package io.quarkus.vertx.http.runtime.security;

import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import java.security.Permission;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/RolesAllowedHttpSecurityPolicy.class */
public class RolesAllowedHttpSecurityPolicy extends RolesMapping implements HttpSecurityPolicy {
    private static final String AUTHENTICATED = "**";
    private final String[] rolesAllowed;

    public RolesAllowedHttpSecurityPolicy(List<String> list, Map<String, Set<Permission>> map, Map<String, List<String>> map2) {
        super(map, map2);
        this.rolesAllowed = (String[]) list.toArray(i -> {
            return new String[i];
        });
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy
    public Uni<HttpSecurityPolicy.CheckResult> checkPermission(RoutingContext routingContext, Uni<SecurityIdentity> uni, HttpSecurityPolicy.AuthorizationRequestContext authorizationRequestContext) {
        return uni.map(new Function<SecurityIdentity, HttpSecurityPolicy.CheckResult>() { // from class: io.quarkus.vertx.http.runtime.security.RolesAllowedHttpSecurityPolicy.1
            @Override // java.util.function.Function
            public HttpSecurityPolicy.CheckResult apply(SecurityIdentity securityIdentity) {
                SecurityIdentity augmentIdentity;
                if ((RolesAllowedHttpSecurityPolicy.this.grantPermissions || RolesAllowedHttpSecurityPolicy.this.grantRoles) && (augmentIdentity = RolesAllowedHttpSecurityPolicy.this.augmentIdentity(securityIdentity)) != null) {
                    for (String str : RolesAllowedHttpSecurityPolicy.this.rolesAllowed) {
                        if (augmentIdentity.hasRole(str) || (RolesAllowedHttpSecurityPolicy.AUTHENTICATED.equals(str) && !augmentIdentity.isAnonymous())) {
                            return new HttpSecurityPolicy.CheckResult(true, augmentIdentity);
                        }
                    }
                    return HttpSecurityPolicy.CheckResult.DENY;
                }
                for (String str2 : RolesAllowedHttpSecurityPolicy.this.rolesAllowed) {
                    if (securityIdentity.hasRole(str2) || (RolesAllowedHttpSecurityPolicy.AUTHENTICATED.equals(str2) && !securityIdentity.isAnonymous())) {
                        return HttpSecurityPolicy.CheckResult.PERMIT;
                    }
                }
                return HttpSecurityPolicy.CheckResult.DENY;
            }
        });
    }
}
