package io.apicurio.registry.services.tenant;

import io.apicurio.datamodels.cmd.commands.AbstractSchemaInhCommand;
import io.apicurio.multitenant.api.datamodel.RegistryTenant;
import io.apicurio.registry.mt.TenantContext;
import io.apicurio.registry.mt.TenantIdResolver;
import io.apicurio.registry.mt.TenantMetadataService;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.TenantConfigResolver;
import io.quarkus.oidc.common.runtime.OidcCommonConfig;
import io.vertx.ext.web.RoutingContext;
import java.util.Optional;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:io/apicurio/registry/services/tenant/CustomTenantConfigResolver.class */
public class CustomTenantConfigResolver implements TenantConfigResolver {
    protected final Logger log = LoggerFactory.getLogger(getClass());

    @Inject
    TenantMetadataService tenantMetadataService;

    @Inject
    TenantContext tenantContext;

    @Inject
    @ConfigProperty(name = "quarkus.oidc.tls.verification")
    Optional<String> tlsVerification;

    @Inject
    TenantIdResolver tenantIdResolver;

    @Inject
    @ConfigProperty(name = "registry.auth.enabled")
    boolean authEnabled;

    public OidcTenantConfig resolve(RoutingContext routingContext) {
        if (!this.authEnabled) {
            return null;
        }
        if (!this.tenantIdResolver.resolveTenantId(routingContext)) {
            this.log.debug("Tenant config is not loaded, fallback to default tenant");
            return null;
        }
        String tenantId = this.tenantContext.tenantId();
        this.log.debug("Resolving authz config for tenant {}", tenantId);
        RegistryTenant tenant = this.tenantMetadataService.getTenant(tenantId);
        OidcTenantConfig oidcTenantConfig = new OidcTenantConfig();
        oidcTenantConfig.setTenantId(tenant.getTenantId());
        oidcTenantConfig.setAuthServerUrl(tenant.getAuthServerUrl());
        oidcTenantConfig.setClientId(tenant.getAuthClientId());
        if (this.tlsVerification.isPresent() && this.tlsVerification.get().equalsIgnoreCase(AbstractSchemaInhCommand.TYPE_NONE)) {
            oidcTenantConfig.tls.verification = Optional.of(OidcCommonConfig.Tls.Verification.NONE);
        }
        return oidcTenantConfig;
    }
}
