package org.wildfly.swarm.microprofile.jwtauth.runtime;

import io.smallrye.jwt.auth.jaxrs.JWTAuthorizationFilterRegistrar;
import java.util.Map;
import javax.inject.Inject;
import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationValue;
import org.jboss.jandex.DotName;
import org.jboss.jandex.IndexView;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.ByteArrayAsset;
import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.wildfly.swarm.jaxrs.JAXRSArchive;
import org.wildfly.swarm.microprofile.jwtauth.MicroProfileJWTAuthFraction;
import org.wildfly.swarm.spi.api.DeploymentProcessor;
import org.wildfly.swarm.spi.runtime.annotations.DeploymentScoped;
import org.wildfly.swarm.undertow.WARArchive;
import org.wildfly.swarm.undertow.descriptors.WebXmlAsset;

@DeploymentScoped
/* loaded from: input_file:org/wildfly/swarm/microprofile/jwtauth/runtime/MPJWTAuthExtensionArchivePreparer.class */
public class MPJWTAuthExtensionArchivePreparer implements DeploymentProcessor {
    public static final String RESTEASY_PROVIDERS = "resteasy.providers";
    private static final String MP_JWT_AUTH_METHOD = "MP-JWT";
    private final Archive archive;
    private final IndexView index;

    @Inject
    private MicroProfileJWTAuthFraction fraction;
    private static Logger log = Logger.getLogger(MPJWTAuthExtensionArchivePreparer.class);
    private static final DotName LOGIN_CONFIG = DotName.createSimple("org.eclipse.microprofile.auth.LoginConfig");

    @Inject
    public MPJWTAuthExtensionArchivePreparer(Archive archive, IndexView indexView) {
        this.archive = archive;
        this.index = indexView;
    }

