package io.quarkus.oidc.deployment.devservices;

import io.quarkus.arc.deployment.BeanContainerBuildItem;
import io.quarkus.deployment.Capabilities;
import io.quarkus.deployment.IsLocalDevelopment;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.Consume;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.RuntimeConfigSetupCompleteBuildItem;
import io.quarkus.devservices.oidc.OidcDevServicesConfigBuildItem;
import io.quarkus.devui.spi.JsonRPCProvidersBuildItem;
import io.quarkus.devui.spi.page.CardPageBuildItem;
import io.quarkus.oidc.deployment.OidcBuildTimeConfig;
import io.quarkus.oidc.runtime.OidcTenantConfig;
import io.quarkus.oidc.runtime.dev.ui.OidcDevJsonRpcService;
import io.quarkus.oidc.runtime.dev.ui.OidcDevUiRecorder;
import io.quarkus.oidc.runtime.providers.KnownOidcProviders;
import io.quarkus.runtime.configuration.ConfigUtils;
import io.quarkus.vertx.core.deployment.CoreVertxBuildItem;
import io.quarkus.vertx.http.deployment.NonApplicationRootPathBuildItem;
import java.util.Optional;
import java.util.Set;
import org.eclipse.microprofile.config.ConfigProvider;

/* loaded from: input_file:io/quarkus/oidc/deployment/devservices/OidcDevUIProcessor.class */
public class OidcDevUIProcessor extends AbstractDevUIProcessor {
    private static final String TENANT_ENABLED_CONFIG_KEY = "quarkus.oidc.tenant-enabled";
    private static final String DISCOVERY_ENABLED_CONFIG_KEY = "quarkus.oidc.discovery-enabled";
    private static final String AUTH_SERVER_URL_CONFIG_KEY = "quarkus.oidc.auth-server-url";
    private static final String OIDC_PROVIDER_CONFIG_KEY = "quarkus.oidc.provider";
    private static final String KEYCLOAK = "Keycloak";
    private static final String ENTRAID = "Microsoft Entra ID";
    private static final Set<String> OTHER_PROVIDERS = Set.of("Auth0", "Okta", "Google", "Github", "Spotify");
    OidcBuildTimeConfig oidcConfig;

    @Consume.List({@Consume(CoreVertxBuildItem.class), @Consume(RuntimeConfigSetupCompleteBuildItem.class)})
    @BuildStep(onlyIf = {IsLocalDevelopment.class})
    @Record(ExecutionTime.RUNTIME_INIT)
    void prepareOidcDevConsole(Capabilities capabilities, BeanContainerBuildItem beanContainerBuildItem, NonApplicationRootPathBuildItem nonApplicationRootPathBuildItem, BuildProducer<CardPageBuildItem> buildProducer, OidcDevUiRecorder oidcDevUiRecorder, Optional<OidcDevServicesConfigBuildItem> optional) {
        if (isOidcTenantEnabled()) {
            if (isClientIdSet() || !optional.isEmpty()) {
                OidcTenantConfig providerConfig = getProviderConfig();
                String authServerUrl = optional.isPresent() ? (String) optional.get().getConfig().get(AUTH_SERVER_URL_CONFIG_KEY) : getAuthServerUrl(providerConfig);
                if (authServerUrl != null) {
                    boolean isDiscoveryEnabled = isDiscoveryEnabled(providerConfig);
                    String tryToGetProviderName = tryToGetProviderName(authServerUrl);
                    buildProducer.produce(createProviderWebComponent(oidcDevUiRecorder, capabilities, tryToGetProviderName, getApplicationType(providerConfig), this.oidcConfig.devui().grant().type().isPresent() ? this.oidcConfig.devui().grant().type().get().getGrantType() : "code", null, null, null, checkProviderUserInfoRequired(providerConfig), beanContainerBuildItem, this.oidcConfig.devui().webClientTimeout(), this.oidcConfig.devui().grantOptions(), nonApplicationRootPathBuildItem, KEYCLOAK.equals(tryToGetProviderName) ? authServerUrl.substring(0, authServerUrl.indexOf("/realms/")) : null, null, null, true, isDiscoveryEnabled, authServerUrl));
                }
            }
        }
    }

    @BuildStep(onlyIf = {IsLocalDevelopment.class})
    JsonRPCProvidersBuildItem produceOidcDevJsonRpcService() {
        return new JsonRPCProvidersBuildItem(OidcDevJsonRpcService.class);
    }

    private static boolean checkProviderUserInfoRequired(OidcTenantConfig oidcTenantConfig) {
        if (oidcTenantConfig != null) {
            return ((Boolean) oidcTenantConfig.authentication().userInfoRequired().orElse(false)).booleanValue();
        }
        return false;
    }

    private static String tryToGetProviderName(String str) {
        if (str.contains("/realms/")) {
            return KEYCLOAK;
        }
        if (str.contains("microsoft")) {
            return ENTRAID;
        }
        for (String str2 : OTHER_PROVIDERS) {
            if (str.contains(str2.toLowerCase())) {
                return str2;
            }
        }
        return null;
    }

    private static String getConfigProperty(String str) {
        return (String) ConfigProvider.getConfig().getValue(str, String.class);
    }

    private static boolean isOidcTenantEnabled() {
        return getBooleanProperty(TENANT_ENABLED_CONFIG_KEY);
    }

    private static boolean isDiscoveryEnabled(OidcTenantConfig oidcTenantConfig) {
        return ((Boolean) ConfigProvider.getConfig().getOptionalValue(DISCOVERY_ENABLED_CONFIG_KEY, Boolean.class).orElse(Boolean.valueOf(oidcTenantConfig != null ? ((Boolean) oidcTenantConfig.discoveryEnabled().orElse(true)).booleanValue() : true))).booleanValue();
    }

    private static boolean getBooleanProperty(String str) {
        return ((Boolean) ConfigProvider.getConfig().getOptionalValue(str, Boolean.class).orElse(true)).booleanValue();
    }

    private static boolean isClientIdSet() {
        return ConfigUtils.isPropertyPresent("quarkus.oidc.client-id");
    }

    private static String getAuthServerUrl(OidcTenantConfig oidcTenantConfig) {
        try {
            return getConfigProperty(AUTH_SERVER_URL_CONFIG_KEY);
        } catch (Exception e) {
            if (oidcTenantConfig != null) {
                return (String) oidcTenantConfig.authServerUrl().get();
            }
            return null;
        }
    }

    private static OidcTenantConfig getProviderConfig() {
        try {
            return (OidcTenantConfig) ConfigProvider.getConfig().getOptionalValue(OIDC_PROVIDER_CONFIG_KEY, OidcTenantConfig.Provider.class).map(KnownOidcProviders::provider).orElse(null);
        } catch (Exception e) {
            return null;
        }
    }
}
