package org.keycloak.quarkus.runtime.configuration.mappers;

import io.quarkus.runtime.util.ClassPathUtils;
import io.quarkus.vertx.http.runtime.CertificateConfig;
import io.quarkus.vertx.http.runtime.options.TlsUtils;
import io.smallrye.config.ConfigSourceInterceptorContext;
import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.List;
import java.util.Optional;
import org.keycloak.common.crypto.FipsMode;
import org.keycloak.config.HttpOptions;
import org.keycloak.config.SecurityOptions;
import org.keycloak.quarkus.runtime.Environment;
import org.keycloak.quarkus.runtime.Messages;
import org.keycloak.quarkus.runtime.cli.PropertyException;
import org.keycloak.quarkus.runtime.configuration.Configuration;
import org.keycloak.quarkus.runtime.vault.FilesPlainTextVaultProviderFactory;

/* loaded from: input_file:org/keycloak/quarkus/runtime/configuration/mappers/HttpPropertyMappers.class */
public final class HttpPropertyMappers {
    private static final int MIN_MAX_THREADS = 50;
    private static final String QUARKUS_HTTPS_CERT_FILES = "quarkus.http.ssl.certificate.files";
    private static final String QUARKUS_HTTPS_CERT_KEY_FILES = "quarkus.http.ssl.certificate.key-files";
    private static final String QUARKUS_HTTPS_KEY_STORE_FILE = "quarkus.http.ssl.certificate.key-store-file";
    private static final String QUARKUS_HTTPS_TRUST_STORE_FILE = "quarkus.http.ssl.certificate.trust-store-file";
    private static final String QUARKUS_HTTPS_TRUST_STORE_FILE_TYPE = "quarkus.http.ssl.certificate.trust-store-file-type";
    private static final String QUARKUS_HTTPS_KEY_STORE_FILE_TYPE = "quarkus.http.ssl.certificate.key-store-file-type";

