package com.nimbusds.openid.connect.provider.spi.grants.handlers.web.tokenexchange;

import com.nimbusds.common.config.ConfigurationException;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.token.TokenTypeURI;
import com.nimbusds.openid.connect.provider.spi.grants.handlers.web.BaseConfiguration;
import com.thetransactioncompany.util.PropertyFilter;
import com.thetransactioncompany.util.PropertyParseException;
import com.thetransactioncompany.util.PropertyRetriever;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import net.jcip.annotations.Immutable;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

@Immutable
/* loaded from: input_file:com/nimbusds/openid/connect/provider/spi/grants/handlers/web/tokenexchange/TokenExchangeGrantHandlerConfiguration.class */
public final class TokenExchangeGrantHandlerConfiguration extends BaseConfiguration {
    public static final String PREFIX = "op.grantHandler.tokenExchange.webAPI.";
    public static final String GRANT_SHORT_NAME = "Token exchange";
    public static final String LOG_PREFIX = "TEW";
    public final Set<TokenTypeURI> subjectToken_types;
    public final Set<TokenTypeURI> actorToken_types;
    public final Set<TokenTypeURI> requestedToken_types;
    public final boolean subjectToken_accessTokenIntrospection_local_enable;
    public final Map<String, RemoteAccessTokenIntrospectionConfiguration> subjectToken_accessTokenIntrospection_remote;
    public final boolean subjectToken_accessTokenIntrospection_mustPass;
    public final Map<String, JWTVerificationConfiguration> subjectToken_jwtVerification;
    public final boolean subjectToken_jwtVerification_mustPass;

    public TokenExchangeGrantHandlerConfiguration(Properties properties) throws ConfigurationException {
        super(PREFIX, properties, GRANT_SHORT_NAME, LOG_PREFIX);
        PropertyRetriever propertyRetriever = new PropertyRetriever(properties, true);
        if (!this.enable) {
            this.subjectToken_types = null;
            this.actorToken_types = Collections.emptySet();
            this.requestedToken_types = null;
            this.subjectToken_accessTokenIntrospection_local_enable = false;
            this.subjectToken_accessTokenIntrospection_remote = Collections.emptyMap();
            this.subjectToken_accessTokenIntrospection_mustPass = false;
            this.subjectToken_jwtVerification = Collections.emptyMap();
            this.subjectToken_jwtVerification_mustPass = false;
            return;
        }
        try {
            this.subjectToken_types = parseTokenTypes(propertyRetriever, "op.grantHandler.tokenExchange.webAPI.subjectToken.types", true);
            if (this.subjectToken_types != null && this.subjectToken_types.isEmpty()) {
                throw new PropertyParseException("At least one op.grantHandler.tokenExchange.webAPI.subjectTokenTypes value must be configured", "op.grantHandler.tokenExchange.webAPI.subjectToken.types");
            }
            this.subjectToken_accessTokenIntrospection_local_enable = propertyRetriever.getOptBoolean("op.grantHandler.tokenExchange.webAPI.subjectToken.accessTokenIntrospection.local.enable", false);
            Map filterWithPrefixIntoMap = PropertyFilter.filterWithPrefixIntoMap("op.grantHandler.tokenExchange.webAPI.subjectToken.accessTokenIntrospection.remote.", mergeWithSystemProperties(properties));
            HashMap hashMap = new HashMap();
            for (String str : filterWithPrefixIntoMap.keySet()) {
                hashMap.put(str, RemoteAccessTokenIntrospectionConfiguration.parse("op.grantHandler.tokenExchange.webAPI.subjectToken.accessTokenIntrospection.remote." + str + ".", restorePrefix("op.grantHandler.tokenExchange.webAPI.subjectToken.accessTokenIntrospection.remote.", str, (Properties) filterWithPrefixIntoMap.get(str))));
            }
            this.subjectToken_accessTokenIntrospection_remote = Collections.unmodifiableMap(hashMap);
            this.subjectToken_accessTokenIntrospection_mustPass = propertyRetriever.getOptBoolean("op.grantHandler.tokenExchange.webAPI.subjectToken.accessTokenIntrospection.mustPass", this.subjectToken_accessTokenIntrospection_local_enable || !this.subjectToken_accessTokenIntrospection_remote.isEmpty());
            Map filterWithPrefixIntoMap2 = PropertyFilter.filterWithPrefixIntoMap("op.grantHandler.tokenExchange.webAPI.subjectToken.jwtVerification.", mergeWithSystemProperties(properties));
            HashMap hashMap2 = new HashMap();
            for (String str2 : filterWithPrefixIntoMap2.keySet()) {
                hashMap2.put(str2, JWTVerificationConfiguration.parse("op.grantHandler.tokenExchange.webAPI.subjectToken.jwtVerification." + str2 + ".", restorePrefix("op.grantHandler.tokenExchange.webAPI.subjectToken.jwtVerification.", str2, (Properties) filterWithPrefixIntoMap2.get(str2))));
            }
            this.subjectToken_jwtVerification = Collections.unmodifiableMap(hashMap2);
            this.subjectToken_jwtVerification_mustPass = propertyRetriever.getOptBoolean("op.grantHandler.tokenExchange.webAPI.subjectToken.jwtVerification.mustPass", !this.subjectToken_jwtVerification.isEmpty());
            this.actorToken_types = parseTokenTypes(propertyRetriever, "op.grantHandler.tokenExchange.webAPI.actorToken.types", false);
            this.requestedToken_types = parseTokenTypes(propertyRetriever, "op.grantHandler.tokenExchange.webAPI.requestedToken.types", true);
            if (this.requestedToken_types != null && this.requestedToken_types.isEmpty()) {
                throw new PropertyParseException("At least one op.grantHandler.tokenExchange.webAPI.requestedTokenTypes value must be configured", "op.grantHandler.tokenExchange.webAPI.requestedToken.types");
            }
        } catch (PropertyParseException e) {
            throw new ConfigurationException(e.getMessage() + ": Property: " + e.getPropertyKey());
        }
    }

