package io.quarkus.tls;

import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
import io.quarkus.bootstrap.classloading.QuarkusClassLoader;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.ShutdownContextBuildItem;
import io.quarkus.runtime.configuration.ConfigurationException;
import io.quarkus.tls.runtime.CertificateRecorder;
import io.quarkus.tls.runtime.LetsEncryptRecorder;
import io.quarkus.tls.runtime.config.TlsConfig;
import io.quarkus.vertx.deployment.VertxBuildItem;
import io.quarkus.vertx.http.deployment.spi.RouteBuildItem;
import jakarta.inject.Singleton;
import java.util.List;
import java.util.Optional;
import java.util.function.Supplier;

/* loaded from: input_file:io/quarkus/tls/CertificatesProcessor.class */
public class CertificatesProcessor {
    @BuildStep
    @Record(ExecutionTime.RUNTIME_INIT)
    public TlsRegistryBuildItem initializeCertificate(TlsConfig tlsConfig, Optional<VertxBuildItem> optional, CertificateRecorder certificateRecorder, BuildProducer<SyntheticBeanBuildItem> buildProducer, List<TlsCertificateBuildItem> list, ShutdownContextBuildItem shutdownContextBuildItem) {
        if (optional.isPresent()) {
            certificateRecorder.validateCertificates(tlsConfig, optional.get().getVertx(), shutdownContextBuildItem);
        }
        for (TlsCertificateBuildItem tlsCertificateBuildItem : list) {
            certificateRecorder.register(tlsCertificateBuildItem.name, tlsCertificateBuildItem.supplier);
        }
        Supplier supplier = certificateRecorder.getSupplier();
        buildProducer.produce(SyntheticBeanBuildItem.configure(TlsConfigurationRegistry.class).supplier(supplier).scope(Singleton.class).unremovable().setRuntimeInit().done());
        return new TlsRegistryBuildItem(supplier);
    }

    @BuildStep(onlyIf = {LetsEncryptEnabled.class})
    @Record(ExecutionTime.RUNTIME_INIT)
    void createManagementRoutes(BuildProducer<RouteBuildItem> buildProducer, LetsEncryptRecorder letsEncryptRecorder, TlsRegistryBuildItem tlsRegistryBuildItem) {
        if (!QuarkusClassLoader.isClassPresentAtRuntime("io.vertx.ext.web.Router")) {
            throw new ConfigurationException("Cannot use Let's Encrypt without the quarkus-vertx-http extension");
        }
        letsEncryptRecorder.initialize(tlsRegistryBuildItem.registry());
        buildProducer.produce(RouteBuildItem.newAbsoluteRoute("/.well-known/acme-challenge/:token").withRequestHandler(letsEncryptRecorder.challengeHandler()).build());
        buildProducer.produce(RouteBuildItem.newManagementRoute("lets-encrypt/challenge").withRequestHandler(letsEncryptRecorder.chalengeAdminHandler()).withRouteCustomizer(letsEncryptRecorder.setupCustomizer()).build());
        buildProducer.produce(RouteBuildItem.newManagementRoute("lets-encrypt/certs").withRequestHandler(letsEncryptRecorder.reload()).build());
    }
}
