package io.quarkiverse.authzed.client.deployment;

import com.authzed.api.v1.Core;
import com.authzed.api.v1.PermissionService;
import com.authzed.api.v1.SchemaServiceOuterClass;
import io.quarkiverse.authzed.client.AuthzedClient;
import io.quarkiverse.authzed.runtime.config.AuthzedConfig;
import io.quarkiverse.authzed.utils.Tuples;
import io.quarkus.deployment.IsNormal;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.builditem.CuratedApplicationShutdownBuildItem;
import io.quarkus.deployment.builditem.DevServicesResultBuildItem;
import io.quarkus.deployment.builditem.DockerStatusBuildItem;
import io.quarkus.deployment.builditem.LaunchModeBuildItem;
import io.quarkus.deployment.console.ConsoleInstalledBuildItem;
import io.quarkus.deployment.console.StartupLogCompressor;
import io.quarkus.deployment.dev.devservices.GlobalDevServicesConfig;
import io.quarkus.deployment.logging.LoggingSetupBuildItem;
import io.quarkus.devservices.common.ContainerLocator;
import io.quarkus.runtime.configuration.ConfigUtils;
import java.io.BufferedReader;
import java.io.Closeable;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.OptionalInt;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.Network;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.utility.DockerImageName;

/* loaded from: input_file:io/quarkiverse/authzed/client/deployment/DevServicesAuthzedProcessor.class */
public class DevServicesAuthzedProcessor {
    static final String CONFIG_PREFIX = "quarkus.authzed.";
    public static final String OPERATION = "OPERATION_";
    static final String GRPC_URL_CONFIG_KEY = "quarkus.authzed.url";
    static final String HTTP_URL_CONFIG_KEY = "quarkus.authzed.http.url";
    static final String DASHBOARD_URL_CONFIG_KEY = "quarkus.authzed.dashboard.url";
    static final String METRICS_URL_CONFIG_KEY = "quarkus.authzed.metrics.url";
    static final String TOKEN_CONFIG_KEY = "quarkus.authzed.token";
    private static volatile DevServicesResultBuildItem.RunningDevService devService;
    private static volatile DevServicesAuthzedConfig capturedDevServicesConfiguration;
    private static final Logger log = Logger.getLogger(DevServicesAuthzedProcessor.class);
    static final String DEV_SERVICE_LABEL = "quarkus-dev-service-authzed";
    static final int AUTHZED_EXPOSED_PORT = 50051;
    static final ContainerLocator authzedContainerLocator = new ContainerLocator(DEV_SERVICE_LABEL, AUTHZED_EXPOSED_PORT);
    private static volatile boolean first = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkiverse/authzed/client/deployment/DevServicesAuthzedProcessor$QuarkusAuthzedContainer.class */
    public static class QuarkusAuthzedContainer extends GenericContainer<QuarkusAuthzedContainer> {
        DevServicesAuthzedConfig config;
        List<String> command;

        public QuarkusAuthzedContainer(DockerImageName dockerImageName, DevServicesAuthzedConfig devServicesAuthzedConfig) {
            super(dockerImageName);
            this.command = new ArrayList();
            this.config = devServicesAuthzedConfig;
        }

        protected void configure() {
            super.configure();
            this.command.add("serve");
            configureGrpc();
            if (this.config.http.enabled.booleanValue()) {
                configureHttp();
            }
            if (this.config.dashboard.enabled.booleanValue()) {
                configureDashboard();
            }
            if (this.config.metrics.enabled.booleanValue()) {
                configureMetrics();
            }
            withCommand((String[]) this.command.toArray(new String[this.command.size()]));
            withNetwork(Network.SHARED);
            if (this.config.serviceName != null) {
                withLabel(DevServicesAuthzedProcessor.DEV_SERVICE_LABEL, this.config.serviceName);
            }
        }

