package io.smallrye.jwt.config;

import io.smallrye.jwt.KeyFormat;
import io.smallrye.jwt.SmallryeJwtUtils;
import io.smallrye.jwt.algorithm.KeyEncryptionAlgorithm;
import io.smallrye.jwt.algorithm.SignatureAlgorithm;
import io.smallrye.jwt.auth.principal.JWTAuthContextInfo;
import io.smallrye.jwt.util.ResourceUtils;
import java.io.IOException;
import java.util.Optional;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Dependent;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.config.Names;

@Dependent
/* loaded from: input_file:io/smallrye/jwt/config/JWTAuthContextInfoProvider.class */
public class JWTAuthContextInfoProvider {
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String BEARER_SCHEME = "Bearer";
    private static final String NONE = "NONE";
    private static final String DEFAULT_GROUPS_SEPARATOR = " ";

    @Inject
    @ConfigProperty(name = Names.VERIFIER_PUBLIC_KEY, defaultValue = "NONE")
    private String mpJwtPublicKey;

    @Inject
    @ConfigProperty(name = Names.VERIFIER_PUBLIC_KEY_ALGORITHM)
    private Optional<SignatureAlgorithm> mpJwtPublicKeyAlgorithm;

    @Inject
    @ConfigProperty(name = Names.ISSUER, defaultValue = "NONE")
    private String mpJwtIssuer;

    @Inject
    @ConfigProperty(name = Names.VERIFIER_PUBLIC_KEY_LOCATION, defaultValue = "NONE")
    private String mpJwtLocation;

    @Inject
    @ConfigProperty(name = Names.DECRYPTOR_KEY_LOCATION, defaultValue = "NONE")
    private String mpJwtDecryptKeyLocation;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.verify.key.location", defaultValue = "NONE")
    private String verifyKeyLocation;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.decrypt.key.location", defaultValue = "NONE")
    private String decryptionKeyLocation;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.decrypt.algorithm", defaultValue = "RSA_OAEP")
    private KeyEncryptionAlgorithm keyEncryptionAlgorithm;

    @Inject
    @ConfigProperty(name = Names.TOKEN_HEADER)
    private Optional<String> mpJwtTokenHeader;

    @Inject
    @ConfigProperty(name = Names.TOKEN_COOKIE)
    private Optional<String> mpJwtTokenCookie;

    @Inject
    @ConfigProperty(name = Names.AUDIENCES)
    Optional<Set<String>> mpJwtVerifyAudiences;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.token.header")
    @Deprecated
    private Optional<String> tokenHeader;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.token.cookie")
    @Deprecated
    private Optional<String> tokenCookie;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.always-check-authorization", defaultValue = "false")
    private boolean alwaysCheckAuthorization;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.token.kid")
    private Optional<String> tokenKeyId;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.token.decryption.kid")
    private Optional<String> tokenDecryptionKeyId;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.token.schemes", defaultValue = "Bearer")
    private String tokenSchemes;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.claims.sub")
    private Optional<String> defaultSubClaim;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.path.sub")
    private Optional<String> subPath;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.claims.groups")
    private Optional<String> defaultGroupsClaim;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.path.groups")
    private Optional<String> groupsPath;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.groups-separator", defaultValue = " ")
    private String groupsSeparator;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.expiration.grace", defaultValue = "60")
    private int expGracePeriodSecs;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.time-to-live")
    Optional<Long> maxTimeToLiveSecs;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.jwks.refresh-interval", defaultValue = "60")
    private int jwksRefreshInterval;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.jwks.forced-refresh-interval", defaultValue = "30")
    private int forcedJwksRefreshInterval;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.verify.algorithm")
    @Deprecated
    private Optional<SignatureAlgorithm> signatureAlgorithm;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.verify.certificateThumbprint", defaultValue = "false")
    private boolean verifyCertificateThumbprint;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.verify.key-format", defaultValue = "ANY")
    private KeyFormat keyFormat;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.verify.aud")
    @Deprecated
    Optional<Set<String>> expectedAudience;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.required.claims")
    Optional<Set<String>> requiredClaims;

    @Inject
    @ConfigProperty(name = "smallrye.jwt.require.named-principal", defaultValue = "true")
    private Optional<Boolean> requireNamedPrincipal = Optional.of(Boolean.TRUE);

    @Inject
    @ConfigProperty(name = "smallrye.jwt.verify.relax-key-validation", defaultValue = "true")
    private boolean relaxVerificationKeyValidation = true;

    public static JWTAuthContextInfoProvider createWithKey(String str, String str2) {
        return create(str, "NONE", false, false, str2);
    }

    public static JWTAuthContextInfoProvider createWithKeyLocation(String str, String str2) {
        return create("NONE", str, false, false, str2);
    }

    public static JWTAuthContextInfoProvider createWithCertificate(String str, String str2) {
        return create("NONE", str, false, true, str2);
    }

    public static JWTAuthContextInfoProvider createWithSecretKeyLocation(String str, String str2) {
        return create("NONE", str, true, false, str2);
    }

