package fish.payara.security.realm.cdi;

import com.sun.enterprise.config.serverbeans.AuthRealm;
import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.Realm;
import fish.payara.security.annotations.CertificateAuthenticationMechanismDefinition;
import fish.payara.security.annotations.CertificateIdentityStoreDefinition;
import fish.payara.security.annotations.FileIdentityStoreDefinition;
import fish.payara.security.annotations.PamIdentityStoreDefinition;
import fish.payara.security.annotations.RealmIdentityStoreDefinition;
import fish.payara.security.annotations.RealmIdentityStoreDefinitions;
import fish.payara.security.annotations.SolarisIdentityStoreDefinition;
import fish.payara.security.realm.RealmUtil;
import fish.payara.security.realm.config.CertificateRealmIdentityStoreConfiguration;
import fish.payara.security.realm.config.FileRealmIdentityStoreConfiguration;
import fish.payara.security.realm.config.PamRealmIdentityStoreConfiguration;
import fish.payara.security.realm.config.RealmConfiguration;
import fish.payara.security.realm.config.SolarisRealmIdentityStoreConfiguration;
import fish.payara.security.realm.identitystores.CertificateRealmIdentityStore;
import fish.payara.security.realm.identitystores.FileRealmIdentityStore;
import fish.payara.security.realm.identitystores.PamRealmIdentityStore;
import fish.payara.security.realm.identitystores.RealmIdentityStore;
import fish.payara.security.realm.identitystores.SolarisRealmIdentityStore;
import fish.payara.security.realm.mechanisms.CertificateAuthenticationMechanism;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.event.Observes;
import jakarta.enterprise.inject.spi.AfterBeanDiscovery;
import jakarta.enterprise.inject.spi.AnnotatedType;
import jakarta.enterprise.inject.spi.Bean;
import jakarta.enterprise.inject.spi.BeanManager;
import jakarta.enterprise.inject.spi.BeforeBeanDiscovery;
import jakarta.enterprise.inject.spi.CDI;
import jakarta.enterprise.inject.spi.Extension;
import jakarta.enterprise.inject.spi.ProcessBean;
import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import jakarta.security.enterprise.identitystore.IdentityStore;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import org.glassfish.common.util.PayaraCdiProducer;
import org.glassfish.internal.api.Globals;
import org.glassfish.soteria.cdi.CdiUtils;

/* loaded from: input_file:fish/payara/security/realm/cdi/RealmExtension.class */
public class RealmExtension implements Extension {
    private Bean<HttpAuthenticationMechanism> authenticationMechanismBean;
    private final Set<String> realms = new HashSet();
    private final List<Bean<IdentityStore>> identityStoreBeans = new ArrayList();
    private SecurityService securityService;
    private static final Logger LOGGER = Logger.getLogger(RealmExtension.class.getName());
    private static final Pattern SIMPLE_TEXT_PATTERN = Pattern.compile("[^a-z0-9 ]", 2);

    protected void beforeBeanDiscovery(@Observes BeforeBeanDiscovery beforeBeanDiscovery, BeanManager beanManager) {
        addAnnotatedType(RealmIdentityStore.class, beanManager, beforeBeanDiscovery);
        addAnnotatedType(FileRealmIdentityStore.class, beanManager, beforeBeanDiscovery);
        addAnnotatedType(CertificateRealmIdentityStore.class, beanManager, beforeBeanDiscovery);
        addAnnotatedType(CertificateAuthenticationMechanism.class, beanManager, beforeBeanDiscovery);
        addAnnotatedType(PamRealmIdentityStore.class, beanManager, beforeBeanDiscovery);
        addAnnotatedType(SolarisRealmIdentityStore.class, beanManager, beforeBeanDiscovery);
    }

    protected <T> void addAnnotatedType(Class<T> cls, BeanManager beanManager, BeforeBeanDiscovery beforeBeanDiscovery) {
        beforeBeanDiscovery.addAnnotatedType((AnnotatedType<?>) beanManager.createAnnotatedType(cls), cls.getName());
    }

