package org.keycloak.quarkus.deployment;

import io.quarkus.agroal.runtime.DataSourceJdbcBuildTimeConfig;
import io.quarkus.agroal.runtime.DataSourcesJdbcBuildTimeConfig;
import io.quarkus.agroal.runtime.TransactionIntegration;
import io.quarkus.agroal.runtime.health.DataSourceHealthCheck;
import io.quarkus.agroal.spi.JdbcDataSourceBuildItem;
import io.quarkus.agroal.spi.JdbcDriverBuildItem;
import io.quarkus.arc.deployment.AnnotationsTransformerBuildItem;
import io.quarkus.arc.deployment.BuildTimeConditionBuildItem;
import io.quarkus.bootstrap.logging.InitialConfigurator;
import io.quarkus.datasource.deployment.spi.DevServicesDatasourceResultBuildItem;
import io.quarkus.datasource.runtime.DataSourcesBuildTimeConfig;
import io.quarkus.deployment.IsDevelopment;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.Consume;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Produce;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.CombinedIndexBuildItem;
import io.quarkus.deployment.builditem.FeatureBuildItem;
import io.quarkus.deployment.builditem.GeneratedResourceBuildItem;
import io.quarkus.deployment.builditem.HotDeploymentWatchedFileBuildItem;
import io.quarkus.deployment.builditem.IndexDependencyBuildItem;
import io.quarkus.deployment.builditem.StaticInitConfigBuilderBuildItem;
import io.quarkus.hibernate.orm.deployment.HibernateOrmConfig;
import io.quarkus.hibernate.orm.deployment.PersistenceXmlDescriptorBuildItem;
import io.quarkus.hibernate.orm.deployment.integration.HibernateOrmIntegrationRuntimeConfiguredBuildItem;
import io.quarkus.hibernate.orm.deployment.spi.AdditionalJpaModelBuildItem;
import io.quarkus.narayana.jta.runtime.TransactionManagerBuildTimeConfig;
import io.quarkus.resteasy.reactive.server.spi.MethodScannerBuildItem;
import io.quarkus.runtime.configuration.ConfigurationException;
import io.quarkus.vertx.http.deployment.HttpRootPathBuildItem;
import io.quarkus.vertx.http.deployment.NonApplicationRootPathBuildItem;
import io.quarkus.vertx.http.deployment.RouteBuildItem;
import jakarta.persistence.Entity;
import jakarta.persistence.spi.PersistenceUnitTransactionType;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.jar.JarFile;
import java.util.logging.Handler;
import org.eclipse.microprofile.health.Readiness;
import org.hibernate.jpa.boot.internal.ParsedPersistenceXmlDescriptor;
import org.hibernate.jpa.boot.internal.PersistenceXmlParser;
import org.infinispan.protostream.SerializationContextInitializer;
import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationTransformation;
import org.jboss.jandex.ClassInfo;
import org.jboss.jandex.DotName;
import org.jboss.jandex.MethodInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.reactive.server.model.HandlerChainCustomizer;
import org.jboss.resteasy.reactive.server.processor.scanning.MethodScanner;
import org.keycloak.Config;
import org.keycloak.authentication.AuthenticatorSpi;
import org.keycloak.authentication.authenticators.browser.DeployedScriptAuthenticatorFactory;
import org.keycloak.authorization.policy.provider.PolicySpi;
import org.keycloak.authorization.policy.provider.js.DeployedScriptPolicyFactory;
import org.keycloak.common.Profile;
import org.keycloak.common.crypto.FipsMode;
import org.keycloak.common.util.MultiSiteUtils;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.config.DatabaseOptions;
import org.keycloak.config.HealthOptions;
import org.keycloak.config.HttpOptions;
import org.keycloak.config.ManagementOptions;
import org.keycloak.config.MetricsOptions;
import org.keycloak.config.SecurityOptions;
import org.keycloak.config.TracingOptions;
import org.keycloak.config.TransactionOptions;
import org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory;
import org.keycloak.connections.jpa.JpaConnectionProvider;
import org.keycloak.connections.jpa.JpaConnectionSpi;
import org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProviderFactory;
import org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider;
import org.keycloak.connections.jpa.util.JpaUtils;
import org.keycloak.policy.BlacklistPasswordPolicyProviderFactory;
import org.keycloak.protocol.ProtocolMapperSpi;
import org.keycloak.protocol.oidc.mappers.DeployedScriptOIDCProtocolMapper;
import org.keycloak.protocol.saml.mappers.DeployedScriptSAMLProtocolMapper;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.ProviderManager;
import org.keycloak.provider.Spi;
import org.keycloak.quarkus.runtime.Environment;
import org.keycloak.quarkus.runtime.KeycloakRecorder;
import org.keycloak.quarkus.runtime.Providers;
import org.keycloak.quarkus.runtime.cli.Picocli;
import org.keycloak.quarkus.runtime.configuration.Configuration;
import org.keycloak.quarkus.runtime.configuration.KeycloakConfigSourceProvider;
import org.keycloak.quarkus.runtime.configuration.MicroProfileConfigProvider;
import org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper;
import org.keycloak.quarkus.runtime.configuration.mappers.PropertyMappers;
import org.keycloak.quarkus.runtime.integration.resteasy.KeycloakHandlerChainCustomizer;
import org.keycloak.quarkus.runtime.integration.resteasy.KeycloakTracingCustomizer;
import org.keycloak.quarkus.runtime.services.health.KeycloakReadyHealthCheck;
import org.keycloak.quarkus.runtime.storage.database.jpa.NamedJpaConnectionProviderFactory;
import org.keycloak.quarkus.runtime.themes.FlatClasspathThemeResourceProviderFactory;
import org.keycloak.representations.provider.ScriptProviderDescriptor;
import org.keycloak.representations.provider.ScriptProviderMetadata;
import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.services.DefaultKeycloakSessionFactory;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.resources.LoadBalancerResource;
import org.keycloak.services.resources.admin.AdminRoot;
import org.keycloak.theme.ClasspathThemeProviderFactory;
import org.keycloak.theme.ClasspathThemeResourceProviderFactory;
import org.keycloak.theme.FolderThemeProviderFactory;
import org.keycloak.theme.JarThemeProviderFactory;
import org.keycloak.theme.ThemeResourceSpi;
import org.keycloak.transaction.JBossJtaTransactionManagerLookup;
import org.keycloak.userprofile.config.UPConfigUtils;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.StringUtil;
import org.keycloak.vault.FilesKeystoreVaultProviderFactory;
import org.keycloak.vault.FilesPlainTextVaultProviderFactory;