        private void configureGrpc() {
            this.command.add("--grpc-preshared-key");
            this.command.add(this.config.grpc.presharedKey);
            this.command.add("--grpc-enabled");
            this.command.add("--grpc-addr");
            this.command.add(":" + this.config.grpc.port);
            this.config.grpc.tlsCertPath.ifPresent(str -> {
                this.command.add("--grpc-tls-cert-path");
                this.command.add(str);
            });
            this.config.grpc.tlsKeyPath.ifPresent(str2 -> {
                this.command.add("--grpc-tls-cert-key");
                this.command.add(str2);
            });
            if (this.config.grpc.hostPort.isPresent()) {
                addFixedExposedPort(this.config.grpc.hostPort.getAsInt(), this.config.grpc.port.intValue());
            } else {
                addExposedPort(this.config.grpc.port);
            }
        }

        private void configureHttp() {
            this.command.add("--http-enabled");
            this.command.add("--http-addr");
            this.command.add(":" + this.config.http.port);
            this.config.http.tlsCertPath.ifPresent(str -> {
                this.command.add("--http-tls-cert-path");
                this.command.add(str);
            });
            this.config.http.tlsKeyPath.ifPresent(str2 -> {
                this.command.add("--http-tls-cert-key");
                this.command.add(str2);
            });
            if (this.config.http.hostPort.isPresent()) {
                addFixedExposedPort(this.config.http.hostPort.getAsInt(), this.config.http.port.intValue());
            } else {
                addExposedPort(this.config.http.port);
            }
        }

        private void configureDashboard() {
            this.command.add("--dashboard-enabled");
            this.command.add("--dashboard-addr");
            this.command.add(":" + this.config.dashboard.port);
            this.config.dashboard.tlsCertPath.ifPresent(str -> {
                this.command.add("--dashboard-tls-cert-path");
                this.command.add(str);
            });
            this.config.dashboard.tlsKeyPath.ifPresent(str2 -> {
                this.command.add("--dashboard-tls-cert-key");
                this.command.add(str2);
            });
            if (this.config.dashboard.hostPort.isPresent()) {
                addFixedExposedPort(this.config.dashboard.hostPort.getAsInt(), this.config.dashboard.port.intValue());
            } else {
                addExposedPort(this.config.dashboard.port);
            }
        }

        private void configureMetrics() {
            this.command.add("--metrics-enabled");
            this.command.add("--metrics-addr");
            this.command.add(":" + this.config.metrics.port);
            this.config.metrics.tlsCertPath.ifPresent(str -> {
                this.command.add("--metrics-tls-cert-path");
                this.command.add(str);
            });
            this.config.metrics.tlsKeyPath.ifPresent(str2 -> {
                this.command.add("--metrics-tls-cert-key");
                this.command.add(str2);
            });
            if (this.config.metrics.hostPort.isPresent()) {
                addFixedExposedPort(this.config.metrics.hostPort.getAsInt(), this.config.metrics.port.intValue());
            } else {
                addExposedPort(this.config.metrics.port);
            }
        }

        public Integer getGrpcPort() {
            return Integer.valueOf(this.config.grpc.hostPort.orElseGet(() -> {
                return super.getMappedPort(this.config.grpc.port.intValue()).intValue();
            }));
        }

        public URL getGrpcURL() {
            try {
                return new URL(this.config.grpc.tlsCertPath.isPresent() && this.config.grpc.tlsKeyPath.isPresent() ? "https" : "http", getHost(), getGrpcPort().intValue(), "");
            } catch (MalformedURLException e) {
                throw new RuntimeException(e);
            }
        }

        public Integer getHttpPort() {
            return Integer.valueOf(this.config.http.hostPort.orElseGet(() -> {
                return super.getMappedPort(this.config.http.port.intValue()).intValue();
            }));
        }

        public URL getHttpURL() {
            try {
                return new URL(this.config.http.tlsCertPath.isPresent() && this.config.http.tlsKeyPath.isPresent() ? "https" : "http", getHost(), getHttpPort().intValue(), "/v1");
            } catch (MalformedURLException e) {
                throw new RuntimeException(e);
            }
        }

