package io.quarkus.oidc.runtime;

import io.netty.handler.codec.rtsp.RtspHeaders;
import io.quarkus.arc.Arc;
import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.runtime.BlockingOperationControl;
import io.quarkus.runtime.ExecutorRecorder;
import io.quarkus.runtime.annotations.Recorder;
import io.quarkus.runtime.configuration.ConfigurationException;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.subscription.UniEmitter;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonObject;
import io.vertx.core.net.ProxyOptions;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.impl.OAuth2AuthProviderImpl;
import io.vertx.ext.auth.oauth2.providers.KeycloakAuth;
import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import org.jboss.logging.Logger;
import org.jose4j.jws.AlgorithmIdentifiers;

@Recorder
/* loaded from: input_file:io/quarkus/oidc/runtime/OidcRecorder.class */
public class OidcRecorder {
    private static final Logger LOG = Logger.getLogger((Class<?>) OidcRecorder.class);
    private static final Map<String, TenantConfigContext> dynamicTenantsConfig = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.quarkus.oidc.runtime.OidcRecorder$1, reason: invalid class name */
    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcRecorder$1.class */
    public class AnonymousClass1 implements Supplier<TenantConfigBean> {
        final /* synthetic */ Map val$staticTenantsConfig;
        final /* synthetic */ TenantConfigContext val$tenantContext;
        final /* synthetic */ Vertx val$vertxValue;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* renamed from: io.quarkus.oidc.runtime.OidcRecorder$1$1, reason: invalid class name and collision with other inner class name */
        /* loaded from: input_file:io/quarkus/oidc/runtime/OidcRecorder$1$1.class */
        public class C00121 implements Function<OidcTenantConfig, Uni<TenantConfigContext>> {
            C00121() {
            }

            @Override // java.util.function.Function
            public Uni<TenantConfigContext> apply(final OidcTenantConfig oidcTenantConfig) {
                return Uni.createFrom().emitter(new Consumer<UniEmitter<? super TenantConfigContext>>() { // from class: io.quarkus.oidc.runtime.OidcRecorder.1.1.1
                    @Override // java.util.function.Consumer
                    public void accept(final UniEmitter<? super TenantConfigContext> uniEmitter) {
                        if (BlockingOperationControl.isBlockingAllowed()) {
                            OidcRecorder.this.createDynamicTenantContext(uniEmitter, AnonymousClass1.this.val$vertxValue, oidcTenantConfig, oidcTenantConfig.getTenantId().get());
                        } else {
                            ExecutorRecorder.getCurrent().execute(new Runnable() { // from class: io.quarkus.oidc.runtime.OidcRecorder.1.1.1.1
                                @Override // java.lang.Runnable
                                public void run() {
                                    OidcRecorder.this.createDynamicTenantContext(uniEmitter, AnonymousClass1.this.val$vertxValue, oidcTenantConfig, oidcTenantConfig.getTenantId().get());
                                }
                            });
                        }
                    }
                });
            }
        }

        AnonymousClass1(Map map, TenantConfigContext tenantConfigContext, Vertx vertx) {
            this.val$staticTenantsConfig = map;
            this.val$tenantContext = tenantConfigContext;
            this.val$vertxValue = vertx;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public TenantConfigBean get() {
            return new TenantConfigBean(this.val$staticTenantsConfig, OidcRecorder.dynamicTenantsConfig, this.val$tenantContext, new C00121(), ExecutorRecorder.getCurrent());
        }
    }

    public Supplier<TenantConfigBean> setup(OidcConfig oidcConfig, Supplier<Vertx> supplier) {
        Vertx vertx = supplier.get();
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, OidcTenantConfig> entry : oidcConfig.namedTenants.entrySet()) {
            if (oidcConfig.defaultTenant.getTenantId().isPresent() && entry.getKey().equals(oidcConfig.defaultTenant.getTenantId().get())) {
                throw new OIDCException("tenant-id '" + entry.getKey() + "' duplicates the default tenant-id");
            }
            if (entry.getValue().getTenantId().isPresent() && !entry.getKey().equals(entry.getValue().getTenantId().get())) {
                throw new OIDCException("Configuration has 2 different tenant-id values: '" + entry.getKey() + "' and '" + entry.getValue().getTenantId().get() + "'");
            }
            hashMap.put(entry.getKey(), createTenantContext(vertx, entry.getValue(), entry.getKey()));
        }
        return new AnonymousClass1(hashMap, createTenantContext(vertx, oidcConfig.defaultTenant, "Default"), vertx);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createDynamicTenantContext(UniEmitter<? super TenantConfigContext> uniEmitter, Vertx vertx, OidcTenantConfig oidcTenantConfig, String str) {
        try {
            if (!dynamicTenantsConfig.containsKey(str)) {
                dynamicTenantsConfig.putIfAbsent(str, createTenantContext(vertx, oidcTenantConfig, str));
            }
            uniEmitter.complete(dynamicTenantsConfig.get(str));
        } catch (Throwable th) {
            uniEmitter.fail(th);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:120:0x0483, code lost:
    
        r0 = ((io.vertx.ext.auth.oauth2.impl.OAuth2AuthProviderImpl) io.vertx.ext.auth.oauth2.impl.OAuth2AuthProviderImpl.class.cast(r18)).getConfig().getLogoutPath();
     */
    /* JADX WARN: Code restructure failed: missing block: B:121:0x049f, code lost:
    
        if (r8.logout.path.isPresent() == false) goto L153;
     */
    /* JADX WARN: Code restructure failed: missing block: B:123:0x04a9, code lost:
    
