package org.apache.deltaspike.security.impl.authorization;

import java.lang.annotation.Annotation;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.spi.AfterBeanDiscovery;
import javax.enterprise.inject.spi.AnnotatedMethod;
import javax.enterprise.inject.spi.AnnotatedType;
import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.inject.spi.BeforeBeanDiscovery;
import javax.enterprise.inject.spi.BeforeShutdown;
import javax.enterprise.inject.spi.Extension;
import javax.enterprise.inject.spi.ProcessAnnotatedType;
import javax.enterprise.inject.spi.ProcessSessionBean;
import javax.enterprise.inject.spi.SessionBeanType;
import org.apache.deltaspike.core.spi.activation.Deactivatable;
import org.apache.deltaspike.core.util.ClassDeactivationUtils;
import org.apache.deltaspike.core.util.ClassUtils;
import org.apache.deltaspike.core.util.metadata.builder.AnnotatedTypeBuilder;
import org.apache.deltaspike.security.api.authorization.SecurityDefinitionException;
import org.apache.deltaspike.security.api.authorization.annotation.Secures;
import org.apache.deltaspike.security.spi.authentication.Authenticator;

/* loaded from: input_file:org/apache/deltaspike/security/impl/authorization/SecurityExtension.class */
public class SecurityExtension implements Extension, Deactivatable {
    private static final SecurityInterceptorBinding INTERCEPTOR_BINDING = new SecurityInterceptorBindingLiteral();
    private static final Map<ClassLoader, SecurityMetaDataStorage> SECURITY_METADATA_STORAGE_MAPPING = new ConcurrentHashMap();
    private Boolean isActivated = null;

    public static SecurityMetaDataStorage getMetaDataStorage() {
        ClassLoader classLoader = ClassUtils.getClassLoader((Object) null);
        SecurityMetaDataStorage securityMetaDataStorage = SECURITY_METADATA_STORAGE_MAPPING.get(classLoader);
        if (securityMetaDataStorage == null) {
            securityMetaDataStorage = new SecurityMetaDataStorage();
            SECURITY_METADATA_STORAGE_MAPPING.put(classLoader, securityMetaDataStorage);
        }
        return securityMetaDataStorage;
    }

    public static void removeMetaDataStorage() {
        SECURITY_METADATA_STORAGE_MAPPING.remove(ClassUtils.getClassLoader((Object) null));
    }

    protected void init(@Observes BeforeBeanDiscovery beforeBeanDiscovery) {
        initActivation();
    }

    public <X> void processAnnotatedType(@Observes ProcessAnnotatedType<X> processAnnotatedType, BeanManager beanManager) {
        if (this.isActivated.booleanValue()) {
            AnnotatedTypeBuilder annotatedTypeBuilder = null;
            AnnotatedType<?> annotatedType = processAnnotatedType.getAnnotatedType();
            boolean z = false;
            Iterator it = annotatedType.getAnnotations().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType((Annotation) it.next())) {
                    annotatedTypeBuilder = new AnnotatedTypeBuilder().readFromType(annotatedType);
                    annotatedTypeBuilder.addToClass(INTERCEPTOR_BINDING);
                    z = true;
                    break;
                }
            }
            if (!z) {
                for (AnnotatedMethod<?> annotatedMethod : annotatedType.getMethods()) {
                    if (annotatedMethod.isAnnotationPresent(Secures.class)) {
                        registerAuthorizer(annotatedMethod, beanManager);
                    } else {
                        Iterator it2 = annotatedMethod.getAnnotations().iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType((Annotation) it2.next())) {
                                if (annotatedTypeBuilder == null) {
                                    annotatedTypeBuilder = new AnnotatedTypeBuilder().readFromType(annotatedType);
                                }
                                annotatedTypeBuilder.addToMethod(annotatedMethod, INTERCEPTOR_BINDING);
                                z = true;
                            }
                        }
                    }
                }
            }
            if (z) {
                getMetaDataStorage().addSecuredType(annotatedType);
            }
            if (annotatedTypeBuilder != null) {
                processAnnotatedType.setAnnotatedType(annotatedTypeBuilder.create());
            }
        }
    }

    public void validateBindings(@Observes AfterBeanDiscovery afterBeanDiscovery, BeanManager beanManager) {
        if (this.isActivated.booleanValue()) {
            SecurityMetaDataStorage metaDataStorage = getMetaDataStorage();
            for (AnnotatedType<?> annotatedType : metaDataStorage.getSecuredTypes()) {
                for (Annotation annotation : annotatedType.getJavaClass().getAnnotations()) {
                    boolean z = false;
                    if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation)) {
                        Iterator<Authorizer> it = metaDataStorage.getAuthorizers().iterator();
                        while (true) {
                            if (it.hasNext()) {
                                if (it.next().matchesBinding(annotation)) {
                                    z = true;
                                    break;
                                }
                            } else {
                                break;
                            }
                        }
                        if (!z) {
                            afterBeanDiscovery.addDefinitionError(new SecurityDefinitionException("Secured type " + annotatedType.getJavaClass().getName() + " has no matching authorizer method for security binding @" + annotation.annotationType().getName()));
                        }
                    }
                }
                for (AnnotatedMethod annotatedMethod : annotatedType.getMethods()) {
                    Iterator it2 = annotatedMethod.getAnnotations().iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType((Annotation) it2.next())) {
                                metaDataStorage.registerSecuredMethod(annotatedType.getJavaClass(), annotatedMethod.getJavaMember());
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                }
            }
            metaDataStorage.resetSecuredTypes();
        }
    }

    protected void cleanup(@Observes BeforeShutdown beforeShutdown) {
        removeMetaDataStorage();
    }

    private void registerAuthorizer(AnnotatedMethod<?> annotatedMethod, BeanManager beanManager) {
        if (!annotatedMethod.getJavaMember().getReturnType().equals(Boolean.class) && !annotatedMethod.getJavaMember().getReturnType().equals(Boolean.TYPE)) {
            throw new SecurityDefinitionException("Invalid authorizer method [" + annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." + annotatedMethod.getJavaMember().getName() + "] - does not return a boolean.");
        }
        Annotation annotation = null;
        for (Annotation annotation2 : annotatedMethod.getAnnotations()) {
            if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation2)) {
                if (annotation != null) {
                    throw new SecurityDefinitionException("Invalid authorizer method [" + annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." + annotatedMethod.getJavaMember().getName() + "] - declares multiple security binding types");
                }
                annotation = annotation2;
            }
        }
        getMetaDataStorage().addAuthorizer(new Authorizer(annotation, annotatedMethod, beanManager));
    }

    public void validateAuthenticatorImplementation(@Observes ProcessSessionBean<Authenticator> processSessionBean) {
        if (this.isActivated.booleanValue() && SessionBeanType.STATELESS.equals(processSessionBean.getSessionBeanType())) {
            processSessionBean.addDefinitionError(new IllegalStateException("Authenticator " + processSessionBean.getBean().getClass() + " cannot be a Stateless Session Bean"));
        }
    }

    public void initActivation() {
        if (this.isActivated == null) {
            this.isActivated = Boolean.valueOf(ClassDeactivationUtils.isActivated(getClass()));
        }
    }
}
