package org.apereo.cas.pac4j.web;

import com.github.scribejava.core.model.Verb;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationBitBucketProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationDropboxProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationFacebookProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationFoursquareProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationGitHubProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationGoogleProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationHiOrgServerProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationLinkedInProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationPayPalProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationTwitterProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationWindowsLiveProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationWordpressProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationYahooProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.support.pac4j.authentication.clients.ConfigurableDelegatedClient;
import org.apereo.cas.support.pac4j.authentication.clients.ConfigurableDelegatedClientBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.crypto.PrivateKeyFactoryBean;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.pac4j.oauth.client.BitbucketClient;
import org.pac4j.oauth.client.DropBoxClient;
import org.pac4j.oauth.client.FacebookClient;
import org.pac4j.oauth.client.FoursquareClient;
import org.pac4j.oauth.client.GenericOAuth20Client;
import org.pac4j.oauth.client.GitHubClient;
import org.pac4j.oauth.client.Google2Client;
import org.pac4j.oauth.client.HiOrgServerClient;
import org.pac4j.oauth.client.LinkedIn2Client;
import org.pac4j.oauth.client.PayPalClient;
import org.pac4j.oauth.client.TwitterClient;
import org.pac4j.oauth.client.WindowsLiveClient;
import org.pac4j.oauth.client.WordPressClient;
import org.pac4j.oauth.client.YahooClient;
import org.pac4j.oidc.client.AppleClient;
import org.pac4j.oidc.client.AzureAd2Client;
import org.pac4j.oidc.client.GoogleOidcClient;
import org.pac4j.oidc.client.KeycloakOidcClient;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.AppleOidcConfiguration;
import org.pac4j.oidc.config.AzureAd2OidcConfiguration;
import org.pac4j.oidc.config.KeycloakOidcConfiguration;
import org.pac4j.oidc.config.OidcConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/pac4j/web/DelegatedClientOidcBuilder.class */
public class DelegatedClientOidcBuilder implements ConfigurableDelegatedClientBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedClientOidcBuilder.class);
    private final CasSSLContext casSslContext;

    public List<ConfigurableDelegatedClient> build(CasConfigurationProperties casConfigurationProperties) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(buildFacebookIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildOidcIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildOAuth20IdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildTwitterIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildDropBoxIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildFoursquareIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildGitHubIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildGoogleIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildWindowsLiveIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildYahooIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildLinkedInIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildPaypalIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildWordpressIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildBitBucketIdentityProviders(casConfigurationProperties));
        arrayList.addAll(buildHiOrgServerIdentityProviders(casConfigurationProperties));
        return arrayList;
    }

    protected Collection<ConfigurableDelegatedClient> buildFoursquareIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationFoursquareProperties foursquare = casConfigurationProperties.getAuthn().getPac4j().getFoursquare();
        if (!foursquare.isEnabled() || !StringUtils.isNotBlank(foursquare.getId()) || !StringUtils.isNotBlank(foursquare.getSecret())) {
            return List.of();
        }
        FoursquareClient foursquareClient = new FoursquareClient(foursquare.getId(), foursquare.getSecret());
        LOGGER.debug("Created client [{}] with identifier [{}]", foursquareClient.getName(), foursquareClient.getKey());
        return List.of(new ConfigurableDelegatedClient(foursquareClient, foursquare));
    }

    protected Collection<ConfigurableDelegatedClient> buildGoogleIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationGoogleProperties google = casConfigurationProperties.getAuthn().getPac4j().getGoogle();
        if (!google.isEnabled() || !StringUtils.isNotBlank(google.getId()) || !StringUtils.isNotBlank(google.getSecret())) {
            return List.of();
        }
        Google2Client google2Client = new Google2Client(google.getId(), google.getSecret());
        if (StringUtils.isNotBlank(google.getScope())) {
            google2Client.setScope(Google2Client.Google2Scope.valueOf(google.getScope().toUpperCase(Locale.ENGLISH)));
        }
        LOGGER.debug("Created client [{}] with identifier [{}]", google2Client.getName(), google2Client.getKey());
        return List.of(new ConfigurableDelegatedClient(google2Client, google));
    }