    public void process() throws Exception {
        String asString;
        if (((Boolean) this.fraction.isJwtEnabled().get()).booleanValue()) {
            WARArchive wARArchive = (WARArchive) this.archive.as(WARArchive.class);
            boolean z = false;
            for (AnnotationInstance annotationInstance : this.index.getAnnotations(LOGIN_CONFIG)) {
                AnnotationValue value = annotationInstance.value("authMethod");
                AnnotationValue value2 = annotationInstance.value("realmName");
                if (value2 == null) {
                    asString = (String) this.fraction.getJwtRealm().get();
                } else {
                    if (!((String) this.fraction.getJwtRealm().get()).isEmpty() && !((String) this.fraction.getJwtRealm().get()).equals(value2.asString())) {
                        log.errorf("LoginConfig realmName %s and 'thorntail.microprofile.jwt.realm' %s values must be equal", this.fraction.getJwtRealm().get(), value2.asString());
                        return;
                    }
                    asString = value2.asString();
                }
                if (value != null && MP_JWT_AUTH_METHOD.equals(value.asString()) && asString.length() > 0) {
                    selectSecurityDomain(wARArchive, asString);
                    z = true;
                }
            }
            if (!z) {
                if (((String) this.fraction.getJwtRealm().get()).isEmpty()) {
                    return;
                } else {
                    selectSecurityDomain(wARArchive, (String) this.fraction.getJwtRealm().get());
                }
            }
            if (this.fraction.getTokenIssuer().isPresent()) {
                log.debugf("Issuer: %s", this.fraction.getTokenIssuer().get());
                wARArchive.addAsManifestResource(new StringAsset((String) this.fraction.getTokenIssuer().get()), "MP-JWT-ISSUER");
            }
            if (this.fraction.getPublicKey() != null) {
                String publicKey = this.fraction.getPublicKey();
                log.debugf("PublicKey: %s", publicKey);
                if (publicKey.startsWith("file:") || publicKey.startsWith("classpath:")) {
                    log.warn("Using 'thorntail.microprofile.jwt.token.signer-pub-key' for the 'file:' or 'classpath:' key assets is deprecated, use the 'thorntail.microprofile.jwt.token.signer-pub-key-location' property instead");
                    wARArchive.addAsManifestResource(new StringAsset(publicKey), "MP-JWT-SIGNER-KEY-LOCATION");
                } else {
                    wARArchive.addAsManifestResource(new StringAsset(publicKey), "MP-JWT-SIGNER");
                }
            }
            if (this.fraction.getPublicKeyLocation() != null) {
                if (this.fraction.getPublicKey() != null) {
                    log.warn("'thorntail.microprofile.jwt.token.signer-pub-key' property has already been set, 'thorntail.microprofile.jwt.token.signer-pub-key-location' property will be ignored");
                } else {
                    log.debugf("PublicKey location: %s", this.fraction.getPublicKeyLocation());
                    wARArchive.addAsManifestResource(new StringAsset(this.fraction.getPublicKeyLocation()), "MP-JWT-SIGNER-KEY-LOCATION");
                }
            }
            wARArchive.addAsManifestResource(new StringAsset("" + this.fraction.getExpGracePeriodSecs().get()), "MP-JWT-EXP-GRACE");
            if (this.fraction.isDefaultMissingMethodPermissionsDenyAccess()) {
                wARArchive.addAsManifestResource(EmptyAsset.INSTANCE, "MP-JWT-DENY-NONANNOTATED-METHODS");
            }
            if (this.fraction.getJwksUri() != null) {
                log.warn("Using 'thorntail.microprofile.jwt.token.jwks-uri' for the HTTPS based JWK sets is deprecated, use the 'thorntail.microprofile.jwt.token.signer-pub-key-location' property instead");
                if (this.fraction.getPublicKeyLocation() == null && this.fraction.getPublicKey() == null) {
                    log.debugf("JwksUri: %s", this.fraction.getJwksUri());
                    wARArchive.addAsManifestResource(new StringAsset(this.fraction.getJwksUri()), "MP-JWT-SIGNER-KEY-LOCATION");
                } else {
                    log.warn("One of 'thorntail.microprofile.jwt.token.signer-pub-key' or 'thorntail.microprofile.jwt.token.signer-pub-key-location' properties has already been set. 'thorntail.microprofile.jwt.token.jwks-uri' propery will be ignored");
                }
            }
            if ((this.fraction.getPublicKeyLocation() != null && this.fraction.getPublicKeyLocation().startsWith("https:")) || this.fraction.getJwksUri() != null) {
                wARArchive.addAsManifestResource(new StringAsset(((Integer) this.fraction.getJwksRefreshInterval().get()).toString()), "MP-JWT-JWKS-REFRESH");
            }
            if (this.fraction.getTokenHeader() != null) {
                log.debugf("tokenHeader: %s", this.fraction.getTokenHeader());
                wARArchive.addAsManifestResource(new StringAsset((String) this.fraction.getTokenHeader().get()), "MP-JWT-TOKEN-HEADER");
            }
            if (this.fraction.getTokenCookie() != null) {
                log.debugf("tokenCookie: %s", this.fraction.getTokenCookie());
                wARArchive.addAsManifestResource(new StringAsset(this.fraction.getTokenCookie()), "MP-JWT-TOKEN-COOKIE");
            }
            if (this.fraction.getDefaultGroupsClaim() != null) {
                log.debugf("defaultGroupsClaim: %s", this.fraction.getDefaultGroupsClaim());
                wARArchive.addAsManifestResource(new StringAsset(this.fraction.getDefaultGroupsClaim()), "MP-JWT-DEFAULT-GROUPS-CLAIM");
            }
            if (this.fraction.getGroupsPath() != null) {
                log.debugf("groupsPath: %s", this.fraction.getGroupsPath());
                wARArchive.addAsManifestResource(new StringAsset(this.fraction.getGroupsPath()), "MP-JWT-GROUPS-PATH");
            }
            if (log.isTraceEnabled()) {
                log.trace("war: " + wARArchive.toString(true));
            }
            addFilterRegistrar();
            if (this.fraction.getRolesPropertiesMap() != null) {
                createRolePropertiesFileFromMap();
            }
        }
    }

    private void selectSecurityDomain(WARArchive wARArchive, String str) {
        wARArchive.findWebXmlAsset().setLoginConfig(MP_JWT_AUTH_METHOD, str);
        wARArchive.findJbossWebAsset().setSecurityDomain(str);
    }

    private void createRolePropertiesFileFromMap() {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : this.fraction.getRolesPropertiesMap().entrySet()) {
            sb.append(entry.getKey()).append('=').append(entry.getValue()).append('\n');
        }
        this.archive.add(new ByteArrayAsset(sb.toString().getBytes()), "WEB-INF/classes/autogenerated-roles.properties");
    }

    private void addFilterRegistrar() {
        WebXmlAsset findWebXmlAsset = this.archive.as(JAXRSArchive.class).findWebXmlAsset();
        String contextParam = findWebXmlAsset.getContextParam(RESTEASY_PROVIDERS);
        String name = JWTAuthorizationFilterRegistrar.class.getName();
        findWebXmlAsset.setContextParam(RESTEASY_PROVIDERS, new String[]{contextParam == null ? name : contextParam + "," + name});
    }
}
