package io.quarkus.oidc.runtime;

import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.SecurityEvent;
import io.quarkus.oidc.TenantConfigResolver;
import io.quarkus.oidc.TenantResolver;
import io.quarkus.oidc.TokenIntrospectionCache;
import io.quarkus.oidc.TokenStateManager;
import io.quarkus.oidc.UserInfo;
import io.quarkus.oidc.UserInfoCache;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import jakarta.annotation.PostConstruct;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.event.Event;
import jakarta.enterprise.inject.Instance;
import jakarta.inject.Inject;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.logging.Logger;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/oidc/runtime/DefaultTenantConfigResolver.class */
public class DefaultTenantConfigResolver {
    private static final Logger LOG = Logger.getLogger(DefaultTenantConfigResolver.class);
    private static final String CURRENT_STATIC_TENANT_ID = "static.tenant.id";
    private static final String CURRENT_STATIC_TENANT_ID_NULL = "static.tenant.id.null";
    private static final String CURRENT_DYNAMIC_TENANT_CONFIG = "dynamic.tenant.config";

    @Inject
    Instance<TenantResolver> tenantResolver;

    @Inject
    Instance<TenantConfigResolver> tenantConfigResolver;

    @Inject
    TenantConfigBean tenantConfigBean;

    @Inject
    Instance<TokenStateManager> tokenStateManager;

    @Inject
    Instance<TokenIntrospectionCache> tokenIntrospectionCache;

    @Inject
    Instance<UserInfoCache> userInfoCache;

    @Inject
    Event<SecurityEvent> securityEvent;

    @Inject
    @ConfigProperty(name = "quarkus.http.proxy.enable-forwarded-prefix")
    boolean enableHttpForwardedPrefix;
    private volatile boolean securityEventObserved;
    private final BlockingTaskRunner<OidcTenantConfig> blockingRequestContext = new BlockingTaskRunner<>();
    private ConcurrentHashMap<String, TokenVerificationResult> backChannelLogoutTokens = new ConcurrentHashMap<>();

    @PostConstruct
    public void verifyResolvers() {
        if (this.tenantConfigResolver.isResolvable() && this.tenantConfigResolver.isAmbiguous()) {
            throw new IllegalStateException("Multiple " + TenantConfigResolver.class + " beans registered");
        }
        if (this.tenantResolver.isResolvable() && this.tenantResolver.isAmbiguous()) {
            throw new IllegalStateException("Multiple " + TenantResolver.class + " beans registered");
        }
        if (this.tokenStateManager.isAmbiguous()) {
            throw new IllegalStateException("Multiple " + TokenStateManager.class + " beans registered");
        }
        if (this.tokenIntrospectionCache.isAmbiguous()) {
            throw new IllegalStateException("Multiple " + TokenIntrospectionCache.class + " beans registered");
        }
        if (this.userInfoCache.isAmbiguous()) {
            throw new IllegalStateException("Multiple " + UserInfo.class + " beans registered");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Uni<OidcTenantConfig> resolveConfig(final RoutingContext routingContext) {
        return getDynamicTenantConfig(routingContext).map(new Function<OidcTenantConfig, OidcTenantConfig>() { // from class: io.quarkus.oidc.runtime.DefaultTenantConfigResolver.1
            @Override // java.util.function.Function
            public OidcTenantConfig apply(OidcTenantConfig oidcTenantConfig) {
                TenantConfigContext staticTenantContext;
                if (oidcTenantConfig == null && (staticTenantContext = DefaultTenantConfigResolver.this.getStaticTenantContext(routingContext)) != null) {
                    oidcTenantConfig = staticTenantContext.oidcConfig;
                }
                return oidcTenantConfig;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Uni<TenantConfigContext> resolveContext(final RoutingContext routingContext) {
        return getDynamicTenantContext(routingContext).chain(new Function<TenantConfigContext, Uni<? extends TenantConfigContext>>() { // from class: io.quarkus.oidc.runtime.DefaultTenantConfigResolver.2
            @Override // java.util.function.Function
            public Uni<? extends TenantConfigContext> apply(TenantConfigContext tenantConfigContext) {
                if (tenantConfigContext != null) {
                    return Uni.createFrom().item(tenantConfigContext);
                }
                TenantConfigContext staticTenantContext = DefaultTenantConfigResolver.this.getStaticTenantContext(routingContext);
                if (staticTenantContext != null && !staticTenantContext.ready) {
                    TenantConfigContext tenantConfigContext2 = DefaultTenantConfigResolver.this.tenantConfigBean.getDynamicTenantsConfig().get(staticTenantContext.oidcConfig.tenantId.get());
                    if (tenantConfigContext2 == null) {
                        DefaultTenantConfigResolver.LOG.debugf("Tenant '%s' is not initialized yet, trying to create OIDC connection now", staticTenantContext.oidcConfig.tenantId.get());
                        return DefaultTenantConfigResolver.this.tenantConfigBean.getTenantConfigContextFactory().apply(staticTenantContext.oidcConfig);
                    }
                    staticTenantContext = tenantConfigContext2;
                }
                return Uni.createFrom().item(staticTenantContext);
            }
        });
    }

