package io.quarkus.oidc.deployment;

import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
import io.quarkus.arc.deployment.ValidationPhaseBuildItem;
import io.quarkus.arc.processor.BuildExtension;
import io.quarkus.deployment.Capabilities;
import io.quarkus.deployment.Capability;
import io.quarkus.deployment.Feature;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.EnableAllSecurityServicesBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
import io.quarkus.oidc.SecurityEvent;
import io.quarkus.oidc.runtime.DefaultTenantConfigResolver;
import io.quarkus.oidc.runtime.OidcAuthenticationMechanism;
import io.quarkus.oidc.runtime.OidcBuildTimeConfig;
import io.quarkus.oidc.runtime.OidcConfig;
import io.quarkus.oidc.runtime.OidcIdentityProvider;
import io.quarkus.oidc.runtime.OidcJsonWebTokenProducer;
import io.quarkus.oidc.runtime.OidcRecorder;
import io.quarkus.oidc.runtime.OidcTokenCredentialProducer;
import io.quarkus.oidc.runtime.TenantConfigBean;
import io.quarkus.vertx.core.deployment.CoreVertxBuildItem;
import io.smallrye.jwt.auth.cdi.ClaimValueProducer;
import io.smallrye.jwt.auth.cdi.CommonJwtProducer;
import io.smallrye.jwt.auth.cdi.JsonValueProducer;
import io.smallrye.jwt.auth.cdi.RawClaimTypeProducer;
import io.smallrye.jwt.build.impl.JwtProviderImpl;
import java.util.Collection;
import java.util.function.BooleanSupplier;
import javax.inject.Singleton;
import org.eclipse.microprofile.jwt.Claim;
import org.jboss.jandex.DotName;

/* loaded from: input_file:io/quarkus/oidc/deployment/OidcBuildStep.class */
public class OidcBuildStep {
    public static final DotName DOTNAME_SECURITY_EVENT = DotName.createSimple(SecurityEvent.class.getName());
    OidcBuildTimeConfig buildTimeConfig;

    /* loaded from: input_file:io/quarkus/oidc/deployment/OidcBuildStep$IsEnabled.class */
    static class IsEnabled implements BooleanSupplier {
        OidcBuildTimeConfig config;

        IsEnabled() {
        }

        @Override // java.util.function.BooleanSupplier
        public boolean getAsBoolean() {
            return this.config.enabled;
        }
    }

    @BuildStep(onlyIf = {IsEnabled.class})
    FeatureBuildItem featureBuildItem() {
        return new FeatureBuildItem(Feature.OIDC);
    }

    @BuildStep(onlyIf = {IsEnabled.class})
    AdditionalBeanBuildItem jwtClaimIntegration(Capabilities capabilities) {
        if (capabilities.isPresent(Capability.JWT)) {
            return null;
        }
        AdditionalBeanBuildItem.Builder builder = AdditionalBeanBuildItem.builder();
        builder.addBeanClass(CommonJwtProducer.class);
        builder.addBeanClass(RawClaimTypeProducer.class);
        builder.addBeanClass(JsonValueProducer.class);
        builder.addBeanClass(ClaimValueProducer.class);
        builder.addBeanClass(Claim.class);
        return builder.build();
    }

    @BuildStep(onlyIf = {IsEnabled.class})
    public void additionalBeans(BuildProducer<AdditionalBeanBuildItem> buildProducer, BuildProducer<ReflectiveClassBuildItem> buildProducer2) {
        AdditionalBeanBuildItem.Builder unremovable = AdditionalBeanBuildItem.builder().setUnremovable();
        unremovable.addBeanClass(OidcAuthenticationMechanism.class).addBeanClass(OidcJsonWebTokenProducer.class).addBeanClass(OidcTokenCredentialProducer.class).addBeanClass(OidcIdentityProvider.class).addBeanClass(DefaultTenantConfigResolver.class);
        buildProducer.produce(unremovable.build());
        buildProducer2.produce(new ReflectiveClassBuildItem(true, true, new Class[]{JwtProviderImpl.class}));
    }

    @BuildStep(onlyIf = {IsEnabled.class})
    EnableAllSecurityServicesBuildItem security() {
        return new EnableAllSecurityServicesBuildItem();
    }

    @BuildStep(onlyIf = {IsEnabled.class})
    @Record(ExecutionTime.RUNTIME_INIT)
    public SyntheticBeanBuildItem setup(OidcConfig oidcConfig, OidcRecorder oidcRecorder, CoreVertxBuildItem coreVertxBuildItem) {
        return SyntheticBeanBuildItem.configure(TenantConfigBean.class).unremovable().types(new Class[]{TenantConfigBean.class}).supplier(oidcRecorder.setup(oidcConfig, coreVertxBuildItem.getVertx())).scope(Singleton.class).setRuntimeInit().done();
    }

    @BuildStep(onlyIf = {IsEnabled.class})
    @Record(ExecutionTime.RUNTIME_INIT)
    public ValidationPhaseBuildItem.ValidationErrorBuildItem findSecurityEventObservers(OidcRecorder oidcRecorder, ValidationPhaseBuildItem validationPhaseBuildItem) {
        oidcRecorder.setSecurityEventObserved(((Collection) validationPhaseBuildItem.getContext().get(BuildExtension.Key.OBSERVERS)).stream().anyMatch(observerInfo -> {
            return observerInfo.asObserver().getObservedType().name().equals(DOTNAME_SECURITY_EVENT);
        }));
        return new ValidationPhaseBuildItem.ValidationErrorBuildItem(new Throwable[0]);
    }
}