/* loaded from: input_file:org/keycloak/quarkus/deployment/KeycloakProcessor.class */
class KeycloakProcessor {
    private static final String JAR_FILE_SEPARATOR = "!/";
    private static final String KEYCLOAK_SCRIPTS_JSON_PATH = "META-INF/keycloak-scripts.json";
    private static final Logger logger = Logger.getLogger(KeycloakProcessor.class);
    private static final Map<String, Function<ScriptProviderMetadata, ProviderFactory>> DEPLOYEABLE_SCRIPT_PROVIDERS = new HashMap();
    private static final List<Class<? extends ProviderFactory>> IGNORED_PROVIDER_FACTORY = List.of(JBossJtaTransactionManagerLookup.class, DefaultJpaConnectionProviderFactory.class, DefaultLiquibaseConnectionProvider.class, FolderThemeProviderFactory.class, LiquibaseJpaUpdaterProviderFactory.class, FilesKeystoreVaultProviderFactory.class, FilesPlainTextVaultProviderFactory.class, BlacklistPasswordPolicyProviderFactory.class, ClasspathThemeResourceProviderFactory.class, JarThemeProviderFactory.class);

    private static ProviderFactory registerScriptAuthenticator(ScriptProviderMetadata scriptProviderMetadata) {
        return new DeployedScriptAuthenticatorFactory(scriptProviderMetadata);
    }

    private static ProviderFactory registerScriptPolicy(ScriptProviderMetadata scriptProviderMetadata) {
        return new DeployedScriptPolicyFactory(scriptProviderMetadata);
    }

    private static ProviderFactory registerScriptMapper(ScriptProviderMetadata scriptProviderMetadata) {
        return new DeployedScriptOIDCProtocolMapper(scriptProviderMetadata);
    }

    private static ProviderFactory registerSAMLScriptMapper(ScriptProviderMetadata scriptProviderMetadata) {
        return new DeployedScriptSAMLProtocolMapper(scriptProviderMetadata);
    }

    @BuildStep
    FeatureBuildItem getFeature() {
        return new FeatureBuildItem("keycloak");
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    @Produce(ConfigBuildItem.class)
    void initConfig(KeycloakRecorder keycloakRecorder) {
        Config.init(new MicroProfileConfigProvider());
        keycloakRecorder.initConfig();
    }

    @BuildStep
    @Consume(ConfigBuildItem.class)
    @Produce(ProfileBuildItem.class)
    @Record(ExecutionTime.STATIC_INIT)
    void configureProfile(KeycloakRecorder keycloakRecorder) {
        Profile currentOrCreateFeatureProfile = Environment.getCurrentOrCreateFeatureProfile();
        keycloakRecorder.configureProfile(currentOrCreateFeatureProfile.getName(), currentOrCreateFeatureProfile.getFeatures());
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    @Consume(ConfigBuildItem.class)
    void configureRedirectForRootPath(BuildProducer<RouteBuildItem> buildProducer, HttpRootPathBuildItem httpRootPathBuildItem, KeycloakRecorder keycloakRecorder) {
        Configuration.getOptionalKcValue(HttpOptions.HTTP_RELATIVE_PATH).filter(StringUtil::isNotBlank).filter(str -> {
            return !str.equals("/");
        }).ifPresent(str2 -> {
            buildProducer.produce(httpRootPathBuildItem.routeBuilder().route("/").handler(keycloakRecorder.getRedirectHandler(str2)).build());
        });
    }