        public Integer getDashboardPort() {
            return Integer.valueOf(this.config.dashboard.hostPort.orElseGet(() -> {
                return super.getMappedPort(this.config.dashboard.port.intValue()).intValue();
            }));
        }

        public URL getDashboardURL() {
            try {
                return new URL(this.config.dashboard.tlsCertPath.isPresent() && this.config.dashboard.tlsKeyPath.isPresent() ? "https" : "http", getHost(), getDashboardPort().intValue(), "");
            } catch (MalformedURLException e) {
                throw new RuntimeException(e);
            }
        }

        public Integer getMetricsPort() {
            return Integer.valueOf(this.config.metrics.hostPort.orElseGet(() -> {
                return super.getMappedPort(this.config.metrics.port.intValue()).intValue();
            }));
        }

        public URL getMetricsURL() {
            try {
                return new URL(this.config.metrics.tlsCertPath.isPresent() && this.config.metrics.tlsKeyPath.isPresent() ? "https" : "http", getHost(), getMetricsPort().intValue(), "");
            } catch (MalformedURLException e) {
                throw new RuntimeException(e);
            }
        }
    }

    @BuildStep(onlyIfNot = {IsNormal.class}, onlyIf = {GlobalDevServicesConfig.Enabled.class})
    public DevServicesResultBuildItem startContainers(AuthzedBuildTimeConfig authzedBuildTimeConfig, Optional<ConsoleInstalledBuildItem> optional, LaunchModeBuildItem launchModeBuildItem, DockerStatusBuildItem dockerStatusBuildItem, CuratedApplicationShutdownBuildItem curatedApplicationShutdownBuildItem, LoggingSetupBuildItem loggingSetupBuildItem, GlobalDevServicesConfig globalDevServicesConfig, BuildProducer<DevServicesResultBuildItem> buildProducer) {
        DevServicesAuthzedConfig devServicesAuthzedConfig = authzedBuildTimeConfig.devservices;
        if (devService != null) {
            if (!(!devServicesAuthzedConfig.equals(capturedDevServicesConfiguration))) {
                return devService.toBuildItem();
            }
            try {
                devService.close();
            } catch (Throwable th) {
                log.error("Failed to stop authzed container", th);
            }
            devService = null;
            capturedDevServicesConfiguration = null;
        }
        capturedDevServicesConfiguration = devServicesAuthzedConfig;
        StartupLogCompressor startupLogCompressor = new StartupLogCompressor((launchModeBuildItem.isTest() ? "(test) " : "") + "Authzed Dev Services Starting:", optional, loggingSetupBuildItem);
        try {
            try {
                devService = startContainer(dockerStatusBuildItem, devServicesAuthzedConfig, launchModeBuildItem, globalDevServicesConfig.timeout);
                if (devService == null) {
                    return null;
                }
                if (devService.isOwner()) {
                    log.info("Dev Services for authzed started.");
                    log.infof("Other Quarkus applications in dev mode will find the instance automatically. For Quarkus applications in production mode, you can connect to this by starting your application with -D%s=%s -D%s=%s", new Object[]{GRPC_URL_CONFIG_KEY, devService.getConfig().get(GRPC_URL_CONFIG_KEY), TOKEN_CONFIG_KEY, devService.getConfig().get(TOKEN_CONFIG_KEY)});
                }
                startupLogCompressor.close();
                if (first) {
                    first = false;
                    curatedApplicationShutdownBuildItem.addCloseTask(() -> {
                        if (devService != null) {
                            try {
                                devService.close();
                            } catch (Throwable th2) {
                                log.error("Failed to stop authzed container", th2);
                            }
                            devService = null;
                            log.info("Dev Services for authzed shut down.");
                        }
                        first = true;
                        capturedDevServicesConfiguration = null;
                    }, true);
                }
                return devService.toBuildItem();
            } catch (Throwable th2) {
                startupLogCompressor.closeAndDumpCaptured();
                throw new RuntimeException(th2);
            }
        } finally {
            startupLogCompressor.close();
        }
    }

