package org.wildfly.extras.creaper.commands.elytron.realm;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.wildfly.extras.creaper.core.ServerVersion;
import org.wildfly.extras.creaper.core.online.OnlineCommand;
import org.wildfly.extras.creaper.core.online.OnlineCommandContext;
import org.wildfly.extras.creaper.core.online.operations.Address;
import org.wildfly.extras.creaper.core.online.operations.Operations;
import org.wildfly.extras.creaper.core.online.operations.Values;
import org.wildfly.extras.creaper.core.online.operations.admin.Administration;

/* loaded from: input_file:org/wildfly/extras/creaper/commands/elytron/realm/AddTokenRealm.class */
public final class AddTokenRealm implements OnlineCommand {
    private final String name;
    private final Jwt jwt;
    private final Oauth2Introspection oauth2Introspection;
    private final String principalClaim;
    private final boolean replaceExisting;

    /* loaded from: input_file:org/wildfly/extras/creaper/commands/elytron/realm/AddTokenRealm$Builder.class */
    public static final class Builder {
        private final String name;
        private Jwt jwt;
        private Oauth2Introspection oauth2Introspection;
        private String principalClaim;
        private boolean replaceExisting;

        public Builder(String str) {
            if (str == null) {
                throw new IllegalArgumentException("Name of the token-realm must be specified as non null value");
            }
            if (str.isEmpty()) {
                throw new IllegalArgumentException("Name of the token-realm must not be empty value");
            }
            this.name = str;
        }

        public Builder jwt(Jwt jwt) {
            if (jwt == null) {
                throw new IllegalArgumentException("Jwt added to token-realm must not be null");
            }
            this.jwt = jwt;
            return this;
        }

        public Builder oauth2Introspection(Oauth2Introspection oauth2Introspection) {
            if (oauth2Introspection == null) {
                throw new IllegalArgumentException("OAuth2-introspection added to token-realm must not be null");
            }
            this.oauth2Introspection = oauth2Introspection;
            return this;
        }

        public Builder principalClaim(String str) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("Principal-claim must not be null and must have a minimum length of 1 character");
            }
            this.principalClaim = str;
            return this;
        }

        public Builder replaceExisting() {
            this.replaceExisting = true;
            return this;
        }

        public AddTokenRealm build() {
            if (this.jwt == null && this.oauth2Introspection == null) {
                throw new IllegalArgumentException("Jwt or oauth2-introspection must not be null");
            }
            if (this.jwt == null || this.oauth2Introspection == null) {
                return new AddTokenRealm(this);
            }
            throw new IllegalArgumentException("It is not possible to define both jwt and oauth2-introspection");
        }
    }

    /* loaded from: input_file:org/wildfly/extras/creaper/commands/elytron/realm/AddTokenRealm$Jwt.class */
    public static final class Jwt {
        private final List<String> issuer;
        private final List<String> audience;
        private final String publicKey;
        private final String keyStore;
        private final String certificate;

        private Jwt(JwtBuilder jwtBuilder) {
            this.issuer = jwtBuilder.issuer;
            this.audience = jwtBuilder.audience;
            this.publicKey = jwtBuilder.publicKey;
            this.keyStore = jwtBuilder.keyStore;
            this.certificate = jwtBuilder.certificate;
        }

        public List<String> getIssuer() {
            return this.issuer;
        }

        public List<String> getAudience() {
            return this.audience;
        }

        public String getPublicKey() {
            return this.publicKey;
        }

        public String getKeyStore() {
            return this.keyStore;
        }

        public String getCertificate() {
            return this.certificate;
        }
    }

    /* loaded from: input_file:org/wildfly/extras/creaper/commands/elytron/realm/AddTokenRealm$JwtBuilder.class */
    public static final class JwtBuilder {
        private List<String> issuer;
        private List<String> audience;
        private String publicKey;
        private String keyStore;
        private String certificate;

        public JwtBuilder addIssuer(String... strArr) {
            if (strArr == null) {
                throw new IllegalArgumentException("Issuer added to token-realm must not be null");
            }
            if (this.issuer == null) {
                this.issuer = new ArrayList();
            }
            Collections.addAll(this.issuer, strArr);
            return this;
        }

        public JwtBuilder addAudience(String... strArr) {
            if (strArr == null) {
                throw new IllegalArgumentException("Audience added to token-realm must not be null");
            }
            if (this.audience == null) {
                this.audience = new ArrayList();
            }
            Collections.addAll(this.audience, strArr);
            return this;
        }

        public JwtBuilder publicKey(String str) {
            this.publicKey = str;
            return this;
        }

        public JwtBuilder keyStore(String str) {
            this.keyStore = str;
            return this;
        }

        public JwtBuilder certificate(String str) {
            this.certificate = str;
            return this;
        }