    protected Collection<ConfigurableDelegatedClient> buildFacebookIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationFacebookProperties facebook = casConfigurationProperties.getAuthn().getPac4j().getFacebook();
        if (!facebook.isEnabled() || !StringUtils.isNotBlank(facebook.getId()) || !StringUtils.isNotBlank(facebook.getSecret())) {
            return List.of();
        }
        FacebookClient facebookClient = new FacebookClient(facebook.getId(), facebook.getSecret());
        FunctionUtils.doIfNotBlank(facebook.getScope(), str -> {
            facebookClient.setScope(facebook.getScope());
        });
        FunctionUtils.doIfNotBlank(facebook.getFields(), str2 -> {
            facebookClient.setFields(facebook.getFields());
        });
        LOGGER.debug("Created client [{}] with identifier [{}]", facebookClient.getName(), facebookClient.getKey());
        return List.of(new ConfigurableDelegatedClient(facebookClient, facebook));
    }

    protected Collection<ConfigurableDelegatedClient> buildLinkedInIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationLinkedInProperties linkedIn = casConfigurationProperties.getAuthn().getPac4j().getLinkedIn();
        if (!linkedIn.isEnabled() || !StringUtils.isNotBlank(linkedIn.getId()) || !StringUtils.isNotBlank(linkedIn.getSecret())) {
            return List.of();
        }
        LinkedIn2Client linkedIn2Client = new LinkedIn2Client(linkedIn.getId(), linkedIn.getSecret());
        FunctionUtils.doIfNotBlank(linkedIn.getScope(), str -> {
            linkedIn2Client.setScope(linkedIn.getScope());
        });
        LOGGER.debug("Created client [{}] with identifier [{}]", linkedIn2Client.getName(), linkedIn2Client.getKey());
        return List.of(new ConfigurableDelegatedClient(linkedIn2Client, linkedIn));
    }

    protected Collection<ConfigurableDelegatedClient> buildGitHubIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationGitHubProperties github = casConfigurationProperties.getAuthn().getPac4j().getGithub();
        if (!github.isEnabled() || !StringUtils.isNotBlank(github.getId()) || !StringUtils.isNotBlank(github.getSecret())) {
            return List.of();
        }
        GitHubClient gitHubClient = new GitHubClient(github.getId(), github.getSecret());
        FunctionUtils.doIfNotBlank(github.getScope(), str -> {
            gitHubClient.setScope(github.getScope());
        });
        LOGGER.debug("Created client [{}] with identifier [{}]", gitHubClient.getName(), gitHubClient.getKey());
        return List.of(new ConfigurableDelegatedClient(gitHubClient, github));
    }

    protected Collection<ConfigurableDelegatedClient> buildDropBoxIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationDropboxProperties dropbox = casConfigurationProperties.getAuthn().getPac4j().getDropbox();
        if (!dropbox.isEnabled() || !StringUtils.isNotBlank(dropbox.getId()) || !StringUtils.isNotBlank(dropbox.getSecret())) {
            return List.of();
        }
        DropBoxClient dropBoxClient = new DropBoxClient(dropbox.getId(), dropbox.getSecret());
        LOGGER.debug("Created client [{}] with identifier [{}]", dropBoxClient.getName(), dropBoxClient.getKey());
        return List.of(new ConfigurableDelegatedClient(dropBoxClient, dropbox));
    }

    protected Collection<ConfigurableDelegatedClient> buildWindowsLiveIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationWindowsLiveProperties windowsLive = casConfigurationProperties.getAuthn().getPac4j().getWindowsLive();
        if (!windowsLive.isEnabled() || !StringUtils.isNotBlank(windowsLive.getId()) || !StringUtils.isNotBlank(windowsLive.getSecret())) {
            return List.of();
        }
        WindowsLiveClient windowsLiveClient = new WindowsLiveClient(windowsLive.getId(), windowsLive.getSecret());
        LOGGER.debug("Created client [{}] with identifier [{}]", windowsLiveClient.getName(), windowsLiveClient.getKey());
        return List.of(new ConfigurableDelegatedClient(windowsLiveClient, windowsLive));
    }

