package io.quarkus.keycloak.pep.deployment;

import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.BeanContainerBuildItem;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.EnableAllSecurityServicesBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.keycloak.pep.runtime.KeycloakPolicyEnforcerAuthorizer;
import io.quarkus.keycloak.pep.runtime.KeycloakPolicyEnforcerConfig;
import io.quarkus.keycloak.pep.runtime.KeycloakPolicyEnforcerRecorder;
import io.quarkus.oidc.runtime.OidcBuildTimeConfig;
import io.quarkus.oidc.runtime.OidcConfig;
import io.quarkus.vertx.http.deployment.RequireBodyHandlerBuildItem;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:io/quarkus/keycloak/pep/deployment/KeycloakPolicyEnforcerBuildStep.class */
public class KeycloakPolicyEnforcerBuildStep {
    @BuildStep
    FeatureBuildItem featureBuildItem() {
        return new FeatureBuildItem("keycloak-authorization");
    }

    @BuildStep
    RequireBodyHandlerBuildItem requireBody(KeycloakPolicyEnforcerConfig keycloakPolicyEnforcerConfig) {
        if (!keycloakPolicyEnforcerConfig.policyEnforcer.enable) {
            return null;
        }
        if (isBodyClaimInformationPointDefined(keycloakPolicyEnforcerConfig.policyEnforcer.claimInformationPoint.simpleConfig)) {
            return new RequireBodyHandlerBuildItem();
        }
        Iterator it = keycloakPolicyEnforcerConfig.policyEnforcer.paths.values().iterator();
        while (it.hasNext()) {
            if (isBodyClaimInformationPointDefined(((KeycloakPolicyEnforcerConfig.KeycloakConfigPolicyEnforcer.PathConfig) it.next()).claimInformationPoint.simpleConfig)) {
                return new RequireBodyHandlerBuildItem();
            }
        }
        return null;
    }

    private boolean isBodyClaimInformationPointDefined(Map<String, Map<String, String>> map) {
        Iterator<Map.Entry<String, Map<String, String>>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Iterator<String> it2 = it.next().getValue().values().iterator();
            while (it2.hasNext()) {
                if (it2.next().contains("request.body")) {
                    return true;
                }
            }
        }
        return false;
    }

    @BuildStep
    public AdditionalBeanBuildItem beans(KeycloakPolicyEnforcerConfig keycloakPolicyEnforcerConfig) {
        if (keycloakPolicyEnforcerConfig.policyEnforcer.enable) {
            return AdditionalBeanBuildItem.builder().setUnremovable().addBeanClass(KeycloakPolicyEnforcerAuthorizer.class).build();
        }
        return null;
    }

    @BuildStep
    EnableAllSecurityServicesBuildItem security() {
        return new EnableAllSecurityServicesBuildItem();
    }

    @BuildStep
    @Record(ExecutionTime.RUNTIME_INIT)
    public void setup(OidcBuildTimeConfig oidcBuildTimeConfig, OidcConfig oidcConfig, KeycloakPolicyEnforcerConfig keycloakPolicyEnforcerConfig, KeycloakPolicyEnforcerRecorder keycloakPolicyEnforcerRecorder, BeanContainerBuildItem beanContainerBuildItem) {
        if (oidcBuildTimeConfig.enabled && keycloakPolicyEnforcerConfig.policyEnforcer.enable) {
            keycloakPolicyEnforcerRecorder.setup(oidcConfig, keycloakPolicyEnforcerConfig, beanContainerBuildItem.getValue());
        }
    }
}