    protected <T> void findRealmDefinitionAnnotation(@Observes ProcessBean<T> processBean, BeanManager beanManager) {
        Class<?> beanClass = processBean.getBean().getBeanClass();
        findRealmIdentityStoreDefinitions(beanManager, processBean, beanClass);
        findFileIdentityStoreDefinitions(beanManager, processBean, beanClass);
        findCertificateIdentityStoreDefinitions(beanManager, processBean, beanClass);
        findCertificateAuthenticationMechanismDefinition(beanManager, processBean, beanClass);
        findPamIdentityStoreDefinitions(beanManager, processBean, beanClass);
        findSolarisIdentityStoreDefinitions(beanManager, processBean, beanClass);
    }

    private <T> void findRealmIdentityStoreDefinitions(BeanManager beanManager, ProcessBean<T> processBean, Class<?> cls) {
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), RealmIdentityStoreDefinition.class).ifPresent(realmIdentityStoreDefinition -> {
            validateDefinition(realmIdentityStoreDefinition);
            logActivatedIdentityStore(RealmIdentityStore.class, cls);
            this.identityStoreBeans.add(new PayaraCdiProducer().scope(ApplicationScoped.class).beanClass(IdentityStore.class).types(Object.class, IdentityStore.class).addToId((Object) (RealmIdentityStore.class + "-" + realmIdentityStoreDefinition.value())).create(obj -> {
                RealmIdentityStore realmIdentityStore = (RealmIdentityStore) CDI.current().select(RealmIdentityStore.class, new Annotation[0]).get2();
                realmIdentityStore.setConfiguration(realmIdentityStoreDefinition);
                return realmIdentityStore;
            }));
        });
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), RealmIdentityStoreDefinitions.class).ifPresent(realmIdentityStoreDefinitions -> {
            for (RealmIdentityStoreDefinition realmIdentityStoreDefinition2 : realmIdentityStoreDefinitions.value()) {
                validateDefinition(realmIdentityStoreDefinition2);
                logActivatedIdentityStore(RealmIdentityStore.class, cls);
                this.identityStoreBeans.add(new PayaraCdiProducer().scope(ApplicationScoped.class).beanClass(IdentityStore.class).types(Object.class, IdentityStore.class).addToId((Object) (RealmIdentityStore.class + "-" + realmIdentityStoreDefinition2.value())).create(obj -> {
                    RealmIdentityStore realmIdentityStore = (RealmIdentityStore) CDI.current().select(RealmIdentityStore.class, new Annotation[0]).get2();
                    realmIdentityStore.setConfiguration(realmIdentityStoreDefinition2);
                    return realmIdentityStore;
                }));
            }
        });
    }

    private <T> void findFileIdentityStoreDefinitions(BeanManager beanManager, ProcessBean<T> processBean, Class<?> cls) {
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), FileIdentityStoreDefinition.class).ifPresent(fileIdentityStoreDefinition -> {
            validateDefinition(fileIdentityStoreDefinition.value(), FileRealmIdentityStore.REALM_CLASS, fileIdentityStoreDefinition.jaasContext());
            logActivatedIdentityStore(FileRealmIdentityStore.class, cls);
            FileRealmIdentityStoreConfiguration from = FileRealmIdentityStoreConfiguration.from(fileIdentityStoreDefinition);
            Properties properties = new Properties();
            properties.put("file", from.getFile());
            properties.put("jaas-context", from.getJaasContext());
            createRealm(from, FileRealmIdentityStore.REALM_CLASS, FileRealmIdentityStore.REALM_LOGIN_MODULE_CLASS, properties);
            this.identityStoreBeans.add(new PayaraCdiProducer().scope(ApplicationScoped.class).beanClass(IdentityStore.class).types(Object.class, IdentityStore.class).addToId((Object) FileRealmIdentityStore.class).create(obj -> {
                FileRealmIdentityStore fileRealmIdentityStore = (FileRealmIdentityStore) CDI.current().select(FileRealmIdentityStore.class, new Annotation[0]).get2();
                fileRealmIdentityStore.init(from);
                return fileRealmIdentityStore;
            }));
        });
    }

