package org.keycloak.quarkus.runtime.configuration.mappers;

import io.smallrye.config.ConfigSourceInterceptorContext;
import io.smallrye.config.ConfigValue;
import java.io.File;
import java.nio.file.Paths;
import java.util.Optional;
import java.util.function.BiFunction;
import org.keycloak.common.crypto.FipsMode;
import org.keycloak.config.HttpOptions;
import org.keycloak.config.SecurityOptions;
import org.keycloak.quarkus.runtime.Environment;
import org.keycloak.quarkus.runtime.Messages;
import org.keycloak.quarkus.runtime.integration.QuarkusPlatform;
import org.keycloak.quarkus.runtime.vault.FilesPlainTextVaultProviderFactory;

/* loaded from: input_file:org/keycloak/quarkus/runtime/configuration/mappers/HttpPropertyMappers.class */
final class HttpPropertyMappers {
    private static final String QUARKUS_HTTPS_CERT_FILES = "quarkus.http.ssl.certificate.files";
    private static final String QUARKUS_HTTPS_CERT_KEY_FILES = "quarkus.http.ssl.certificate.key-files";

    private HttpPropertyMappers() {
    }

    public static PropertyMapper<?>[] getHttpPropertyMappers() {
        return new PropertyMapper[]{PropertyMapper.fromOption(HttpOptions.HTTP_ENABLED).to("quarkus.http.insecure-requests").transformer(HttpPropertyMappers::getHttpEnabledTransformer).paramLabel(Boolean.TRUE + "|" + Boolean.FALSE).build(), PropertyMapper.fromOption(HttpOptions.HTTP_SERVER_ENABLED).to("quarkus.http.host-enabled").paramLabel(Boolean.TRUE + "|" + Boolean.FALSE).build(), PropertyMapper.fromOption(HttpOptions.HTTP_HOST).to("quarkus.http.host").paramLabel("host").build(), PropertyMapper.fromOption(HttpOptions.HTTP_RELATIVE_PATH).to("quarkus.http.root-path").paramLabel("path").build(), PropertyMapper.fromOption(HttpOptions.HTTP_PORT).to("quarkus.http.port").paramLabel("port").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_PORT).to("quarkus.http.ssl-port").paramLabel("port").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CLIENT_AUTH).to("quarkus.http.ssl.client-auth").paramLabel("auth").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CIPHER_SUITES).to("quarkus.http.ssl.cipher-suites").paramLabel("ciphers").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_PROTOCOLS).to("quarkus.http.ssl.protocols").paramLabel("protocols").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CERTIFICATE_FILE).to(QUARKUS_HTTPS_CERT_FILES).transformer(validatePath(QUARKUS_HTTPS_CERT_FILES)).paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CERTIFICATE_KEY_FILE).to(QUARKUS_HTTPS_CERT_KEY_FILES).transformer(validatePath(QUARKUS_HTTPS_CERT_KEY_FILES)).paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_KEY_STORE_FILE.withRuntimeSpecificDefault(getDefaultKeystorePathValue())).to("quarkus.http.ssl.certificate.key-store-file").paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_KEY_STORE_PASSWORD).to("quarkus.http.ssl.certificate.key-store-password").paramLabel("password").isMasked(true).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_KEY_STORE_TYPE).to("quarkus.http.ssl.certificate.key-store-file-type").mapFrom(SecurityOptions.FIPS_MODE.getKey()).transformer(HttpPropertyMappers::resolveKeyStoreType).paramLabel("type").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_TRUST_STORE_FILE).to("quarkus.http.ssl.certificate.trust-store-file").paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_TRUST_STORE_PASSWORD).to("quarkus.http.ssl.certificate.trust-store-password").paramLabel("password").isMasked(true).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_TRUST_STORE_TYPE).to("quarkus.http.ssl.certificate.trust-store-file-type").mapFrom(SecurityOptions.FIPS_MODE.getKey()).transformer(HttpPropertyMappers::resolveKeyStoreType).paramLabel("type").build(), PropertyMapper.fromOption(HttpOptions.HTTP_MAX_QUEUED_REQUESTS).to("quarkus.thread-pool.queue-size").paramLabel("requests").build(), PropertyMapper.fromOption(HttpOptions.HTTP_POOL_MAX_THREADS).to("quarkus.thread-pool.max-threads").paramLabel("threads").build()};
    }

    private static BiFunction<Optional<String>, ConfigSourceInterceptorContext, Optional<String>> validatePath(String str) {
        return (optional, configSourceInterceptorContext) -> {
            return Environment.isWindows() ? optional.filter(str2 -> {
                return str2.equals(configSourceInterceptorContext.proceed(str).getValue());
            }).map(str3 -> {
                return str3.replace("\\", "/");
            }) : optional;
        };
    }

    private static Optional<String> getHttpEnabledTransformer(Optional<String> optional, ConfigSourceInterceptorContext configSourceInterceptorContext) {
        boolean parseBoolean = Boolean.parseBoolean(optional.get());
        ConfigValue proceed = configSourceInterceptorContext.proceed("kc.proxy");
        if (Environment.isDevMode() || Environment.isImportExportMode() || (proceed != null && "edge".equalsIgnoreCase(proceed.getValue()))) {
            parseBoolean = true;
        }
        if (!parseBoolean) {
            ConfigValue proceed2 = configSourceInterceptorContext.proceed("kc.https-certificate-file");
            if (proceed2 == null || proceed2.getValue() == null) {
                proceed2 = PropertyMappers.getMapper("quarkus.http.ssl.certificate.key-store-file").getConfigValue(configSourceInterceptorContext);
            }
            if (proceed2 == null || proceed2.getValue() == null) {
                QuarkusPlatform.addInitializationException(Messages.httpsConfigurationNotSet());
            }
        }
        return Optional.of(parseBoolean ? "enabled" : "disabled");
    }

    private static File getDefaultKeystorePathValue() {
        String homeDir = Environment.getHomeDir();
        if (homeDir == null) {
            return null;
        }
        File file = Paths.get(homeDir, "conf", "server.keystore").toFile();
        if (file.exists()) {
            return file;
        }
        return null;
    }

    private static Optional<String> resolveKeyStoreType(Optional<String> optional, ConfigSourceInterceptorContext configSourceInterceptorContext) {
        if (optional.isPresent()) {
            try {
                return FipsMode.valueOfOption(optional.get()).equals(FipsMode.STRICT) ? Optional.of("BCFKS") : Optional.empty();
            } catch (IllegalArgumentException e) {
            }
        }
        return optional;
    }
}
