package org.infinispan.server.configuration.security;

import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.configuration.Builder;
import org.infinispan.commons.configuration.attributes.AttributeSet;
import org.infinispan.server.security.KeycloakRoleDecoder;
import org.infinispan.server.security.ServerSecurityRealm;
import org.wildfly.security.auth.realm.token.TokenSecurityRealm;

/* loaded from: input_file:org/infinispan/server/configuration/security/TokenRealmConfigurationBuilder.class */
public class TokenRealmConfigurationBuilder implements Builder<TokenRealmConfiguration> {
    private final JwtConfigurationBuilder jwtConfiguration;
    private final OAuth2ConfigurationBuilder oauth2Configuration;
    private final RealmConfigurationBuilder realmBuilder;
    private TokenSecurityRealm securityRealm;
    private final TokenSecurityRealm.Builder tokenRealmBuilder = TokenSecurityRealm.builder();
    private final AttributeSet attributes = TokenRealmConfiguration.attributeDefinitionSet();

    public TokenRealmConfigurationBuilder(RealmConfigurationBuilder realmConfigurationBuilder) {
        this.realmBuilder = realmConfigurationBuilder;
        this.jwtConfiguration = new JwtConfigurationBuilder(realmConfigurationBuilder);
        this.oauth2Configuration = new OAuth2ConfigurationBuilder(realmConfigurationBuilder.realmsBuilder());
    }

    public JwtConfigurationBuilder jwtConfiguration() {
        return this.jwtConfiguration;
    }

    public OAuth2ConfigurationBuilder oauth2Configuration() {
        return this.oauth2Configuration;
    }

    public TokenRealmConfigurationBuilder name(String str) {
        this.attributes.attribute(TokenRealmConfiguration.NAME).set(str);
        return this;
    }

    public TokenRealmConfigurationBuilder authServerUrl(String str) {
        this.attributes.attribute(TokenRealmConfiguration.AUTH_SERVER_URL).set(str);
        return this;
    }

    public TokenRealmConfigurationBuilder clientId(String str) {
        this.attributes.attribute(TokenRealmConfiguration.CLIENT_ID).set(str);
        return this;
    }

    public TokenRealmConfigurationBuilder principalClaim(String str) {
        this.attributes.attribute(TokenRealmConfiguration.PRINCIPAL_CLAIM).set(str);
        return this;
    }

    public TokenSecurityRealm build() {
        if (this.securityRealm == null) {
            if (this.oauth2Configuration.isChanged() && this.jwtConfiguration.isChanged()) {
                throw new CacheConfigurationException("Cannot have both Oauth2 and JWT as validators");
            }
            if (!this.oauth2Configuration.isChanged() && !this.jwtConfiguration.isChanged()) {
                return null;
            }
            String str = (String) this.attributes.attribute(TokenRealmConfiguration.NAME).get();
            this.tokenRealmBuilder.validator(this.oauth2Configuration.isChanged() ? this.oauth2Configuration.getValidatorBuilder().build() : this.jwtConfiguration.getValidatorBuilder().build());
            this.securityRealm = this.tokenRealmBuilder.build();
            this.realmBuilder.addRealm(str, this.securityRealm, realmBuilder -> {
                realmBuilder.setRoleDecoder(new KeycloakRoleDecoder());
            });
            this.realmBuilder.addFeature(ServerSecurityRealm.Feature.TOKEN);
        }
        return this.securityRealm;
    }

    public void validate() {
        this.jwtConfiguration.validate();
        this.oauth2Configuration.validate();
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public TokenRealmConfiguration m91create() {
        return new TokenRealmConfiguration(this.jwtConfiguration.m57create(), this.oauth2Configuration.m75create(), this.attributes.protect());
    }

    public TokenRealmConfigurationBuilder read(TokenRealmConfiguration tokenRealmConfiguration) {
        this.attributes.read(tokenRealmConfiguration.attributes());
        this.jwtConfiguration.read(tokenRealmConfiguration.jwtConfiguration());
        this.oauth2Configuration.read(tokenRealmConfiguration.oauth2Configuration());
        return this;
    }
}