    private static JWTAuthContextInfoProvider create(String str, String str2, boolean z, boolean z2, String str3) {
        JWTAuthContextInfoProvider jWTAuthContextInfoProvider = new JWTAuthContextInfoProvider();
        jWTAuthContextInfoProvider.mpJwtPublicKey = str;
        jWTAuthContextInfoProvider.mpJwtPublicKeyAlgorithm = Optional.of(SignatureAlgorithm.RS256);
        jWTAuthContextInfoProvider.mpJwtLocation = !z ? str2 : "NONE";
        jWTAuthContextInfoProvider.verifyKeyLocation = z ? str2 : "NONE";
        jWTAuthContextInfoProvider.verifyCertificateThumbprint = z2;
        jWTAuthContextInfoProvider.mpJwtIssuer = str3;
        jWTAuthContextInfoProvider.mpJwtDecryptKeyLocation = "NONE";
        jWTAuthContextInfoProvider.decryptionKeyLocation = "NONE";
        jWTAuthContextInfoProvider.mpJwtTokenHeader = Optional.of("Authorization");
        jWTAuthContextInfoProvider.mpJwtTokenCookie = Optional.of("Bearer");
        jWTAuthContextInfoProvider.tokenHeader = jWTAuthContextInfoProvider.mpJwtTokenHeader;
        jWTAuthContextInfoProvider.tokenCookie = jWTAuthContextInfoProvider.mpJwtTokenCookie;
        jWTAuthContextInfoProvider.tokenKeyId = Optional.empty();
        jWTAuthContextInfoProvider.tokenDecryptionKeyId = Optional.empty();
        jWTAuthContextInfoProvider.tokenSchemes = "Bearer";
        jWTAuthContextInfoProvider.requireNamedPrincipal = Optional.of(Boolean.TRUE);
        jWTAuthContextInfoProvider.defaultSubClaim = Optional.empty();
        jWTAuthContextInfoProvider.subPath = Optional.empty();
        jWTAuthContextInfoProvider.defaultGroupsClaim = Optional.empty();
        jWTAuthContextInfoProvider.groupsPath = Optional.empty();
        jWTAuthContextInfoProvider.expGracePeriodSecs = 60;
        jWTAuthContextInfoProvider.maxTimeToLiveSecs = Optional.empty();
        jWTAuthContextInfoProvider.jwksRefreshInterval = 60;
        jWTAuthContextInfoProvider.forcedJwksRefreshInterval = 30;
        jWTAuthContextInfoProvider.signatureAlgorithm = Optional.of(SignatureAlgorithm.RS256);
        jWTAuthContextInfoProvider.keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
        jWTAuthContextInfoProvider.keyFormat = KeyFormat.ANY;
        jWTAuthContextInfoProvider.mpJwtVerifyAudiences = Optional.empty();
        jWTAuthContextInfoProvider.expectedAudience = Optional.empty();
        jWTAuthContextInfoProvider.groupsSeparator = " ";
        jWTAuthContextInfoProvider.requiredClaims = Optional.empty();
        return jWTAuthContextInfoProvider;
    }