    private TenantConfigContext getStaticTenantContext(RoutingContext routingContext) {
        String str = (String) routingContext.get(CURRENT_STATIC_TENANT_ID);
        if (str == null && routingContext.get(CURRENT_STATIC_TENANT_ID_NULL) == null) {
            if (this.tenantResolver.isResolvable()) {
                str = ((TenantResolver) this.tenantResolver.get()).resolve(routingContext);
            }
            if (str == null) {
                str = (String) routingContext.get(OidcUtils.TENANT_ID_ATTRIBUTE);
            }
        }
        if (str != null) {
            routingContext.put(CURRENT_STATIC_TENANT_ID, str);
        } else {
            routingContext.put(CURRENT_STATIC_TENANT_ID_NULL, true);
        }
        TenantConfigContext tenantConfigContext = str != null ? this.tenantConfigBean.getStaticTenantsConfig().get(str) : null;
        if (tenantConfigContext == null) {
            if (str != null && !str.isEmpty()) {
                LOG.debugf("Registered TenantResolver has not provided the configuration for tenant '%s', using the default tenant", str);
            }
            tenantConfigContext = this.tenantConfigBean.getDefaultTenant();
        }
        return tenantConfigContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSecurityEventObserved() {
        return this.securityEventObserved;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSecurityEventObserved(boolean z) {
        this.securityEventObserved = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Event<SecurityEvent> getSecurityEvent() {
        return this.securityEvent;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenStateManager getTokenStateManager() {
        return (TokenStateManager) this.tokenStateManager.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenIntrospectionCache getTokenIntrospectionCache() {
        if (this.tokenIntrospectionCache.isResolvable()) {
            return (TokenIntrospectionCache) this.tokenIntrospectionCache.get();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserInfoCache getUserInfoCache() {
        if (this.userInfoCache.isResolvable()) {
            return (UserInfoCache) this.userInfoCache.get();
        }
        return null;
    }

    private Uni<OidcTenantConfig> getDynamicTenantConfig(RoutingContext routingContext) {
        if (!this.tenantConfigResolver.isResolvable()) {
            return Uni.createFrom().nullItem();
        }
        Uni<OidcTenantConfig> uni = (Uni) routingContext.get(CURRENT_DYNAMIC_TENANT_CONFIG);
        if (uni == null) {
            Uni indefinitely = ((TenantConfigResolver) this.tenantConfigResolver.get()).resolve(routingContext, this.blockingRequestContext).memoize().indefinitely();
            uni = indefinitely == null ? Uni.createFrom().nullItem() : indefinitely.onItem().transform(oidcTenantConfig -> {
                return OidcUtils.resolveProviderConfig(oidcTenantConfig);
            });
            routingContext.put(CURRENT_DYNAMIC_TENANT_CONFIG, uni);
        }
        return uni;
    }

    private Uni<TenantConfigContext> getDynamicTenantContext(RoutingContext routingContext) {
        return getDynamicTenantConfig(routingContext).chain(new Function<OidcTenantConfig, Uni<? extends TenantConfigContext>>() { // from class: io.quarkus.oidc.runtime.DefaultTenantConfigResolver.3
            @Override // java.util.function.Function
            public Uni<? extends TenantConfigContext> apply(OidcTenantConfig oidcTenantConfig) {
                if (oidcTenantConfig == null) {
                    return Uni.createFrom().nullItem();
                }
                TenantConfigContext tenantConfigContext = DefaultTenantConfigResolver.this.tenantConfigBean.getDynamicTenantsConfig().get(oidcTenantConfig.getTenantId().orElseThrow(() -> {
                    return new OIDCException("Tenant configuration must have tenant id");
                }));
                return tenantConfigContext == null ? DefaultTenantConfigResolver.this.tenantConfigBean.getTenantConfigContextFactory().apply(oidcTenantConfig) : Uni.createFrom().item(tenantConfigContext);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isEnableHttpForwardedPrefix() {
        return this.enableHttpForwardedPrefix;
    }

    public Map<String, TokenVerificationResult> getBackChannelLogoutTokens() {
        return this.backChannelLogoutTokens;
    }

    public TenantConfigBean getTenantConfigBean() {
        return this.tenantConfigBean;
    }
}