    @BuildStep(onlyIf = {IsManagementEnabled.class})
    @Record(ExecutionTime.STATIC_INIT)
    @Consume(ConfigBuildItem.class)
    void configureManagementInterface(BuildProducer<RouteBuildItem> buildProducer, NonApplicationRootPathBuildItem nonApplicationRootPathBuildItem, KeycloakRecorder keycloakRecorder) {
        String str = (String) Configuration.getOptionalKcValue(ManagementOptions.HTTP_MANAGEMENT_RELATIVE_PATH).orElse("/");
        if (StringUtil.isNotBlank(str) && !str.equals("/")) {
            buildProducer.produce(nonApplicationRootPathBuildItem.routeBuilder().management().route("/").handler(keycloakRecorder.getRedirectHandler(str)).build());
        }
        buildProducer.produce(nonApplicationRootPathBuildItem.routeBuilder().management().route(str).handler(keycloakRecorder.getManagementHandler()).build());
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    @Consume(ConfigBuildItem.class)
    void configureTruststore(KeycloakRecorder keycloakRecorder) {
        keycloakRecorder.configureTruststore();
    }

    @BuildStep
    @Produce(CheckJdbcBuildStep.class)
    void checkJdbcDriver(BuildProducer<JdbcDriverBuildItem> buildProducer) {
        Optional optionalValue = Configuration.getOptionalValue("quarkus.datasource.jdbc.driver");
        if (optionalValue.isPresent()) {
            try {
                Class.forName((String) optionalValue.get(), false, Thread.currentThread().getContextClassLoader());
            } catch (ClassNotFoundException e) {
                throwConfigError(String.format("Unable to find the JDBC driver (%s). You need to install it.", optionalValue.get()));
            }
        }
    }

    @BuildStep
    @Produce(CheckMultipleDatasourcesBuildStep.class)
    void checkMultipleDatasourcesUseXA(TransactionManagerBuildTimeConfig transactionManagerBuildTimeConfig, DataSourcesBuildTimeConfig dataSourcesBuildTimeConfig, DataSourcesJdbcBuildTimeConfig dataSourcesJdbcBuildTimeConfig) {
        Set keySet = dataSourcesBuildTimeConfig.dataSources().keySet();
        if (keySet.size() > 1) {
            logger.infof("Multiple datasources are specified: %s", String.join(", ", keySet));
        }
        if (transactionManagerBuildTimeConfig.unsafeMultipleLastResources().orElse(TransactionManagerBuildTimeConfig.UnsafeMultipleLastResourcesMode.DEFAULT) != TransactionManagerBuildTimeConfig.UnsafeMultipleLastResourcesMode.FAIL) {
            return;
        }
        List list = keySet.stream().filter(str -> {
            return !Configuration.isKcPropertyTrue(TransactionOptions.getNamedTxXADatasource(str));
        }).filter(str2 -> {
            DataSourceJdbcBuildTimeConfig jdbc = ((DataSourcesJdbcBuildTimeConfig.DataSourceJdbcOuterNamedBuildTimeConfig) dataSourcesJdbcBuildTimeConfig.dataSources().get(str2)).jdbc();
            return jdbc.enabled() && jdbc.transactions() != TransactionIntegration.XA;
        }).toList();
        if (list.size() > 1) {
            throwConfigError("Multiple datasources are configured but more than 1 (%s) is using non-XA transactions. ".formatted(String.join(", ", list)) + "All the datasources except one must must be XA to be able to use Last Resource Commit Optimization (LRCO). Please update your configuration by setting --transaction-xa-enabled=true and/or --transaction-xa-enabled-<your-datasource-name>=true.");
        }
    }

    private void throwConfigError(String str) {
        InitialConfigurator.DELAYED_HANDLER.setBuildTimeHandlers(new Handler[0]);
        throw new ConfigurationException(str);
    }

    @BuildStep
    @Produce(UserProfileBuildItem.class)
    UserProfileBuildItem parseDefaultUserProfileConfig() {
        UPConfig parseSystemDefaultConfig = UPConfigUtils.parseSystemDefaultConfig();
        logger.debug("Parsing default configuration for the User Profile provider");
        return new UserProfileBuildItem(parseSystemDefaultConfig);
    }

    @BuildStep
    @Consume(ProfileBuildItem.class)
    @Record(ExecutionTime.STATIC_INIT)
    void setDefaultUserProfileConfig(KeycloakRecorder keycloakRecorder, UserProfileBuildItem userProfileBuildItem) {
        keycloakRecorder.setDefaultUserProfileConfiguration(userProfileBuildItem.getDefaultConfig());
    }

