package org.wildfly.swarm.undertow.runtime;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.enterprise.context.ApplicationScoped;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
import org.wildfly.swarm.spi.api.ArchivePreparer;
import org.wildfly.swarm.spi.api.annotations.Configurable;
import org.wildfly.swarm.undertow.WARArchive;
import org.wildfly.swarm.undertow.descriptors.JBossWebAsset;
import org.wildfly.swarm.undertow.descriptors.SecurityConstraint;
import org.wildfly.swarm.undertow.descriptors.WebXmlAsset;

@ApplicationScoped
/* loaded from: input_file:org/wildfly/swarm/undertow/runtime/HttpSecurityPreparer.class */
public class HttpSecurityPreparer implements ArchivePreparer {
    private static final Logger LOG = Logger.getLogger(HttpSecurityPreparer.class);
    private final String[] SUPPORTED_AUTH_METHODS = {"BASIC", "DIGEST", "FORM", "KEYCLOAK"};

    @Configurable("swarm.deployment")
    Map<String, Object> deploymentConfigs;

    public void prepareArchive(Archive<?> archive) {
        if (this.deploymentConfigs == null || this.deploymentConfigs.isEmpty()) {
            return;
        }
        Optional<String> findFirst = this.deploymentConfigs.keySet().stream().filter(str -> {
            return archive.getName().equals(str);
        }).findFirst();
        if (findFirst.isPresent()) {
            Map map = (Map) this.deploymentConfigs.get(findFirst.get());
            if (map.containsKey("web")) {
                Map map2 = (Map) map.get("web");
                Map map3 = (Map) map2.get("login-config");
                String str2 = (String) map3.getOrDefault("auth-method", "NONE");
                boolean z = false;
                String[] strArr = this.SUPPORTED_AUTH_METHODS;
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (str2.equals(strArr[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    LOG.warn("Ignoring unsupported auth-method: " + str2);
                    return;
                }
                WARArchive as = archive.as(WARArchive.class);
                WebXmlAsset findWebXmlAsset = as.findWebXmlAsset();
                JBossWebAsset findJbossWebAsset = as.findJbossWebAsset();
                findWebXmlAsset.setLoginConfig(str2, "ignored");
                if (map3.containsKey("security-domain")) {
                    findJbossWebAsset.setSecurityDomain((String) map3.get("security-domain"));
                }
                if (map3.containsKey("form-login-config")) {
                    Map map4 = (Map) map3.get("form-login-config");
                    findWebXmlAsset.setFormLoginConfig("Security Realm", (String) map4.get("form-login-page"), (String) map4.get("form-error-page"));
                }
                for (Map map5 : (List) map2.getOrDefault("security-constraints", Collections.EMPTY_LIST)) {
                    SecurityConstraint protect = findWebXmlAsset.protect((String) map5.getOrDefault("url-pattern", "/*"));
                    List list = (List) map5.getOrDefault("methods", Collections.emptyList());
                    protect.getClass();
                    list.forEach(protect::withMethod);
                    List list2 = (List) map5.getOrDefault("roles", Collections.emptyList());
                    protect.getClass();
                    list2.forEach(protect::withRole);
                }
            }
        }
    }
}
