package io.quarkus.oidc.client.runtime;

import io.quarkus.arc.Arc;
import io.quarkus.oidc.client.OidcClient;
import io.quarkus.oidc.client.OidcClientConfig;
import io.quarkus.oidc.client.OidcClientException;
import io.quarkus.oidc.client.OidcClients;
import io.quarkus.oidc.client.Tokens;
import io.quarkus.oidc.common.OidcEndpoint;
import io.quarkus.oidc.common.OidcRequestContextProperties;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.quarkus.oidc.common.OidcResponseFilter;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.oidc.common.runtime.OidcTlsSupport;
import io.quarkus.runtime.annotations.Recorder;
import io.quarkus.runtime.configuration.ConfigurationException;
import io.quarkus.tls.TlsConfigurationRegistry;
import io.smallrye.mutiny.Uni;
import io.vertx.core.Vertx;
import io.vertx.ext.web.client.WebClientOptions;
import io.vertx.mutiny.core.MultiMap;
import io.vertx.mutiny.ext.web.client.WebClient;
import jakarta.enterprise.inject.CreationException;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;

@Recorder
/* loaded from: input_file:io/quarkus/oidc/client/runtime/OidcClientRecorder.class */
public class OidcClientRecorder {
    private static final Logger LOG = Logger.getLogger(OidcClientRecorder.class);
    private static final String CLIENT_ID_ATTRIBUTE = "client-id";
    private static final String DEFAULT_OIDC_CLIENT_ID = "Default";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkus/oidc/client/runtime/OidcClientRecorder$DisabledOidcClient.class */
    public static class DisabledOidcClient implements OidcClient {
        String message;

        DisabledOidcClient(String str) {
            this.message = str;
        }

        @Override // io.quarkus.oidc.client.OidcClient
        public Uni<Tokens> getTokens(Map<String, String> map) {
            return Uni.createFrom().failure(new DisabledOidcClientException(this.message));
        }

        @Override // io.quarkus.oidc.client.OidcClient
        public Uni<Tokens> refreshTokens(String str, Map<String, String> map) {
            return Uni.createFrom().failure(new DisabledOidcClientException(this.message));
        }

        @Override // io.quarkus.oidc.client.OidcClient
        public Uni<Boolean> revokeAccessToken(String str, Map<String, String> map) {
            return Uni.createFrom().failure(new DisabledOidcClientException(this.message));
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkus/oidc/client/runtime/OidcClientRecorder$OidcConfigurationMetadata.class */
    public static class OidcConfigurationMetadata {
        private final String tokenRequestUri;
        private final String tokenRevokeUri;

        OidcConfigurationMetadata(String str, String str2) {
            this.tokenRequestUri = str;
            this.tokenRevokeUri = str2;
        }
    }

    private static OidcClients setup(OidcClientsConfig oidcClientsConfig, final Supplier<Vertx> supplier, final Supplier<TlsConfigurationRegistry> supplier2) {
        OidcTlsSupport of = OidcTlsSupport.of(supplier2);
        io.quarkus.oidc.client.OidcClientConfig oidcClientConfig = new io.quarkus.oidc.client.OidcClientConfig(oidcClientsConfig.defaultClient());
        String orElse = oidcClientConfig.getId().orElse(DEFAULT_OIDC_CLIENT_ID);
        OidcClient createOidcClient = createOidcClient(oidcClientConfig, orElse, supplier, of);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, OidcClientConfig> entry : oidcClientsConfig.namedClients().entrySet()) {
            io.quarkus.oidc.client.OidcClientConfig oidcClientConfig2 = new io.quarkus.oidc.client.OidcClientConfig(entry.getValue());
            OidcCommonUtils.verifyConfigurationId(orElse, entry.getKey(), oidcClientConfig2.getId());
            hashMap.put(entry.getKey(), createOidcClient(oidcClientConfig2, entry.getKey(), supplier, of));
        }
        return new OidcClientsImpl(createOidcClient, hashMap, new Function<io.quarkus.oidc.client.OidcClientConfig, Uni<OidcClient>>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.1
            @Override // java.util.function.Function
            public Uni<OidcClient> apply(io.quarkus.oidc.client.OidcClientConfig oidcClientConfig3) {
                return OidcClientRecorder.createOidcClientUni(oidcClientConfig3, oidcClientConfig3.getId().get(), supplier, OidcTlsSupport.of(supplier2));
            }
        });
    }

    public Supplier<OidcClient> createOidcClientBean() {
        return new Supplier<OidcClient>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public OidcClient get() {
                return ((OidcClients) Arc.container().instance(OidcClients.class, new Annotation[0]).get()).getClient();
            }
        };
    }