        public Jwt build() {
            return new Jwt(this);
        }
    }

    /* loaded from: input_file:org/wildfly/extras/creaper/commands/elytron/realm/AddTokenRealm$Oauth2Introspection.class */
    public static final class Oauth2Introspection {
        private final String clientId;
        private final String clientSecret;
        private final String introspectionUrl;
        private final String clientSslContext;
        private final String hostNameVerificationPolicy;

        private Oauth2Introspection(Oauth2IntrospectionBuilder oauth2IntrospectionBuilder) {
            this.clientId = oauth2IntrospectionBuilder.clientId;
            this.clientSecret = oauth2IntrospectionBuilder.clientSecret;
            this.introspectionUrl = oauth2IntrospectionBuilder.introspectionUrl;
            this.clientSslContext = oauth2IntrospectionBuilder.clientSslContext;
            this.hostNameVerificationPolicy = oauth2IntrospectionBuilder.hostNameVerificationPolicy;
        }

        public String getClientId() {
            return this.clientId;
        }

        public String getClientSecret() {
            return this.clientSecret;
        }

        public String getIntrospectionUrl() {
            return this.introspectionUrl;
        }

        public String getClientSslContext() {
            return this.clientSslContext;
        }

        public String getHostNameVerificationPolicy() {
            return this.hostNameVerificationPolicy;
        }
    }

    /* loaded from: input_file:org/wildfly/extras/creaper/commands/elytron/realm/AddTokenRealm$Oauth2IntrospectionBuilder.class */
    public static final class Oauth2IntrospectionBuilder {
        private String clientId;
        private String clientSecret;
        private String introspectionUrl;
        private String clientSslContext;
        private String hostNameVerificationPolicy;

        public Oauth2IntrospectionBuilder clientId(String str) {
            this.clientId = str;
            return this;
        }

        public Oauth2IntrospectionBuilder clientSecret(String str) {
            this.clientSecret = str;
            return this;
        }

        public Oauth2IntrospectionBuilder introspectionUrl(String str) {
            this.introspectionUrl = str;
            return this;
        }

        public Oauth2IntrospectionBuilder clientSslContext(String str) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("Client-ssl-context added to token-realm must not be null and must have a minimum length of 1 character");
            }
            this.clientSslContext = str;
            return this;
        }

        public Oauth2IntrospectionBuilder hostNameVerificationPolicy(String str) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("Host-name-verification-policy added to token-realm must not be null and must have a minimum length of 1 character");
            }
            this.hostNameVerificationPolicy = str;
            return this;
        }

        public Oauth2Introspection build() {
            if (this.clientId == null || this.clientId.isEmpty()) {
                throw new IllegalArgumentException("Client-id must not be null and must have a minimum length of 1 character");
            }
            if (this.clientSecret == null || this.clientSecret.isEmpty()) {
                throw new IllegalArgumentException("Client-secret must not be null and must have at least 1 entry");
            }
            if (this.introspectionUrl == null || this.introspectionUrl.isEmpty()) {
                throw new IllegalArgumentException("Introspection-url must not be null and must have a minimum length of 1 character");
            }
            return new Oauth2Introspection(this);
        }
    }

    private AddTokenRealm(Builder builder) {
        this.name = builder.name;
        this.principalClaim = builder.principalClaim;
        this.jwt = builder.jwt;
        this.oauth2Introspection = builder.oauth2Introspection;
        this.replaceExisting = builder.replaceExisting;
    }

    public void apply(OnlineCommandContext onlineCommandContext) throws Exception {
        if (onlineCommandContext.version.lessThan(ServerVersion.VERSION_5_0_0)) {
            throw new AssertionError("Elytron is available since WildFly 11.");
        }
        Operations operations = new Operations(onlineCommandContext.client);
        Address and = Address.subsystem("elytron").and("token-realm", this.name);
        if (this.replaceExisting) {
            operations.removeIfExists(and);
            new Administration(onlineCommandContext.client).reloadIfRequired();
        }
        Values andOptional = this.jwt != null ? Values.empty().andListOptional(String.class, "issuer", this.jwt.getIssuer()).andListOptional(String.class, "audience", this.jwt.getAudience()).andOptional("public-key", this.jwt.getPublicKey()).andOptional("key-store", this.jwt.getKeyStore()).andOptional("certificate", this.jwt.getCertificate()) : null;
        operations.add(and, Values.empty().andOptional("principal-claim", this.principalClaim).andObjectOptional("jwt", andOptional).andObjectOptional("oauth2-introspection", this.oauth2Introspection != null ? Values.empty().and("client-id", this.oauth2Introspection.getClientId()).and("client-secret", this.oauth2Introspection.getClientSecret()).and("introspection-url", this.oauth2Introspection.getIntrospectionUrl()).andOptional("client-ssl-context", this.oauth2Introspection.getClientSslContext()).andOptional("host-name-verification-policy", this.oauth2Introspection.getHostNameVerificationPolicy()) : null));
    }
}
