package io.quarkus.oidc.deployment.devservices;

import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
import io.quarkus.deployment.Capabilities;
import io.quarkus.deployment.IsDevelopment;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.Consume;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.ConfigurationBuildItem;
import io.quarkus.deployment.builditem.CuratedApplicationShutdownBuildItem;
import io.quarkus.deployment.builditem.RuntimeConfigSetupCompleteBuildItem;
import io.quarkus.devui.spi.JsonRPCProvidersBuildItem;
import io.quarkus.devui.spi.page.CardPageBuildItem;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.deployment.OidcBuildTimeConfig;
import io.quarkus.oidc.runtime.devui.OidcDevJsonRpcService;
import io.quarkus.oidc.runtime.devui.OidcDevServicesUtils;
import io.quarkus.oidc.runtime.devui.OidcDevUiRecorder;
import io.quarkus.oidc.runtime.providers.KnownOidcProviders;
import io.quarkus.runtime.configuration.ConfigUtils;
import io.quarkus.vertx.http.deployment.NonApplicationRootPathBuildItem;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonObject;
import io.vertx.mutiny.ext.web.client.HttpResponse;
import io.vertx.mutiny.ext.web.client.WebClient;
import java.util.Optional;
import java.util.Set;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/oidc/deployment/devservices/OidcDevUIProcessor.class */
public class OidcDevUIProcessor extends AbstractDevUIProcessor {
    static volatile Vertx vertxInstance;
    private static final String TENANT_ENABLED_CONFIG_KEY = "quarkus.oidc.tenant-enabled";
    private static final String DISCOVERY_ENABLED_CONFIG_KEY = "quarkus.oidc.discovery-enabled";
    private static final String AUTH_SERVER_URL_CONFIG_KEY = "quarkus.oidc.auth-server-url";
    private static final String APP_TYPE_CONFIG_KEY = "quarkus.oidc.application-type";
    private static final String OIDC_PROVIDER_CONFIG_KEY = "quarkus.oidc.provider";
    private static final String SERVICE_APP_TYPE = "service";
    private static final String KEYCLOAK = "Keycloak";
    private static final String AZURE = "Azure";
    OidcBuildTimeConfig oidcConfig;
    private static final Logger LOG = Logger.getLogger(OidcDevUIProcessor.class);
    private static final Set<String> OTHER_PROVIDERS = Set.of("Auth0", "Okta", "Google", "Github", "Spotify");

    @BuildStep(onlyIf = {IsDevelopment.class})
    @Record(ExecutionTime.RUNTIME_INIT)
    @Consume(RuntimeConfigSetupCompleteBuildItem.class)
    void prepareOidcDevConsole(CuratedApplicationShutdownBuildItem curatedApplicationShutdownBuildItem, Capabilities capabilities, BuildProducer<SyntheticBeanBuildItem> buildProducer, NonApplicationRootPathBuildItem nonApplicationRootPathBuildItem, BuildProducer<CardPageBuildItem> buildProducer2, ConfigurationBuildItem configurationBuildItem, OidcDevUiRecorder oidcDevUiRecorder) {
        OidcTenantConfig providerConfig;
        String authServerUrl;
        if (isOidcTenantEnabled() && isClientIdSet() && (authServerUrl = getAuthServerUrl((providerConfig = getProviderConfig()))) != null) {
            if (vertxInstance == null) {
                vertxInstance = Vertx.vertx();
                curatedApplicationShutdownBuildItem.addCloseTask(new Runnable() { // from class: io.quarkus.oidc.deployment.devservices.OidcDevUIProcessor.1
                    @Override // java.lang.Runnable
                    public void run() {
                        if (OidcDevUIProcessor.vertxInstance != null) {
                            try {
                                OidcDevUIProcessor.vertxInstance.close();
                            } catch (Throwable th) {
                                OidcDevUIProcessor.LOG.error("Failed to close Vertx instance", th);
                            }
                        }
                        OidcDevUIProcessor.vertxInstance = null;
                    }
                }, true);
            }
            JsonObject jsonObject = null;
            if (isDiscoveryEnabled(providerConfig)) {
                jsonObject = discoverMetadata(authServerUrl);
                if (jsonObject == null) {
                    return;
                }
            }
            String tryToGetProviderName = tryToGetProviderName(authServerUrl);
            boolean z = jsonObject != null;
            buildProducer2.produce(createProviderWebComponent(oidcDevUiRecorder, capabilities, tryToGetProviderName, getApplicationType(providerConfig), this.oidcConfig.devui.grant.type.isPresent() ? this.oidcConfig.devui.grant.type.get().getGrantType() : "code", z ? jsonObject.getString("authorization_endpoint") : null, z ? jsonObject.getString("token_endpoint") : null, z ? jsonObject.getString("end_session_endpoint") : null, z ? jsonObject.containsKey("introspection_endpoint") || jsonObject.containsKey("userinfo_endpoint") : checkProviderUserInfoRequired(providerConfig), buildProducer, this.oidcConfig.devui.webClientTimeout, this.oidcConfig.devui.grantOptions, nonApplicationRootPathBuildItem, configurationBuildItem, KEYCLOAK.equals(tryToGetProviderName) ? authServerUrl.substring(0, authServerUrl.indexOf("/realms/")) : null, null, null, true));
        }
    }