    private DevServicesResultBuildItem.RunningDevService startContainer(DockerStatusBuildItem dockerStatusBuildItem, DevServicesAuthzedConfig devServicesAuthzedConfig, LaunchModeBuildItem launchModeBuildItem, Optional<Duration> optional) {
        if (!devServicesAuthzedConfig.enabled.booleanValue()) {
            log.debug("Not starting devservices for authzed as it has been disabled in the config");
            return null;
        }
        if (!(!ConfigUtils.isPropertyPresent(GRPC_URL_CONFIG_KEY))) {
            log.debug("Not starting devservices for default authzed client as url has been provided");
            return null;
        }
        if (dockerStatusBuildItem.isContainerRuntimeAvailable()) {
            DockerImageName asCompatibleSubstituteFor = DockerImageName.parse(devServicesAuthzedConfig.imageName.orElse("authzed/spicedb")).asCompatibleSubstituteFor("authzed/spicedb");
            return (DevServicesResultBuildItem.RunningDevService) authzedContainerLocator.locateContainer(devServicesAuthzedConfig.serviceName, devServicesAuthzedConfig.shared, launchModeBuildItem.getLaunchMode()).map(containerAddress -> {
                HashMap hashMap = new HashMap();
                hashMap.put(GRPC_URL_CONFIG_KEY, containerAddress.getUrl());
                hashMap.put(TOKEN_CONFIG_KEY, devServicesAuthzedConfig.grpc.presharedKey);
                return new DevServicesResultBuildItem.RunningDevService("authzed-client", containerAddress.getId(), (Closeable) null, hashMap);
            }).orElseGet(() -> {
                QuarkusAuthzedContainer quarkusAuthzedContainer = (QuarkusAuthzedContainer) ((QuarkusAuthzedContainer) new QuarkusAuthzedContainer(asCompatibleSubstituteFor, devServicesAuthzedConfig).withNetwork(Network.SHARED)).waitingFor(Wait.forLogMessage(".*grpc server started serving.*", 1));
                Objects.requireNonNull(quarkusAuthzedContainer);
                optional.ifPresent(quarkusAuthzedContainer::withStartupTimeout);
                log.info("Starting authzed...");
                quarkusAuthzedContainer.start();
                HashMap hashMap = new HashMap();
                withClient(quarkusAuthzedContainer, devServicesAuthzedConfig, authzedClient -> {
                    hashMap.put(GRPC_URL_CONFIG_KEY, quarkusAuthzedContainer.getGrpcURL().toExternalForm());
                    hashMap.put(HTTP_URL_CONFIG_KEY, quarkusAuthzedContainer.getHttpURL().toExternalForm());
                    hashMap.put(DASHBOARD_URL_CONFIG_KEY, quarkusAuthzedContainer.getDashboardURL().toExternalForm());
                    hashMap.put(METRICS_URL_CONFIG_KEY, quarkusAuthzedContainer.getMetricsURL().toExternalForm());
                    hashMap.put(TOKEN_CONFIG_KEY, devServicesAuthzedConfig.grpc.presharedKey);
                    loadSchema(devServicesAuthzedConfig).ifPresentOrElse(str -> {
                        log.info("Initializing authorization schema ...");
                        authzedClient.v1().schemaService().writeSchema(SchemaServiceOuterClass.WriteSchemaRequest.newBuilder().setSchema(str).build()).await().indefinitely();
                        loadAuthorizationTuples(devServicesAuthzedConfig).forEach(str -> {
                            log.debug(asCompatibleSubstituteFor);
                            authzedClient.v1().permissionService().writeRelationships(PermissionService.WriteRelationshipsRequest.newBuilder().addUpdates(Core.RelationshipUpdate.newBuilder().setOperation(Core.RelationshipUpdate.Operation.valueOf(OPERATION.concat(devServicesAuthzedConfig.operationType.toUpperCase()))).setRelationship(Tuples.parseRelationship(str)).build()).build()).await().indefinitely();
                        });
                        log.info("Loaded tuples succesfully");
                    }, () -> {
                        log.warn("No schema configured");
                    });
                });
                String containerId = quarkusAuthzedContainer.getContainerId();
                Objects.requireNonNull(quarkusAuthzedContainer);
                return new DevServicesResultBuildItem.RunningDevService("authzed-client", containerId, quarkusAuthzedContainer::close, hashMap);
            });
        }
        log.warn("Please configure quarkus.authzed.url or get a working docker instance");
        return null;
    }

