package io.helidon.microprofile.security;

import io.helidon.common.context.Contexts;
import io.helidon.config.Config;
import io.helidon.microprofile.cdi.RuntimeStart;
import io.helidon.microprofile.server.JaxRsCdiExtension;
import io.helidon.microprofile.server.ServerCdiExtension;
import io.helidon.security.AuthenticationResponse;
import io.helidon.security.ProviderRequest;
import io.helidon.security.Security;
import io.helidon.security.integration.jersey.SecurityFeature;
import io.helidon.security.integration.webserver.WebSecurity;
import io.helidon.security.providers.abac.AbacProvider;
import io.helidon.security.spi.AuthenticationProvider;
import io.helidon.security.spi.AuthorizationProvider;
import io.helidon.webserver.Service;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Logger;
import javax.annotation.Priority;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Initialized;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.inject.spi.BeforeBeanDiscovery;
import javax.enterprise.inject.spi.Extension;

/* loaded from: input_file:io/helidon/microprofile/security/SecurityCdiExtension.class */
public class SecurityCdiExtension implements Extension {
    private static final Logger LOGGER = Logger.getLogger(SecurityCdiExtension.class.getName());
    private final AtomicReference<Security> security = new AtomicReference<>();
    private Security.Builder securityBuilder = Security.builder();
    private Config config;

    private void registerBean(@Observes BeforeBeanDiscovery beforeBeanDiscovery) {
        beforeBeanDiscovery.addAnnotatedType(SecurityProducer.class, "helidon-security-producer").add(ApplicationScoped.Literal.INSTANCE);
    }

    private void configure(@Observes @Priority(0) @RuntimeStart Config config) {
        this.config = config;
        this.securityBuilder.config(config.get("security"));
    }

    private void registerSecurity(@Observes @Priority(1000) @Initialized(ApplicationScoped.class) Object obj, BeanManager beanManager) {
        if (this.securityBuilder.noProvider(AuthenticationProvider.class)) {
            LOGGER.info("Authentication provider is missing from security configuration, but security extension for microprofile is enabled (requires providers configuration at key security.providers). Security will not have any valid authentication provider");
            this.securityBuilder.addAuthenticationProvider(this::failingAtnProvider);
        }
        if (this.securityBuilder.noProvider(AuthorizationProvider.class)) {
            LOGGER.info("Authorization provider is missing from security configuration, but security extension for microprofile is enabled (requires providers configuration at key security.providers). ABAC provider is configured for authorization.");
            this.securityBuilder.addAuthorizationProvider(AbacProvider.create());
        }
        Security build = this.securityBuilder.build();
        this.securityBuilder = null;
        if (!build.enabled()) {
            LOGGER.info("Security is disabled.");
            build = Security.builder().enabled(false).build();
        }
        Security security = build;
        Contexts.globalContext().register(security);
        JaxRsCdiExtension extension = beanManager.getExtension(JaxRsCdiExtension.class);
        ServerCdiExtension extension2 = beanManager.getExtension(ServerCdiExtension.class);
        Contexts.context().ifPresent(context -> {
            context.register(security);
        });
        Config config = this.config.get("security.jersey");
        if (((Boolean) config.get("enabled").asBoolean().orElse(true)).booleanValue()) {
            SecurityFeature build2 = SecurityFeature.builder(security).config(config).build();
            extension.applicationsToRun().forEach(jaxRsApplication -> {
                jaxRsApplication.resourceConfig().register(build2);
            });
        }
        Config config2 = this.config.get("security.web-server");
        if (config2.exists() && ((Boolean) config2.get("enabled").asBoolean().orElse(true)).booleanValue()) {
            extension2.serverRoutingBuilder().register(new Service[]{WebSecurity.create(security, this.config.get("security"))});
        }
        this.security.set(security);
    }

    private CompletionStage<AuthenticationResponse> failingAtnProvider(ProviderRequest providerRequest) {
        return CompletableFuture.completedFuture(AuthenticationResponse.failed("No provider configured"));
    }

    public Security.Builder securityBuilder() {
        if (null == this.securityBuilder) {
            throw new IllegalStateException("Security is already built, you cannot update the builder");
        }
        return this.securityBuilder;
    }

    public Optional<Security> security() {
        return Optional.ofNullable(this.security.get());
    }
}
