package io.quarkus.vertx.http.deployment;

import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.BeanContainerBuildItem;
import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
import io.quarkus.builder.item.SimpleBuildItem;
import io.quarkus.deployment.Capabilities;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.Consume;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.runtime.RuntimeValue;
import io.quarkus.vertx.http.deployment.HttpSecurityProcessor;
import io.quarkus.vertx.http.runtime.management.ManagementInterfaceBuildTimeConfig;
import io.quarkus.vertx.http.runtime.management.ManagementInterfaceConfiguration;
import io.quarkus.vertx.http.runtime.management.ManagementInterfaceSecurityRecorder;
import io.quarkus.vertx.http.runtime.security.BasicAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticator;
import io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder;
import io.quarkus.vertx.http.runtime.security.ManagementInterfaceHttpAuthorizer;
import io.quarkus.vertx.http.runtime.security.ManagementPathMatchingHttpSecurityPolicy;
import jakarta.inject.Singleton;
import java.util.Optional;

/* loaded from: input_file:io/quarkus/vertx/http/deployment/ManagementInterfaceSecurityProcessor.class */
public class ManagementInterfaceSecurityProcessor {

    /* loaded from: input_file:io/quarkus/vertx/http/deployment/ManagementInterfaceSecurityProcessor$ManagementAuthenticationHandlerBuildItem.class */
    static final class ManagementAuthenticationHandlerBuildItem extends SimpleBuildItem {
        private final RuntimeValue<HttpSecurityRecorder.AuthenticationHandler> handler;

        private ManagementAuthenticationHandlerBuildItem(RuntimeValue<HttpSecurityRecorder.AuthenticationHandler> runtimeValue) {
            this.handler = runtimeValue;
        }
    }

    @BuildStep(onlyIfNot = {HttpSecurityProcessor.IsApplicationBasicAuthRequired.class})
    @Record(ExecutionTime.STATIC_INIT)
    SyntheticBeanBuildItem initBasicAuth(ManagementInterfaceSecurityRecorder managementInterfaceSecurityRecorder, ManagementInterfaceBuildTimeConfig managementInterfaceBuildTimeConfig) {
        if (((Boolean) managementInterfaceBuildTimeConfig.auth.basic.orElse(false)).booleanValue()) {
            return SyntheticBeanBuildItem.configure(BasicAuthenticationMechanism.class).types(new Class[]{HttpAuthenticationMechanism.class}).scope(Singleton.class).supplier(managementInterfaceSecurityRecorder.setupBasicAuth()).done();
        }
        return null;
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void setupAuthenticationMechanisms(ManagementInterfaceSecurityRecorder managementInterfaceSecurityRecorder, BuildProducer<ManagementInterfaceFilterBuildItem> buildProducer, BuildProducer<AdditionalBeanBuildItem> buildProducer2, Optional<ManagementAuthenticationHandlerBuildItem> optional) {
        if (optional.isPresent()) {
            buildProducer2.produce(AdditionalBeanBuildItem.builder().setUnremovable().addBeanClass(HttpAuthenticator.class).addBeanClass(ManagementPathMatchingHttpSecurityPolicy.class).addBeanClass(ManagementInterfaceHttpAuthorizer.class).build());
            buildProducer.produce(new ManagementInterfaceFilterBuildItem(managementInterfaceSecurityRecorder.getAuthenticationHandler(optional.get().handler), ManagementInterfaceFilterBuildItem.AUTHENTICATION));
            buildProducer.produce(new ManagementInterfaceFilterBuildItem(managementInterfaceSecurityRecorder.permissionCheckHandler(), -100));
        }
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void createManagementAuthMechHandler(ManagementInterfaceSecurityRecorder managementInterfaceSecurityRecorder, Capabilities capabilities, ManagementInterfaceBuildTimeConfig managementInterfaceBuildTimeConfig, BuildProducer<ManagementAuthenticationHandlerBuildItem> buildProducer) {
        if (((Boolean) managementInterfaceBuildTimeConfig.auth.basic.orElse(false)).booleanValue() && capabilities.isPresent("io.quarkus.security")) {
            buildProducer.produce(new ManagementAuthenticationHandlerBuildItem(managementInterfaceSecurityRecorder.managementAuthenticationHandler(managementInterfaceBuildTimeConfig.auth.proactive)));
        }
    }

    @BuildStep
    @Record(ExecutionTime.RUNTIME_INIT)
    @Consume(BeanContainerBuildItem.class)
    void initializeAuthMechanismHandler(Optional<ManagementAuthenticationHandlerBuildItem> optional, ManagementInterfaceSecurityRecorder managementInterfaceSecurityRecorder, ManagementInterfaceConfiguration managementInterfaceConfiguration) {
        if (optional.isPresent()) {
            managementInterfaceSecurityRecorder.initializeAuthenticationHandler(optional.get().handler, managementInterfaceConfiguration);
        }
    }
}
