package io.vertx.ext.auth.oauth2.providers;

import io.vertx.codegen.annotations.VertxGen;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.rbac.KeycloakRBAC;

@VertxGen
/* loaded from: input_file:io/vertx/ext/auth/oauth2/providers/KeycloakAuth.class */
public interface KeycloakAuth extends OpenIDConnectAuth {
    static OAuth2Auth create(Vertx vertx, JsonObject jsonObject) {
        return create(vertx, OAuth2FlowType.AUTH_CODE, jsonObject);
    }

    static OAuth2Auth create(Vertx vertx, OAuth2FlowType oAuth2FlowType, JsonObject jsonObject) {
        return create(vertx, oAuth2FlowType, jsonObject, new HttpClientOptions());
    }

    static OAuth2Auth create(Vertx vertx, JsonObject jsonObject, HttpClientOptions httpClientOptions) {
        return create(vertx, OAuth2FlowType.AUTH_CODE, jsonObject, httpClientOptions);
    }

    static OAuth2Auth create(Vertx vertx, OAuth2FlowType oAuth2FlowType, JsonObject jsonObject, HttpClientOptions httpClientOptions) {
        OAuth2ClientOptions oAuth2ClientOptions = new OAuth2ClientOptions(httpClientOptions);
        oAuth2ClientOptions.setFlow(oAuth2FlowType);
        if (jsonObject.containsKey("auth-server-url")) {
            oAuth2ClientOptions.setSite(jsonObject.getString("auth-server-url"));
        }
        if (jsonObject.containsKey("resource")) {
            oAuth2ClientOptions.setClientID(jsonObject.getString("resource"));
        }
        if (jsonObject.containsKey("credentials") && jsonObject.getJsonObject("credentials").containsKey("secret")) {
            oAuth2ClientOptions.setClientSecret(jsonObject.getJsonObject("credentials").getString("secret"));
        }
        if (jsonObject.containsKey("public-client") && jsonObject.getBoolean("public-client", false).booleanValue()) {
            oAuth2ClientOptions.setUseBasicAuthorizationHeader(true);
        }
        if (jsonObject.containsKey("realm")) {
            String string = jsonObject.getString("realm");
            oAuth2ClientOptions.setAuthorizationPath("/realms/" + string + "/protocol/openid-connect/auth");
            oAuth2ClientOptions.setTokenPath("/realms/" + string + "/protocol/openid-connect/token");
            oAuth2ClientOptions.setRevocationPath(null);
            oAuth2ClientOptions.setLogoutPath("/realms/" + string + "/protocol/openid-connect/logout");
            oAuth2ClientOptions.setUserInfoPath("/realms/" + string + "/protocol/openid-connect/userinfo");
            oAuth2ClientOptions.setIntrospectionPath("/realms/" + string + "/protocol/openid-connect/token/introspect");
            oAuth2ClientOptions.setJwkPath("/realms/" + string + "/protocol/openid-connect/certs");
        }
        if (jsonObject.containsKey("realm-public-key")) {
            oAuth2ClientOptions.addPubSecKey(new PubSecKeyOptions().setAlgorithm("RS256").setPublicKey(jsonObject.getString("realm-public-key")));
        }
        return OAuth2Auth.create(vertx, oAuth2ClientOptions).rbacHandler(KeycloakRBAC.create(oAuth2ClientOptions));
    }

    static void discover(Vertx vertx, OAuth2ClientOptions oAuth2ClientOptions, Handler<AsyncResult<OAuth2Auth>> handler) {
        OAuth2ClientOptions oAuth2ClientOptions2 = new OAuth2ClientOptions(oAuth2ClientOptions);
        OpenIDConnectAuth.discover(vertx, oAuth2ClientOptions2, asyncResult -> {
            if (asyncResult.succeeded()) {
                ((OAuth2Auth) asyncResult.result()).rbacHandler(KeycloakRBAC.create(oAuth2ClientOptions2));
            }
            handler.handle(asyncResult);
        });
    }
}
