package one.jpro.platform.auth.core.oauth2.provider;

import java.util.concurrent.CompletableFuture;
import javafx.stage.Stage;
import one.jpro.platform.auth.core.oauth2.OAuth2Flow;
import one.jpro.platform.auth.core.oauth2.OAuth2Options;
import one.jpro.platform.auth.core.oauth2.PubSecKeyOptions;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.json.JSONObject;

/* loaded from: input_file:one/jpro/platform/auth/core/oauth2/provider/KeycloakAuthenticationProvider.class */
public class KeycloakAuthenticationProvider extends OpenIDAuthenticationProvider {
    public KeycloakAuthenticationProvider(@Nullable Stage stage, @NotNull OAuth2Options oAuth2Options) {
        super(stage, oAuth2Options);
    }

    public KeycloakAuthenticationProvider(@Nullable Stage stage, @NotNull JSONObject jSONObject) {
        this(stage, OAuth2Flow.AUTH_CODE, jSONObject);
    }

    public KeycloakAuthenticationProvider(@Nullable Stage stage, @Nullable OAuth2Flow oAuth2Flow, @NotNull JSONObject jSONObject) {
        super(stage, configure(oAuth2Flow, jSONObject));
    }

    private static OAuth2Options configure(@Nullable OAuth2Flow oAuth2Flow, @NotNull JSONObject jSONObject) {
        OAuth2Options oAuth2Options = new OAuth2Options();
        oAuth2Options.setFlow(oAuth2Flow);
        if (jSONObject.has("resource")) {
            oAuth2Options.setClientId(jSONObject.getString("resource"));
        }
        if (jSONObject.has("auth-server-url")) {
            oAuth2Options.setSite(jSONObject.getString("auth-server-url"));
        }
        if (jSONObject.has("credentials") && jSONObject.getJSONObject("credentials").has("secret")) {
            oAuth2Options.setClientSecret(jSONObject.getJSONObject("credentials").getString("secret"));
        }
        if (jSONObject.has("realm")) {
            oAuth2Options.setTenant(jSONObject.getString("realm"));
            oAuth2Options.setAuthorizationPath("/protocol/openid-connect/auth");
            oAuth2Options.setTokenPath("/protocol/openid-connect/token");
            oAuth2Options.setRevocationPath("/protocol/openid-connect/revoke");
            oAuth2Options.setUserInfoPath("/protocol/openid-connect/userinfo");
            oAuth2Options.setLogoutPath("/protocol/openid-connect/logout");
            oAuth2Options.setIntrospectionPath("/protocol/openid-connect/token/introspect");
            oAuth2Options.setJwkPath("/protocol/openid-connect/certs");
        }
        if (jSONObject.has("realm-public-key")) {
            oAuth2Options.addPubSecKeys(new PubSecKeyOptions().setAlgorithm("RS256").setBuffer("-----BEGIN PUBLIC KEY-----\n" + jSONObject.getString("realm-public-key") + "\n-----END PUBLIC KEY-----\n"));
        }
        return oAuth2Options;
    }

    public static CompletableFuture<OpenIDAuthenticationProvider> discover(@Nullable Stage stage, @NotNull OAuth2Options oAuth2Options) {
        return new KeycloakAuthenticationProvider(stage, oAuth2Options).discover();
    }
}