    @BuildStep
    @Record(ExecutionTime.RUNTIME_INIT)
    void configurePersistenceUnits(HibernateOrmConfig hibernateOrmConfig, List<PersistenceXmlDescriptorBuildItem> list, List<JdbcDataSourceBuildItem> list2, BuildProducer<AdditionalJpaModelBuildItem> buildProducer, CombinedIndexBuildItem combinedIndexBuildItem, BuildProducer<HibernateOrmIntegrationRuntimeConfiguredBuildItem> buildProducer2, KeycloakRecorder keycloakRecorder) {
        ParsedPersistenceXmlDescriptor parsedPersistenceXmlDescriptor = null;
        ArrayList arrayList = new ArrayList();
        Iterator<PersistenceXmlDescriptorBuildItem> it = list.iterator();
        while (it.hasNext()) {
            ParsedPersistenceXmlDescriptor parsedPersistenceXmlDescriptor2 = (ParsedPersistenceXmlDescriptor) it.next().getDescriptor();
            if ("keycloak-default".equals(parsedPersistenceXmlDescriptor2.getName())) {
                parsedPersistenceXmlDescriptor = parsedPersistenceXmlDescriptor2;
                configureDefaultPersistenceUnitProperties(parsedPersistenceXmlDescriptor, hibernateOrmConfig, getDefaultDataSource(list2));
                buildProducer2.produce(new HibernateOrmIntegrationRuntimeConfiguredBuildItem("keycloak", parsedPersistenceXmlDescriptor.getName()).setInitListener(keycloakRecorder.createDefaultUnitListener()));
            } else {
                buildProducer2.produce(new HibernateOrmIntegrationRuntimeConfiguredBuildItem("keycloak", parsedPersistenceXmlDescriptor2.getName()).setInitListener(keycloakRecorder.createUserDefinedUnitListener(parsedPersistenceXmlDescriptor2.getProperties().getProperty("hibernate.connection.datasource"))));
                arrayList.addAll(parsedPersistenceXmlDescriptor2.getManagedClassNames());
            }
        }
        if (parsedPersistenceXmlDescriptor == null) {
            throw new RuntimeException("No default persistence unit found.");
        }
        configureDefaultPersistenceUnitEntities(parsedPersistenceXmlDescriptor, combinedIndexBuildItem, arrayList);
    }

    @Consume.List({@Consume(CheckJdbcBuildStep.class), @Consume(CheckMultipleDatasourcesBuildStep.class)})
    @BuildStep
    void produceDefaultPersistenceUnit(BuildProducer<PersistenceXmlDescriptorBuildItem> buildProducer) {
        buildProducer.produce(new PersistenceXmlDescriptorBuildItem(PersistenceXmlParser.locateIndividualPersistenceUnit(Thread.currentThread().getContextClassLoader().getResource("default-persistence.xml"))));
    }

    private void configureDefaultPersistenceUnitProperties(ParsedPersistenceXmlDescriptor parsedPersistenceXmlDescriptor, HibernateOrmConfig hibernateOrmConfig, JdbcDataSourceBuildItem jdbcDataSourceBuildItem) {
        if (jdbcDataSourceBuildItem == null || !jdbcDataSourceBuildItem.isDefault()) {
            throw new RuntimeException("The server datasource must be the default datasource.");
        }
        Properties properties = parsedPersistenceXmlDescriptor.getProperties();
        Configuration.getOptionalKcValue(DatabaseOptions.DB_DIALECT.getKey()).ifPresent(str -> {
            properties.setProperty("hibernate.dialect", str);
        });
        Configuration.getOptionalKcValue(DatabaseOptions.DB_SCHEMA.getKey()).ifPresent(str2 -> {
            properties.setProperty("hibernate.default_schema", str2);
        });
        properties.setProperty("jakarta.persistence.transactionType", PersistenceUnitTransactionType.JTA.name());
        parsedPersistenceXmlDescriptor.setTransactionType(PersistenceUnitTransactionType.JTA);
        properties.setProperty("hibernate.query.startup_check", Boolean.FALSE.toString());
        for (Map.Entry entry : JpaUtils.loadSpecificNamedQueries(jdbcDataSourceBuildItem.getDbKind().toLowerCase()).entrySet()) {
            properties.setProperty("kc.query." + String.valueOf(entry.getKey()), entry.getValue().toString());
        }
        if (((Boolean) Configuration.getOptionalBooleanKcValue(DatabaseOptions.DB_SQL_JPA_DEBUG.getKey()).orElse(false)).booleanValue()) {
            properties.put("hibernate.use_sql_comments", "true");
        }
        Configuration.getOptionalKcValue(DatabaseOptions.DB_SQL_LOG_SLOW_QUERIES.getKey()).ifPresent(str3 -> {
            properties.put("hibernate.log_slow_query", str3);
        });
    }

    private void configureDefaultPersistenceUnitEntities(ParsedPersistenceXmlDescriptor parsedPersistenceXmlDescriptor, CombinedIndexBuildItem combinedIndexBuildItem, List<String> list) {
        Iterator it = combinedIndexBuildItem.getIndex().getAnnotations(DotName.createSimple(Entity.class.getName())).iterator();
        while (it.hasNext()) {
            String dotName = ((AnnotationInstance) it.next()).target().asClass().name().toString();
            if (!list.contains(dotName) && (!dotName.startsWith("org.keycloak") || dotName.startsWith("org.keycloak.testsuite"))) {
                parsedPersistenceXmlDescriptor.addClasses(new String[]{dotName});
            }
        }
    }