    protected Collection<ConfigurableDelegatedClient> buildYahooIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationYahooProperties yahoo = casConfigurationProperties.getAuthn().getPac4j().getYahoo();
        if (!yahoo.isEnabled() || !StringUtils.isNotBlank(yahoo.getId()) || !StringUtils.isNotBlank(yahoo.getSecret())) {
            return List.of();
        }
        YahooClient yahooClient = new YahooClient(yahoo.getId(), yahoo.getSecret());
        LOGGER.debug("Created client [{}] with identifier [{}]", yahooClient.getName(), yahooClient.getKey());
        return List.of(new ConfigurableDelegatedClient(yahooClient, yahoo));
    }

    protected Collection<ConfigurableDelegatedClient> buildHiOrgServerIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationHiOrgServerProperties hiOrgServer = casConfigurationProperties.getAuthn().getPac4j().getHiOrgServer();
        if (!hiOrgServer.isEnabled() || !StringUtils.isNotBlank(hiOrgServer.getId()) || !StringUtils.isNotBlank(hiOrgServer.getSecret())) {
            return List.of();
        }
        HiOrgServerClient hiOrgServerClient = new HiOrgServerClient(hiOrgServer.getId(), hiOrgServer.getSecret());
        if (StringUtils.isNotBlank(hiOrgServer.getScope())) {
            hiOrgServerClient.getConfiguration().setScope(hiOrgServer.getScope());
        }
        LOGGER.debug("Created client [{}] with identifier [{}]", hiOrgServerClient.getName(), hiOrgServerClient.getKey());
        return List.of(new ConfigurableDelegatedClient(hiOrgServerClient, hiOrgServer));
    }

    protected Collection<ConfigurableDelegatedClient> buildOAuth20IdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationProperties pac4j = casConfigurationProperties.getAuthn().getPac4j();
        return (Collection) pac4j.getOauth2().stream().filter(pac4jOAuth20ClientProperties -> {
            return pac4jOAuth20ClientProperties.isEnabled() && StringUtils.isNotBlank(pac4jOAuth20ClientProperties.getId()) && StringUtils.isNotBlank(pac4jOAuth20ClientProperties.getSecret());
        }).map(pac4jOAuth20ClientProperties2 -> {
            GenericOAuth20Client genericOAuth20Client = new GenericOAuth20Client();
            genericOAuth20Client.setProfileId((String) StringUtils.defaultIfBlank(pac4jOAuth20ClientProperties2.getPrincipalIdAttribute(), pac4j.getCore().getPrincipalIdAttribute()));
            genericOAuth20Client.setKey(SpringExpressionLanguageValueResolver.getInstance().resolve(pac4jOAuth20ClientProperties2.getId()));
            genericOAuth20Client.setSecret(SpringExpressionLanguageValueResolver.getInstance().resolve(pac4jOAuth20ClientProperties2.getSecret()));
            genericOAuth20Client.setProfileAttrs(pac4jOAuth20ClientProperties2.getProfileAttrs());
            genericOAuth20Client.setProfileUrl(pac4jOAuth20ClientProperties2.getProfileUrl());
            genericOAuth20Client.setProfileVerb(Verb.valueOf(pac4jOAuth20ClientProperties2.getProfileVerb().toUpperCase(Locale.ENGLISH)));
            genericOAuth20Client.setTokenUrl(pac4jOAuth20ClientProperties2.getTokenUrl());
            genericOAuth20Client.setAuthUrl(pac4jOAuth20ClientProperties2.getAuthUrl());
            genericOAuth20Client.setScope(pac4jOAuth20ClientProperties2.getScope());
            genericOAuth20Client.setCustomParams(pac4jOAuth20ClientProperties2.getCustomParams());
            genericOAuth20Client.setWithState(pac4jOAuth20ClientProperties2.isWithState());
            String clientAuthenticationMethod = pac4jOAuth20ClientProperties2.getClientAuthenticationMethod();
            Objects.requireNonNull(genericOAuth20Client);
            FunctionUtils.doIfNotBlank(clientAuthenticationMethod, genericOAuth20Client::setClientAuthenticationMethod);
            genericOAuth20Client.getConfiguration().setResponseType(pac4jOAuth20ClientProperties2.getResponseType());
            LOGGER.debug("Created client [{}]", genericOAuth20Client);
            return new ConfigurableDelegatedClient(genericOAuth20Client, pac4jOAuth20ClientProperties2);
        }).collect(Collectors.toList());
    }

