package io.quarkus.keycloak;

import io.quarkus.arc.deployment.BeanContainerListenerBuildItem;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.HotDeploymentConfigFileBuildItem;
import io.quarkus.elytron.security.deployment.AuthConfigBuildItem;
import io.quarkus.elytron.security.runtime.AuthConfig;
import io.quarkus.keycloak.KeycloakConfig;
import io.quarkus.undertow.deployment.ServletExtensionBuildItem;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;

/* loaded from: input_file:io/quarkus/keycloak/KeycloakAdapterProcessor.class */
public class KeycloakAdapterProcessor {
    KeycloakConfig keycloakConfig;

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    BeanContainerListenerBuildItem configureAdapter(KeycloakTemplate keycloakTemplate, BuildProducer<AuthConfigBuildItem> buildProducer, BuildProducer<HotDeploymentConfigFileBuildItem> buildProducer2, BuildProducer<ServletExtensionBuildItem> buildProducer3) {
        buildProducer.produce(new AuthConfigBuildItem(new AuthConfig("KEYCLOAK", "KEYCLOAK", Object.class)));
        buildProducer2.produce(new HotDeploymentConfigFileBuildItem("keycloak.json"));
        AdapterConfig adapterConfig = null;
        if (this.keycloakConfig.resource.isPresent()) {
            adapterConfig = createAdapterConfig(this.keycloakConfig);
        }
        QuarkusDeploymentContext createKeycloakDeploymentContext = keycloakTemplate.createKeycloakDeploymentContext(adapterConfig);
        buildProducer3.produce(new ServletExtensionBuildItem(keycloakTemplate.createServletExtension(createKeycloakDeploymentContext)));
        return new BeanContainerListenerBuildItem(keycloakTemplate.createBeanContainerListener(createKeycloakDeploymentContext));
    }

