package io.quarkus.keycloak.pep.runtime;

import io.quarkus.arc.InjectableInstance;
import io.quarkus.keycloak.pep.PolicyEnforcerResolver;
import io.quarkus.keycloak.pep.TenantPolicyConfigResolver;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.common.runtime.OidcTlsSupport;
import io.quarkus.oidc.runtime.BlockingTaskRunner;
import io.quarkus.oidc.runtime.OidcConfig;
import io.quarkus.security.spi.runtime.BlockingSecurityExecutor;
import io.quarkus.tls.TlsConfigurationRegistry;
import io.quarkus.vertx.http.runtime.HttpConfiguration;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import jakarta.enterprise.inject.Instance;
import jakarta.inject.Singleton;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import java.util.function.Supplier;
import org.keycloak.adapters.authorization.PolicyEnforcer;

@Singleton
/* loaded from: input_file:io/quarkus/keycloak/pep/runtime/DefaultPolicyEnforcerResolver.class */
public class DefaultPolicyEnforcerResolver implements PolicyEnforcerResolver {
    private final TenantPolicyConfigResolver dynamicConfigResolver;
    private final BlockingTaskRunner<KeycloakPolicyEnforcerTenantConfig> requestContext;
    private final Map<String, PolicyEnforcer> namedPolicyEnforcers;
    private final PolicyEnforcer defaultPolicyEnforcer;
    private final long readTimeout;
    private final OidcTlsSupport tlsSupport;

    DefaultPolicyEnforcerResolver(OidcConfig oidcConfig, KeycloakPolicyEnforcerConfig keycloakPolicyEnforcerConfig, HttpConfiguration httpConfiguration, BlockingSecurityExecutor blockingSecurityExecutor, Instance<TenantPolicyConfigResolver> instance, InjectableInstance<TlsConfigurationRegistry> injectableInstance) {
        this.readTimeout = httpConfiguration.readTimeout.toMillis();
        if (injectableInstance.isResolvable()) {
            this.tlsSupport = OidcTlsSupport.of((TlsConfigurationRegistry) injectableInstance.get());
        } else {
            this.tlsSupport = OidcTlsSupport.empty();
        }
        this.defaultPolicyEnforcer = KeycloakPolicyEnforcerUtil.createPolicyEnforcer(oidcConfig.defaultTenant, keycloakPolicyEnforcerConfig.defaultTenant(), this.tlsSupport.forConfig(oidcConfig.defaultTenant.tls));
        this.namedPolicyEnforcers = createNamedPolicyEnforcers(oidcConfig, keycloakPolicyEnforcerConfig, this.tlsSupport);
        if (instance.isResolvable()) {
            this.dynamicConfigResolver = (TenantPolicyConfigResolver) instance.get();
            this.requestContext = new BlockingTaskRunner<>(blockingSecurityExecutor);
        } else {
            this.dynamicConfigResolver = null;
            this.requestContext = null;
        }
    }

    @Override // io.quarkus.keycloak.pep.PolicyEnforcerResolver
    public Uni<PolicyEnforcer> resolvePolicyEnforcer(RoutingContext routingContext, final OidcTenantConfig oidcTenantConfig) {
        return oidcTenantConfig == null ? Uni.createFrom().item(this.defaultPolicyEnforcer) : this.dynamicConfigResolver == null ? Uni.createFrom().item(getStaticPolicyEnforcer((String) oidcTenantConfig.tenantId.get())) : getDynamicPolicyEnforcer(routingContext, oidcTenantConfig).onItem().ifNull().continueWith(new Supplier<PolicyEnforcer>() { // from class: io.quarkus.keycloak.pep.runtime.DefaultPolicyEnforcerResolver.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public PolicyEnforcer get() {
                return DefaultPolicyEnforcerResolver.this.getStaticPolicyEnforcer((String) oidcTenantConfig.tenantId.get());
            }
        });
    }

    @Override // io.quarkus.keycloak.pep.PolicyEnforcerResolver
    public long getReadTimeout() {
        return this.readTimeout;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyEnforcer getStaticPolicyEnforcer(String str) {
        return (str == null || !this.namedPolicyEnforcers.containsKey(str)) ? this.defaultPolicyEnforcer : this.namedPolicyEnforcers.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasDynamicPolicyEnforcers() {
        return this.dynamicConfigResolver != null;
    }

    private Uni<PolicyEnforcer> getDynamicPolicyEnforcer(RoutingContext routingContext, final OidcTenantConfig oidcTenantConfig) {
        return this.dynamicConfigResolver.resolve(routingContext, oidcTenantConfig, this.requestContext).onItem().ifNotNull().transform(new Function<KeycloakPolicyEnforcerTenantConfig, PolicyEnforcer>() { // from class: io.quarkus.keycloak.pep.runtime.DefaultPolicyEnforcerResolver.2
            @Override // java.util.function.Function
            public PolicyEnforcer apply(KeycloakPolicyEnforcerTenantConfig keycloakPolicyEnforcerTenantConfig) {
                return KeycloakPolicyEnforcerUtil.createPolicyEnforcer(oidcTenantConfig, keycloakPolicyEnforcerTenantConfig, DefaultPolicyEnforcerResolver.this.tlsSupport.forConfig(oidcTenantConfig.tls));
            }
        });
    }

    private static Map<String, PolicyEnforcer> createNamedPolicyEnforcers(OidcConfig oidcConfig, KeycloakPolicyEnforcerConfig keycloakPolicyEnforcerConfig, OidcTlsSupport oidcTlsSupport) {
        if (keycloakPolicyEnforcerConfig.namedTenants().isEmpty()) {
            return Map.of();
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, KeycloakPolicyEnforcerTenantConfig> entry : keycloakPolicyEnforcerConfig.namedTenants().entrySet()) {
            OidcTenantConfig oidcTenantConfig = KeycloakPolicyEnforcerUtil.getOidcTenantConfig(oidcConfig, entry.getKey());
            hashMap.put(entry.getKey(), KeycloakPolicyEnforcerUtil.createPolicyEnforcer(oidcTenantConfig, entry.getValue(), oidcTlsSupport.forConfig(oidcTenantConfig.tls)));
        }
        return Map.copyOf(hashMap);
    }
}