    @BuildStep
    @Consume(CryptoProviderInitBuildItem.class)
    @Produce(KeycloakSessionFactoryPreInitBuildItem.class)
    @Record(ExecutionTime.STATIC_INIT)
    void configureKeycloakSessionFactory(KeycloakRecorder keycloakRecorder, List<PersistenceXmlDescriptorBuildItem> list) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        for (Map.Entry<Spi, Map<Class<? extends Provider>, Map<String, ProviderFactory>>> entry : loadFactories(hashMap3).entrySet()) {
            Spi key = entry.getKey();
            checkProviders(key, entry.getValue(), hashMap2);
            Iterator<Map.Entry<Class<? extends Provider>, Map<String, ProviderFactory>>> it = entry.getValue().entrySet().iterator();
            while (it.hasNext()) {
                for (ProviderFactory providerFactory : it.next().getValue().values()) {
                    hashMap.computeIfAbsent(key, spi -> {
                        return new HashMap();
                    }).computeIfAbsent(key.getProviderClass(), cls -> {
                        return new HashMap();
                    }).put(providerFactory.getId(), providerFactory.getClass());
                }
            }
            if (key instanceof JpaConnectionSpi) {
                configureUserDefinedPersistenceUnits(list, hashMap, hashMap3, key);
            }
            if (key instanceof ThemeResourceSpi) {
                configureThemeResourceProviders(hashMap, key);
            }
        }
        keycloakRecorder.configSessionFactory(hashMap, hashMap2, hashMap3, loadThemesFromClassPath());
    }

    private List<ClasspathThemeProviderFactory.ThemesRepresentation> loadThemesFromClassPath() {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<URL> resources = Thread.currentThread().getContextClassLoader().getResources("META-INF/keycloak-themes.json");
            while (resources.hasMoreElements()) {
                arrayList.add((ClasspathThemeProviderFactory.ThemesRepresentation) JsonSerialization.readValue(resources.nextElement().openStream(), ClasspathThemeProviderFactory.ThemesRepresentation.class));
            }
            return arrayList;
        } catch (IOException e) {
            throw new RuntimeException("Failed to load themes", e);
        }
    }

    private void configureThemeResourceProviders(Map<Spi, Map<Class<? extends Provider>, Map<String, Class<? extends ProviderFactory>>>> map, Spi spi) {
        try {
            if (Thread.currentThread().getContextClassLoader().getResources("theme-resources").hasMoreElements()) {
                map.computeIfAbsent(spi, spi2 -> {
                    return new HashMap();
                }).computeIfAbsent(spi.getProviderClass(), cls -> {
                    return new HashMap();
                }).put("flat-classpath", FlatClasspathThemeResourceProviderFactory.class);
            }
        } catch (IOException e) {
            throw new RuntimeException("Failed to install default theme resource provider", e);
        }
    }

    private void configureUserDefinedPersistenceUnits(List<PersistenceXmlDescriptorBuildItem> list, Map<Spi, Map<Class<? extends Provider>, Map<String, Class<? extends ProviderFactory>>>> map, Map<String, ProviderFactory> map2, Spi spi) {
        String str = "keycloak-default";
        list.stream().map((v0) -> {
            return v0.getDescriptor();
        }).map((v0) -> {
            return v0.getName();
        }).filter(Predicate.not((v1) -> {
            return r1.equals(v1);
        })).forEach(str2 -> {
            NamedJpaConnectionProviderFactory namedJpaConnectionProviderFactory = new NamedJpaConnectionProviderFactory();
            namedJpaConnectionProviderFactory.setUnitName(str2);
            ((Map) ((Map) map.get(spi)).get(JpaConnectionProvider.class)).put(str2, NamedJpaConnectionProviderFactory.class);
            map2.put(str2, namedJpaConnectionProviderFactory);
        });
    }

    @BuildStep(onlyIfNot = {IsIntegrationTest.class})
    void configureConfigSources(BuildProducer<StaticInitConfigBuilderBuildItem> buildProducer) {
        buildProducer.produce(new StaticInitConfigBuilderBuildItem(KeycloakConfigSourceProvider.class.getName()));
    }

    @BuildStep(onlyIf = {IsIntegrationTest.class})
    void prepareTestEnvironment(BuildProducer<StaticInitConfigBuilderBuildItem> buildProducer, DevServicesDatasourceResultBuildItem devServicesDatasourceResultBuildItem) {
        buildProducer.produce(new StaticInitConfigBuilderBuildItem("org.keycloak.quarkus.runtime.configuration.test.TestKeycloakConfigSourceProvider"));
        if (devServicesDatasourceResultBuildItem == null || devServicesDatasourceResultBuildItem.getDefaultDatasource() == null) {
            return;
        }
        for (Map.Entry entry : devServicesDatasourceResultBuildItem.getDefaultDatasource().getConfigProperties().entrySet()) {
            PropertyMapper mapper = PropertyMappers.getMapper((String) entry.getKey());
            if (mapper != null) {
                String from = mapper.getFrom();
                if (!from.endsWith("db")) {
                    System.setProperty(from, (String) entry.getValue());
                }
            }
        }
    }