    public Supplier<OidcClient> createOidcClientBean(final String str) {
        return new Supplier<OidcClient>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public OidcClient get() {
                return ((OidcClients) Arc.container().instance(OidcClients.class, new Annotation[0]).get()).getClient(str);
            }
        };
    }

    public Supplier<OidcClients> createOidcClientsBean(final OidcClientsConfig oidcClientsConfig, final Supplier<Vertx> supplier, final Supplier<TlsConfigurationRegistry> supplier2) {
        return new Supplier<OidcClients>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public OidcClients get() {
                return OidcClientRecorder.setup(oidcClientsConfig, supplier, supplier2);
            }
        };
    }

    protected static OidcClient createOidcClient(io.quarkus.oidc.client.OidcClientConfig oidcClientConfig, String str, Supplier<Vertx> supplier, OidcTlsSupport oidcTlsSupport) {
        return (OidcClient) createOidcClientUni(oidcClientConfig, str, supplier, oidcTlsSupport).await().atMost(oidcClientConfig.connectionTimeout);
    }

    protected static Uni<OidcClient> createOidcClientUni(final io.quarkus.oidc.client.OidcClientConfig oidcClientConfig, String str, Supplier<Vertx> supplier, OidcTlsSupport oidcTlsSupport) {
        Uni<OidcConfigurationMetadata> item;
        if (!oidcClientConfig.isClientEnabled()) {
            String format = String.format("'%s' client configuration is disabled", str);
            LOG.debug(format);
            return Uni.createFrom().item(new DisabledOidcClient(format));
        }
        if (!oidcClientConfig.getId().isPresent()) {
            oidcClientConfig.setId(str);
        }
        try {
            if (oidcClientConfig.authServerUrl.isEmpty() && !OidcCommonUtils.isAbsoluteUrl(oidcClientConfig.tokenPath)) {
                throw new ConfigurationException("Either 'quarkus.oidc-client.auth-server-url' or absolute 'quarkus.oidc-client.token-path' URL must be set");
            }
            OidcCommonUtils.verifyEndpointUrl(getEndpointUrl(oidcClientConfig));
            OidcCommonUtils.verifyCommonConfiguration(oidcClientConfig, false, false);
            WebClientOptions webClientOptions = new WebClientOptions();
            webClientOptions.setFollowRedirects(oidcClientConfig.followRedirects);
            OidcCommonUtils.setHttpClientOptions(oidcClientConfig, webClientOptions, oidcTlsSupport.forConfig(oidcClientConfig.tls));
            io.vertx.mutiny.core.Vertx vertx = new io.vertx.mutiny.core.Vertx(supplier.get());
            final WebClient create = WebClient.create(vertx, webClientOptions);
            final Map oidcRequestFilters = OidcCommonUtils.getOidcRequestFilters();
            final Map oidcResponseFilters = OidcCommonUtils.getOidcResponseFilters();
            if (OidcCommonUtils.isAbsoluteUrl(oidcClientConfig.tokenPath)) {
                item = Uni.createFrom().item(new OidcConfigurationMetadata((String) oidcClientConfig.tokenPath.get(), OidcCommonUtils.isAbsoluteUrl(oidcClientConfig.revokePath) ? (String) oidcClientConfig.revokePath.get() : null));
            } else {
                String authServerUrl = OidcCommonUtils.getAuthServerUrl(oidcClientConfig);
                item = !((Boolean) oidcClientConfig.discoveryEnabled.orElse(true)).booleanValue() ? Uni.createFrom().item(new OidcConfigurationMetadata(OidcCommonUtils.getOidcEndpointUrl(authServerUrl, oidcClientConfig.tokenPath), OidcCommonUtils.getOidcEndpointUrl(authServerUrl, oidcClientConfig.revokePath))) : discoverTokenUris(create, oidcRequestFilters, oidcResponseFilters, authServerUrl.toString(), oidcClientConfig, vertx);
            }
            return item.onItemOrFailure().transform(new BiFunction<OidcConfigurationMetadata, Throwable, OidcClient>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.5
                @Override // java.util.function.BiFunction
                public OidcClient apply(OidcConfigurationMetadata oidcConfigurationMetadata, Throwable th) {
                    Map<String, String> map;
                    if (th != null) {
                        throw OidcClientRecorder.toOidcClientException(OidcClientRecorder.getEndpointUrl(io.quarkus.oidc.client.OidcClientConfig.this), th);
                    }
                    if (oidcConfigurationMetadata.tokenRequestUri == null) {
                        throw new ConfigurationException("OpenId Connect Provider token endpoint URL is not configured and can not be discovered");
                    }
                    String grantType = io.quarkus.oidc.client.OidcClientConfig.this.grant.getType().getGrantType();
                    MultiMap multiMap = null;
                    if (io.quarkus.oidc.client.OidcClientConfig.this.grant.getType() != OidcClientConfig.Grant.Type.REFRESH) {
                        multiMap = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
                        OidcClientRecorder.setGrantClientParams(io.quarkus.oidc.client.OidcClientConfig.this, multiMap, grantType);
                        if (io.quarkus.oidc.client.OidcClientConfig.this.getGrantOptions() != null && (map = io.quarkus.oidc.client.OidcClientConfig.this.getGrantOptions().get(io.quarkus.oidc.client.OidcClientConfig.this.grant.getType().name().toLowerCase())) != null) {
                            if (io.quarkus.oidc.client.OidcClientConfig.this.grant.getType() == OidcClientConfig.Grant.Type.PASSWORD) {
                                String str2 = map.get("username");
                                String str3 = map.get("password");
                                if (str2 == null || str3 == null) {
                                    throw new ConfigurationException("Username and password must be set when a password grant is used", Set.of("quarkus.oidc-client.grant.type", "quarkus.oidc-client.grant-options"));
                                }
                                multiMap.add("username", str2);
                                multiMap.add("password", str3);
                                for (Map.Entry<String, String> entry : map.entrySet()) {
                                    if (!"username".equals(entry.getKey()) && !"password".equals(entry.getKey())) {
                                        multiMap.add(entry.getKey(), entry.getValue());
                                    }
                                }
                            } else {
                                multiMap.addAll(map);
                            }
                        }
                    }
                    MultiMap multiMap2 = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
                    OidcClientRecorder.setGrantClientParams(io.quarkus.oidc.client.OidcClientConfig.this, multiMap2, "refresh_token");
                    return new OidcClientImpl(create, oidcConfigurationMetadata.tokenRequestUri, oidcConfigurationMetadata.tokenRevokeUri, grantType, multiMap, multiMap2, io.quarkus.oidc.client.OidcClientConfig.this, oidcRequestFilters, oidcResponseFilters);
                }
            });
        } catch (Throwable th) {
            LOG.debug(th.getMessage());
            return Uni.createFrom().item(new DisabledOidcClient(String.format("'%s' client configuration is not initialized", str)));
        }
    }