    private HttpPropertyMappers() {
    }

    public static PropertyMapper<?>[] getHttpPropertyMappers() {
        return new PropertyMapper[]{PropertyMapper.fromOption(HttpOptions.HTTP_ENABLED).to("quarkus.http.insecure-requests").transformer(HttpPropertyMappers::getHttpEnabledTransformer).build(), PropertyMapper.fromOption(HttpOptions.HTTP_SERVER_ENABLED).to("quarkus.http.host-enabled").build(), PropertyMapper.fromOption(HttpOptions.HTTP_HOST).to("quarkus.http.host").paramLabel("host").build(), PropertyMapper.fromOption(HttpOptions.HTTP_RELATIVE_PATH).to("quarkus.http.root-path").paramLabel("path").build(), PropertyMapper.fromOption(HttpOptions.HTTP_PORT).to("quarkus.http.port").paramLabel("port").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_PORT).to("quarkus.http.ssl-port").paramLabel("port").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CLIENT_AUTH).to("quarkus.http.ssl.client-auth").paramLabel("auth").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CIPHER_SUITES).to("quarkus.http.ssl.cipher-suites").paramLabel("ciphers").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_PROTOCOLS).to("quarkus.http.ssl.protocols").paramLabel("protocols").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CERTIFICATES_RELOAD_PERIOD).to("quarkus.http.ssl.certificate.reload-period").transformer((str, configSourceInterceptorContext) -> {
            if ("-1".equals(str)) {
                return null;
            }
            return str;
        }).paramLabel("reload period").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CERTIFICATE_FILE).to(QUARKUS_HTTPS_CERT_FILES).transformer(HttpPropertyMappers::transformPath).paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_CERTIFICATE_KEY_FILE).to(QUARKUS_HTTPS_CERT_KEY_FILES).transformer(HttpPropertyMappers::transformPath).paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_KEY_STORE_FILE.withRuntimeSpecificDefault(getDefaultKeystorePathValue())).to(QUARKUS_HTTPS_KEY_STORE_FILE).transformer(HttpPropertyMappers::transformPath).paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_KEY_STORE_PASSWORD).to("quarkus.http.ssl.certificate.key-store-password").paramLabel("password").isMasked(true).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_KEY_STORE_TYPE).mapFrom(SecurityOptions.FIPS_MODE, HttpPropertyMappers::resolveKeyStoreType).to(QUARKUS_HTTPS_KEY_STORE_FILE_TYPE).paramLabel("type").build(), PropertyMapper.fromOption(HttpOptions.HTTPS_TRUST_STORE_FILE).to(QUARKUS_HTTPS_TRUST_STORE_FILE).transformer(HttpPropertyMappers::transformPath).paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_TRUST_STORE_PASSWORD).to("quarkus.http.ssl.certificate.trust-store-password").paramLabel("password").isMasked(true).build(), PropertyMapper.fromOption(HttpOptions.HTTPS_TRUST_STORE_TYPE).mapFrom(SecurityOptions.FIPS_MODE, HttpPropertyMappers::resolveKeyStoreType).to(QUARKUS_HTTPS_TRUST_STORE_FILE_TYPE).transformer(HttpPropertyMappers::resolveKeyStoreType).paramLabel("type").build(), PropertyMapper.fromOption(HttpOptions.HTTP_MAX_QUEUED_REQUESTS).to("quarkus.thread-pool.queue-size").paramLabel("requests").build(), PropertyMapper.fromOption(HttpOptions.HTTP_POOL_MAX_THREADS).to("quarkus.thread-pool.max-threads").transformer(HttpPropertyMappers::resolveMaxThreads).paramLabel("threads").build(), PropertyMapper.fromOption(HttpOptions.HTTP_METRICS_HISTOGRAMS_ENABLED).isEnabled(MetricsPropertyMappers::metricsEnabled, MetricsPropertyMappers.METRICS_ENABLED_MSG).build(), PropertyMapper.fromOption(HttpOptions.HTTP_METRICS_SLOS).isEnabled(MetricsPropertyMappers::metricsEnabled, MetricsPropertyMappers.METRICS_ENABLED_MSG).paramLabel("list of buckets").build()};
    }

