package io.helidon.security.providers.oidc.common;

import io.helidon.common.Builder;
import io.helidon.common.Errors;
import io.helidon.common.configurable.Resource;
import io.helidon.config.Config;
import io.helidon.config.metadata.Configured;
import io.helidon.security.jwt.jwk.JwkKeys;
import io.helidon.security.providers.oidc.common.BaseBuilder;
import io.helidon.security.providers.oidc.common.OidcConfig;
import jakarta.json.Json;
import jakarta.json.JsonObject;
import jakarta.json.JsonReaderFactory;
import java.net.URI;
import java.time.Duration;
import java.util.Collections;

/* JADX INFO: Access modifiers changed from: package-private */
@Configured
/* loaded from: input_file:io/helidon/security/providers/oidc/common/BaseBuilder.class */
public abstract class BaseBuilder<B extends BaseBuilder<B, T>, T> implements Builder<B, T> {
    static final String DEFAULT_SERVER_TYPE = "@default";
    static final String DEFAULT_BASE_SCOPES = "openid";
    static final String DEFAULT_REALM = "helidon";
    static final boolean DEFAULT_JWT_VALIDATE_JWK = true;
    static final int DEFAULT_TIMEOUT_SECONDS = 30;
    private static final JsonReaderFactory JSON = Json.createReaderFactory(Collections.emptyMap());
    private JsonObject oidcMetadata;
    private String clientId;
    private String clientSecret;
    private String issuer;
    private String audience;
    private String serverType;
    private URI authorizationEndpointUri;
    private URI logoutEndpointUri;
    private URI identityUri;
    private URI tokenEndpointUri;
    private JwkKeys signJwk;
    private URI introspectUri;
    private String scopeAudience;
    private OidcConfig.ClientAuthentication tokenEndpointAuthentication = OidcConfig.ClientAuthentication.CLIENT_SECRET_BASIC;
    private String baseScopes = DEFAULT_BASE_SCOPES;
    private String realm = DEFAULT_REALM;
    private Duration clientTimeout = Duration.ofSeconds(30);
    private boolean validateJwtWithJwk = true;
    private boolean useWellKnown = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.helidon.security.providers.oidc.common.BaseBuilder$1, reason: invalid class name */
    /* loaded from: input_file:io/helidon/security/providers/oidc/common/BaseBuilder$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$helidon$security$providers$oidc$common$OidcConfig$ClientAuthentication = new int[OidcConfig.ClientAuthentication.values().length];

        static {
            try {
                $SwitchMap$io$helidon$security$providers$oidc$common$OidcConfig$ClientAuthentication[OidcConfig.ClientAuthentication.CLIENT_SECRET_BASIC.ordinal()] = BaseBuilder.DEFAULT_JWT_VALIDATE_JWK;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$helidon$security$providers$oidc$common$OidcConfig$ClientAuthentication[OidcConfig.ClientAuthentication.CLIENT_SECRET_POST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$helidon$security$providers$oidc$common$OidcConfig$ClientAuthentication[OidcConfig.ClientAuthentication.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void buildConfiguration() {
        this.serverType = OidcUtil.fixServerType(this.serverType);
        Errors.Collector collector = Errors.collector();
        OidcUtil.validateExists(collector, this.clientId, "Client Id", "client-id");
        OidcUtil.validateExists(collector, this.clientSecret, "Client Secret", "client-secret");
        OidcUtil.validateExists(collector, this.identityUri, "Identity URI", "identity-uri");
        if (this.audience == null && this.identityUri != null) {
            this.audience = this.identityUri.toString();
        }
        collector.collect().checkValid();
    }

    public B config(Config config) {
        config.get("client-id").asString().ifPresent(this::clientId);
        config.get("client-secret").asString().ifPresent(this::clientSecret);
        config.get("identity-uri").as(URI.class).ifPresent(this::identityUri);
        config.get("oidc-metadata.resource").as(Resource::create).ifPresent(this::oidcMetadata);
        config.get("base-scopes").asString().ifPresent(this::baseScopes);
        config.get("oidc-metadata.resource").as(Resource::create).ifPresent(this::oidcMetadata);
        config.get("oidc-metadata-well-known").asBoolean().ifPresent((v1) -> {
            oidcMetadataWellKnown(v1);
        });
        config.get("scope-audience").asString().ifPresent(this::scopeAudience);
        config.get("token-endpoint-auth").asString().map((v0) -> {
            return v0.toUpperCase();
        }).map(OidcConfig.ClientAuthentication::valueOf).ifPresent(this::tokenEndpointAuthentication);
        config.get("authorization-endpoint-uri").as(URI.class).ifPresent(this::authorizationEndpointUri);
        config.get("token-endpoint-uri").as(URI.class).ifPresent(this::tokenEndpointUri);
        config.get("logout-endpoint-uri").as(URI.class).ifPresent(this::logoutEndpointUri);
        config.get("sign-jwk.resource").as(Resource::create).ifPresent(this::signJwk);
        config.get("introspect-endpoint-uri").as(URI.class).ifPresent(this::introspectEndpointUri);
        config.get("validate-with-jwk").asBoolean().ifPresent(this::validateJwtWithJwk);
        config.get("issuer").asString().ifPresent(this::issuer);
        config.get("audience").asString().ifPresent(this::audience);
        config.get("server-type").asString().ifPresent(this::serverType);
        config.get("client-timeout-millis").asLong().ifPresent((v1) -> {
            clientTimeoutMillis(v1);
        });
        return (B) identity();
    }

