package org.apache.geronimo.microprofile.impl.jwtauth.cdi;

import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collector;
import java.util.stream.Stream;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Dependent;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.Any;
import javax.enterprise.inject.Default;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.Vetoed;
import javax.enterprise.inject.spi.AfterBeanDiscovery;
import javax.enterprise.inject.spi.AfterDeploymentValidation;
import javax.enterprise.inject.spi.BeforeBeanDiscovery;
import javax.enterprise.inject.spi.Extension;
import javax.enterprise.inject.spi.InjectionPoint;
import javax.enterprise.inject.spi.ProcessInjectionPoint;
import javax.enterprise.util.AnnotationLiteral;
import javax.enterprise.util.Nonbinding;
import javax.inject.Provider;
import javax.json.JsonArray;
import javax.json.JsonNumber;
import javax.json.JsonObject;
import javax.json.JsonString;
import javax.json.JsonValue;
import javax.json.spi.JsonProvider;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.apache.geronimo.microprofile.impl.jwtauth.config.GeronimoJwtAuthConfig;
import org.apache.geronimo.microprofile.impl.jwtauth.jwt.ContextualJsonWebToken;
import org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest;
import org.apache.geronimo.microprofile.impl.jwtauth.servlet.TokenAccessor;
import org.eclipse.microprofile.jwt.Claim;
import org.eclipse.microprofile.jwt.ClaimValue;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.JsonWebToken;

/* loaded from: input_file:org/apache/geronimo/microprofile/impl/jwtauth/cdi/GeronimoJwtAuthExtension.class */
public class GeronimoJwtAuthExtension implements Extension {
    private final ThreadLocal<TokenAccessor> request = new ThreadLocal<>();
    private final Collection<Injection> injectionPoints = new HashSet(8);
    private final Collection<Throwable> errors = new ArrayList();
    private JsonProvider json;

    /* JADX INFO: Access modifiers changed from: private */
    @Vetoed
    /* loaded from: input_file:org/apache/geronimo/microprofile/impl/jwtauth/cdi/GeronimoJwtAuthExtension$ClaimLiteral.class */
    public static class ClaimLiteral extends AnnotationLiteral<Claim> implements Claim {
        private final String name;
        private final Claims claims;

        private ClaimLiteral(String str, Claims claims) {
            this.name = str;
            this.claims = claims;
        }

        public String value() {
            return this.name;
        }

        public Claims standard() {
            return this.claims;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geronimo/microprofile/impl/jwtauth/cdi/GeronimoJwtAuthExtension$Injection.class */
    public static class Injection {
        private final String name;
        private final Claims claims;
        private final Type type;
        private final int hash;
        private final Function<Object, Object> transformer;
        private final String runtimeName;

        private Injection(String str, Claims claims, Type type) {
            Function<Object, Object> function;
            this.name = str;
            this.claims = claims;
            this.type = type;
            try {
                Claims.valueOf(GeronimoJwtAuthExtension.getClaimName(str, claims));
                function = Function.identity();
            } catch (IllegalArgumentException e) {
                function = type == String.class ? obj -> {
                    if (obj == null) {
                        return null;
                    }
                    return ((JsonString) JsonString.class.cast(obj)).getString();
                } : type == Long.class ? obj2 -> {
                    if (obj2 == null) {
                        return null;
                    }
                    return Long.valueOf(((JsonNumber) JsonNumber.class.cast(obj2)).longValue());
                } : Function.identity();
            }
            this.transformer = function;
            this.runtimeName = GeronimoJwtAuthExtension.getClaimName(str, claims);
            this.hash = (31 * ((31 * str.hashCode()) + claims.hashCode())) + type.hashCode();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getId() {
            return this.name + "/" + this.claims + "/" + this.type;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Class<?> findClass() {
            if (Class.class.isInstance(this.type)) {
                return (Class) Class.class.cast(this.type);
            }
            if (!ParameterizedType.class.isInstance(this.type)) {
                throw new IllegalArgumentException("Can't find a class from " + this.type);
            }
            Object cast = ParameterizedType.class.cast(this.type);
            while (true) {
                ParameterizedType parameterizedType = (ParameterizedType) cast;
                if (Class.class.isInstance(parameterizedType.getRawType())) {
                    return (Class) Class.class.cast(parameterizedType.getRawType());
                }
                cast = ParameterizedType.class.cast(parameterizedType.getRawType());
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Class<? extends Annotation> findScope() {
            return ClaimValue.class == findClass() ? RequestScoped.class : Dependent.class;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Annotation literal() {
            return new ClaimLiteral(this.name, this.claims);
        }

        Object createInstance(TokenAccessor tokenAccessor) {
            return this.transformer.apply(tokenAccessor.getToken().getClaim(this.runtimeName));
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Injection injection = (Injection) Injection.class.cast(obj);
            return this.runtimeName.equals(injection.runtimeName) && this.type.equals(injection.type);
        }

        public int hashCode() {
            return this.hash;
        }

        public String toString() {
            return "Injection{claim='" + this.runtimeName + "', type=" + this.type + '}';
        }
    }