    public static void validateConfig() {
        boolean isHttpEnabled = isHttpEnabled(Configuration.getOptionalKcValue(HttpOptions.HTTP_ENABLED.getKey()).orElse(null));
        Optional<String> optionalValue = Configuration.getOptionalValue(QUARKUS_HTTPS_CERT_FILES);
        Optional<String> optionalValue2 = Configuration.getOptionalValue(QUARKUS_HTTPS_KEY_STORE_FILE);
        if (!isHttpEnabled && optionalValue.isEmpty() && optionalValue2.isEmpty()) {
            throw new PropertyException(Messages.httpsConfigurationNotSet());
        }
        CertificateConfig certificateConfig = new CertificateConfig();
        certificateConfig.trustStoreFile = Configuration.getOptionalValue(QUARKUS_HTTPS_TRUST_STORE_FILE).map(str -> {
            return Paths.get(str, new String[0]);
        });
        certificateConfig.trustStorePassword = Configuration.getOptionalKcValue(HttpOptions.HTTPS_TRUST_STORE_PASSWORD.getKey());
        certificateConfig.trustStoreFileType = Configuration.getOptionalValue(QUARKUS_HTTPS_TRUST_STORE_FILE_TYPE);
        certificateConfig.trustStoreProvider = Configuration.getOptionalValue("quarkus.http.ssl.certificate.trust-store-provider");
        certificateConfig.trustStoreCertAlias = Configuration.getOptionalValue("quarkus.http.ssl.certificate.trust-store-cert-alias");
        certificateConfig.trustStoreFiles = Optional.empty();
        certificateConfig.keyStoreFile = optionalValue2.map(str2 -> {
            return Paths.get(str2, new String[0]);
        });
        certificateConfig.keyStorePassword = Configuration.getOptionalKcValue(HttpOptions.HTTPS_KEY_STORE_PASSWORD.getKey());
        certificateConfig.keyStoreFileType = Configuration.getOptionalValue(QUARKUS_HTTPS_KEY_STORE_FILE_TYPE);
        certificateConfig.keyStoreProvider = Configuration.getOptionalValue("quarkus.http.ssl.certificate.key-store-provider");
        certificateConfig.keyStoreAlias = Configuration.getOptionalValue("quarkus.http.ssl.certificate.key-store-alias");
        certificateConfig.keyStoreAliasPassword = Configuration.getOptionalValue("quarkus.http.ssl.certificate.key-store-alias-password");
        certificateConfig.keyStoreAliasPasswordKey = Configuration.getOptionalValue("quarkus.http.ssl.certificate.key-store-alias-password-key");
        certificateConfig.keyStoreKeyAlias = Configuration.getOptionalValue("quarkus.http.ssl.certificate.key-store-key-alias");
        certificateConfig.keyFiles = Configuration.getOptionalValue(QUARKUS_HTTPS_CERT_KEY_FILES).map(str3 -> {
            return Paths.get(str3, new String[0]);
        }).map((v0) -> {
            return List.of(v0);
        });
        certificateConfig.files = optionalValue.map(str4 -> {
            return Paths.get(str4, new String[0]);
        }).map((v0) -> {
            return List.of(v0);
        });
        try {
            TlsUtils.computeTrustOptions(certificateConfig, certificateConfig.trustStorePassword);
            try {
                TlsUtils.computeKeyStoreOptions(certificateConfig, certificateConfig.keyStorePassword, certificateConfig.keyStoreAliasPassword);
            } catch (IOException e) {
                throw new PropertyException("Failed to load 'https-key-' material: " + e.getClass().getSimpleName() + " " + e.getMessage(), e);
            } catch (IllegalArgumentException e2) {
                if (!e2.getMessage().contains(QUARKUS_HTTPS_KEY_STORE_FILE_TYPE)) {
                    throw new PropertyException(e2.getMessage(), e2);
                }
                throw new PropertyException("Unable to determine 'https-key-store-type' automatically. Adjust the file extension or specify the property.", e2);
            }
        } catch (IOException e3) {
            throw new PropertyException("Failed to load 'https-trust-store' material: " + e3.getClass().getSimpleName() + " " + e3.getMessage(), e3);
        } catch (IllegalArgumentException e4) {
            if (!e4.getMessage().contains(QUARKUS_HTTPS_TRUST_STORE_FILE_TYPE)) {
                throw new PropertyException(e4.getMessage(), e4);
            }
            throw new PropertyException("Unable to determine 'https-trust-store-type' automatically. Adjust the file extension or specify the property.", e4);
        }
    }

    private static String transformPath(String str, ConfigSourceInterceptorContext configSourceInterceptorContext) {
        return str == null ? str : ClassPathUtils.toResourceName(Path.of(str, new String[0]));
    }

    private static String getHttpEnabledTransformer(String str, ConfigSourceInterceptorContext configSourceInterceptorContext) {
        return isHttpEnabled(str) ? "enabled" : "disabled";
    }

    private static boolean isHttpEnabled(String str) {
        if (Environment.isDevMode() || Environment.isNonServerMode()) {
            return true;
        }
        return Boolean.parseBoolean(str);
    }

    private static File getDefaultKeystorePathValue() {
        String homeDir = Environment.getHomeDir();
        if (homeDir == null) {
            return null;
        }
        File file = Paths.get(homeDir, "conf", "server.keystore").toFile();
        if (file.exists()) {
            return file;
        }
        return null;
    }

    private static String resolveKeyStoreType(String str, ConfigSourceInterceptorContext configSourceInterceptorContext) {
        if (FipsMode.STRICT.toString().equals(str)) {
            return "BCFKS";
        }
        return null;
    }

    private static String resolveMaxThreads(String str, ConfigSourceInterceptorContext configSourceInterceptorContext) {
        return str == null ? String.valueOf(Math.max(MIN_MAX_THREADS, 4 * Runtime.getRuntime().availableProcessors())) : str;
    }
}