    public B clientId(String str) {
        this.clientId = str;
        return (B) identity();
    }

    public B clientSecret(String str) {
        this.clientSecret = str;
        return (B) identity();
    }

    public B identityUri(URI uri) {
        this.identityUri = uri;
        return (B) identity();
    }

    public B realm(String str) {
        this.realm = str;
        return (B) identity();
    }

    public B audience(String str) {
        this.audience = str;
        return (B) identity();
    }

    public B issuer(String str) {
        this.issuer = str;
        return (B) identity();
    }

    public B validateJwtWithJwk(Boolean bool) {
        this.validateJwtWithJwk = bool.booleanValue();
        return (B) identity();
    }

    public B introspectEndpointUri(URI uri) {
        validateJwtWithJwk(false);
        this.introspectUri = uri;
        return (B) identity();
    }

    public B signJwk(Resource resource) {
        validateJwtWithJwk(true);
        this.signJwk = JwkKeys.builder().resource(resource).build();
        return (B) identity();
    }

    public B signJwk(JwkKeys jwkKeys) {
        validateJwtWithJwk(true);
        this.signJwk = jwkKeys;
        return (B) identity();
    }

    public B tokenEndpointAuthentication(OidcConfig.ClientAuthentication clientAuthentication) {
        switch (AnonymousClass1.$SwitchMap$io$helidon$security$providers$oidc$common$OidcConfig$ClientAuthentication[clientAuthentication.ordinal()]) {
            case DEFAULT_JWT_VALIDATE_JWK /* 1 */:
            case 2:
            case 3:
                this.tokenEndpointAuthentication = clientAuthentication;
                return (B) identity();
            default:
                throw new IllegalArgumentException("Token endpoint authentication type " + clientAuthentication + " is not supported.");
        }
    }

    public B authorizationEndpointUri(URI uri) {
        this.authorizationEndpointUri = uri;
        return (B) identity();
    }

    public B logoutEndpointUri(URI uri) {
        this.logoutEndpointUri = uri;
        return (B) identity();
    }

    public B tokenEndpointUri(URI uri) {
        this.tokenEndpointUri = uri;
        return (B) identity();
    }

    public B oidcMetadata(Resource resource) {
        return oidcMetadata(JSON.createReader(resource.stream()).readObject());
    }

    public B oidcMetadata(JsonObject jsonObject) {
        this.oidcMetadata = jsonObject;
        return (B) identity();
    }

    public B baseScopes(String str) {
        this.baseScopes = str;
        return (B) identity();
    }

    public B oidcMetadataWellKnown(boolean z) {
        this.useWellKnown = z;
        return (B) identity();
    }

    public B serverType(String str) {
        this.serverType = str;
        return (B) identity();
    }

    public B clientTimeout(Duration duration) {
        this.clientTimeout = duration;
        return (B) identity();
    }

    public B scopeAudience(String str) {
        this.scopeAudience = str;
        return (B) identity();
    }

    private void clientTimeoutMillis(long j) {
        clientTimeout(Duration.ofMillis(j));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OidcConfig.ClientAuthentication tokenEndpointAuthentication() {
        return this.tokenEndpointAuthentication;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JsonObject oidcMetadata() {
        return this.oidcMetadata;
    }

    public boolean useWellKnown() {
        return this.useWellKnown;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String clientId() {
        return this.clientId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String clientSecret() {
        return this.clientSecret;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String baseScopes() {
        return this.baseScopes;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String realm() {
        return this.realm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String issuer() {
        return this.issuer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String audience() {
        return this.audience;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String serverType() {
        return this.serverType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URI authorizationEndpointUri() {
        return this.authorizationEndpointUri;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URI logoutEndpointUri() {
        return this.logoutEndpointUri;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URI identityUri() {
        return this.identityUri;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URI tokenEndpointUri() {
        return this.tokenEndpointUri;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Duration clientTimeout() {
        return this.clientTimeout;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwkKeys signJwk() {
        return this.signJwk;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean validateJwtWithJwk() {
        return this.validateJwtWithJwk;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URI introspectUri() {
        return this.introspectUri;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String scopeAudience() {
        return this.scopeAudience;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String name() {
        return "@default";
    }
}
