package no.nav.security.token.support.client.core;

import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jose.util.ResourceRetriever;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata;
import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import javax.validation.constraints.NotNull;

/* loaded from: input_file:no/nav/security/token/support/client/core/ClientProperties.class */
public class ClientProperties {
    private static final List<OAuth2GrantType> GRANT_TYPES = List.of(OAuth2GrantType.JWT_BEARER, OAuth2GrantType.CLIENT_CREDENTIALS, OAuth2GrantType.TOKEN_EXCHANGE);

    @NotNull
    private final URI tokenEndpointUrl;

    @NotNull
    private final OAuth2GrantType grantType;
    private final List<String> scope;

    @NotNull
    private final ClientAuthenticationProperties authentication;
    private final URI resourceUrl;
    private final TokenExchangeProperties tokenExchange;
    private final URI wellKnownUrl;
    private AuthorizationServerMetadata authorizationServerMetadata;
    private ResourceRetriever resourceRetriever;

    /* loaded from: input_file:no/nav/security/token/support/client/core/ClientProperties$ClientPropertiesBuilder.class */
    public static class ClientPropertiesBuilder {
        private URI tokenEndpointUrl;
        private URI wellKnownUrl;

        @NotNull
        private OAuth2GrantType grantType;
        private List<String> scope;

        @NotNull
        private ClientAuthenticationProperties authentication;
        private URI resourceUrl;
        private TokenExchangeProperties tokenExchange;

        ClientPropertiesBuilder() {
        }

        public ClientPropertiesBuilder tokenEndpointUrl(URI uri) {
            this.tokenEndpointUrl = uri;
            return this;
        }

        public ClientPropertiesBuilder wellKnownUrl(URI uri) {
            this.wellKnownUrl = uri;
            return this;
        }

        public ClientPropertiesBuilder grantType(@NotNull OAuth2GrantType oAuth2GrantType) {
            this.grantType = oAuth2GrantType;
            return this;
        }

        public ClientPropertiesBuilder scope(List<String> list) {
            this.scope = list;
            return this;
        }

        public ClientPropertiesBuilder authentication(@NotNull ClientAuthenticationProperties clientAuthenticationProperties) {
            this.authentication = clientAuthenticationProperties;
            return this;
        }

        public ClientPropertiesBuilder resourceUrl(URI uri) {
            this.resourceUrl = uri;
            return this;
        }

        public ClientPropertiesBuilder tokenExchange(TokenExchangeProperties tokenExchangeProperties) {
            this.tokenExchange = tokenExchangeProperties;
            return this;
        }

        public ClientProperties build() {
            return new ClientProperties(this.tokenEndpointUrl, this.wellKnownUrl, this.grantType, this.scope, this.authentication, this.resourceUrl, this.tokenExchange);
        }

        public String toString() {
            return "ClientProperties.ClientPropertiesBuilder(tokenEndpointUrl=" + this.tokenEndpointUrl + ", wellKnownUrl=" + this.wellKnownUrl + ", grantType=" + this.grantType + ", scope=" + this.scope + ", authentication=" + this.authentication + ", resourceUrl=" + this.resourceUrl + ", tokenExchange=" + this.tokenExchange + ")";
        }
    }

    /* loaded from: input_file:no/nav/security/token/support/client/core/ClientProperties$TokenExchangeProperties.class */
    public static class TokenExchangeProperties {

        @NotNull
        private final String audience;
        private final String resource;

        /* loaded from: input_file:no/nav/security/token/support/client/core/ClientProperties$TokenExchangeProperties$TokenExchangePropertiesBuilder.class */
        public static class TokenExchangePropertiesBuilder {

            @NotNull
            private String audience;
            private String resource;

            TokenExchangePropertiesBuilder() {
            }

            public TokenExchangePropertiesBuilder audience(@NotNull String str) {
                this.audience = str;
                return this;
            }

            public TokenExchangePropertiesBuilder resource(String str) {
                this.resource = str;
                return this;
            }

            public TokenExchangeProperties build() {
                return new TokenExchangeProperties(this.audience, this.resource);
            }

            public String toString() {
                return "ClientProperties.TokenExchangeProperties.TokenExchangePropertiesBuilder(audience=" + this.audience + ", resource=" + this.resource + ")";
            }
        }

        public TokenExchangeProperties(@NotNull String str, String str2) {
            this.audience = str;
            this.resource = str2;
            validateAfterPropertiesSet();
        }

        public static TokenExchangePropertiesBuilder builder() {
            return new TokenExchangePropertiesBuilder();
        }

        private void validateAfterPropertiesSet() {
            Objects.requireNonNull(this.audience, "audience must be set");
        }

        public String subjectTokenType() {
            return "urn:ietf:params:oauth:token-type:jwt";
        }