    protected Collection<ConfigurableDelegatedClient> buildOidcIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        return (Collection) casConfigurationProperties.getAuthn().getPac4j().getOidc().stream().map(this::getOidcClientFrom).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    protected Collection<ConfigurableDelegatedClient> buildWordpressIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationWordpressProperties wordpress = casConfigurationProperties.getAuthn().getPac4j().getWordpress();
        if (!wordpress.isEnabled() || !StringUtils.isNotBlank(wordpress.getId()) || !StringUtils.isNotBlank(wordpress.getSecret())) {
            return List.of();
        }
        WordPressClient wordPressClient = new WordPressClient(wordpress.getId(), wordpress.getSecret());
        LOGGER.debug("Created client [{}] with identifier [{}]", wordPressClient.getName(), wordPressClient.getKey());
        return List.of(new ConfigurableDelegatedClient(wordPressClient, wordpress));
    }

    protected Collection<ConfigurableDelegatedClient> buildTwitterIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationTwitterProperties twitter = casConfigurationProperties.getAuthn().getPac4j().getTwitter();
        if (!twitter.isEnabled() || !StringUtils.isNotBlank(twitter.getId()) || !StringUtils.isNotBlank(twitter.getSecret())) {
            return List.of();
        }
        TwitterClient twitterClient = new TwitterClient(twitter.getId(), twitter.getSecret(), twitter.isIncludeEmail());
        LOGGER.debug("Created client [{}] with identifier [{}]", twitterClient.getName(), twitterClient.getKey());
        return List.of(new ConfigurableDelegatedClient(twitterClient, twitter));
    }