    @FunctionalInterface
    /* loaded from: input_file:org/apache/geronimo/microprofile/impl/jwtauth/cdi/GeronimoJwtAuthExtension$ServletRunnable.class */
    public interface ServletRunnable {
        void run() throws ServletException, IOException;
    }

    void setClaimMethodsBinding(@Observes BeforeBeanDiscovery beforeBeanDiscovery) {
        beforeBeanDiscovery.configureQualifier(Claim.class).methods().forEach(annotatedMethodConfigurator -> {
            annotatedMethodConfigurator.remove(annotation -> {
                return annotation.annotationType() == Nonbinding.class;
            });
        });
        this.json = JsonProvider.provider();
    }

    void captureInjections(@Observes ProcessInjectionPoint<?, ?> processInjectionPoint) {
        InjectionPoint injectionPoint = processInjectionPoint.getInjectionPoint();
        Optional flatMap = Optional.ofNullable(injectionPoint.getAnnotated().getAnnotation(Claim.class)).flatMap(claim -> {
            return createInjection(claim, injectionPoint.getType());
        });
        Collection<Injection> collection = this.injectionPoints;
        collection.getClass();
        flatMap.ifPresent((v1) -> {
            r1.add(v1);
        });
    }

    void addClaimBeans(@Observes AfterBeanDiscovery afterBeanDiscovery) {
        afterBeanDiscovery.addBean().id(GeronimoJwtAuthExtension.class.getName() + "#" + GeronimoJwtAuthConfig.class.getName()).beanClass(GeronimoJwtAuthConfig.class).types(new Type[]{GeronimoJwtAuthConfig.class, Object.class}).qualifiers(new Annotation[]{Default.Literal.INSTANCE, Any.Literal.INSTANCE}).scope(ApplicationScoped.class).createWith(creationalContext -> {
            return GeronimoJwtAuthConfig.create();
        });
        afterBeanDiscovery.addBean().id(GeronimoJwtAuthExtension.class.getName() + "#" + JsonWebToken.class.getName()).beanClass(JsonWebToken.class).types(new Type[]{JsonWebToken.class, Object.class}).qualifiers(new Annotation[]{Default.Literal.INSTANCE, Any.Literal.INSTANCE}).scope(ApplicationScoped.class).createWith(creationalContext2 -> {
            return new ContextualJsonWebToken(() -> {
                TokenAccessor tokenAccessor = this.request.get();
                if (tokenAccessor == null) {
                    throw new IllegalStateException("No JWT in this request");
                }
                return tokenAccessor.getToken();
            });
        });
        this.injectionPoints.forEach(injection -> {
            afterBeanDiscovery.addBean().id(GeronimoJwtAuthExtension.class.getName() + "#" + injection.getId()).beanClass(injection.findClass()).qualifiers(new Annotation[]{injection.literal(), Any.Literal.INSTANCE}).scope(injection.findScope()).types(new Type[]{injection.type, Object.class}).createWith(creationalContext3 -> {
                return injection.createInstance(this.request.get());
            });
        });
        this.injectionPoints.clear();
    }

    void afterDeployment(@Observes AfterDeploymentValidation afterDeploymentValidation) {
        Collection<Throwable> collection = this.errors;
        afterDeploymentValidation.getClass();
        collection.forEach(afterDeploymentValidation::addDeploymentProblem);
    }

    private Optional<Injection> createInjection(Claim claim, Type type) {
        if (ParameterizedType.class.isInstance(type)) {
            ParameterizedType parameterizedType = (ParameterizedType) ParameterizedType.class.cast(type);
            if (parameterizedType.getActualTypeArguments().length == 1) {
                Type rawType = parameterizedType.getRawType();
                Type type2 = parameterizedType.getActualTypeArguments()[0];
                if (rawType == Provider.class || rawType == Instance.class) {
                    return createInjection(claim, type2);
                }
                if (rawType == Optional.class) {
                    return createInjection(claim, type2).map(injection -> {
                        return new Injection(claim.value(), claim.standard(), type) { // from class: org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.1
                            @Override // org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.Injection
                            Object createInstance(TokenAccessor tokenAccessor) {
                                return Optional.ofNullable(injection.createInstance(tokenAccessor));
                            }
                        };
                    });
                }
                if (rawType == ClaimValue.class) {
                    String claimName = getClaimName(claim);
                    return createInjection(claim, type2).map(injection2 -> {
                        return new Injection(claim.value(), claim.standard(), type) { // from class: org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.2
                            @Override // org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.Injection
                            Object createInstance(final TokenAccessor tokenAccessor) {
                                return new ClaimValue<Object>() { // from class: org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.2.1
                                    public String getName() {
                                        return claimName;
                                    }

