package org.keycloak.adapters;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.InputStream;
import java.util.concurrent.Callable;
import org.apache.http.client.HttpClient;
import org.jboss.logging.Logger;
import org.keycloak.adapters.authentication.ClientCredentialsProviderUtils;
import org.keycloak.adapters.authorization.PolicyEnforcer;
import org.keycloak.adapters.rotation.HardcodedPublicKeyLocator;
import org.keycloak.adapters.rotation.JWKPublicKeyLocator;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.common.util.PemUtils;
import org.keycloak.enums.TokenStore;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.SystemPropertiesJsonParserFactory;

/* loaded from: input_file:WEB-INF/lib/keycloak-adapter-core-6.0.1.jar:org/keycloak/adapters/KeycloakDeploymentBuilder.class */
public class KeycloakDeploymentBuilder {
    private static final Logger log = Logger.getLogger(KeycloakDeploymentBuilder.class);
    protected KeycloakDeployment deployment = new KeycloakDeployment();

    protected KeycloakDeploymentBuilder() {
    }

    protected KeycloakDeployment internalBuild(final AdapterConfig adapterConfig) {
        if (adapterConfig.getRealm() == null) {
            throw new RuntimeException("Must set 'realm' in config");
        }
        this.deployment.setRealm(adapterConfig.getRealm());
        String resource = adapterConfig.getResource();
        if (resource == null) {
            throw new RuntimeException("Must set 'resource' in config");
        }
        this.deployment.setResourceName(resource);
        String realmKey = adapterConfig.getRealmKey();
        if (realmKey != null) {
            try {
                this.deployment.setPublicKeyLocator(new HardcodedPublicKeyLocator(PemUtils.decodePublicKey(realmKey)));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } else {
            this.deployment.setPublicKeyLocator(new JWKPublicKeyLocator());
        }
        if (adapterConfig.getSslRequired() != null) {
            this.deployment.setSslRequired(SslRequired.valueOf(adapterConfig.getSslRequired().toUpperCase()));
        } else {
            this.deployment.setSslRequired(SslRequired.EXTERNAL);
        }
        if (adapterConfig.getConfidentialPort() != -1) {
            this.deployment.setConfidentialPort(adapterConfig.getConfidentialPort());
        }
        if (adapterConfig.getTokenStore() != null) {
            this.deployment.setTokenStore(TokenStore.valueOf(adapterConfig.getTokenStore().toUpperCase()));
        } else {
            this.deployment.setTokenStore(TokenStore.SESSION);
        }
        if (adapterConfig.getTokenCookiePath() != null) {
            this.deployment.setAdapterStateCookiePath(adapterConfig.getTokenCookiePath());
        }
        if (adapterConfig.getPrincipalAttribute() != null) {
            this.deployment.setPrincipalAttribute(adapterConfig.getPrincipalAttribute());
        }
        this.deployment.setResourceCredentials(adapterConfig.getCredentials());
        this.deployment.setClientAuthenticator(ClientCredentialsProviderUtils.bootstrapClientAuthenticator(this.deployment));
        this.deployment.setPublicClient(adapterConfig.isPublicClient());
        this.deployment.setUseResourceRoleMappings(adapterConfig.isUseResourceRoleMappings());
        this.deployment.setExposeToken(adapterConfig.isExposeToken());
        if (adapterConfig.isCors()) {
            this.deployment.setCors(true);
            this.deployment.setCorsMaxAge(adapterConfig.getCorsMaxAge());
            this.deployment.setCorsAllowedHeaders(adapterConfig.getCorsAllowedHeaders());
            this.deployment.setCorsAllowedMethods(adapterConfig.getCorsAllowedMethods());
            this.deployment.setCorsExposedHeaders(adapterConfig.getCorsExposedHeaders());
        }
        if (adapterConfig.isPkce()) {
            this.deployment.setPkce(true);
        }
        this.deployment.setBearerOnly(adapterConfig.isBearerOnly());
        this.deployment.setAutodetectBearerOnly(adapterConfig.isAutodetectBearerOnly());
        this.deployment.setEnableBasicAuth(adapterConfig.isEnableBasicAuth());
        this.deployment.setAlwaysRefreshToken(adapterConfig.isAlwaysRefreshToken());
        this.deployment.setRegisterNodeAtStartup(adapterConfig.isRegisterNodeAtStartup());
        this.deployment.setRegisterNodePeriod(adapterConfig.getRegisterNodePeriod());
        this.deployment.setTokenMinimumTimeToLive(adapterConfig.getTokenMinimumTimeToLive());
        this.deployment.setMinTimeBetweenJwksRequests(adapterConfig.getMinTimeBetweenJwksRequests());
        this.deployment.setPublicKeyCacheTtl(adapterConfig.getPublicKeyCacheTtl());
        this.deployment.setIgnoreOAuthQueryParameter(adapterConfig.isIgnoreOAuthQueryParameter());
        this.deployment.setRewriteRedirectRules(adapterConfig.getRedirectRewriteRules());
        this.deployment.setVerifyTokenAudience(adapterConfig.isVerifyTokenAudience());
        if (realmKey == null && adapterConfig.isBearerOnly() && adapterConfig.getAuthServerUrl() == null) {
            throw new IllegalArgumentException("For bearer auth, you must set the realm-public-key or auth-server-url");
        }
        if (realmKey == null || !this.deployment.isBearerOnly() || this.deployment.isSSLEnabled() || this.deployment.isEnableBasicAuth() || this.deployment.isRegisterNodeAtStartup() || this.deployment.getRegisterNodePeriod() != -1) {
            this.deployment.setClient(createHttpClientProducer(adapterConfig));
        }
        if (adapterConfig.getAuthServerUrl() == null && (!this.deployment.isBearerOnly() || realmKey == null)) {
            throw new RuntimeException("You must specify auth-server-url");
        }
        this.deployment.setAuthServerBaseUrl(adapterConfig);
        if (adapterConfig.getTurnOffChangeSessionIdOnLogin() != null) {
            this.deployment.setTurnOffChangeSessionIdOnLogin(adapterConfig.getTurnOffChangeSessionIdOnLogin().booleanValue());
        }
        if (adapterConfig.getPolicyEnforcerConfig() != null) {
            this.deployment.setPolicyEnforcer(new Callable<PolicyEnforcer>() { // from class: org.keycloak.adapters.KeycloakDeploymentBuilder.1
                PolicyEnforcer policyEnforcer;