        @NotNull
        public String getAudience() {
            return this.audience;
        }

        public String getResource() {
            return this.resource;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            TokenExchangeProperties tokenExchangeProperties = (TokenExchangeProperties) obj;
            return this.audience.equals(tokenExchangeProperties.audience) && this.resource.equals(tokenExchangeProperties.resource);
        }

        public int hashCode() {
            return Objects.hash(this.audience, this.resource);
        }

        public String toString() {
            return "ClientProperties.TokenExchangeProperties(audience=" + getAudience() + ", resource=" + getResource() + ")";
        }

        public TokenExchangePropertiesBuilder toBuilder() {
            return new TokenExchangePropertiesBuilder().audience(this.audience).resource(this.resource);
        }
    }

    public ClientProperties(URI uri, URI uri2, @NotNull OAuth2GrantType oAuth2GrantType, List<String> list, @NotNull ClientAuthenticationProperties clientAuthenticationProperties, URI uri3, TokenExchangeProperties tokenExchangeProperties) {
        this.wellKnownUrl = uri2;
        if (uri != null) {
            this.tokenEndpointUrl = uri;
        } else {
            this.resourceRetriever = new DefaultResourceRetriever();
            this.authorizationServerMetadata = retrieveAuthorizationServerMetadata();
            this.tokenEndpointUrl = this.authorizationServerMetadata.getTokenEndpointURI();
        }
        this.grantType = getSupported(oAuth2GrantType);
        this.scope = (List) Optional.ofNullable(list).orElse(Collections.emptyList());
        this.authentication = clientAuthenticationProperties;
        this.resourceUrl = uri3;
        this.tokenExchange = tokenExchangeProperties;
    }

    public static ClientPropertiesBuilder builder() {
        return new ClientPropertiesBuilder();
    }

    private AuthorizationServerMetadata retrieveAuthorizationServerMetadata() {
        if (this.wellKnownUrl == null) {
            throw new OAuth2ClientException("wellKnownUrl cannot be null, please check your configuration.");
        }
        try {
            return AuthorizationServerMetadata.parse(this.resourceRetriever.retrieveResource(this.wellKnownUrl.toURL()).getContent());
        } catch (ParseException | IOException e) {
            throw new OAuth2ClientException("received exception when retrieving metadata from url " + this.wellKnownUrl, e);
        }
    }

    private static OAuth2GrantType getSupported(OAuth2GrantType oAuth2GrantType) {
        Optional ofNullable = Optional.ofNullable(oAuth2GrantType);
        List<OAuth2GrantType> list = GRANT_TYPES;
        Objects.requireNonNull(list);
        return (OAuth2GrantType) ofNullable.filter((v1) -> {
            return r1.contains(v1);
        }).orElseThrow(unsupported(oAuth2GrantType));
    }

    private static Supplier<IllegalArgumentException> unsupported(OAuth2GrantType oAuth2GrantType) {
        return () -> {
            return new IllegalArgumentException(String.format("unsupported %s with value %s, must be one of %s", OAuth2GrantType.class.getSimpleName(), oAuth2GrantType, GRANT_TYPES));
        };
    }

    @NotNull
    public URI getTokenEndpointUrl() {
        return this.tokenEndpointUrl;
    }

    @NotNull
    public OAuth2GrantType getGrantType() {
        return this.grantType;
    }

    public List<String> getScope() {
        return this.scope;
    }

    @NotNull
    public ClientAuthenticationProperties getAuthentication() {
        return this.authentication;
    }

    public URI getResourceUrl() {
        return this.resourceUrl;
    }

    public TokenExchangeProperties getTokenExchange() {
        return this.tokenExchange;
    }

    public URI getWellKnownUrl() {
        return this.wellKnownUrl;
    }

    public AuthorizationServerMetadata getAuthorizationServerMetadata() {
        return this.authorizationServerMetadata;
    }

    public ResourceRetriever getResourceRetriever() {
        return this.resourceRetriever;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        ClientProperties clientProperties = (ClientProperties) obj;
        return Objects.equals(this.tokenEndpointUrl, clientProperties.tokenEndpointUrl) && Objects.equals(this.grantType, clientProperties.grantType) && Objects.equals(this.scope, clientProperties.scope) && Objects.equals(this.authentication, clientProperties.authentication) && Objects.equals(this.resourceUrl, clientProperties.resourceUrl) && Objects.equals(this.tokenExchange, clientProperties.tokenExchange) && Objects.equals(this.wellKnownUrl, clientProperties.wellKnownUrl) && Objects.equals(this.authorizationServerMetadata, clientProperties.authorizationServerMetadata) && Objects.equals(this.resourceRetriever, clientProperties.resourceRetriever);
    }

    public int hashCode() {
        return Objects.hash(this.tokenEndpointUrl, this.grantType, this.scope, this.authentication, this.resourceUrl, this.tokenExchange, this.wellKnownUrl, this.authorizationServerMetadata, this.resourceRetriever);
    }

    public String toString() {
        return "ClientProperties(tokenEndpointUrl=" + getTokenEndpointUrl() + ", grantType=" + getGrantType() + ", scope=" + getScope() + ", authentication=" + getAuthentication() + ", resourceUrl=" + getResourceUrl() + ", tokenExchange=" + getTokenExchange() + ", wellKnownUrl=" + getWellKnownUrl() + ", authorizationServerMetadata=" + getAuthorizationServerMetadata() + ", resourceRetriever=" + getResourceRetriever() + ")";
    }

    public ClientPropertiesBuilder toBuilder() {
        return new ClientPropertiesBuilder().tokenEndpointUrl(this.tokenEndpointUrl).wellKnownUrl(this.wellKnownUrl).grantType(this.grantType).scope(this.scope).authentication(this.authentication).resourceUrl(this.resourceUrl).tokenExchange(this.tokenExchange);
    }
}