    private <T> void findCertificateIdentityStoreDefinitions(BeanManager beanManager, ProcessBean<T> processBean, Class<?> cls) {
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), CertificateIdentityStoreDefinition.class).ifPresent(certificateIdentityStoreDefinition -> {
            validateDefinition(certificateIdentityStoreDefinition.value(), CertificateRealmIdentityStore.REALM_CLASS, null);
            logActivatedIdentityStore(CertificateRealmIdentityStore.class, cls);
            CertificateRealmIdentityStoreConfiguration from = CertificateRealmIdentityStoreConfiguration.from(certificateIdentityStoreDefinition);
            createRealm(from, CertificateRealmIdentityStore.REALM_CLASS, CertificateRealmIdentityStore.REALM_LOGIN_MODULE_CLASS, new Properties());
            this.identityStoreBeans.add(new PayaraCdiProducer().scope(ApplicationScoped.class).beanClass(IdentityStore.class).types(Object.class, IdentityStore.class).addToId((Object) CertificateRealmIdentityStore.class).create(obj -> {
                CertificateRealmIdentityStore certificateRealmIdentityStore = (CertificateRealmIdentityStore) CDI.current().select(CertificateRealmIdentityStore.class, new Annotation[0]).get2();
                certificateRealmIdentityStore.init(from);
                return certificateRealmIdentityStore;
            }));
        });
    }

    private <T> void findCertificateAuthenticationMechanismDefinition(BeanManager beanManager, ProcessBean<T> processBean, Class<?> cls) {
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), CertificateAuthenticationMechanismDefinition.class).ifPresent(certificateAuthenticationMechanismDefinition -> {
            logActivatedAuthenticationMechanism(CertificateAuthenticationMechanism.class, cls);
            this.authenticationMechanismBean = new PayaraCdiProducer().scope(ApplicationScoped.class).beanClass(HttpAuthenticationMechanism.class).types(Object.class, HttpAuthenticationMechanism.class).addToId((Object) CertificateAuthenticationMechanism.class).create(obj -> {
                return CDI.current().select(CertificateAuthenticationMechanism.class, new Annotation[0]).get2();
            });
        });
    }

    private <T> void findPamIdentityStoreDefinitions(BeanManager beanManager, ProcessBean<T> processBean, Class<?> cls) {
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), PamIdentityStoreDefinition.class).ifPresent(pamIdentityStoreDefinition -> {
            validateDefinition(pamIdentityStoreDefinition.value(), PamRealmIdentityStore.REALM_CLASS, pamIdentityStoreDefinition.jaasContext());
            logActivatedIdentityStore(PamRealmIdentityStore.class, cls);
            PamRealmIdentityStoreConfiguration from = PamRealmIdentityStoreConfiguration.from(pamIdentityStoreDefinition);
            Properties properties = new Properties();
            properties.put("jaas-context", from.getJaasContext());
            createRealm(from, PamRealmIdentityStore.REALM_CLASS, PamRealmIdentityStore.REALM_LOGIN_MODULE_CLASS, properties);
            this.identityStoreBeans.add(new PayaraCdiProducer().scope(ApplicationScoped.class).beanClass(IdentityStore.class).types(Object.class, IdentityStore.class).addToId((Object) PamRealmIdentityStore.class).create(obj -> {
                PamRealmIdentityStore pamRealmIdentityStore = (PamRealmIdentityStore) CDI.current().select(PamRealmIdentityStore.class, new Annotation[0]).get2();
                pamRealmIdentityStore.init(from);
                return pamRealmIdentityStore;
            }));
        });
    }

    private <T> void findSolarisIdentityStoreDefinitions(BeanManager beanManager, ProcessBean<T> processBean, Class<?> cls) {
        CdiUtils.getAnnotation(beanManager, processBean.getAnnotated(), SolarisIdentityStoreDefinition.class).ifPresent(solarisIdentityStoreDefinition -> {
            validateDefinition(solarisIdentityStoreDefinition.value(), SolarisRealmIdentityStore.REALM_CLASS, solarisIdentityStoreDefinition.jaasContext());
            logActivatedIdentityStore(SolarisRealmIdentityStore.class, cls);
            SolarisRealmIdentityStoreConfiguration from = SolarisRealmIdentityStoreConfiguration.from(solarisIdentityStoreDefinition);
            Properties properties = new Properties();
            properties.put("jaas-context", from.getJaasContext());
            createRealm(from, SolarisRealmIdentityStore.REALM_CLASS, SolarisRealmIdentityStore.REALM_LOGIN_MODULE_CLASS, properties);
            this.identityStoreBeans.add(new PayaraCdiProducer().scope(ApplicationScoped.class).beanClass(IdentityStore.class).types(Object.class, IdentityStore.class).addToId((Object) SolarisRealmIdentityStore.class).create(obj -> {
                SolarisRealmIdentityStore solarisRealmIdentityStore = (SolarisRealmIdentityStore) CDI.current().select(SolarisRealmIdentityStore.class, new Annotation[0]).get2();
                solarisRealmIdentityStore.init(from);
                return solarisRealmIdentityStore;
            }));
        });
    }