    @BuildStep(onlyIf = {IsReAugmentation.class})
    void persistBuildTimeProperties(BuildProducer<GeneratedResourceBuildItem> buildProducer) {
        Properties nonPersistedBuildTimeOptions = Picocli.getNonPersistedBuildTimeOptions();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                nonPersistedBuildTimeOptions.store(byteArrayOutputStream, " Auto-generated, DO NOT change this file");
                buildProducer.produce(new GeneratedResourceBuildItem("META-INF/keycloak-persisted.properties", byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.close();
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Failed to persist configuration", e);
        }
    }

    @BuildStep
    void index(BuildProducer<IndexDependencyBuildItem> buildProducer) {
        buildProducer.produce(new IndexDependencyBuildItem("org.liquibase", "liquibase-core"));
        buildProducer.produce(new IndexDependencyBuildItem("org.keycloak", "keycloak-services"));
    }

    @BuildStep
    @Consume(CheckJdbcBuildStep.class)
    void indexJpaStore(BuildProducer<IndexDependencyBuildItem> buildProducer) {
        buildProducer.produce(new IndexDependencyBuildItem("org.keycloak", "keycloak-model-jpa"));
    }

    @BuildStep
    void disableHealthCheckBean(BuildProducer<BuildTimeConditionBuildItem> buildProducer, CombinedIndexBuildItem combinedIndexBuildItem) {
        if (isHealthEnabled() && isMetricsEnabled()) {
            return;
        }
        buildProducer.produce(new BuildTimeConditionBuildItem(combinedIndexBuildItem.getIndex().getClassByName(DotName.createSimple(KeycloakReadyHealthCheck.class.getName())).asClass(), false));
    }

    @BuildStep
    AnnotationsTransformerBuildItem disableDefaultDataSourceHealthCheck() {
        return new AnnotationsTransformerBuildItem(AnnotationTransformation.forClasses().whenClass(classInfo -> {
            return classInfo.name().equals(DotName.createSimple(DataSourceHealthCheck.class));
        }).transform(transformationContext -> {
            transformationContext.remove(annotationInstance -> {
                return annotationInstance.name().equals(DotName.createSimple(Readiness.class));
            });
        }));
    }

    @BuildStep
    void configureResteasy(CombinedIndexBuildItem combinedIndexBuildItem, BuildProducer<BuildTimeConditionBuildItem> buildProducer, BuildProducer<MethodScannerBuildItem> buildProducer2) {
        if (!Profile.isFeatureEnabled(Profile.Feature.ADMIN_API)) {
            buildProducer.produce(new BuildTimeConditionBuildItem(combinedIndexBuildItem.getIndex().getClassByName(DotName.createSimple(AdminRoot.class.getName())), false));
        }
        if (!MultiSiteUtils.isMultiSiteEnabled()) {
            buildProducer.produce(new BuildTimeConditionBuildItem(combinedIndexBuildItem.getIndex().getClassByName(DotName.createSimple(LoadBalancerResource.class.getName())), false));
        }
        final ArrayList arrayList = new ArrayList();
        arrayList.add(new KeycloakHandlerChainCustomizer());
        if (Configuration.isTrue(TracingOptions.TRACING_ENABLED)) {
            arrayList.add(new KeycloakTracingCustomizer());
        }
        buildProducer2.produce(new MethodScannerBuildItem(new MethodScanner() { // from class: org.keycloak.quarkus.deployment.KeycloakProcessor.1
            public List<HandlerChainCustomizer> scan(MethodInfo methodInfo, ClassInfo classInfo, Map<String, Object> map) {
                return arrayList;
            }
        }));
    }

    @BuildStep
    @Consume(ProfileBuildItem.class)
    @Produce(CryptoProviderInitBuildItem.class)
    @Record(ExecutionTime.STATIC_INIT)
    void setCryptoProvider(KeycloakRecorder keycloakRecorder) {
        FipsMode fipsMode = (FipsMode) Configuration.getOptionalValue("kc." + SecurityOptions.FIPS_MODE.getKey()).map(FipsMode::valueOfOption).orElse(FipsMode.DISABLED);
        if (Profile.isFeatureEnabled(Profile.Feature.FIPS) && !fipsMode.isFipsEnabled()) {
            fipsMode = FipsMode.NON_STRICT;
        } else if (fipsMode.isFipsEnabled() && !Profile.isFeatureEnabled(Profile.Feature.FIPS)) {
            throw new RuntimeException("FIPS mode cannot be enabled without enabling the FIPS feature --features=fips");
        }
        keycloakRecorder.setCryptoProvider(fipsMode);
    }

    @BuildStep(onlyIf = {IsDevelopment.class})
    void configureDevMode(BuildProducer<HotDeploymentWatchedFileBuildItem> buildProducer) {
        buildProducer.produce(new HotDeploymentWatchedFileBuildItem("META-INF/keycloak.conf"));
    }