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public PolicyEnforcer call() {
                    if (this.policyEnforcer == null) {
                        synchronized (KeycloakDeploymentBuilder.this.deployment) {
                            if (this.policyEnforcer == null) {
                                this.policyEnforcer = new PolicyEnforcer(KeycloakDeploymentBuilder.this.deployment, adapterConfig);
                            }
                        }
                    }
                    return this.policyEnforcer;
                }
            });
        }
        log.debug("Use authServerUrl: " + this.deployment.getAuthServerBaseUrl() + ", tokenUrl: " + this.deployment.getTokenUrl() + ", relativeUrls: " + this.deployment.getRelativeUrls());
        return this.deployment;
    }

    private Callable<HttpClient> createHttpClientProducer(final AdapterConfig adapterConfig) {
        return new Callable<HttpClient>() { // from class: org.keycloak.adapters.KeycloakDeploymentBuilder.2
            private HttpClient client;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public HttpClient call() {
                if (this.client == null) {
                    synchronized (KeycloakDeploymentBuilder.this.deployment) {
                        if (this.client == null) {
                            this.client = new HttpClientBuilder().build(adapterConfig);
                        }
                    }
                }
                return this.client;
            }
        };
    }

    public static KeycloakDeployment build(InputStream inputStream) {
        return new KeycloakDeploymentBuilder().internalBuild(loadAdapterConfig(inputStream));
    }

    public static AdapterConfig loadAdapterConfig(InputStream inputStream) {
        ObjectMapper objectMapper = new ObjectMapper(new SystemPropertiesJsonParserFactory());
        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_DEFAULT);
        try {
            return (AdapterConfig) objectMapper.readValue(inputStream, AdapterConfig.class);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static KeycloakDeployment build(AdapterConfig adapterConfig) {
        return new KeycloakDeploymentBuilder().internalBuild(adapterConfig);
    }
}