    private static Optional<String> loadSchema(DevServicesAuthzedConfig devServicesAuthzedConfig) {
        return devServicesAuthzedConfig.schema.or(() -> {
            return devServicesAuthzedConfig.schemaLocation.map(str -> {
                try {
                    return (String) streamFileOrResource(str).collect(Collectors.joining("\n"));
                } catch (Throwable th) {
                    throw new RuntimeException(String.format("Unable to load authorization model from '%s'", str), th);
                }
            });
        });
    }

    private static List<String> loadAuthorizationTuples(DevServicesAuthzedConfig devServicesAuthzedConfig) {
        return (List) devServicesAuthzedConfig.authorizationTuples.map(str -> {
            return Arrays.asList(str.split("\n|\r"));
        }).orElseGet(() -> {
            return (List) devServicesAuthzedConfig.authorizationTuplesLocation.map(str2 -> {
                try {
                    return (List) streamFileOrResource(str2).collect(Collectors.toList());
                } catch (Throwable th) {
                    throw new RuntimeException(String.format("Unable to load authorization tuples from '%s'", str2));
                }
            }).orElseGet(() -> {
                return Collections.emptyList();
            });
        });
    }

    private static Stream<String> streamFileOrResource(String str) {
        return str.startsWith("classpath:") ? streamClasspathResource(str.substring("classpath:".length())) : str.startsWith("filesystem:") ? streamFile(str.substring("filesystem:".length())) : streamClasspathResource(str);
    }

    private static Stream<String> streamFile(String str) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                Stream<String> streamLines = streamLines(fileInputStream);
                fileInputStream.close();
                return streamLines;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static Stream<String> streamClasspathResource(String str) {
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new RuntimeException("Failed to read classpath resource:" + str);
        }
        return streamLines(resourceAsStream);
    }

    private static Stream<String> streamLines(InputStream inputStream) {
        return new BufferedReader(new InputStreamReader(inputStream)).lines().map((v0) -> {
            return v0.trim();
        }).filter(str -> {
            return !str.isEmpty();
        });
    }

    private static void withClient(QuarkusAuthzedContainer quarkusAuthzedContainer, DevServicesAuthzedConfig devServicesAuthzedConfig, Consumer<AuthzedClient> consumer) {
        AuthzedConfig authzedConfig = new AuthzedConfig();
        authzedConfig.token = devServicesAuthzedConfig.grpc.presharedKey;
        authzedConfig.tlsEnabled = Boolean.valueOf(devServicesAuthzedConfig.grpc.tlsCertPath.isPresent() || devServicesAuthzedConfig.grpc.tlsKeyPath.isPresent());
        authzedConfig.idleTimeout = OptionalInt.empty();
        authzedConfig.keepAliveTime = OptionalInt.empty();
        authzedConfig.keepAliveTimeout = OptionalInt.empty();
        try {
            authzedConfig.url = new URL(authzedConfig.tlsEnabled.booleanValue() ? "https" : "http", quarkusAuthzedContainer.getHost(), quarkusAuthzedContainer.getGrpcPort().intValue(), "");
            try {
                AuthzedClient authzedClient = new AuthzedClient(authzedConfig);
                try {
                    consumer.accept(authzedClient);
                    authzedClient.close();
                } finally {
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (MalformedURLException e2) {
            throw new RuntimeException(e2);
        }
    }
}