    private static Properties mergeWithSystemProperties(Properties properties) {
        Properties properties2 = new Properties();
        properties2.putAll(properties);
        properties2.putAll(System.getProperties());
        return properties2;
    }

    private static Properties restorePrefix(String str, String str2, Properties properties) {
        Properties properties2 = new Properties();
        for (String str3 : properties.stringPropertyNames()) {
            properties2.setProperty(str + str2 + "." + str3, properties.getProperty(str3));
        }
        return properties2;
    }

    public static Set<TokenTypeURI> parseTokenTypes(PropertyRetriever propertyRetriever, String str, boolean z) throws PropertyParseException {
        if (z && "*".equals(propertyRetriever.getOptString(str, "*"))) {
            return null;
        }
        if (!z) {
            String optString = propertyRetriever.getOptString(str, (String) null);
            if (optString == null) {
                return Collections.emptySet();
            }
            if ("*".equals(optString)) {
                return null;
            }
        }
        HashSet hashSet = new HashSet();
        for (String str2 : propertyRetriever.getStringList(str)) {
            try {
                hashSet.add(TokenTypeURI.parse(str2));
            } catch (ParseException e) {
                throw new PropertyParseException(e.getMessage(), str, str2);
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // com.nimbusds.openid.connect.provider.spi.grants.handlers.web.BaseConfiguration
    public void log() {
        super.log();
        Logger logger = LogManager.getLogger("MAIN");
        if (this.enable) {
            logger.info("[" + this.logPrefix + "0100] " + this.grantShortName + " grant handler: Accepted subject token types: {}", this.subjectToken_types == null ? "any" : this.subjectToken_types);
            logger.info("[" + this.logPrefix + "0101] " + this.grantShortName + " grant handler: Local subject access token introspection: {}", Boolean.valueOf(this.subjectToken_accessTokenIntrospection_local_enable));
            logger.info("[" + this.logPrefix + "0102] " + this.grantShortName + " grant handler: Remote subject access token introspection: {}", Boolean.valueOf(!this.subjectToken_accessTokenIntrospection_remote.isEmpty()));
            for (Map.Entry<String, RemoteAccessTokenIntrospectionConfiguration> entry : this.subjectToken_accessTokenIntrospection_remote.entrySet()) {
                logger.info("[" + this.logPrefix + "0103] " + this.grantShortName + " grant handler: Remote subject access token introspection: {}: Endpoint URL: {}", entry.getKey(), entry.getValue().endpoint);
                logger.info("[" + this.logPrefix + "0104] " + this.grantShortName + " grant handler: Remote subject access token introspection: {}: Endpoint authentication : {}", entry.getKey(), entry.getValue().authMethod);
                logger.info("[" + this.logPrefix + "0105] " + this.grantShortName + " grant handler: Remote subject access token introspection: {}: Client ID : {}", entry.getKey(), entry.getValue().clientID);
                logger.info("[" + this.logPrefix + "0106] " + this.grantShortName + " grant handler: Remote subject access token introspection: {}: Client secret : {}", entry.getKey(), entry.getValue().clientSecret != null ? "[hidden]" : null);
                logger.info("[" + this.logPrefix + "0107] " + this.grantShortName + " grant handler: Remote subject access token introspection: {}: HTTP connect timeout: {} ms", entry.getKey(), Integer.valueOf(entry.getValue().connectTimeout));
                logger.info("[" + this.logPrefix + "0108] " + this.grantShortName + " grant handler: Remote subject access token introspection: {}: HTTP read timeout: {} ms", entry.getKey(), Integer.valueOf(entry.getValue().readTimeout));
            }
            logger.info("[" + this.logPrefix + "0115] " + this.grantShortName + " grant handler: Subject access token must pass introspection: {}", Boolean.valueOf(this.subjectToken_accessTokenIntrospection_mustPass));
            logger.info("[" + this.logPrefix + "0109] " + this.grantShortName + " grant handler: Subject JWT verification: {}", Boolean.valueOf(!this.subjectToken_jwtVerification.isEmpty()));
            for (Map.Entry<String, JWTVerificationConfiguration> entry2 : this.subjectToken_jwtVerification.entrySet()) {
                logger.info("[" + this.logPrefix + "0110] " + this.grantShortName + " grant handler: Subject JWT verification: {}: JWK set URI: {}", entry2.getKey(), entry2.getValue().jwkSetURI);
                logger.info("[" + this.logPrefix + "0111] " + this.grantShortName + " grant handler: Subject JWT verification: {}: HTTP connect timeout: {} ms", entry2.getKey(), Integer.valueOf(entry2.getValue().connectTimeout));
                logger.info("[" + this.logPrefix + "01112] " + this.grantShortName + " grant handler: Subject JWT verification: {}: HTTP read timeout: {} ms", entry2.getKey(), Integer.valueOf(entry2.getValue().readTimeout));
            }
            logger.info("[" + this.logPrefix + "0116] " + this.grantShortName + " grant handler: Subject token must pass JWT verification: {}", Boolean.valueOf(this.subjectToken_jwtVerification_mustPass));
            logger.info("[" + this.logPrefix + "0113] " + this.grantShortName + " grant handler: Accepted actor token types: {}", this.actorToken_types == null ? "any" : this.actorToken_types);
            logger.info("[" + this.logPrefix + "0114] " + this.grantShortName + " grant handler: Accepted requested token types: {}", this.requestedToken_types == null ? "any" : this.requestedToken_types);
        }
    }
}
