package io.quarkus.smallrye.jwt.deployment;

import io.quarkus.bootstrap.workspace.ArtifactSources;
import io.quarkus.bootstrap.workspace.SourceDir;
import io.quarkus.deployment.Feature;
import io.quarkus.deployment.IsNormal;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.builditem.DevServicesResultBuildItem;
import io.quarkus.deployment.builditem.LiveReloadBuildItem;
import io.quarkus.deployment.pkg.builditem.CurateOutcomeBuildItem;
import io.smallrye.jwt.util.KeyUtils;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/smallrye/jwt/deployment/SmallryeJwtDevModeProcessor.class */
public class SmallryeJwtDevModeProcessor {
    private static final String MP_JWT_VERIFY_ISSUER = "mp.jwt.verify.issuer";
    private static final String SMALLRYE_JWT_NEW_TOKEN_ISSUER = "smallrye.jwt.new-token.issuer";
    private static final String NONE = "NONE";
    private static final String DEFAULT_ISSUER = "https://quarkus.io/issuer";
    private static final int KEY_SIZE = 2048;
    public static final String DEV_PRIVATE_KEY_PEM = "dev.privateKey.pem";
    public static final String DEV_PUBLIC_KEY_PEM = "dev.publicKey.pem";
    private static final Logger LOGGER = Logger.getLogger(SmallryeJwtDevModeProcessor.class);
    public static final String MP_JWT_VERIFY_PUBLIC_KEY = "mp.jwt.verify.publickey";
    private static final String SMALLRYE_JWT_DECRYPT_KEY = "smallrye.jwt.decrypt.key";
    private static final String MP_JWT_DECRYPT_KEY_LOCATION = "mp.jwt.decrypt.key.location";
    private static final String SMALLRYE_JWT_SIGN_KEY_LOCATION = "smallrye.jwt.sign.key.location";
    public static final String SMALLRYE_JWT_SIGN_KEY = "smallrye.jwt.sign.key";
    private static final String SMALLRYE_JWT_ENCRYPT_KEY = "smallrye.jwt.encrypt.key";
    private static final String SMALLRYE_JWT_ENCRYPT_KEY_LOCATION = "smallrye.jwt.encrypt.key.location";
    private static final Set<String> JWT_SIGN_KEY_PROPERTIES = Set.of("mp.jwt.verify.publickey.location", MP_JWT_VERIFY_PUBLIC_KEY, SMALLRYE_JWT_DECRYPT_KEY, MP_JWT_DECRYPT_KEY_LOCATION, SMALLRYE_JWT_SIGN_KEY_LOCATION, SMALLRYE_JWT_SIGN_KEY, SMALLRYE_JWT_ENCRYPT_KEY, SMALLRYE_JWT_ENCRYPT_KEY_LOCATION);

    /* loaded from: input_file:io/quarkus/smallrye/jwt/deployment/SmallryeJwtDevModeProcessor$KeyPairContext.class */
    static final class KeyPairContext extends Record {
        private final Map<String, String> properties;

        KeyPairContext(Map<String, String> map) {
            this.properties = map;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, KeyPairContext.class), KeyPairContext.class, "properties", "FIELD:Lio/quarkus/smallrye/jwt/deployment/SmallryeJwtDevModeProcessor$KeyPairContext;->properties:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, KeyPairContext.class), KeyPairContext.class, "properties", "FIELD:Lio/quarkus/smallrye/jwt/deployment/SmallryeJwtDevModeProcessor$KeyPairContext;->properties:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, KeyPairContext.class, Object.class), KeyPairContext.class, "properties", "FIELD:Lio/quarkus/smallrye/jwt/deployment/SmallryeJwtDevModeProcessor$KeyPairContext;->properties:Ljava/util/Map;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Map<String, String> properties() {
            return this.properties;
        }
    }

