package org.wildfly.security.http.oidc;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.InputStream;
import java.util.concurrent.Callable;
import org.apache.http.client.HttpClient;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.http.oidc.Oidc;
import org.wildfly.security.jose.util.SystemPropertiesJsonParserFactory;
import org.wildfly.security.pem.Pem;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.class
 */
/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-http-oidc-1.15.16.Final.jar:org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.class */
public class OidcClientConfigurationBuilder {
    protected OidcClientConfiguration oidcClientConfiguration = new OidcClientConfiguration();

    protected OidcClientConfigurationBuilder() {
    }

    protected OidcClientConfiguration internalBuild(OidcJsonConfiguration oidcJsonConfiguration) {
        if (oidcJsonConfiguration.getAuthServerUrl() != null && oidcJsonConfiguration.getRealm() == null) {
            throw ElytronMessages.log.keycloakRealmMissing();
        }
        if (oidcJsonConfiguration.getRealm() != null) {
            this.oidcClientConfiguration.setRealm(oidcJsonConfiguration.getRealm());
        }
        String resource = oidcJsonConfiguration.getResource();
        String clientId = oidcJsonConfiguration.getClientId();
        if (resource == null && clientId == null) {
            throw ElytronMessages.log.resourceOrClientIdMustBeSet();
        }
        this.oidcClientConfiguration.setResource(resource);
        this.oidcClientConfiguration.setClientId(clientId);
        String realmKey = oidcJsonConfiguration.getRealmKey();
        if (realmKey != null) {
            try {
                this.oidcClientConfiguration.setPublicKeyLocator(new HardcodedPublicKeyLocator(Pem.parsePemPublicKey(CodePointIterator.ofString(realmKey))));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } else {
            this.oidcClientConfiguration.setPublicKeyLocator(new JWKPublicKeyLocator());
        }
        if (oidcJsonConfiguration.getSslRequired() != null) {
            this.oidcClientConfiguration.setSSLRequired(Oidc.SSLRequired.valueOf(oidcJsonConfiguration.getSslRequired().toUpperCase()));
        } else {
            this.oidcClientConfiguration.setSSLRequired(Oidc.SSLRequired.EXTERNAL);
        }
        if (oidcJsonConfiguration.getConfidentialPort() != -1) {
            this.oidcClientConfiguration.setConfidentialPort(oidcJsonConfiguration.getConfidentialPort());
        }
        if (oidcJsonConfiguration.getTokenStore() != null) {
            this.oidcClientConfiguration.setTokenStore(Oidc.TokenStore.valueOf(oidcJsonConfiguration.getTokenStore().toUpperCase()));
        } else {
            this.oidcClientConfiguration.setTokenStore(Oidc.TokenStore.SESSION);
        }
        if (oidcJsonConfiguration.getTokenCookiePath() != null) {
            this.oidcClientConfiguration.setOidcStateCookiePath(oidcJsonConfiguration.getTokenCookiePath());
        }
        if (oidcJsonConfiguration.getPrincipalAttribute() != null) {
            this.oidcClientConfiguration.setPrincipalAttribute(oidcJsonConfiguration.getPrincipalAttribute());
        }
        this.oidcClientConfiguration.setResourceCredentials(oidcJsonConfiguration.getCredentials());
        this.oidcClientConfiguration.setClientAuthenticator(ClientCredentialsProviderUtils.bootstrapClientAuthenticator(this.oidcClientConfiguration));
        this.oidcClientConfiguration.setPublicClient(oidcJsonConfiguration.isPublicClient());
        this.oidcClientConfiguration.setUseResourceRoleMappings(oidcJsonConfiguration.isUseResourceRoleMappings());
        this.oidcClientConfiguration.setUseRealmRoleMappings(oidcJsonConfiguration.isUseRealmRoleMappings());
        this.oidcClientConfiguration.setExposeToken(oidcJsonConfiguration.isExposeToken());
        if (oidcJsonConfiguration.isCors()) {
            this.oidcClientConfiguration.setCors(true);
            this.oidcClientConfiguration.setCorsMaxAge(oidcJsonConfiguration.getCorsMaxAge());
            this.oidcClientConfiguration.setCorsAllowedHeaders(oidcJsonConfiguration.getCorsAllowedHeaders());
            this.oidcClientConfiguration.setCorsAllowedMethods(oidcJsonConfiguration.getCorsAllowedMethods());
            this.oidcClientConfiguration.setCorsExposedHeaders(oidcJsonConfiguration.getCorsExposedHeaders());
        }
        if (oidcJsonConfiguration.isPkce()) {
            this.oidcClientConfiguration.setPkce(true);
        }
        this.oidcClientConfiguration.setBearerOnly(oidcJsonConfiguration.isBearerOnly());
        this.oidcClientConfiguration.setAutodetectBearerOnly(oidcJsonConfiguration.isAutodetectBearerOnly());
        this.oidcClientConfiguration.setEnableBasicAuth(oidcJsonConfiguration.isEnableBasicAuth());
        this.oidcClientConfiguration.setAlwaysRefreshToken(oidcJsonConfiguration.isAlwaysRefreshToken());
        this.oidcClientConfiguration.setRegisterNodeAtStartup(oidcJsonConfiguration.isRegisterNodeAtStartup());
        this.oidcClientConfiguration.setRegisterNodePeriod(oidcJsonConfiguration.getRegisterNodePeriod());
        this.oidcClientConfiguration.setTokenMinimumTimeToLive(oidcJsonConfiguration.getTokenMinimumTimeToLive());
        this.oidcClientConfiguration.setMinTimeBetweenJwksRequests(oidcJsonConfiguration.getMinTimeBetweenJwksRequests());
        this.oidcClientConfiguration.setPublicKeyCacheTtl(oidcJsonConfiguration.getPublicKeyCacheTtl());
        this.oidcClientConfiguration.setIgnoreOAuthQueryParameter(oidcJsonConfiguration.isIgnoreOAuthQueryParameter());
        this.oidcClientConfiguration.setRewriteRedirectRules(oidcJsonConfiguration.getRedirectRewriteRules());
        this.oidcClientConfiguration.setVerifyTokenAudience(oidcJsonConfiguration.isVerifyTokenAudience());
        if (realmKey == null && oidcJsonConfiguration.isBearerOnly() && (oidcJsonConfiguration.getAuthServerUrl() == null || oidcJsonConfiguration.getProviderUrl() == null)) {
            throw ElytronMessages.log.invalidConfigurationForBearerAuth();
        }
        if (oidcJsonConfiguration.getAuthServerUrl() == null && oidcJsonConfiguration.getProviderUrl() == null && (!this.oidcClientConfiguration.isBearerOnly() || realmKey == null)) {
            throw ElytronMessages.log.authServerUrlOrProviderUrlMustBeSet();
        }
        this.oidcClientConfiguration.setClient(createHttpClientProducer(oidcJsonConfiguration));
        this.oidcClientConfiguration.setAuthServerBaseUrl(oidcJsonConfiguration);
        this.oidcClientConfiguration.setProviderUrl(sanitizeProviderUrl(oidcJsonConfiguration.getProviderUrl()));
        if (oidcJsonConfiguration.getTurnOffChangeSessionIdOnLogin() != null) {
            this.oidcClientConfiguration.setTurnOffChangeSessionIdOnLogin(oidcJsonConfiguration.getTurnOffChangeSessionIdOnLogin().booleanValue());
        }
        this.oidcClientConfiguration.setTokenSignatureAlgorithm(oidcJsonConfiguration.getTokenSignatureAlgorithm());
        return this.oidcClientConfiguration;
    }

