package io.quarkus.elytron.security.runtime;

import io.quarkus.arc.runtime.BeanContainer;
import io.quarkus.runtime.RuntimeValue;
import io.quarkus.runtime.annotations.Template;
import io.undertow.security.idm.IdentityManager;
import io.undertow.servlet.ServletExtension;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.LoginConfig;
import java.lang.annotation.Annotation;
import java.net.URL;
import java.security.Permission;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Supplier;
import javax.servlet.ServletContext;
import org.jboss.logging.Logger;
import org.wildfly.security.WildFlyElytronProvider;
import org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealm;
import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm;
import org.wildfly.security.auth.realm.SimpleRealmEntry;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.authz.PermissionMappable;
import org.wildfly.security.authz.PermissionMapper;
import org.wildfly.security.authz.RoleDecoder;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.permission.PermissionVerifier;

@Template
/* loaded from: input_file:io/quarkus/elytron/security/runtime/SecurityTemplate.class */
public class SecurityTemplate {
    static final Logger log = Logger.getLogger(SecurityTemplate.class);

    public void loadRealm(RuntimeValue<SecurityRealm> runtimeValue, PropertiesRealmConfig propertiesRealmConfig) throws Exception {
        log.debugf("loadRealm, config=%s", propertiesRealmConfig);
        LegacyPropertiesSecurityRealm legacyPropertiesSecurityRealm = (SecurityRealm) runtimeValue.getValue();
        if (legacyPropertiesSecurityRealm instanceof LegacyPropertiesSecurityRealm) {
            log.debugf("Trying to loader users: /%s", propertiesRealmConfig.users);
            URL resource = Thread.currentThread().getContextClassLoader().getResource(propertiesRealmConfig.users);
            log.debugf("users: %s", resource);
            log.debugf("Trying to loader roles: %s", propertiesRealmConfig.roles);
            URL resource2 = Thread.currentThread().getContextClassLoader().getResource(propertiesRealmConfig.roles);
            log.debugf("roles: %s", resource2);
            if (resource == null && resource2 == null) {
                throw new IllegalStateException(String.format("No PropertiesRealmConfig users/roles settings found. Configure the quarkus.security.file.%s properties", propertiesRealmConfig.help()));
            }
            legacyPropertiesSecurityRealm.load(resource.openStream(), resource2.openStream());
        }
    }

    public void loadRealm(RuntimeValue<SecurityRealm> runtimeValue, MPRealmConfig mPRealmConfig) throws Exception {
        log.debugf("loadRealm, config=%s", mPRealmConfig);
        SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm = (SecurityRealm) runtimeValue.getValue();
        if (simpleMapBackedSecurityRealm instanceof SimpleMapBackedSecurityRealm) {
            SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm2 = simpleMapBackedSecurityRealm;
            HashMap hashMap = new HashMap();
            Map<String, String> users = mPRealmConfig.getUsers();
            log.debugf("UserInfoMap: %s%n", users);
            Map<String, String> roles = mPRealmConfig.getRoles();
            log.debugf("RoleInfoMap: %s%n", roles);
            for (Map.Entry<String, String> entry : users.entrySet()) {
                String key = entry.getKey();
                PasswordCredential passwordCredential = new PasswordCredential(ClearPassword.createRaw("clear", entry.getValue().toCharArray()));
                ArrayList arrayList = new ArrayList();
                arrayList.add(passwordCredential);
                String[] split = roles.get(key).split(",");
                MapAttributes mapAttributes = new MapAttributes();
                for (String str : split) {
                    mapAttributes.addLast("groups", str);
                }
                hashMap.put(key, new SimpleRealmEntry(arrayList, mapAttributes));
                log.debugf("Added user(%s), roles=%s%n", key, mapAttributes.get("groups"));
            }
            simpleMapBackedSecurityRealm2.setIdentityMap(hashMap);
        }
    }

    public RuntimeValue<SecurityRealm> createRealm(PropertiesRealmConfig propertiesRealmConfig) throws Exception {
        log.debugf("createRealm, config=%s", propertiesRealmConfig);
        return new RuntimeValue<>(LegacyPropertiesSecurityRealm.builder().setDefaultRealm("default").setProviders(new Supplier<Provider[]>() { // from class: io.quarkus.elytron.security.runtime.SecurityTemplate.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public Provider[] get() {
                return new Provider[]{new WildFlyElytronProvider()};
            }
        }).setPlainText(true).build());
    }