    private AdapterConfig createAdapterConfig(KeycloakConfig keycloakConfig) {
        AdapterConfig adapterConfig = new AdapterConfig();
        adapterConfig.setRealm(keycloakConfig.realm);
        adapterConfig.setRealmKey(keycloakConfig.realmKey.orElse(null));
        adapterConfig.setAuthServerUrl(keycloakConfig.authServerUrl);
        adapterConfig.setSslRequired(keycloakConfig.sslRequired);
        adapterConfig.setConfidentialPort(keycloakConfig.confidentialPort);
        adapterConfig.setResource(keycloakConfig.resource.get());
        adapterConfig.setUseResourceRoleMappings(keycloakConfig.useResourceRoleMappings);
        adapterConfig.setCors(keycloakConfig.cors);
        adapterConfig.setCorsMaxAge(keycloakConfig.corsMaxAge);
        adapterConfig.setCorsAllowedHeaders(keycloakConfig.corsAllowedHeaders);
        adapterConfig.setCorsAllowedMethods(keycloakConfig.corsAllowedMethods);
        adapterConfig.setCorsExposedHeaders(keycloakConfig.corsExposedHeaders);
        adapterConfig.setBearerOnly(keycloakConfig.bearerOnly);
        adapterConfig.setAutodetectBearerOnly(keycloakConfig.autodetectBearerOnly);
        adapterConfig.setPublicClient(keycloakConfig.publicClient);
        HashMap hashMap = new HashMap();
        if (keycloakConfig.credentials != null) {
            if (keycloakConfig.credentials.secret.isPresent()) {
                hashMap.put("secret", keycloakConfig.credentials.secret.get());
            } else if (keycloakConfig.credentials.jwt != null && !keycloakConfig.credentials.jwt.isEmpty()) {
                HashMap hashMap2 = new HashMap();
                hashMap2.putAll(keycloakConfig.credentials.jwt);
                hashMap.put("jwt", hashMap2);
            } else if (keycloakConfig.credentials.secretJwt != null && !keycloakConfig.credentials.secretJwt.isEmpty()) {
                HashMap hashMap3 = new HashMap();
                hashMap3.putAll(keycloakConfig.credentials.secretJwt);
                hashMap.put("secret-jwt", hashMap3);
            }
        }
        adapterConfig.setCredentials(hashMap);
        adapterConfig.setRedirectRewriteRules(keycloakConfig.redirectRewriteRules);
        adapterConfig.setAllowAnyHostname(keycloakConfig.allowAnyHostname);
        adapterConfig.setDisableTrustManager(keycloakConfig.disableTrustManager);
        adapterConfig.setTruststore(keycloakConfig.truststore.orElse(null));
        adapterConfig.setTruststorePassword(keycloakConfig.truststorePassword);
        adapterConfig.setClientKeystore(keycloakConfig.clientKeystore.orElse(null));
        adapterConfig.setClientKeystorePassword(keycloakConfig.clientKeystorePassword);
        adapterConfig.setClientKeyPassword(keycloakConfig.clientKeyPassword);
        adapterConfig.setConnectionPoolSize(keycloakConfig.connectionPoolSize);
        adapterConfig.setAlwaysRefreshToken(keycloakConfig.alwaysRefreshToken);
        adapterConfig.setRegisterNodeAtStartup(keycloakConfig.registerNodeAtStartup);
        adapterConfig.setRegisterNodePeriod(keycloakConfig.registerNodePeriod);
        adapterConfig.setTokenStore(keycloakConfig.tokenStore.orElse(null));
        adapterConfig.setTokenCookiePath(keycloakConfig.tokenCookiePath.orElse(null));
        adapterConfig.setPrincipalAttribute(keycloakConfig.principalAttribute);
        adapterConfig.setTurnOffChangeSessionIdOnLogin(Boolean.valueOf(keycloakConfig.turnOffChangeSessionIdOnLogin));
        adapterConfig.setTokenMinimumTimeToLive(keycloakConfig.tokenMinimumTimeToLive);
        adapterConfig.setMinTimeBetweenJwksRequests(keycloakConfig.minTimeBetweenJwksRequests);
        adapterConfig.setPublicKeyCacheTtl(keycloakConfig.publicKeyCacheTtl);
        adapterConfig.setProxyUrl(keycloakConfig.proxyUrl.orElse(null));
        adapterConfig.setVerifyTokenAudience(keycloakConfig.verifyTokenAudience);
        adapterConfig.setIgnoreOAuthQueryParameter(keycloakConfig.ignoreOAuthQueryParameter);
        if (keycloakConfig.policyEnforcer != null && keycloakConfig.policyEnforcer.enable) {
            PolicyEnforcerConfig policyEnforcerConfig = new PolicyEnforcerConfig();
            policyEnforcerConfig.setLazyLoadPaths(keycloakConfig.policyEnforcer.lazyLoadPaths);
            policyEnforcerConfig.setEnforcementMode(PolicyEnforcerConfig.EnforcementMode.valueOf(keycloakConfig.policyEnforcer.enforcementMode));
            policyEnforcerConfig.setHttpMethodAsScope(Boolean.valueOf(keycloakConfig.policyEnforcer.httpMethodAsScope));
            policyEnforcerConfig.setOnDenyRedirectTo(keycloakConfig.policyEnforcer.onDenyRedirectTo.orElse(null));
            PolicyEnforcerConfig.PathCacheConfig pathCacheConfig = new PolicyEnforcerConfig.PathCacheConfig();
            pathCacheConfig.setLifespan(keycloakConfig.policyEnforcer.pathCacheConfig.lifespan);
            pathCacheConfig.setMaxEntries(keycloakConfig.policyEnforcer.pathCacheConfig.maxEntries);
            policyEnforcerConfig.setPathCacheConfig(pathCacheConfig);
            if (keycloakConfig.policyEnforcer.userManagedAccess) {
                policyEnforcerConfig.setUserManagedAccess(new PolicyEnforcerConfig.UserManagedAccessConfig());
            }
            policyEnforcerConfig.setClaimInformationPointConfig(getClaimInformationPointConfig(keycloakConfig.policyEnforcer.claimInformationPointConfig));
            policyEnforcerConfig.setPaths((List) keycloakConfig.policyEnforcer.paths.values().stream().map(pathConfig -> {
                PolicyEnforcerConfig.PathConfig pathConfig = new PolicyEnforcerConfig.PathConfig();
                pathConfig.setName(pathConfig.name.orElse(null));
                pathConfig.setPath(pathConfig.path.orElse(null));
                pathConfig.setEnforcementMode(pathConfig.enforcementMode);
                pathConfig.setMethods((List) pathConfig.methods.values().stream().map(methodConfig -> {
                    PolicyEnforcerConfig.MethodConfig methodConfig = new PolicyEnforcerConfig.MethodConfig();
                    methodConfig.setMethod(methodConfig.method);
                    methodConfig.setScopes(methodConfig.scopes);
                    methodConfig.setScopesEnforcementMode(methodConfig.scopesEnforcementMode);
                    return methodConfig;
                }).collect(Collectors.toList()));
                pathConfig.setClaimInformationPointConfig(getClaimInformationPointConfig(pathConfig.claimInformationPointConfig));
                return pathConfig;
            }).collect(Collectors.toList()));
            adapterConfig.setPolicyEnforcerConfig(policyEnforcerConfig);
        }
        return adapterConfig;
    }

    private Map<String, Map<String, Object>> getClaimInformationPointConfig(KeycloakConfig.KeycloakConfigPolicyEnforcer.ClaimInformationPointConfig claimInformationPointConfig) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Map<String, String>> entry : claimInformationPointConfig.simpleConfig.entrySet()) {
            hashMap.put(entry.getKey(), new HashMap(entry.getValue()));
        }
        for (Map.Entry<String, Map<String, Map<String, String>>> entry2 : claimInformationPointConfig.complexConfig.entrySet()) {
            ((Map) hashMap.computeIfAbsent(entry2.getKey(), str -> {
                return new HashMap();
            })).putAll(new HashMap(entry2.getValue()));
        }
        return hashMap;
    }
}