    private <T> T createRealm(RealmConfiguration realmConfiguration, Class<T> cls, Class cls2, Properties properties) {
        try {
            if (!Realm.isValidRealm(realmConfiguration.getName())) {
                if (!realmConfiguration.getAssignGroups().isEmpty()) {
                    properties.put("assign-groups", String.join(",", realmConfiguration.getAssignGroups()));
                }
                RealmUtil.createAuthRealm(realmConfiguration.getName(), cls.getName(), cls2.getName(), properties);
            }
            return cls.cast(Realm.getInstance(realmConfiguration.getName()));
        } catch (NoSuchRealmException e) {
            throw new IllegalStateException(realmConfiguration.getName(), e);
        }
    }

    private void validateDefinition(RealmIdentityStoreDefinition realmIdentityStoreDefinition) {
        String value = realmIdentityStoreDefinition.value();
        if (value.isEmpty()) {
            value = getSecurityService().getDefaultRealm();
        }
        Stream<R> map = getSecurityService().getAuthRealm().stream().map(authRealm -> {
            return authRealm.getName();
        });
        String str = value;
        Objects.requireNonNull(str);
        if (!map.anyMatch((v1) -> {
            return r1.equals(v1);
        })) {
            throw new IllegalStateException(String.format("[%s] No such realm found.", value));
        }
        if (!this.realms.add(value)) {
            throw new IllegalStateException(String.format("Duplicate realm name [%s] defined in RealmIdentityStoreDefinition.", realmIdentityStoreDefinition.value()));
        }
    }

    private void validateDefinition(String str, Class cls, String str2) {
        for (AuthRealm authRealm : getSecurityService().getAuthRealm()) {
            if (authRealm.getName().equals(str) && !authRealm.getClassname().equals(cls.getName())) {
                throw new IllegalStateException(String.format("%s realm can't be created for realm class %s, as already registed with realm class %s.", str, cls.getName(), authRealm.getClassname()));
            }
        }
        if (str2 != null && SIMPLE_TEXT_PATTERN.matcher(str2).find()) {
            throw new IllegalStateException(String.format("Special character not allowed in jaasContext %s.", str2));
        }
    }

    private SecurityService getSecurityService() {
        if (this.securityService == null) {
            this.securityService = (SecurityService) Globals.getDefaultHabitat().getService(SecurityService.class, new Annotation[0]);
        }
        return this.securityService;
    }

    protected void afterBeanDiscovery(@Observes AfterBeanDiscovery afterBeanDiscovery, BeanManager beanManager) {
        if (!this.identityStoreBeans.isEmpty()) {
            List<Bean<IdentityStore>> list = this.identityStoreBeans;
            Objects.requireNonNull(afterBeanDiscovery);
            list.forEach(afterBeanDiscovery::addBean);
        }
        if (this.authenticationMechanismBean != null) {
            afterBeanDiscovery.addBean(this.authenticationMechanismBean);
        }
    }

    private void logActivatedIdentityStore(Class<?> cls, Class<?> cls2) {
        LOGGER.log(Level.INFO, "Activating {0} identity store from {1} class", new Object[]{cls.getName(), cls2.getName()});
    }

    private void logActivatedAuthenticationMechanism(Class<?> cls, Class<?> cls2) {
        LOGGER.log(Level.INFO, "Activating {0} authentication mechanism from {1} class", new Object[]{cls.getName(), cls2.getName()});
    }
}