    public RuntimeValue<SecurityRealm> createRealm(MPRealmConfig mPRealmConfig) {
        log.debugf("createRealm, config=%s", mPRealmConfig);
        return new RuntimeValue<>(new SimpleMapBackedSecurityRealm(NameRewriter.IDENTITY_REWRITER, new Supplier<Provider[]>() { // from class: io.quarkus.elytron.security.runtime.SecurityTemplate.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public Provider[] get() {
                return new Provider[]{new WildFlyElytronProvider()};
            }
        }));
    }

    public RuntimeValue<SecurityDomain.Builder> configureDomainBuilder(String str, RuntimeValue<SecurityRealm> runtimeValue) throws Exception {
        log.debugf("buildDomain, realm=%s", runtimeValue.getValue());
        return new RuntimeValue<>(SecurityDomain.builder().addRealm(str, (SecurityRealm) runtimeValue.getValue()).setRoleDecoder(new RoleDecoder() { // from class: io.quarkus.elytron.security.runtime.SecurityTemplate.4
            public Roles decodeRoles(AuthorizationIdentity authorizationIdentity) {
                final HashSet hashSet = new HashSet((Collection) authorizationIdentity.getAttributes().get("groups"));
                return new Roles() { // from class: io.quarkus.elytron.security.runtime.SecurityTemplate.4.1
                    public boolean contains(String str2) {
                        return hashSet.contains(str2);
                    }

                    public Iterator<String> iterator() {
                        return hashSet.iterator();
                    }
                };
            }
        }).build().setDefaultRealmName(str).setPermissionMapper(new PermissionMapper() { // from class: io.quarkus.elytron.security.runtime.SecurityTemplate.3
            public PermissionVerifier mapPermissions(PermissionMappable permissionMappable, Roles roles) {
                return new PermissionVerifier() { // from class: io.quarkus.elytron.security.runtime.SecurityTemplate.3.1
                    public boolean implies(Permission permission) {
                        return true;
                    }
                };
            }
        }));
    }

    public void addRealm(RuntimeValue<SecurityDomain.Builder> runtimeValue, String str, RuntimeValue<SecurityRealm> runtimeValue2) {
        ((SecurityDomain.Builder) runtimeValue.getValue()).addRealm(str, (SecurityRealm) runtimeValue2.getValue());
    }

    public RuntimeValue<SecurityDomain> buildDomain(RuntimeValue<SecurityDomain.Builder> runtimeValue) {
        return new RuntimeValue<>(((SecurityDomain.Builder) runtimeValue.getValue()).build());
    }

    public IdentityManager createIdentityManager(RuntimeValue<SecurityDomain> runtimeValue) {
        return new ElytronIdentityManager((SecurityDomain) runtimeValue.getValue());
    }

    public ServletExtension configureUndertowIdentityManager(RuntimeValue<SecurityDomain> runtimeValue, final IdentityManager identityManager) {
        return new ServletExtension() { // from class: io.quarkus.elytron.security.runtime.SecurityTemplate.5
            public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
                deploymentInfo.setIdentityManager(identityManager);
            }
        };
    }

    public ServletExtension configureLoginConfig(final List<AuthConfig> list) {
        return new ServletExtension() { // from class: io.quarkus.elytron.security.runtime.SecurityTemplate.6
            public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
                if (list.size() > 0) {
                    AuthConfig authConfig = (AuthConfig) list.get(0);
                    SecurityTemplate.log.debugf("configureLoginConfig, %s", list);
                    LoginConfig loginConfig = new LoginConfig(authConfig.authMechanism, authConfig.realmName);
                    for (int i = 1; i < list.size(); i++) {
                        loginConfig.addLastAuthMethod(((AuthConfig) list.get(i)).getAuthMechanism());
                    }
                    deploymentInfo.setLoginConfig(loginConfig);
                }
            }
        };
    }

    public ServletExtension configureSecurityContextPrincipalHandler(BeanContainer beanContainer) {
        return (SecurityContextPrincipalExtension) beanContainer.instance(SecurityContextPrincipalExtension.class, new Annotation[0]);
    }
}