    private ConfigurableDelegatedClient getOidcClientFrom(Pac4jOidcClientProperties pac4jOidcClientProperties) {
        SpringExpressionLanguageValueResolver springExpressionLanguageValueResolver = SpringExpressionLanguageValueResolver.getInstance();
        if (pac4jOidcClientProperties.getAzure().isEnabled() && StringUtils.isNotBlank(pac4jOidcClientProperties.getAzure().getId())) {
            LOGGER.debug("Building OpenID Connect client for Azure AD...");
            AzureAd2OidcConfiguration oidcConfigurationForClient = getOidcConfigurationForClient(pac4jOidcClientProperties.getAzure(), AzureAd2OidcConfiguration.class);
            oidcConfigurationForClient.setTenant(springExpressionLanguageValueResolver.resolve(pac4jOidcClientProperties.getAzure().getTenant()));
            return new ConfigurableDelegatedClient(new AzureAd2Client(new AzureAd2OidcConfiguration(oidcConfigurationForClient)), pac4jOidcClientProperties.getAzure());
        }
        if (pac4jOidcClientProperties.getGoogle().isEnabled() && StringUtils.isNotBlank(pac4jOidcClientProperties.getGoogle().getId())) {
            LOGGER.debug("Building OpenID Connect client for Google...");
            return new ConfigurableDelegatedClient(new GoogleOidcClient(getOidcConfigurationForClient(pac4jOidcClientProperties.getGoogle(), OidcConfiguration.class)), pac4jOidcClientProperties.getGoogle());
        }
        if (pac4jOidcClientProperties.getKeycloak().isEnabled() && StringUtils.isNotBlank(pac4jOidcClientProperties.getKeycloak().getId())) {
            LOGGER.debug("Building OpenID Connect client for KeyCloak...");
            KeycloakOidcConfiguration oidcConfigurationForClient2 = getOidcConfigurationForClient(pac4jOidcClientProperties.getKeycloak(), KeycloakOidcConfiguration.class);
            oidcConfigurationForClient2.setRealm(springExpressionLanguageValueResolver.resolve(pac4jOidcClientProperties.getKeycloak().getRealm()));
            oidcConfigurationForClient2.setBaseUri(springExpressionLanguageValueResolver.resolve(pac4jOidcClientProperties.getKeycloak().getBaseUri()));
            return new ConfigurableDelegatedClient(new KeycloakOidcClient(oidcConfigurationForClient2), pac4jOidcClientProperties.getKeycloak());
        }
        if (!pac4jOidcClientProperties.getApple().isEnabled() || !StringUtils.isNotBlank(pac4jOidcClientProperties.getApple().getPrivateKey())) {
            if (!pac4jOidcClientProperties.getGeneric().isEnabled()) {
                return null;
            }
            LOGGER.debug("Building generic OpenID Connect client...");
            return new ConfigurableDelegatedClient(new OidcClient(getOidcConfigurationForClient(pac4jOidcClientProperties.getGeneric(), OidcConfiguration.class)), pac4jOidcClientProperties.getGeneric());
        }
        LOGGER.debug("Building OpenID Connect client for Apple...");
        AppleOidcConfiguration oidcConfigurationForClient3 = getOidcConfigurationForClient(pac4jOidcClientProperties.getApple(), AppleOidcConfiguration.class);
        FunctionUtils.doUnchecked(obj -> {
            PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
            privateKeyFactoryBean.setAlgorithm("EC");
            privateKeyFactoryBean.setSingleton(false);
            privateKeyFactoryBean.setLocation(ResourceUtils.getResourceFrom(pac4jOidcClientProperties.getApple().getPrivateKey()));
            oidcConfigurationForClient3.setPrivateKey((ECPrivateKey) privateKeyFactoryBean.getObject());
        }, new Object[0]);
        oidcConfigurationForClient3.setPrivateKeyID(pac4jOidcClientProperties.getApple().getPrivateKeyId());
        oidcConfigurationForClient3.setTeamID(pac4jOidcClientProperties.getApple().getTeamId());
        oidcConfigurationForClient3.setTimeout(Beans.newDuration(pac4jOidcClientProperties.getApple().getTimeout()));
        return new ConfigurableDelegatedClient(new AppleClient(oidcConfigurationForClient3), pac4jOidcClientProperties.getApple());
    }

    protected Collection<ConfigurableDelegatedClient> buildPaypalIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationPayPalProperties paypal = casConfigurationProperties.getAuthn().getPac4j().getPaypal();
        if (!paypal.isEnabled() || !StringUtils.isNotBlank(paypal.getId()) || !StringUtils.isNotBlank(paypal.getSecret())) {
            return List.of();
        }
        PayPalClient payPalClient = new PayPalClient(paypal.getId(), paypal.getSecret());
        LOGGER.debug("Created client [{}] with identifier [{}]", payPalClient.getName(), payPalClient.getKey());
        return List.of(new ConfigurableDelegatedClient(payPalClient, paypal));
    }

