package io.helidon.microprofile.jwt.auth;

import io.helidon.common.Weight;
import io.helidon.common.config.Config;
import io.helidon.security.providers.common.spi.AnnotationAnalyzer;
import jakarta.annotation.security.RolesAllowed;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import org.eclipse.microprofile.auth.LoginConfig;

@Weight(200.0d)
/* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthAnnotationAnalyzer.class */
public class JwtAuthAnnotationAnalyzer implements AnnotationAnalyzer {
    static final String LOGIN_CONFIG_METHOD = "MP-JWT";
    private String authenticator = "mp-jwt-auth";
    private boolean secureByDefault;

    /* loaded from: input_file:io/helidon/microprofile/jwt/auth/JwtAuthAnnotationAnalyzer$RegisterMpJwt.class */
    private static final class RegisterMpJwt {
        private final boolean isMpJwt;

        private RegisterMpJwt(boolean z) {
            this.isMpJwt = z;
        }

        public boolean isMpJwt() {
            return this.isMpJwt;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isMpJwt(LoginConfig loginConfig) {
        return LOGIN_CONFIG_METHOD.equals(loginConfig.authMethod());
    }

    public void init(Config config) {
        config.get("mp-jwt-auth.auth-method-mapping").asNodeList().ifPresent(list -> {
            list.forEach(config2 -> {
                config2.get("key").asString().ifPresent(str -> {
                    if (LOGIN_CONFIG_METHOD.equals(str)) {
                        this.authenticator = (String) config2.get("provider").asString().orElse(this.authenticator);
                    }
                });
            });
        });
        this.secureByDefault = ((Boolean) config.get("jwt.secure-by-default").asBoolean().orElse(true)).booleanValue();
    }

    public AnnotationAnalyzer.AnalyzerResponse analyze(Class<?> cls) {
        AnnotationAnalyzer.AnalyzerResponse.Builder builder = AnnotationAnalyzer.AnalyzerResponse.builder();
        LoginConfig annotation = cls.getAnnotation(LoginConfig.class);
        if (null == annotation) {
            builder.register(new RegisterMpJwt(false));
            return AnnotationAnalyzer.AnalyzerResponse.abstain();
        }
        if (!isMpJwt(annotation)) {
            builder.register(new RegisterMpJwt(false));
            return builder.build();
        }
        builder.register(new RegisterMpJwt(true));
        AnnotationAnalyzer.Flag flag = this.secureByDefault ? AnnotationAnalyzer.Flag.REQUIRED : AnnotationAnalyzer.Flag.OPTIONAL;
        if (isRolesAllowed(cls)) {
            flag = AnnotationAnalyzer.Flag.REQUIRED;
        }
        return builder.authenticationResponse(flag).authenticator(this.authenticator).build();
    }

    public AnnotationAnalyzer.AnalyzerResponse analyze(Class<?> cls, AnnotationAnalyzer.AnalyzerResponse analyzerResponse) {
        return AnnotationAnalyzer.AnalyzerResponse.builder(analyzerResponse).build();
    }

    public AnnotationAnalyzer.AnalyzerResponse analyze(Method method, AnnotationAnalyzer.AnalyzerResponse analyzerResponse) {
        return isRolesAllowed(method) ? AnnotationAnalyzer.AnalyzerResponse.builder(analyzerResponse).authenticationResponse(AnnotationAnalyzer.Flag.REQUIRED).build() : AnnotationAnalyzer.AnalyzerResponse.builder(analyzerResponse).build();
    }

    private boolean isRolesAllowed(AnnotatedElement annotatedElement) {
        return null != annotatedElement.getAnnotation(RolesAllowed.class);
    }
}
