package io.quarkus.elytron.security.deployment;

import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.BeanContainerBuildItem;
import io.quarkus.deployment.QuarkusConfig;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.deployment.builditem.substrate.ReflectiveClassBuildItem;
import io.quarkus.deployment.builditem.substrate.SubstrateResourceBuildItem;
import io.quarkus.elytron.security.runtime.AuthConfig;
import io.quarkus.elytron.security.runtime.DefaultRoleDecoder;
import io.quarkus.elytron.security.runtime.MPRealmConfig;
import io.quarkus.elytron.security.runtime.PropertiesRealmConfig;
import io.quarkus.elytron.security.runtime.SecurityConfig;
import io.quarkus.elytron.security.runtime.SecurityContextPrincipal;
import io.quarkus.elytron.security.runtime.SecurityRecorder;
import io.quarkus.runtime.RuntimeValue;
import io.quarkus.undertow.deployment.ServletExtensionBuildItem;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/elytron/security/deployment/SecurityDeploymentProcessor.class */
class SecurityDeploymentProcessor {
    private static final Logger log = Logger.getLogger(SecurityDeploymentProcessor.class.getName());
    private static final String USERS_PREFIX = "quarkus.security.embedded.users";
    private static final String ROLES_PREFIX = "quarkus.security.embedded.roles";
    SecurityConfig security;

    @BuildStep
    FeatureBuildItem feature() {
        return new FeatureBuildItem("security");
    }

    @BuildStep
    void registerAdditionalBeans(BuildProducer<AdditionalBeanBuildItem> buildProducer) {
        buildProducer.produce(AdditionalBeanBuildItem.unremovableOf(SecurityContextPrincipal.class));
        buildProducer.produce(AdditionalBeanBuildItem.unremovableOf(DefaultRoleDecoder.class));
    }