        if (r8.endSessionPath.isPresent() != false) goto L153;
     */
    /* JADX WARN: Code restructure failed: missing block: B:125:0x04ae, code lost:
    
        if (r0 != null) goto L153;
     */
    /* JADX WARN: Code restructure failed: missing block: B:127:0x04ba, code lost:
    
        throw new java.lang.RuntimeException("The application supports RP-Initiated Logout but the OpenID Provider does not advertise the end_session_endpoint");
     */
    /* JADX WARN: Code restructure failed: missing block: B:128:0x04bb, code lost:
    
        r18.missingKeyHandler(new io.quarkus.oidc.runtime.JwkSetRefreshHandler(r18, r8.token.forcedJwkRefreshInterval));
     */
    /* JADX WARN: Code restructure failed: missing block: B:129:0x04dd, code lost:
    
        return new io.quarkus.oidc.runtime.TenantConfigContext(r18, r8);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private io.quarkus.oidc.runtime.TenantConfigContext createTenantContext(io.vertx.core.Vertx r7, io.quarkus.oidc.OidcTenantConfig r8, java.lang.String r9) {
        /*
            Method dump skipped, instructions count: 1246
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.quarkus.oidc.runtime.OidcRecorder.createTenantContext(io.vertx.core.Vertx, io.quarkus.oidc.OidcTenantConfig, java.lang.String):io.quarkus.oidc.runtime.TenantConfigContext");
    }

    private static String prependSlash(String str) {
        return !str.startsWith("/") ? "/" + str : str;
    }

    private static OAuth2Auth discoverOidcEndpoints(final Vertx vertx, final OAuth2ClientOptions oAuth2ClientOptions) {
        return (OAuth2Auth) Uni.createFrom().emitter(new Consumer<UniEmitter<? super OAuth2Auth>>() { // from class: io.quarkus.oidc.runtime.OidcRecorder.2
            @Override // java.util.function.Consumer
            public void accept(final UniEmitter<? super OAuth2Auth> uniEmitter) {
                KeycloakAuth.discover(Vertx.this, oAuth2ClientOptions, new Handler<AsyncResult<OAuth2Auth>>() { // from class: io.quarkus.oidc.runtime.OidcRecorder.2.1
                    @Override // io.vertx.core.Handler
                    public void handle(AsyncResult<OAuth2Auth> asyncResult) {
                        if (asyncResult.failed()) {
                            uniEmitter.fail(OidcRecorder.toOidcException(asyncResult.cause()));
                        } else {
                            uniEmitter.complete(asyncResult.result());
                        }
                    }
                });
            }
        }).await().indefinitely();
    }

    private static OAuth2Auth setOidcEndpoints(final Vertx vertx, final OAuth2ClientOptions oAuth2ClientOptions) {
        return oAuth2ClientOptions.getJwkPath() != null ? (OAuth2Auth) Uni.createFrom().emitter(new Consumer<UniEmitter<? super OAuth2Auth>>() { // from class: io.quarkus.oidc.runtime.OidcRecorder.3
            @Override // java.util.function.Consumer
            public void accept(UniEmitter<? super OAuth2Auth> uniEmitter) {
                OAuth2Auth create = OAuth2Auth.create(Vertx.this, oAuth2ClientOptions);
                create.loadJWK(asyncResult -> {
                    if (asyncResult.failed()) {
                        uniEmitter.fail(OidcRecorder.toOidcException(asyncResult.cause()));
                    }
                    uniEmitter.complete(create);
                });
            }
        }).await().indefinitely() : OAuth2Auth.create(vertx, oAuth2ClientOptions);
    }

    private static TenantConfigContext createdTenantContextFromPublicKey(OAuth2ClientOptions oAuth2ClientOptions, OidcTenantConfig oidcTenantConfig) {
        if (oidcTenantConfig.applicationType != OidcTenantConfig.ApplicationType.SERVICE) {
            throw new ConfigurationException("'public-key' property can only be used with the 'service' applications");
        }
        LOG.debug("'public-key' property for the local token verification is set, no connection to the OIDC server will be created");
        oAuth2ClientOptions.addPubSecKey(new PubSecKeyOptions().setAlgorithm(AlgorithmIdentifiers.RSA_USING_SHA256).setPublicKey(oidcTenantConfig.getPublicKey().get()));
        return new TenantConfigContext(new OAuth2AuthProviderImpl(null, oAuth2ClientOptions), oidcTenantConfig);
    }

    protected static OIDCException toOidcException(Throwable th) {
        return new OIDCException("OIDC server is not available at the 'quarkus.oidc.auth-server-url' URL. Please make sure it is correct. Note it has to end with a realm value if you work with Keycloak, for example: 'https://localhost:8180/auth/realms/quarkus'", th);
    }

    protected static Optional<ProxyOptions> toProxyOptions(OidcTenantConfig.Proxy proxy) {
        if (!proxy.host.isPresent()) {
            return Optional.empty();
        }
        JsonObject jsonObject = new JsonObject();
        jsonObject.put("host", proxy.host.get());
        jsonObject.put(RtspHeaders.Values.PORT, Integer.valueOf(proxy.port));
        if (proxy.username.isPresent()) {
            jsonObject.put("username", proxy.username.get());
        }
        if (proxy.password.isPresent()) {
            jsonObject.put("password", proxy.password.get());
        }
        return Optional.of(new ProxyOptions(jsonObject));
    }

    public void setSecurityEventObserved(boolean z) {
        ((DefaultTenantConfigResolver) Arc.container().instance(DefaultTenantConfigResolver.class, new Annotation[0]).get()).setSecurityEventObserved(z);
    }
}
