package io.quarkus.oidc.runtime;

import io.quarkus.arc.runtime.BeanContainer;
import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.runtime.OidcConfig;
import io.quarkus.runtime.RuntimeValue;
import io.quarkus.runtime.annotations.Recorder;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.providers.KeycloakAuth;
import java.lang.annotation.Annotation;
import java.util.concurrent.CompletableFuture;
import org.jose4j.jws.AlgorithmIdentifiers;

@Recorder
/* loaded from: input_file:io/quarkus/oidc/runtime/OidcRecorder.class */
public class OidcRecorder {
    public void setup(OidcConfig oidcConfig, RuntimeValue<Vertx> runtimeValue, BeanContainer beanContainer) {
        OAuth2ClientOptions oAuth2ClientOptions = new OAuth2ClientOptions();
        oAuth2ClientOptions.setSite(oidcConfig.authServerUrl);
        if (oidcConfig.introspectionPath.isPresent()) {
            oAuth2ClientOptions.setIntrospectionPath(oidcConfig.introspectionPath.get());
        }
        if (oidcConfig.jwksPath.isPresent()) {
            oAuth2ClientOptions.setJwkPath(oidcConfig.jwksPath.get());
        }
        if (oidcConfig.clientId.isPresent()) {
            oAuth2ClientOptions.setClientID(oidcConfig.clientId.get());
        }
        if (oidcConfig.credentials.secret.isPresent()) {
            oAuth2ClientOptions.setClientSecret(oidcConfig.credentials.secret.get());
        }
        if (oidcConfig.publicKey.isPresent()) {
            oAuth2ClientOptions.addPubSecKey(new PubSecKeyOptions().setAlgorithm(AlgorithmIdentifiers.RSA_USING_SHA256).setPublicKey(oidcConfig.publicKey.get()));
        }
        final CompletableFuture completableFuture = new CompletableFuture();
        KeycloakAuth.discover(runtimeValue.getValue(), oAuth2ClientOptions, new Handler<AsyncResult<OAuth2Auth>>() { // from class: io.quarkus.oidc.runtime.OidcRecorder.1
            @Override // io.vertx.core.Handler
            public void handle(AsyncResult<OAuth2Auth> asyncResult) {
                if (asyncResult.failed()) {
                    completableFuture.completeExceptionally(OidcRecorder.toOidcException(asyncResult.cause()));
                } else {
                    completableFuture.complete(asyncResult.result());
                }
            }
        });
        OAuth2Auth oAuth2Auth = (OAuth2Auth) completableFuture.join();
        OidcIdentityProvider oidcIdentityProvider = (OidcIdentityProvider) beanContainer.instance(OidcIdentityProvider.class, new Annotation[0]);
        oidcIdentityProvider.setAuth(oAuth2Auth);
        oidcIdentityProvider.setConfig(oidcConfig);
        AbstractOidcAuthenticationMechanism abstractOidcAuthenticationMechanism = null;
        if (OidcConfig.ApplicationType.SERVICE.equals(oidcConfig.applicationType)) {
            abstractOidcAuthenticationMechanism = (AbstractOidcAuthenticationMechanism) beanContainer.instance(BearerAuthenticationMechanism.class, new Annotation[0]);
        } else if (OidcConfig.ApplicationType.WEB_APP.equals(oidcConfig.applicationType)) {
            abstractOidcAuthenticationMechanism = (AbstractOidcAuthenticationMechanism) beanContainer.instance(CodeAuthenticationMechanism.class, new Annotation[0]);
        }
        abstractOidcAuthenticationMechanism.setAuth(oAuth2Auth, oidcConfig);
    }

    protected static OIDCException toOidcException(Throwable th) {
        return new OIDCException("OIDC server is not available at the 'quarkus.oidc.auth-server-url' URL. Please make sure it is correct. Note it has to end with a realm value if you work with Keycloak, for example: 'https://localhost:8180/auth/realms/quarkus'", th);
    }
}