    private static String sanitizeProviderUrl(String str) {
        return (str == null || !str.endsWith("/")) ? str : str.substring(0, str.length() - 1);
    }

    private Callable<HttpClient> createHttpClientProducer(final OidcJsonConfiguration oidcJsonConfiguration) {
        return new Callable<HttpClient>() { // from class: org.wildfly.security.http.oidc.OidcClientConfigurationBuilder.1
            private HttpClient client;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public HttpClient call() {
                if (this.client == null) {
                    synchronized (OidcClientConfigurationBuilder.this.oidcClientConfiguration) {
                        if (this.client == null) {
                            this.client = new HttpClientBuilder().build(oidcJsonConfiguration);
                        }
                    }
                }
                return this.client;
            }
        };
    }

    public static OidcClientConfiguration build(InputStream inputStream) {
        return new OidcClientConfigurationBuilder().internalBuild(loadOidcJsonConfiguration(inputStream));
    }

    public static OidcJsonConfiguration loadOidcJsonConfiguration(InputStream inputStream) {
        ObjectMapper objectMapper = new ObjectMapper(new SystemPropertiesJsonParserFactory());
        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_DEFAULT);
        try {
            return (OidcJsonConfiguration) objectMapper.readValue(inputStream, OidcJsonConfiguration.class);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static OidcClientConfiguration build(OidcJsonConfiguration oidcJsonConfiguration) {
        return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration);
    }
}
