package org.commonjava.indy.bind.jaxrs.keycloak;

import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.LoginConfig;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.WebResourceCollection;
import io.undertow.util.ImmediateAuthenticationMechanismFactory;
import java.io.File;
import javax.inject.Inject;
import javax.ws.rs.core.Application;
import org.commonjava.indy.bind.jaxrs.IndyDeploymentProvider;
import org.commonjava.indy.bind.jaxrs.ui.UIServlet;
import org.commonjava.indy.subsys.keycloak.conf.KeycloakConfig;
import org.commonjava.indy.subsys.keycloak.conf.KeycloakSecurityBindings;
import org.commonjava.indy.subsys.keycloak.conf.KeycloakSecurityConstraint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/commonjava/indy/bind/jaxrs/keycloak/KeycloakDeploymentProvider.class */
public class KeycloakDeploymentProvider extends IndyDeploymentProvider {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private static final String KEYCLOAK_CONFIG_FILE_PARAM = "keycloak.config.file";
    private static final String KEYCLOAK_LOGIN_MECHANISM = "KEYCLOAK";
    private static final String BASIC_LOGIN_MECHANISM = "BASIC";

    @Inject
    private KeycloakConfig config;

    @Inject
    private KeycloakSecurityBindings bindings;

    @Inject
    private BasicAuthenticationOAuthTranslator basicAuthInjector;

    @Override // org.commonjava.indy.bind.jaxrs.IndyDeploymentProvider
    public DeploymentInfo getDeploymentInfo(String str, Application application) {
        this.logger.debug("Keycloak deployment provider triggered.");
        DeploymentInfo deploymentInfo = new DeploymentInfo();
        if (this.config.isEnabled()) {
            deploymentInfo.addAuthenticationMechanism("BASIC", new ImmediateAuthenticationMechanismFactory(this.basicAuthInjector));
            this.logger.debug("Adding keycloak security constraints");
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT);
            WebResourceCollection webResourceCollection = new WebResourceCollection();
            webResourceCollection.addUrlPatterns(UIServlet.PATHS);
            webResourceCollection.addHttpMethods(UIServlet.METHODS);
            securityConstraint.addWebResourceCollection(webResourceCollection);
            deploymentInfo.addSecurityConstraint(securityConstraint);
            for (KeycloakSecurityConstraint keycloakSecurityConstraint : this.bindings.getConstraints()) {
                SecurityConstraint securityConstraint2 = new SecurityConstraint();
                securityConstraint2.setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT);
                WebResourceCollection webResourceCollection2 = new WebResourceCollection();
                webResourceCollection2.addUrlPattern(keycloakSecurityConstraint.getUrlPattern());
                this.logger.debug("new constraint>>> URL pattern: {}", keycloakSecurityConstraint.getUrlPattern());
                if (keycloakSecurityConstraint.getMethods() != null) {
                    this.logger.debug("methods: {}", keycloakSecurityConstraint.getMethods());
                    webResourceCollection2.addHttpMethods(keycloakSecurityConstraint.getMethods());
                }
                securityConstraint2.addWebResourceCollection(webResourceCollection2);
                if (keycloakSecurityConstraint.getRole() != null) {
                    this.logger.debug("role: {}", keycloakSecurityConstraint.getRole());
                    securityConstraint2.addRoleAllowed(keycloakSecurityConstraint.getRole());
                }
                this.logger.debug("Keycloak Security Constraint: {}", securityConstraint2);
                deploymentInfo.addSecurityConstraint(securityConstraint2);
            }
            this.logger.debug("Using keycloak.json: {} (exists? {})", this.config.getKeycloakJson(), Boolean.valueOf(new File(this.config.getKeycloakJson()).exists()));
            deploymentInfo.addInitParameter(KEYCLOAK_CONFIG_FILE_PARAM, this.config.getKeycloakJson());
            this.logger.debug("login realm: {}", this.config.getRealm());
            LoginConfig loginConfig = new LoginConfig(KEYCLOAK_LOGIN_MECHANISM, this.config.getRealm());
            loginConfig.addFirstAuthMethod("BASIC");
            deploymentInfo.setLoginConfig(loginConfig);
        }
        return deploymentInfo;
    }
}
