package io.quarkus.elytron.security.oauth2.deployment;

import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
import io.quarkus.deployment.Feature;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.elytron.security.deployment.ElytronTokenMarkerBuildItem;
import io.quarkus.elytron.security.deployment.SecurityRealmBuildItem;
import io.quarkus.elytron.security.oauth2.runtime.OAuth2BuildTimeConfig;
import io.quarkus.elytron.security.oauth2.runtime.OAuth2Recorder;
import io.quarkus.elytron.security.oauth2.runtime.OAuth2RuntimeConfig;
import io.quarkus.elytron.security.oauth2.runtime.auth.OAuth2AuthMechanism;
import io.quarkus.security.identity.SecurityIdentityAugmentor;
import jakarta.enterprise.context.ApplicationScoped;

/* loaded from: input_file:io/quarkus/elytron/security/oauth2/deployment/OAuth2DeploymentProcessor.class */
class OAuth2DeploymentProcessor {
    private static final String REALM_NAME = "OAuth2";

    @BuildStep
    FeatureBuildItem feature() {
        return new FeatureBuildItem(Feature.SECURITY_OAUTH2);
    }

    @BuildStep
    ExtensionSslNativeSupportBuildItem activateSslNativeSupport() {
        return new ExtensionSslNativeSupportBuildItem(Feature.SECURITY_OAUTH2);
    }

    @BuildStep
    @Record(ExecutionTime.RUNTIME_INIT)
    AdditionalBeanBuildItem configureOauth2RealmAuthConfig(OAuth2Recorder oAuth2Recorder, OAuth2BuildTimeConfig oAuth2BuildTimeConfig, OAuth2RuntimeConfig oAuth2RuntimeConfig, BuildProducer<SecurityRealmBuildItem> buildProducer) throws Exception {
        if (!oAuth2BuildTimeConfig.enabled()) {
            return null;
        }
        buildProducer.produce(new SecurityRealmBuildItem(oAuth2Recorder.createRealm(oAuth2RuntimeConfig), REALM_NAME, (Runnable) null));
        return AdditionalBeanBuildItem.unremovableOf(OAuth2AuthMechanism.class);
    }

    @BuildStep
    ElytronTokenMarkerBuildItem marker(OAuth2BuildTimeConfig oAuth2BuildTimeConfig) {
        if (oAuth2BuildTimeConfig.enabled()) {
            return new ElytronTokenMarkerBuildItem();
        }
        return null;
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    SyntheticBeanBuildItem augmentor(OAuth2Recorder oAuth2Recorder, OAuth2BuildTimeConfig oAuth2BuildTimeConfig) {
        return SyntheticBeanBuildItem.configure(SecurityIdentityAugmentor.class).scope(ApplicationScoped.class).runtimeValue(oAuth2Recorder.augmentor(oAuth2BuildTimeConfig)).unremovable().done();
    }
}