    private static String getEndpointUrl(io.quarkus.oidc.client.OidcClientConfig oidcClientConfig) {
        return oidcClientConfig.authServerUrl.isPresent() ? (String) oidcClientConfig.authServerUrl.get() : (String) oidcClientConfig.tokenPath.get();
    }

    private static void setGrantClientParams(io.quarkus.oidc.client.OidcClientConfig oidcClientConfig, MultiMap multiMap, String str) {
        multiMap.add("grant_type", str);
        if (oidcClientConfig.getScopes().isPresent()) {
            multiMap.add("scope", (String) oidcClientConfig.getScopes().get().stream().collect(Collectors.joining(" ")));
        }
    }

    private static Uni<OidcConfigurationMetadata> discoverTokenUris(WebClient webClient, Map<OidcEndpoint.Type, List<OidcRequestFilter>> map, Map<OidcEndpoint.Type, List<OidcResponseFilter>> map2, String str, io.quarkus.oidc.client.OidcClientConfig oidcClientConfig, io.vertx.mutiny.core.Vertx vertx) {
        return OidcCommonUtils.discoverMetadata(webClient, map, new OidcRequestContextProperties(Map.of(CLIENT_ID_ATTRIBUTE, oidcClientConfig.getId().orElse(DEFAULT_OIDC_CLIENT_ID))), map2, str, OidcCommonUtils.getConnectionDelayInMillis(oidcClientConfig), vertx, oidcClientConfig.useBlockingDnsLookup).onItem().transform(jsonObject -> {
            return new OidcConfigurationMetadata(jsonObject.getString("token_endpoint"), jsonObject.getString("revocation_endpoint"));
        });
    }

    protected static OidcClientException toOidcClientException(String str, Throwable th) {
        return new OidcClientException(OidcCommonUtils.formatConnectionErrorMessage(str), th);
    }

    public void initOidcClients() {
        try {
            Arc.container().instance(OidcClients.class, new Annotation[0]).get();
        } catch (CreationException e) {
            Throwable cause = e.getCause();
            if (!(cause instanceof RuntimeException)) {
                throw e;
            }
            throw ((RuntimeException) cause);
        }
    }
}