    @BuildStep(onlyIfNot = {IsNormal.class})
    void generateSignKeys(BuildProducer<DevServicesResultBuildItem> buildProducer, LiveReloadBuildItem liveReloadBuildItem, CurateOutcomeBuildItem curateOutcomeBuildItem, Optional<GeneratePersistentDevModeJwtKeysBuildItem> optional, Optional<GenerateEncryptedDevModeJwtKeysBuildItem> optional2) throws GeneralSecurityException, IOException {
        Set<String> set = (Set) JWT_SIGN_KEY_PROPERTIES.stream().filter(this::isConfigPresent).collect(Collectors.toSet());
        if (!set.isEmpty()) {
            Map<String, String> addDefaultSmallryePropertiesIfMissing = addDefaultSmallryePropertiesIfMissing(set, optional2);
            if (!isConfigPresent(MP_JWT_VERIFY_ISSUER) && !isConfigPresent(SMALLRYE_JWT_NEW_TOKEN_ISSUER)) {
                addDefaultSmallryePropertiesIfMissing.put(MP_JWT_VERIFY_ISSUER, DEFAULT_ISSUER);
                addDefaultSmallryePropertiesIfMissing.put(SMALLRYE_JWT_NEW_TOKEN_ISSUER, DEFAULT_ISSUER);
            }
            buildProducer.produce(smallryeJwtDevServiceWith(addDefaultSmallryePropertiesIfMissing));
            return;
        }
        KeyPairContext keyPairContext = (KeyPairContext) liveReloadBuildItem.getContextObject(KeyPairContext.class);
        LOGGER.info("The smallrye-jwt extension has configured an in-memory key pair, which is not enabled in production. Please ensure the correct keys/locations are set in production to avoid potential issues.");
        if (keyPairContext == null && !liveReloadBuildItem.isLiveReload()) {
            KeyPair generateOrReloadKeyPair = generateOrReloadKeyPair(curateOutcomeBuildItem, optional);
            Map<String, String> generateDevServiceProperties = generateDevServiceProperties(getStringKey(generateOrReloadKeyPair.getPublic()), getStringKey(generateOrReloadKeyPair.getPrivate()), optional2);
            if (!isConfigPresent(MP_JWT_VERIFY_ISSUER) && !isConfigPresent(SMALLRYE_JWT_NEW_TOKEN_ISSUER)) {
                generateDevServiceProperties.put(MP_JWT_VERIFY_ISSUER, DEFAULT_ISSUER);
                generateDevServiceProperties.put(SMALLRYE_JWT_NEW_TOKEN_ISSUER, DEFAULT_ISSUER);
            }
            liveReloadBuildItem.setContextObject(KeyPairContext.class, new KeyPairContext(generateDevServiceProperties));
            buildProducer.produce(smallryeJwtDevServiceWith(generateDevServiceProperties));
        }
        if (keyPairContext == null || !liveReloadBuildItem.isLiveReload()) {
            return;
        }
        buildProducer.produce(smallryeJwtDevServiceWith(keyPairContext.properties()));
    }

    private KeyPair generateOrReloadKeyPair(CurateOutcomeBuildItem curateOutcomeBuildItem, Optional<GeneratePersistentDevModeJwtKeysBuildItem> optional) throws GeneralSecurityException, IOException {
        if (!optional.isPresent()) {
            return KeyUtils.generateKeyPair(KEY_SIZE);
        }
        File buildDir = getBuildDir(curateOutcomeBuildItem);
        buildDir.mkdirs();
        File file = new File(buildDir, DEV_PRIVATE_KEY_PEM);
        File file2 = new File(buildDir, DEV_PUBLIC_KEY_PEM);
        if (file.exists() && file2.exists()) {
            return new KeyPair(KeyUtils.readPublicKey(file2.getName()), KeyUtils.readPrivateKey(file.getName()));
        }
        KeyPair generateKeyPair = KeyUtils.generateKeyPair(KEY_SIZE);
        LOGGER.infof("Generating private/public keys for DEV/TEST in %s and %s", file, file2);
        FileWriter fileWriter = new FileWriter(file);
        try {
            fileWriter.append((CharSequence) "-----BEGIN PRIVATE KEY-----\n");
            fileWriter.append((CharSequence) Base64.getMimeEncoder().encodeToString(generateKeyPair.getPrivate().getEncoded()));
            fileWriter.append((CharSequence) "\n");
            fileWriter.append((CharSequence) "-----END PRIVATE KEY-----\n");
            fileWriter.close();
            fileWriter = new FileWriter(file2);
            try {
                fileWriter.append((CharSequence) "-----BEGIN PUBLIC KEY-----\n");
                fileWriter.append((CharSequence) Base64.getMimeEncoder().encodeToString(generateKeyPair.getPublic().getEncoded()));
                fileWriter.append((CharSequence) "\n");
                fileWriter.append((CharSequence) "-----END PUBLIC KEY-----\n");
                fileWriter.close();
                return generateKeyPair;
            } finally {
            }
        } finally {
        }
    }