    @BuildStep
    @Record(ExecutionTime.STATIC_INIT)
    void configureProtoStreamSchemas(KeycloakRecorder keycloakRecorder) {
        keycloakRecorder.configureProtoStreamSchemas(ServiceLoader.load(SerializationContextInitializer.class).stream().map((v0) -> {
            return v0.get();
        }).toList());
    }

    private Map<Spi, Map<Class<? extends Provider>, Map<String, ProviderFactory>>> loadFactories(Map<String, ProviderFactory> map) {
        Config.init(new MicroProfileConfigProvider());
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        ProviderManager providerManager = Providers.getProviderManager(contextClassLoader);
        HashMap hashMap = new HashMap();
        for (Spi spi : providerManager.loadSpis()) {
            HashMap hashMap2 = new HashMap();
            ArrayList<ProviderFactory> arrayList = new ArrayList();
            String provider = Config.getProvider(spi.getName());
            if (provider == null) {
                arrayList.addAll(providerManager.load(spi));
            } else {
                ProviderFactory load = providerManager.load(spi, provider);
                if (load != null) {
                    arrayList.add(load);
                }
            }
            Map<String, ProviderFactory<?>> loadDeployedScriptProviders = loadDeployedScriptProviders(contextClassLoader, spi);
            arrayList.addAll(loadDeployedScriptProviders.values());
            map.putAll(loadDeployedScriptProviders);
            for (ProviderFactory providerFactory : arrayList) {
                if (!IGNORED_PROVIDER_FACTORY.contains(providerFactory.getClass())) {
                    if (isEnabled(providerFactory, Config.scope(new String[]{spi.getName(), providerFactory.getId()}))) {
                        if (spi.isInternal() && !isInternal(providerFactory)) {
                            ServicesLogger.LOGGER.spiMayChange(providerFactory.getId(), providerFactory.getClass().getName(), spi.getName());
                        }
                        ((Map) hashMap2.computeIfAbsent(spi.getProviderClass(), cls -> {
                            return new HashMap();
                        })).put(providerFactory.getId(), providerFactory);
                    } else {
                        logger.debugv("SPI {0} provider {1} disabled", spi.getName(), providerFactory.getId());
                    }
                }
            }
            hashMap.put(spi, hashMap2);
        }
        return hashMap;
    }

    private Map<String, ProviderFactory<?>> loadDeployedScriptProviders(ClassLoader classLoader, Spi spi) {
        HashMap hashMap = new HashMap();
        if (supportsDeployeableScripts(spi)) {
            try {
                Enumeration<URL> resources = classLoader.getResources(KEYCLOAK_SCRIPTS_JSON_PATH);
                while (resources.hasMoreElements()) {
                    URL nextElement = resources.nextElement();
                    List<ScriptProviderDescriptor> scriptProviderDescriptorsFromJarFile = getScriptProviderDescriptorsFromJarFile(nextElement);
                    if (!Environment.isDistribution()) {
                        scriptProviderDescriptorsFromJarFile = new ArrayList(scriptProviderDescriptorsFromJarFile);
                        scriptProviderDescriptorsFromJarFile.addAll(getScriptProviderDescriptorsFromClassPath(nextElement));
                    }
                    Iterator<ScriptProviderDescriptor> it = scriptProviderDescriptorsFromJarFile.iterator();
                    while (it.hasNext()) {
                        for (Map.Entry entry : it.next().getProviders().entrySet()) {
                            if (isScriptForSpi(spi, (String) entry.getKey())) {
                                for (ScriptProviderMetadata scriptProviderMetadata : (List) entry.getValue()) {
                                    hashMap.put(scriptProviderMetadata.getId(), DEPLOYEABLE_SCRIPT_PROVIDERS.get(entry.getKey()).apply(scriptProviderMetadata));
                                }
                            }
                        }
                    }
                }
            } catch (IOException e) {
                throw new RuntimeException("Failed to discover script providers", e);
            }
        }
        return hashMap;
    }