                                    public Object getValue() {
                                        return injection2.createInstance(tokenAccessor);
                                    }
                                };
                            }
                        };
                    });
                }
                if (Class.class.isInstance(rawType) && Collection.class.isAssignableFrom((Class) Class.class.cast(rawType))) {
                    return Optional.of(new Injection(claim.value(), claim.standard(), type));
                }
            }
        } else if (Class.class.isInstance(type)) {
            Class<?> cls = (Class) Class.class.cast(type);
            if (!JsonValue.class.isAssignableFrom(cls)) {
                Class<?> wrapPrimitives = wrapPrimitives(cls);
                if (CharSequence.class.isAssignableFrom(cls) || Double.class.isAssignableFrom(wrapPrimitives) || Long.class.isAssignableFrom(wrapPrimitives) || Integer.class.isAssignableFrom(wrapPrimitives)) {
                    return Optional.of(new Injection(claim.value(), claim.standard(), wrapPrimitives));
                }
            } else {
                if (JsonString.class.isAssignableFrom(cls)) {
                    return Optional.of(new Injection(claim.value(), claim.standard(), cls) { // from class: org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.3
                        @Override // org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.Injection
                        Object createInstance(TokenAccessor tokenAccessor) {
                            Object createInstance = super.createInstance(tokenAccessor);
                            return JsonString.class.isInstance(createInstance) ? createInstance : GeronimoJwtAuthExtension.this.json.createValue((String) String.class.cast(createInstance));
                        }
                    });
                }
                if (JsonNumber.class.isAssignableFrom(cls)) {
                    return Optional.of(new Injection(claim.value(), claim.standard(), cls) { // from class: org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.4
                        @Override // org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.Injection
                        Object createInstance(TokenAccessor tokenAccessor) {
                            Object createInstance = super.createInstance(tokenAccessor);
                            return JsonNumber.class.isInstance(createInstance) ? createInstance : GeronimoJwtAuthExtension.this.json.createValue(((Number) Number.class.cast(createInstance)).doubleValue());
                        }
                    });
                }
                if (JsonObject.class.isAssignableFrom(cls)) {
                    return Optional.of(new Injection(claim.value(), claim.standard(), cls));
                }
                if (JsonArray.class.isAssignableFrom(cls)) {
                    return Optional.of(new Injection(claim.value(), claim.standard(), cls) { // from class: org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.5
                        @Override // org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.Injection
                        Object createInstance(TokenAccessor tokenAccessor) {
                            Object createInstance = super.createInstance(tokenAccessor);
                            if (createInstance == null) {
                                return null;
                            }
                            if (JsonArray.class.isInstance(createInstance)) {
                                return createInstance;
                            }
                            if (!Set.class.isInstance(createInstance)) {
                                throw new IllegalArgumentException("Unsupported value: " + createInstance);
                            }
                            Stream stream = ((Set) createInstance).stream();
                            JsonProvider jsonProvider = GeronimoJwtAuthExtension.this.json;
                            jsonProvider.getClass();
                            return stream.collect(Collector.of(jsonProvider::createArrayBuilder, (v0, v1) -> {
                                v0.add(v1);
                            }, (v0, v1) -> {
                                return v0.addAll(v1);
                            }, (v0) -> {
                                return v0.build();
                            }, new Collector.Characteristics[0]));
                        }
                    });
                }
            }
        }
        this.errors.add(new IllegalArgumentException(type + " not supported by JWT-Auth implementation"));
        return Optional.empty();
    }

    private Class<?> wrapPrimitives(Class<?> cls) {
        return Long.TYPE == cls ? Long.class : Integer.TYPE == cls ? Integer.class : Double.TYPE == cls ? Double.class : cls;
    }

    private static String getClaimName(Claim claim) {
        return getClaimName(claim.value(), claim.standard());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getClaimName(String str, Claims claims) {
        return (String) Optional.of(str).filter(str2 -> {
            return !str2.isEmpty();
        }).orElse(claims.name());
    }

    public void execute(HttpServletRequest httpServletRequest, ServletRunnable servletRunnable) {
        try {
            execute((TokenAccessor) Objects.requireNonNull(JwtRequest.class.isInstance(httpServletRequest) ? (JwtRequest) JwtRequest.class.cast(httpServletRequest) : (JwtRequest) JwtRequest.class.cast(httpServletRequest.getAttribute(JwtRequest.class.getName())), "No JwtRequest"), servletRunnable);
        } catch (IOException | ServletException e) {
            throw new IllegalStateException(e);
        }
    }

    public void execute(TokenAccessor tokenAccessor, ServletRunnable servletRunnable) throws ServletException, IOException {
        this.request.set(tokenAccessor);
        try {
            servletRunnable.run();
        } finally {
            this.request.remove();
        }
    }
}