    public static File getBuildDir(CurateOutcomeBuildItem curateOutcomeBuildItem) {
        File file = null;
        ArtifactSources sources = curateOutcomeBuildItem.getApplicationModel().getAppArtifact().getSources();
        if (sources != null) {
            Collection resourceDirs = sources.getResourceDirs();
            if (resourceDirs.isEmpty()) {
                resourceDirs = sources.getSourceDirs();
            }
            if (!resourceDirs.isEmpty()) {
                file = ((SourceDir) resourceDirs.iterator().next()).getOutputDir().toFile();
            }
        }
        if (file == null) {
            file = new File(curateOutcomeBuildItem.getApplicationModel().getAppArtifact().getWorkspaceModule().getBuildDir(), "classes");
        }
        return file;
    }

    private Map<String, String> addDefaultSmallryePropertiesIfMissing(Set<String> set, Optional<GenerateEncryptedDevModeJwtKeysBuildItem> optional) {
        HashMap hashMap = new HashMap();
        if (!set.contains(SMALLRYE_JWT_SIGN_KEY)) {
            hashMap.put(SMALLRYE_JWT_SIGN_KEY, NONE);
        }
        if (!set.contains(MP_JWT_VERIFY_PUBLIC_KEY)) {
            hashMap.put(MP_JWT_VERIFY_PUBLIC_KEY, NONE);
        }
        if (optional.isPresent()) {
            if (!set.contains(SMALLRYE_JWT_ENCRYPT_KEY) && !set.contains(SMALLRYE_JWT_ENCRYPT_KEY_LOCATION)) {
                hashMap.put(SMALLRYE_JWT_ENCRYPT_KEY, NONE);
            }
            if (!set.contains(SMALLRYE_JWT_DECRYPT_KEY) && !set.contains(MP_JWT_DECRYPT_KEY_LOCATION)) {
                hashMap.put(SMALLRYE_JWT_DECRYPT_KEY, NONE);
            }
        }
        return hashMap;
    }

    private boolean isConfigPresent(String str) {
        return ConfigProvider.getConfig().getOptionalValue(str, String.class).isPresent();
    }

    private DevServicesResultBuildItem smallryeJwtDevServiceWith(Map<String, String> map) {
        return new DevServicesResultBuildItem(Feature.SMALLRYE_JWT.name(), (String) null, map);
    }

    private static Map<String, String> generateDevServiceProperties(String str, String str2, Optional<GenerateEncryptedDevModeJwtKeysBuildItem> optional) {
        HashMap hashMap = new HashMap();
        hashMap.put(MP_JWT_VERIFY_PUBLIC_KEY, str);
        hashMap.put(SMALLRYE_JWT_SIGN_KEY, str2);
        if (optional.isPresent()) {
            hashMap.put(SMALLRYE_JWT_ENCRYPT_KEY, str);
            hashMap.put(SMALLRYE_JWT_DECRYPT_KEY, str2);
        }
        return hashMap;
    }

    private static String getStringKey(Key key) {
        return Base64.getEncoder().encodeToString(key.getEncoded());
    }
}