    private List<ScriptProviderDescriptor> getScriptProviderDescriptorsFromClassPath(URL url) throws IOException {
        if (!url.getFile().endsWith(".json")) {
            return List.of();
        }
        ArrayList arrayList = new ArrayList();
        InputStream openStream = url.openStream();
        try {
            ScriptProviderDescriptor scriptProviderDescriptor = (ScriptProviderDescriptor) JsonSerialization.readValue(openStream, ScriptProviderDescriptor.class);
            configureScriptDescriptor(scriptProviderDescriptor, str -> {
                try {
                    return Path.of(url.getPath(), new String[0]).getParent().getParent().resolve(str).toUri().toURL().openStream();
                } catch (IOException e) {
                    throw new RuntimeException("Failed to read script file from: " + str);
                }
            });
            arrayList.add(scriptProviderDescriptor);
            if (openStream != null) {
                openStream.close();
            }
            return arrayList;
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private List<ScriptProviderDescriptor> getScriptProviderDescriptorsFromJarFile(URL url) throws IOException {
        String file = url.getFile();
        if (!file.contains(JAR_FILE_SEPARATOR)) {
            return List.of();
        }
        ArrayList arrayList = new ArrayList();
        JarFile jarFile = new JarFile(file.substring("file:".length(), file.indexOf(JAR_FILE_SEPARATOR)));
        try {
            InputStream inputStream = jarFile.getInputStream(jarFile.getJarEntry(KEYCLOAK_SCRIPTS_JSON_PATH));
            try {
                ScriptProviderDescriptor scriptProviderDescriptor = (ScriptProviderDescriptor) JsonSerialization.readValue(inputStream, ScriptProviderDescriptor.class);
                configureScriptDescriptor(scriptProviderDescriptor, str -> {
                    try {
                        return jarFile.getInputStream(jarFile.getJarEntry(str));
                    } catch (IOException e) {
                        throw new RuntimeException("Failed to read script file from file: " + str, e);
                    }
                });
                arrayList.add(scriptProviderDescriptor);
                if (inputStream != null) {
                    inputStream.close();
                }
                jarFile.close();
                return arrayList;
            } finally {
            }
        } catch (Throwable th) {
            try {
                jarFile.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static void configureScriptDescriptor(ScriptProviderDescriptor scriptProviderDescriptor, Function<String, InputStream> function) throws IOException {
        Iterator it = scriptProviderDescriptor.getProviders().values().iterator();
        while (it.hasNext()) {
            for (ScriptProviderMetadata scriptProviderMetadata : (List) it.next()) {
                String fileName = scriptProviderMetadata.getFileName();
                if (fileName == null) {
                    throw new RuntimeException("You must provide the script file name");
                }
                InputStream apply = function.apply(fileName);
                try {
                    scriptProviderMetadata.setCode(StreamUtil.readString(apply, StandardCharsets.UTF_8));
                    if (apply != null) {
                        apply.close();
                    }
                    scriptProviderMetadata.setId("script-" + fileName);
                    String name = scriptProviderMetadata.getName();
                    if (name == null) {
                        name = fileName;
                    }
                    scriptProviderMetadata.setName(name);
                } catch (Throwable th) {
                    if (apply != null) {
                        try {
                            apply.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        }
    }

    private boolean isScriptForSpi(Spi spi, String str) {
        if ((spi instanceof ProtocolMapperSpi) && ("mappers".equals(str) || "saml-mappers".equals(str))) {
            return true;
        }
        if ((spi instanceof PolicySpi) && "policies".equals(str)) {
            return true;
        }
        return (spi instanceof AuthenticatorSpi) && "authenticators".equals(str);
    }

    private boolean supportsDeployeableScripts(Spi spi) {
        return (spi instanceof ProtocolMapperSpi) || (spi instanceof PolicySpi) || (spi instanceof AuthenticatorSpi);
    }

    private boolean isEnabled(ProviderFactory providerFactory, Config.Scope scope) {
        if (!scope.getBoolean("enabled", true).booleanValue()) {
            return false;
        }
        if (providerFactory instanceof EnvironmentDependentProviderFactory) {
            return ((EnvironmentDependentProviderFactory) providerFactory).isSupported(scope);
        }
        return true;
    }

    private boolean isInternal(ProviderFactory<?> providerFactory) {
        String name = providerFactory.getClass().getPackage().getName();
        return name.startsWith("org.keycloak") && !name.startsWith("org.keycloak.examples");
    }

    private void checkProviders(Spi spi, Map<Class<? extends Provider>, Map<String, ProviderFactory>> map, Map<Class<? extends Provider>, String> map2) {
        String provider = Config.getProvider(spi.getName());
        if (provider == null) {
            String resolveDefaultProvider = DefaultKeycloakSessionFactory.resolveDefaultProvider(map.get(spi.getProviderClass()), spi);
            if (resolveDefaultProvider != null) {
                map2.put(spi.getProviderClass(), resolveDefaultProvider);
                return;
            }
            return;
        }
        Map<String, ProviderFactory> map3 = map.get(spi.getProviderClass());
        if (map3 == null || map3.get(provider) == null) {
            throw new RuntimeException("Failed to find provider " + provider + " for " + spi.getName());
        }
        map2.put(spi.getProviderClass(), provider);
    }

    private boolean isMetricsEnabled() {
        return Configuration.isTrue(MetricsOptions.METRICS_ENABLED);
    }

    private boolean isHealthEnabled() {
        return Configuration.isTrue(HealthOptions.HEALTH_ENABLED);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JdbcDataSourceBuildItem getDefaultDataSource(List<JdbcDataSourceBuildItem> list) {
        for (JdbcDataSourceBuildItem jdbcDataSourceBuildItem : list) {
            if (jdbcDataSourceBuildItem.isDefault()) {
                return jdbcDataSourceBuildItem;
            }
        }
        throw new RuntimeException("No default datasource found. The server datasource must be the default datasource.");
    }

    static {
        DEPLOYEABLE_SCRIPT_PROVIDERS.put("authenticators", KeycloakProcessor::registerScriptAuthenticator);
        DEPLOYEABLE_SCRIPT_PROVIDERS.put("policies", KeycloakProcessor::registerScriptPolicy);
        DEPLOYEABLE_SCRIPT_PROVIDERS.put("mappers", KeycloakProcessor::registerScriptMapper);
        DEPLOYEABLE_SCRIPT_PROVIDERS.put("saml-mappers", KeycloakProcessor::registerSAMLScriptMapper);
    }
}