    @BuildStep
    void services(BuildProducer<ReflectiveClassBuildItem> buildProducer, BuildProducer<JCAProviderBuildItem> buildProducer2) {
        buildProducer.produce(new ReflectiveClassBuildItem(true, false, new String[]{"org.wildfly.security.password.impl.PasswordFactorySpiImpl"}));
        if (this.security.securityProviders != null) {
            for (String str : this.security.securityProviders) {
                buildProducer2.produce(new JCAProviderBuildItem(str));
                log.debugf("Added providerName: %s", str);
            }
        }
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    AuthConfigBuildItem configureFileRealmAuthConfig(SecurityRecorder securityRecorder, BuildProducer<SubstrateResourceBuildItem> buildProducer, BuildProducer<SecurityRealmBuildItem> buildProducer2, BuildProducer<PasswordRealmBuildItem> buildProducer3) throws Exception {
        if (!this.security.file.enabled) {
            return null;
        }
        PropertiesRealmConfig propertiesRealmConfig = this.security.file;
        log.debugf("Configuring from PropertiesRealmConfig, users=%s, roles=%s", propertiesRealmConfig.getUsers(), propertiesRealmConfig.getRoles());
        buildProducer.produce(new SubstrateResourceBuildItem(new String[]{propertiesRealmConfig.users, propertiesRealmConfig.roles}));
        buildProducer2.produce(new SecurityRealmBuildItem(securityRecorder.createRealm(propertiesRealmConfig), propertiesRealmConfig.getAuthConfig()));
        buildProducer3.produce(new PasswordRealmBuildItem());
        return new AuthConfigBuildItem(propertiesRealmConfig.getAuthConfig());
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    AuthConfigBuildItem configureMPRealmConfig(SecurityRecorder securityRecorder, BuildProducer<SecurityRealmBuildItem> buildProducer, BuildProducer<PasswordRealmBuildItem> buildProducer2) throws Exception {
        if (!this.security.embedded.enabled) {
            return null;
        }
        MPRealmConfig mPRealmConfig = this.security.embedded;
        log.info("Configuring from MPRealmConfig");
        log.debugf("MPRealmConfig.users: %s", mPRealmConfig.users);
        log.debugf("MPRealmConfig.roles: %s", mPRealmConfig.roles);
        Set<String> names = QuarkusConfig.getNames(USERS_PREFIX);
        log.debugf("userKeys: %s", names);
        for (String str : names) {
            String string = QuarkusConfig.getString("quarkus.security.embedded.users." + str, (String) null, false);
            log.debugf("%s.pass = %s", str, string);
            mPRealmConfig.users.put(str, string);
        }
        Set<String> names2 = QuarkusConfig.getNames(ROLES_PREFIX);
        log.debugf("roleKeys: %s", names2);
        for (String str2 : names2) {
            String string2 = QuarkusConfig.getString("quarkus.security.embedded.roles." + str2, (String) null, false);
            log.debugf("%s.roles = %s", str2, string2);
            mPRealmConfig.roles.put(str2, string2);
        }
        buildProducer.produce(new SecurityRealmBuildItem(securityRecorder.createRealm(mPRealmConfig), mPRealmConfig.getAuthConfig()));
        buildProducer2.produce(new PasswordRealmBuildItem());
        return new AuthConfigBuildItem(mPRealmConfig.getAuthConfig());
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    SecurityDomainBuildItem build(SecurityRecorder securityRecorder, List<SecurityRealmBuildItem> list, BeanContainerBuildItem beanContainerBuildItem) throws Exception {
        log.debugf("build, hasFile=%s, hasMP=%s", Boolean.valueOf(this.security.file.enabled), Boolean.valueOf(this.security.embedded.enabled));
        if (list.size() <= 0) {
            return null;
        }
        SecurityRealmBuildItem securityRealmBuildItem = list.get(0);
        RuntimeValue configureDomainBuilder = securityRecorder.configureDomainBuilder(securityRealmBuildItem.getAuthConfig().getRealmName(), securityRealmBuildItem.getRealm(), securityRecorder.createDefaultRoleDecoder(beanContainerBuildItem.getValue()));
        for (int i = 1; i < list.size(); i++) {
            SecurityRealmBuildItem securityRealmBuildItem2 = list.get(i);
            securityRecorder.addRealm(configureDomainBuilder, securityRealmBuildItem2.getAuthConfig().getRealmName(), securityRealmBuildItem2.getRealm());
        }
        return new SecurityDomainBuildItem(securityRecorder.buildDomain(configureDomainBuilder));
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void configureIdentityManager(SecurityRecorder securityRecorder, SecurityDomainBuildItem securityDomainBuildItem, BuildProducer<IdentityManagerBuildItem> buildProducer, List<PasswordRealmBuildItem> list) {
        if (list.size() > 0) {
            buildProducer.produce(new IdentityManagerBuildItem(securityRecorder.createIdentityManager(securityDomainBuildItem.getSecurityDomain())));
        }
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void addIdentityManager(SecurityRecorder securityRecorder, BuildProducer<ServletExtensionBuildItem> buildProducer, SecurityDomainBuildItem securityDomainBuildItem, List<IdentityManagerBuildItem> list, List<AuthConfigBuildItem> list2) {
        if (list.size() == 0) {
            return;
        }
        if (list.size() > 1) {
            throw new IllegalStateException("Multiple IdentityManagerBuildItem seen: " + list);
        }
        buildProducer.produce(new ServletExtensionBuildItem(securityRecorder.configureUndertowIdentityManager(securityDomainBuildItem.getSecurityDomain(), list.get(0).getIdentityManager())));
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void addLoginConfig(SecurityRecorder securityRecorder, List<AuthConfigBuildItem> list, BuildProducer<ServletExtensionBuildItem> buildProducer) {
        ArrayList arrayList = new ArrayList();
        Iterator<AuthConfigBuildItem> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getAuthConfig());
        }
        buildProducer.produce(new ServletExtensionBuildItem(securityRecorder.configureLoginConfig(arrayList)));
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    ServletExtensionBuildItem addSecurityContextPrincipalHandler(SecurityRecorder securityRecorder, BeanContainerBuildItem beanContainerBuildItem) {
        log.debugf("addSecurityContextPrincipalHandler", new Object[0]);
        return new ServletExtensionBuildItem(securityRecorder.configureSecurityContextPrincipalHandler(beanContainerBuildItem.getValue()));
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void registerJCAProviders(BuildProducer<ReflectiveClassBuildItem> buildProducer, List<JCAProviderBuildItem> list) {
        Iterator<JCAProviderBuildItem> it = list.iterator();
        while (it.hasNext()) {
            for (String str : registerProvider(it.next().getProviderName())) {
                buildProducer.produce(new ReflectiveClassBuildItem(true, true, new String[]{str}));
                log.debugf("Register JCA class: %s", str);
            }
        }
    }

    private List<String> registerProvider(String str) {
        ArrayList arrayList = new ArrayList();
        Provider provider = Security.getProvider(str);
        arrayList.add(provider.getClass().getName());
        for (Provider.Service service : provider.getServices()) {
            arrayList.add(service.getClassName());
            String attribute = service.getAttribute("SupportedKeyClasses");
            if (attribute != null) {
                arrayList.addAll(Arrays.asList(attribute.split("\\|")));
            }
        }
        return arrayList;
    }

    @BuildStep
    @Record(ExecutionTime.RUNTIME_INIT)
    void loadRealm(SecurityRecorder securityRecorder, List<SecurityRealmBuildItem> list) throws Exception {
        for (SecurityRealmBuildItem securityRealmBuildItem : list) {
            AuthConfig authConfig = securityRealmBuildItem.getAuthConfig();
            if (authConfig.getType() != null) {
                Class type = authConfig.getType();
                if (type.isAssignableFrom(PropertiesRealmConfig.class)) {
                    securityRecorder.loadRealm(securityRealmBuildItem.getRealm(), this.security.file);
                } else if (type.isAssignableFrom(MPRealmConfig.class)) {
                    securityRecorder.loadRealm(securityRealmBuildItem.getRealm(), this.security.embedded);
                }
            }
        }
    }
}