    @BuildStep(onlyIf = {IsDevelopment.class})
    JsonRPCProvidersBuildItem produceOidcDevJsonRpcService() {
        return new JsonRPCProvidersBuildItem(OidcDevJsonRpcService.class);
    }

    private boolean checkProviderUserInfoRequired(OidcTenantConfig oidcTenantConfig) {
        if (oidcTenantConfig != null) {
            return ((Boolean) oidcTenantConfig.authentication.userInfoRequired.orElse(false)).booleanValue();
        }
        return false;
    }

    private String tryToGetProviderName(String str) {
        if (str.contains("/realms/")) {
            return KEYCLOAK;
        }
        if (str.contains("microsoft")) {
            return AZURE;
        }
        for (String str2 : OTHER_PROVIDERS) {
            if (str.contains(str2.toLowerCase())) {
                return str2;
            }
        }
        return null;
    }

    private JsonObject discoverMetadata(String str) {
        WebClient createWebClient = OidcDevServicesUtils.createWebClient(vertxInstance);
        try {
            try {
                String str2 = str + "/.well-known/openid-configuration";
                LOG.infof("OIDC Dev Console: discovering the provider metadata at %s", str2);
                HttpResponse httpResponse = (HttpResponse) createWebClient.getAbs(str2).putHeader(HttpHeaders.ACCEPT.toString(), "application/json").send().await().indefinitely();
                if (httpResponse.statusCode() == 200) {
                    JsonObject bodyAsJsonObject = httpResponse.bodyAsJsonObject();
                    createWebClient.close();
                    return bodyAsJsonObject;
                }
                LOG.errorf("OIDC metadata discovery failed: %s", httpResponse.bodyAsString());
                createWebClient.close();
                return null;
            } catch (Throwable th) {
                LOG.infof("OIDC metadata can not be discovered: %s", th.toString());
                createWebClient.close();
                return null;
            }
        } catch (Throwable th2) {
            createWebClient.close();
            throw th2;
        }
    }

    private static String getConfigProperty(String str) {
        return (String) ConfigProvider.getConfig().getValue(str, String.class);
    }

    private static boolean isOidcTenantEnabled() {
        return getBooleanProperty(TENANT_ENABLED_CONFIG_KEY);
    }

    private static boolean isDiscoveryEnabled(OidcTenantConfig oidcTenantConfig) {
        return ((Boolean) ConfigProvider.getConfig().getOptionalValue(DISCOVERY_ENABLED_CONFIG_KEY, Boolean.class).orElse(Boolean.valueOf(oidcTenantConfig != null ? ((Boolean) oidcTenantConfig.discoveryEnabled.orElse(true)).booleanValue() : true))).booleanValue();
    }

    private static boolean getBooleanProperty(String str) {
        return ((Boolean) ConfigProvider.getConfig().getOptionalValue(str, Boolean.class).orElse(true)).booleanValue();
    }

    private static boolean isClientIdSet() {
        return ConfigUtils.isPropertyPresent("quarkus.oidc.client-id");
    }

    private static String getAuthServerUrl(OidcTenantConfig oidcTenantConfig) {
        try {
            return getConfigProperty(AUTH_SERVER_URL_CONFIG_KEY);
        } catch (Exception e) {
            if (oidcTenantConfig != null) {
                return (String) oidcTenantConfig.authServerUrl.get();
            }
            return null;
        }
    }

    private static String getApplicationType(OidcTenantConfig oidcTenantConfig) {
        Optional optionalValue = ConfigProvider.getConfig().getOptionalValue(APP_TYPE_CONFIG_KEY, OidcTenantConfig.ApplicationType.class);
        if (optionalValue.isEmpty() && oidcTenantConfig != null) {
            optionalValue = oidcTenantConfig.applicationType;
        }
        return optionalValue.isPresent() ? ((OidcTenantConfig.ApplicationType) optionalValue.get()).name().toLowerCase() : SERVICE_APP_TYPE;
    }

    private static OidcTenantConfig getProviderConfig() {
        try {
            return KnownOidcProviders.provider((OidcTenantConfig.Provider) ConfigProvider.getConfig().getValue(OIDC_PROVIDER_CONFIG_KEY, OidcTenantConfig.Provider.class));
        } catch (Exception e) {
            return null;
        }
    }
}
