfaceMethod(MethodDescriptor.ofMethod(Uni.class, str, Uni.class, new Class[]{Function.class}), resultHandle, new ResultHandle[]{createFunction.getInstance()});
    }
}
