package io.vertx.ext.auth.oauth2.providers;

import io.vertx.codegen.annotations.VertxGen;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Promise;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.impl.jose.JWS;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.OAuth2Options;
import io.vertx.ext.auth.oauth2.rbac.KeycloakRBAC;

@VertxGen
/* loaded from: input_file:io/vertx/ext/auth/oauth2/providers/KeycloakAuth.class */
public interface KeycloakAuth extends OpenIDConnectAuth {
    static OAuth2Auth create(Vertx vertx, JsonObject jsonObject) {
        return create(vertx, OAuth2FlowType.AUTH_CODE, jsonObject);
    }

    static OAuth2Auth create(Vertx vertx, OAuth2FlowType oAuth2FlowType, JsonObject jsonObject) {
        return create(vertx, oAuth2FlowType, jsonObject, new HttpClientOptions());
    }

    static OAuth2Auth create(Vertx vertx, JsonObject jsonObject, HttpClientOptions httpClientOptions) {
        return create(vertx, OAuth2FlowType.AUTH_CODE, jsonObject, httpClientOptions);
    }

    static OAuth2Auth create(Vertx vertx, OAuth2FlowType oAuth2FlowType, JsonObject jsonObject, HttpClientOptions httpClientOptions) {
        OAuth2Options httpClientOptions2 = new OAuth2Options().setHttpClientOptions(httpClientOptions);
        httpClientOptions2.setFlow(oAuth2FlowType);
        if (jsonObject.containsKey("resource")) {
            httpClientOptions2.setClientId(jsonObject.getString("resource"));
        }
        if (jsonObject.containsKey("auth-server-url")) {
            httpClientOptions2.setSite(jsonObject.getString("auth-server-url"));
        }
        if (jsonObject.containsKey("credentials") && jsonObject.getJsonObject("credentials").containsKey("secret")) {
            httpClientOptions2.setClientSecret(jsonObject.getJsonObject("credentials").getString("secret"));
        }
        if (jsonObject.containsKey("realm")) {
            String string = jsonObject.getString("realm");
            httpClientOptions2.setAuthorizationPath("/realms/" + string + "/protocol/openid-connect/auth");
            httpClientOptions2.setTokenPath("/realms/" + string + "/protocol/openid-connect/token");
            httpClientOptions2.setRevocationPath(null);
            httpClientOptions2.setLogoutPath("/realms/" + string + "/protocol/openid-connect/logout");
            httpClientOptions2.setUserInfoPath("/realms/" + string + "/protocol/openid-connect/userinfo");
            httpClientOptions2.setIntrospectionPath("/realms/" + string + "/protocol/openid-connect/token/introspect");
            httpClientOptions2.setJwkPath("/realms/" + string + "/protocol/openid-connect/certs");
        }
        if (jsonObject.containsKey("realm-public-key")) {
            httpClientOptions2.addPubSecKey(new PubSecKeyOptions().setAlgorithm(JWS.RS256).setBuffer(jsonObject.getString("realm-public-key")));
        }
        return OAuth2Auth.create(vertx, httpClientOptions2).rbacHandler(KeycloakRBAC.create(httpClientOptions2));
    }

    static void discover(Vertx vertx, OAuth2Options oAuth2Options, Handler<AsyncResult<OAuth2Auth>> handler) {
        OAuth2Options oAuth2Options2 = new OAuth2Options(oAuth2Options);
        OpenIDConnectAuth.discover(vertx, oAuth2Options2, asyncResult -> {
            if (asyncResult.succeeded()) {
                ((OAuth2Auth) asyncResult.result()).rbacHandler(KeycloakRBAC.create(oAuth2Options2));
            }
            handler.handle(asyncResult);
        });
    }

    static Future<OAuth2Auth> discover(Vertx vertx, OAuth2Options oAuth2Options) {
        Promise promise = Promise.promise();
        discover(vertx, oAuth2Options, promise);
        return promise.future();
    }
}
