package io.quarkus.smallrye.jwt.deployment;

import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.BeanContainerBuildItem;
import io.quarkus.deployment.QuarkusConfig;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.deployment.builditem.ObjectSubstitutionBuildItem;
import io.quarkus.deployment.builditem.substrate.ReflectiveClassBuildItem;
import io.quarkus.deployment.builditem.substrate.SubstrateResourceBuildItem;
import io.quarkus.elytron.security.deployment.AuthConfigBuildItem;
import io.quarkus.elytron.security.deployment.IdentityManagerBuildItem;
import io.quarkus.elytron.security.deployment.JCAProviderBuildItem;
import io.quarkus.elytron.security.deployment.SecurityDomainBuildItem;
import io.quarkus.elytron.security.deployment.SecurityRealmBuildItem;
import io.quarkus.elytron.security.runtime.AuthConfig;
import io.quarkus.runtime.RuntimeValue;
import io.quarkus.smallrye.jwt.runtime.JWTAuthContextInfoGroup;
import io.quarkus.smallrye.jwt.runtime.SmallRyeJwtRecorder;
import io.quarkus.smallrye.jwt.runtime.auth.ClaimAttributes;
import io.quarkus.smallrye.jwt.runtime.auth.ElytronJwtCallerPrincipal;
import io.quarkus.smallrye.jwt.runtime.auth.JWTAuthMethodExtension;
import io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator;
import io.quarkus.smallrye.jwt.runtime.auth.PublicKeyProxy;
import io.quarkus.smallrye.jwt.runtime.auth.PublicKeySubstitution;
import io.quarkus.undertow.deployment.ServletExtensionBuildItem;
import io.smallrye.jwt.auth.cdi.ClaimValueProducer;
import io.smallrye.jwt.auth.cdi.CommonJwtProducer;
import io.smallrye.jwt.auth.cdi.JsonValueProducer;
import io.smallrye.jwt.auth.cdi.PrincipalProducer;
import io.smallrye.jwt.auth.cdi.RawClaimTypeProducer;
import io.smallrye.jwt.config.JWTAuthContextInfoProvider;
import java.security.interfaces.RSAPublicKey;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/smallrye/jwt/deployment/SmallRyeJwtProcessor.class */
class SmallRyeJwtProcessor {
    private static final Logger log = Logger.getLogger(SmallRyeJwtProcessor.class.getName());
    JWTAuthContextInfoGroup config;

    @BuildStep
    void registerAdditionalBeans(BuildProducer<AdditionalBeanBuildItem> buildProducer) {
        AdditionalBeanBuildItem.Builder unremovable = AdditionalBeanBuildItem.builder().setUnremovable();
        unremovable.addBeanClass(MpJwtValidator.class);
        unremovable.addBeanClass(JWTAuthMethodExtension.class);
        buildProducer.produce(unremovable.build());
        AdditionalBeanBuildItem.Builder builder = AdditionalBeanBuildItem.builder();
        builder.addBeanClass(JWTAuthContextInfoProvider.class);
        builder.addBeanClass(CommonJwtProducer.class);
        builder.addBeanClass(RawClaimTypeProducer.class);
        builder.addBeanClass(PrincipalProducer.class);
        builder.addBeanClass(ClaimValueProducer.class);
        builder.addBeanClass(JsonValueProducer.class);
        buildProducer.produce(builder.build());
    }

    @BuildStep
    FeatureBuildItem feature() {
        return new FeatureBuildItem("smallrye-jwt");
    }

    @BuildStep
    SubstrateResourceBuildItem registerSubstrateResources() {
        String string = QuarkusConfig.getString("mp.jwt.verify.publickey.location", (String) null, true);
        if (string == null) {
            return null;
        }
        if (string.indexOf(58) >= 0 && !string.startsWith("classpath:")) {
            return null;
        }
        log.infof("Adding %s to native image", string);
        return new SubstrateResourceBuildItem(new String[]{string});
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    AuthConfigBuildItem configureFileRealmAuthConfig(SmallRyeJwtRecorder smallRyeJwtRecorder, BuildProducer<ObjectSubstitutionBuildItem> buildProducer, BuildProducer<SecurityRealmBuildItem> buildProducer2, BeanContainerBuildItem beanContainerBuildItem, BuildProducer<ReflectiveClassBuildItem> buildProducer3) throws Exception {
        if (!this.config.enabled) {
            return null;
        }
        buildProducer.produce(new ObjectSubstitutionBuildItem(new ObjectSubstitutionBuildItem.Holder(RSAPublicKey.class, PublicKeyProxy.class, PublicKeySubstitution.class)));
        RuntimeValue createTokenRealm = smallRyeJwtRecorder.createTokenRealm(beanContainerBuildItem.getValue());
        AuthConfig authConfig = new AuthConfig();
        authConfig.setAuthMechanism(this.config.authMechanism);
        authConfig.setRealmName(this.config.realmName);
        buildProducer2.produce(new SecurityRealmBuildItem(createTokenRealm, authConfig));
        buildProducer3.produce(new ReflectiveClassBuildItem(false, false, new String[]{ClaimAttributes.class.getName()}));
        buildProducer3.produce(new ReflectiveClassBuildItem(false, false, new String[]{ElytronJwtCallerPrincipal.class.getName()}));
        return new AuthConfigBuildItem(authConfig);
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void configureIdentityManager(SmallRyeJwtRecorder smallRyeJwtRecorder, SecurityDomainBuildItem securityDomainBuildItem, BuildProducer<IdentityManagerBuildItem> buildProducer) {
        if (this.config.enabled) {
            buildProducer.produce(new IdentityManagerBuildItem(smallRyeJwtRecorder.createIdentityManager(securityDomainBuildItem.getSecurityDomain())));
        }
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    ServletExtensionBuildItem registerJwtAuthExtension(SmallRyeJwtRecorder smallRyeJwtRecorder, BeanContainerBuildItem beanContainerBuildItem) {
        log.debugf("registerJwtAuthExtension", new Object[0]);
        return new ServletExtensionBuildItem(smallRyeJwtRecorder.createAuthExtension(this.config.authMechanism, beanContainerBuildItem.getValue()));
    }

    @BuildStep
    JCAProviderBuildItem registerRSASigProvider() {
        return new JCAProviderBuildItem(this.config.rsaSigProvider);
    }
}