    private <T extends OidcConfiguration> T getOidcConfigurationForClient(BasePac4jOidcClientProperties basePac4jOidcClientProperties, Class<T> cls) {
        SpringExpressionLanguageValueResolver springExpressionLanguageValueResolver = SpringExpressionLanguageValueResolver.getInstance();
        T t = (T) FunctionUtils.doUnchecked(() -> {
            return (OidcConfiguration) cls.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        });
        FunctionUtils.doIfNotBlank(basePac4jOidcClientProperties.getScope(), str -> {
            t.setScope(springExpressionLanguageValueResolver.resolve(basePac4jOidcClientProperties.getScope()));
        });
        t.setUseNonce(basePac4jOidcClientProperties.isUseNonce());
        t.setDisablePkce(basePac4jOidcClientProperties.isDisablePkce());
        t.setSecret(springExpressionLanguageValueResolver.resolve(basePac4jOidcClientProperties.getSecret()));
        t.setClientId(springExpressionLanguageValueResolver.resolve(basePac4jOidcClientProperties.getId()));
        t.setReadTimeout((int) Beans.newDuration(basePac4jOidcClientProperties.getReadTimeout()).toMillis());
        t.setConnectTimeout((int) Beans.newDuration(basePac4jOidcClientProperties.getConnectTimeout()).toMillis());
        if (StringUtils.isNotBlank(basePac4jOidcClientProperties.getPreferredJwsAlgorithm())) {
            t.setPreferredJwsAlgorithm(JWSAlgorithm.parse(basePac4jOidcClientProperties.getPreferredJwsAlgorithm().toUpperCase(Locale.ENGLISH)));
        }
        t.setMaxClockSkew(Long.valueOf(Beans.newDuration(basePac4jOidcClientProperties.getMaxClockSkew()).toSeconds()).intValue());
        t.setDiscoveryURI(basePac4jOidcClientProperties.getDiscoveryUri());
        t.setCustomParams(basePac4jOidcClientProperties.getCustomParams());
        t.setLogoutUrl(basePac4jOidcClientProperties.getLogoutUrl());
        t.setAllowUnsignedIdTokens(basePac4jOidcClientProperties.isAllowUnsignedIdTokens());
        t.setIncludeAccessTokenClaimsInProfile(basePac4jOidcClientProperties.isIncludeAccessTokenClaims());
        t.setExpireSessionWithToken(basePac4jOidcClientProperties.isExpireSessionWithToken());
        t.setLogoutValidation(basePac4jOidcClientProperties.isValidateLogoutToken());
        FunctionUtils.doIfNotBlank(basePac4jOidcClientProperties.getSupportedClientAuthenticationMethods(), str2 -> {
            t.setSupportedClientAuthenticationMethods((Set) org.springframework.util.StringUtils.commaDelimitedListToSet(str2).stream().map(ClientAuthenticationMethod::parse).collect(Collectors.toSet()));
        });
        FunctionUtils.doIfNotBlank(basePac4jOidcClientProperties.getClientAuthenticationMethod(), str3 -> {
            t.setClientAuthenticationMethod(ClientAuthenticationMethod.parse(str3));
        });
        if (StringUtils.isNotBlank(basePac4jOidcClientProperties.getTokenExpirationAdvance())) {
            t.setTokenExpirationAdvance((int) Beans.newDuration(basePac4jOidcClientProperties.getTokenExpirationAdvance()).toSeconds());
        }
        FunctionUtils.doIfNotBlank(basePac4jOidcClientProperties.getResponseMode(), str4 -> {
            t.setResponseMode(basePac4jOidcClientProperties.getResponseMode());
        });
        FunctionUtils.doIfNotBlank(basePac4jOidcClientProperties.getResponseType(), str5 -> {
            t.setResponseType(basePac4jOidcClientProperties.getResponseType());
        });
        if (!basePac4jOidcClientProperties.getMappedClaims().isEmpty()) {
            t.setMappedClaims(CollectionUtils.convertDirectedListToMap(basePac4jOidcClientProperties.getMappedClaims()));
        }
        t.setSslSocketFactory(this.casSslContext.getSslContext().getSocketFactory());
        t.setHostnameVerifier(this.casSslContext.getHostnameVerifier());
        return t;
    }

    protected Collection<ConfigurableDelegatedClient> buildBitBucketIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationBitBucketProperties bitbucket = casConfigurationProperties.getAuthn().getPac4j().getBitbucket();
        if (!bitbucket.isEnabled() || !StringUtils.isNotBlank(bitbucket.getId()) || !StringUtils.isNotBlank(bitbucket.getSecret())) {
            return List.of();
        }
        BitbucketClient bitbucketClient = new BitbucketClient(bitbucket.getId(), bitbucket.getSecret());
        LOGGER.debug("Created client [{}] with identifier [{}]", bitbucketClient.getName(), bitbucketClient.getKey());
        return List.of(new ConfigurableDelegatedClient(bitbucketClient, bitbucket));
    }

    @Generated
    public DelegatedClientOidcBuilder(CasSSLContext casSSLContext) {
        this.casSslContext = casSSLContext;
    }
}
