package org.wildfly.swarm.microprofile.jwtauth.runtime;

import java.io.IOException;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.jboss.modules.ModuleLoadException;
import org.wildfly.swarm.config.runtime.AttributeDocumentation;
import org.wildfly.swarm.config.security.Flag;
import org.wildfly.swarm.security.SecurityFraction;
import org.wildfly.swarm.spi.api.Customizer;
import org.wildfly.swarm.spi.api.Defaultable;
import org.wildfly.swarm.spi.api.annotations.Configurable;
import org.wildfly.swarm.spi.api.annotations.Configurables;
import org.wildfly.swarm.spi.runtime.annotations.Post;

@ApplicationScoped
@Post
/* loaded from: input_file:org/wildfly/swarm/microprofile/jwtauth/runtime/MPJWTLoginModuleCustomizer.class */
public class MPJWTLoginModuleCustomizer implements Customizer {

    @Inject
    SecurityFraction security;

    @AttributeDocumentation("If set, a security domain with this name that supports MicroProfile JWT is automatically created in the security subsystem. The realmName parameter of the @LoginConfig annotation must be set to the same value.")
    @Configurables({@Configurable("thorntail.microprofile.jwt.realm"), @Configurable("thorntail.microprofile.jwtauth.realm")})
    private Defaultable<String> jwtRealm = Defaultable.string("");

    @AttributeDocumentation("Roles properties file path")
    @Configurables({@Configurable("thorntail.microprofile.jwt.roles.file"), @Configurable("thorntail.microprofile.jwtauth.roles.file")})
    private Defaultable<String> rolesPropertiesFile = Defaultable.string("");

    public void customize() throws ModuleLoadException, IOException {
        if (((String) this.jwtRealm.get()).isEmpty() || this.security.subresources().securityDomain((String) this.jwtRealm.get()) != null) {
            return;
        }
        this.security.securityDomain((String) this.jwtRealm.get(), securityDomain -> {
            securityDomain.jaspiAuthentication(jaspiAuthentication -> {
                jaspiAuthentication.loginModuleStack("roles-lm-stack", loginModuleStack -> {
                    loginModuleStack.loginModule("0", loginModule -> {
                        loginModule.code("org.wildfly.swarm.microprofile.jwtauth.deployment.auth.jaas.JWTLoginModule");
                        loginModule.flag(Flag.REQUIRED);
                        if (((String) this.rolesPropertiesFile.get()).isEmpty()) {
                            return;
                        }
                        loginModule.moduleOption("rolesProperties", this.rolesPropertiesFile.get());
                    });
                });
                jaspiAuthentication.authModule("http", authModule -> {
                    authModule.code("org.wildfly.extension.undertow.security.jaspi.modules.HTTPSchemeServerAuthModule");
                    authModule.module("org.wildfly.extension.undertow");
                    authModule.flag(Flag.REQUIRED);
                    authModule.loginModuleStackRef("roles-lm-stack");
                });
            });
        });
    }
}
