package io.quarkus.elytron.security.oauth2.deployment;

import io.quarkus.arc.deployment.BeanContainerBuildItem;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.elytron.security.deployment.AuthConfigBuildItem;
import io.quarkus.elytron.security.deployment.IdentityManagerBuildItem;
import io.quarkus.elytron.security.deployment.SecurityDomainBuildItem;
import io.quarkus.elytron.security.deployment.SecurityRealmBuildItem;
import io.quarkus.elytron.security.oauth2.runtime.OAuth2Config;
import io.quarkus.elytron.security.oauth2.runtime.OAuth2Recorder;
import io.quarkus.elytron.security.runtime.AuthConfig;
import io.quarkus.runtime.RuntimeValue;
import io.quarkus.undertow.deployment.ServletExtensionBuildItem;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/elytron/security/oauth2/deployment/OAuth2DeploymentProcessor.class */
class OAuth2DeploymentProcessor {
    private static final Logger log = Logger.getLogger(OAuth2DeploymentProcessor.class.getName());
    private static final String REALM_NAME = "OAuth2";
    private static final String AUTH_MECHANISM = "BEARER_TOKEN";
    OAuth2Config oauth2;

    @BuildStep(providesCapabilities = {"io.quarkus.elytron.security.oauth2"})
    FeatureBuildItem feature() {
        return new FeatureBuildItem("security-oauth2");
    }

    @BuildStep
    ExtensionSslNativeSupportBuildItem activateSslNativeSupport() {
        return new ExtensionSslNativeSupportBuildItem("security-oauth2");
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    AuthConfigBuildItem configureOauth2RealmAuthConfig(OAuth2Recorder oAuth2Recorder, BuildProducer<SecurityRealmBuildItem> buildProducer) throws Exception {
        if (!this.oauth2.enabled) {
            return null;
        }
        RuntimeValue createRealm = oAuth2Recorder.createRealm(this.oauth2);
        AuthConfig authConfig = new AuthConfig();
        authConfig.setAuthMechanism(AUTH_MECHANISM);
        authConfig.setRealmName(REALM_NAME);
        buildProducer.produce(new SecurityRealmBuildItem(createRealm, authConfig));
        return new AuthConfigBuildItem(authConfig);
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void configureIdentityManager(OAuth2Recorder oAuth2Recorder, SecurityDomainBuildItem securityDomainBuildItem, BuildProducer<IdentityManagerBuildItem> buildProducer) {
        if (this.oauth2.enabled) {
            buildProducer.produce(new IdentityManagerBuildItem(oAuth2Recorder.createIdentityManager(securityDomainBuildItem.getSecurityDomain(), this.oauth2)));
        }
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    ServletExtensionBuildItem registerAuthExtension(OAuth2Recorder oAuth2Recorder, BeanContainerBuildItem beanContainerBuildItem) {
        return new ServletExtensionBuildItem(oAuth2Recorder.createAuthExtension(AUTH_MECHANISM, beanContainerBuildItem.getValue()));
    }
}