    @Produces
    Optional<JWTAuthContextInfo> getOptionalContextInfo() {
        String str;
        Optional<SignatureAlgorithm> empty;
        String str2 = !"NONE".equals(this.verifyKeyLocation) ? this.verifyKeyLocation : this.mpJwtLocation;
        JWTAuthContextInfo jWTAuthContextInfo = new JWTAuthContextInfo();
        if (this.mpJwtIssuer != null && !this.mpJwtIssuer.equals("NONE")) {
            jWTAuthContextInfo.setIssuedBy(this.mpJwtIssuer.trim());
        }
        if (!"NONE".equals(this.mpJwtPublicKey)) {
            jWTAuthContextInfo.setPublicKeyContent(this.mpJwtPublicKey);
        } else if (!"NONE".equals(str2)) {
            String trim = str2.trim();
            if (trim.startsWith("http")) {
                jWTAuthContextInfo.setPublicKeyLocation(trim);
            } else {
                try {
                    jWTAuthContextInfo.setPublicKeyContent(ResourceUtils.readResource(trim));
                    if (jWTAuthContextInfo.getPublicKeyContent() == null) {
                        throw ConfigMessages.msg.invalidPublicKeyLocation();
                    }
                } catch (IOException e) {
                    throw ConfigMessages.msg.readingPublicKeyLocationFailed(e);
                }
            }
        }
        if (!"NONE".equals(this.mpJwtDecryptKeyLocation)) {
            str = this.mpJwtDecryptKeyLocation;
        } else if ("NONE".equals(this.decryptionKeyLocation)) {
            str = "NONE";
        } else {
            ConfigLogging.log.replacedConfig("smallrye.jwt.decrypt.key.location", Names.DECRYPTOR_KEY_LOCATION);
            str = this.decryptionKeyLocation;
        }
        if (!"NONE".equals(str)) {
            String trim2 = str.trim();
            if (trim2.startsWith("http")) {
                jWTAuthContextInfo.setDecryptionKeyLocation(trim2);
            } else {
                try {
                    jWTAuthContextInfo.setDecryptionKeyContent(ResourceUtils.readResource(trim2));
                    if (jWTAuthContextInfo.getDecryptionKeyContent() == null) {
                        throw ConfigMessages.msg.invalidDecryptKeyLocation();
                    }
                } catch (IOException e2) {
                    throw ConfigMessages.msg.readingDecryptKeyLocationFailed(e2);
                }
            }
        }
        if (this.mpJwtTokenHeader.isPresent()) {
            jWTAuthContextInfo.setTokenHeader(this.mpJwtTokenHeader.get());
        } else if (this.tokenHeader.isPresent()) {
            ConfigLogging.log.replacedConfig("smallrye.jwt.token.header", Names.TOKEN_HEADER);
            jWTAuthContextInfo.setTokenHeader(this.tokenHeader.get());
        } else {
            jWTAuthContextInfo.setTokenHeader("Authorization");
        }
        if (this.mpJwtTokenCookie.isPresent()) {
            SmallryeJwtUtils.setContextTokenCookie(jWTAuthContextInfo, this.mpJwtTokenCookie);
        } else if (this.tokenCookie.isPresent()) {
            ConfigLogging.log.replacedConfig("smallrye.jwt.token.cookie", Names.TOKEN_COOKIE);
            SmallryeJwtUtils.setContextTokenCookie(jWTAuthContextInfo, this.tokenCookie);
        } else {
            SmallryeJwtUtils.setContextTokenCookie(jWTAuthContextInfo, Optional.of("Bearer"));
        }
        jWTAuthContextInfo.setAlwaysCheckAuthorization(this.alwaysCheckAuthorization);
        jWTAuthContextInfo.setTokenKeyId(this.tokenKeyId.orElse(null));
        jWTAuthContextInfo.setTokenDecryptionKeyId(this.tokenDecryptionKeyId.orElse(null));
        jWTAuthContextInfo.setRequireNamedPrincipal(this.requireNamedPrincipal.orElse(null).booleanValue());
        SmallryeJwtUtils.setTokenSchemes(jWTAuthContextInfo, this.tokenSchemes);
        jWTAuthContextInfo.setDefaultSubjectClaim(this.defaultSubClaim.orElse(null));
        SmallryeJwtUtils.setContextSubPath(jWTAuthContextInfo, this.subPath);
        jWTAuthContextInfo.setDefaultGroupsClaim(this.defaultGroupsClaim.orElse(null));
        SmallryeJwtUtils.setContextGroupsPath(jWTAuthContextInfo, this.groupsPath);
        jWTAuthContextInfo.setExpGracePeriodSecs(this.expGracePeriodSecs);
        jWTAuthContextInfo.setMaxTimeToLiveSecs(this.maxTimeToLiveSecs.orElse(null));
        jWTAuthContextInfo.setJwksRefreshInterval(Integer.valueOf(this.jwksRefreshInterval));
        jWTAuthContextInfo.setForcedJwksRefreshInterval(this.forcedJwksRefreshInterval);
        if (this.mpJwtPublicKeyAlgorithm.isPresent()) {
            empty = this.mpJwtPublicKeyAlgorithm;
        } else if (this.signatureAlgorithm.isPresent()) {
            ConfigLogging.log.replacedConfig("smallrye.jwt.verify.algorithm", Names.VERIFIER_PUBLIC_KEY_ALGORITHM);
            empty = this.signatureAlgorithm;
        } else {
            empty = Optional.empty();
        }
        if (!empty.isPresent()) {
            jWTAuthContextInfo.setSignatureAlgorithm(SignatureAlgorithm.RS256);
        } else {
            if (empty.get() == SignatureAlgorithm.HS256 && str2 == this.mpJwtLocation) {
                throw ConfigMessages.msg.hs256NotSupported();
            }
            jWTAuthContextInfo.setSignatureAlgorithm(empty.get());
        }
        jWTAuthContextInfo.setKeyEncryptionAlgorithm(this.keyEncryptionAlgorithm);
        jWTAuthContextInfo.setKeyFormat(this.keyFormat);
        if (this.mpJwtVerifyAudiences.isPresent()) {
            jWTAuthContextInfo.setExpectedAudience(this.mpJwtVerifyAudiences.get());
        } else if (this.expectedAudience.isPresent()) {
            ConfigLogging.log.replacedConfig("smallrye.jwt.verify.aud", Names.AUDIENCES);
            jWTAuthContextInfo.setExpectedAudience(this.expectedAudience.get());
        } else {
            jWTAuthContextInfo.setExpectedAudience(null);
        }
        jWTAuthContextInfo.setGroupsSeparator(this.groupsSeparator);
        jWTAuthContextInfo.setRequiredClaims(this.requiredClaims.orElse(null));
        jWTAuthContextInfo.setRelaxVerificationKeyValidation(this.relaxVerificationKeyValidation);
        jWTAuthContextInfo.setVerifyCertificateThumbprint(this.verifyCertificateThumbprint);
        return Optional.of(jWTAuthContextInfo);
    }

    @ApplicationScoped
    @Produces
    public JWTAuthContextInfo getContextInfo() {
        return getOptionalContextInfo().get();
    }
}
