package org.entur.jwt.client.spring;

import java.net.URL;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.entur.jwt.client.AccessTokenProvider;
import org.entur.jwt.client.AccessTokenProviderBuilder;
import org.entur.jwt.client.ClientCredentials;
import org.entur.jwt.client.auth0.Auth0ClientCredentialsBuilder;
import org.entur.jwt.client.keycloak.KeycloakClientCredentialsBuilder;
import org.entur.jwt.client.properties.AbstractJwtClientProperties;
import org.entur.jwt.client.properties.Auth0JwtClientProperties;
import org.entur.jwt.client.properties.JwtClientCache;
import org.entur.jwt.client.properties.KeycloakJwtClientProperties;
import org.entur.jwt.client.properties.PreemptiveRefresh;
import org.entur.jwt.client.spring.actuate.AccessTokenProviderHealthIndicator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.ConstructorArgumentValues;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor;
import org.springframework.beans.factory.support.GenericBeanDefinition;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.context.properties.bind.Binder;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.EnvironmentAware;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.lang.Nullable;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({SpringJwtClientProperties.class})
@Configuration
/* loaded from: input_file:org/entur/jwt/client/spring/JwtClientAutoConfiguration.class */
public class JwtClientAutoConfiguration {

    /* loaded from: input_file:org/entur/jwt/client/spring/JwtClientAutoConfiguration$JwtClientBeanDefinitionRegistryPostProcessor.class */
    public static class JwtClientBeanDefinitionRegistryPostProcessor implements BeanDefinitionRegistryPostProcessor, EnvironmentAware {
        private SpringJwtClientProperties properties;

        public void postProcessBeanFactory(ConfigurableListableBeanFactory configurableListableBeanFactory) {
        }

        public void setEnvironment(@Nullable Environment environment) {
            bindProperties(environment);
        }

        private void bindProperties(Environment environment) {
            this.properties = (SpringJwtClientProperties) Binder.get(environment).bind("entur.jwt.clients", SpringJwtClientProperties.class).orElse(new SpringJwtClientProperties());
        }

        public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry beanDefinitionRegistry) {
            add(beanDefinitionRegistry, "newAuth0Instance", this.properties.getAuth0().keySet());
            add(beanDefinitionRegistry, "newKeycloakInstance", this.properties.getKeycloak().keySet());
        }

        private void add(BeanDefinitionRegistry beanDefinitionRegistry, String str, Set<String> set) {
            for (String str2 : set) {
                GenericBeanDefinition genericBeanDefinition = new GenericBeanDefinition();
                genericBeanDefinition.setBeanClass(AccessTokenProvider.class);
                genericBeanDefinition.setFactoryBeanName("jwtClientBeanDefinitionRegistryPostProcessorSupport");
                genericBeanDefinition.setFactoryMethodName(str);
                ConstructorArgumentValues constructorArgumentValues = new ConstructorArgumentValues();
                constructorArgumentValues.addGenericArgumentValue(str2);
                genericBeanDefinition.setAutowireCandidate(true);
                genericBeanDefinition.setConstructorArgumentValues(constructorArgumentValues);
                beanDefinitionRegistry.registerBeanDefinition(str2, genericBeanDefinition);
            }
        }
    }

    /* loaded from: input_file:org/entur/jwt/client/spring/JwtClientAutoConfiguration$JwtClientBeanDefinitionRegistryPostProcessorSupport.class */
    public static class JwtClientBeanDefinitionRegistryPostProcessorSupport {
        private RestTemplate restTemplate;
        private SpringJwtClientProperties rootProperties;

        public JwtClientBeanDefinitionRegistryPostProcessorSupport(RestTemplate restTemplate, SpringJwtClientProperties springJwtClientProperties) {
            this.restTemplate = restTemplate;
            this.rootProperties = springJwtClientProperties;
        }

        public AccessTokenProvider newAuth0Instance(String str) {
            Auth0JwtClientProperties auth0JwtClientProperties = this.rootProperties.getAuth0().get(str);
            return toAccessTokenProvider(this.restTemplate, auth0JwtClientProperties, Auth0ClientCredentialsBuilder.newInstance().withHost(auth0JwtClientProperties.getHost()).withClientId(auth0JwtClientProperties.getClientId()).withSecret(auth0JwtClientProperties.getSecret()).withScope(auth0JwtClientProperties.getScope()).withAudience(auth0JwtClientProperties.getAudience()).build(), this.rootProperties.getHealthIndicator().isEnabled());
        }

        public AccessTokenProvider newKeycloakInstance(String str) {
            KeycloakJwtClientProperties keycloakJwtClientProperties = this.rootProperties.getKeycloak().get(str);
            return toAccessTokenProvider(this.restTemplate, keycloakJwtClientProperties, KeycloakClientCredentialsBuilder.newInstance().withHost(keycloakJwtClientProperties.getHost()).withClientId(keycloakJwtClientProperties.getClientId()).withSecret(keycloakJwtClientProperties.getSecret()).withScope(keycloakJwtClientProperties.getScope()).withAudience(keycloakJwtClientProperties.getAudience()).withRealm(keycloakJwtClientProperties.getRealm()).build(), this.rootProperties.getHealthIndicator().isEnabled());
        }

        private AccessTokenProvider toAccessTokenProvider(RestTemplate restTemplate, AbstractJwtClientProperties abstractJwtClientProperties, ClientCredentials clientCredentials, boolean z) {
            AccessTokenProvider restTemplateUrlAccessTokenProvider;
            JwtClientCache cache = abstractJwtClientProperties.getCache();
            URL revokeURL = clientCredentials.getRevokeURL();
            URL refreshURL = clientCredentials.getRefreshURL();
            if (revokeURL != null && refreshURL != null) {
                restTemplateUrlAccessTokenProvider = new RestTemplateStatefulUrlAccessTokenProvider(restTemplate, clientCredentials.getIssueURL(), clientCredentials.getParameters(), clientCredentials.getHeaders(), refreshURL, revokeURL);
            } else {
                if (revokeURL != null || refreshURL != null) {
                    throw new IllegalStateException("Expected neither or both refresh url and revoke url present");
                }
                restTemplateUrlAccessTokenProvider = new RestTemplateUrlAccessTokenProvider(restTemplate, clientCredentials.getIssueURL(), clientCredentials.getParameters(), clientCredentials.getHeaders());
            }
            AccessTokenProviderBuilder accessTokenProviderBuilder = new AccessTokenProviderBuilder(restTemplateUrlAccessTokenProvider);
            accessTokenProviderBuilder.retrying(abstractJwtClientProperties.isRetrying());
            if (cache == null || !cache.isEnabled()) {
                accessTokenProviderBuilder.cached(false);
            } else {
                accessTokenProviderBuilder.cached(cache.getMinimumTimeToLive(), TimeUnit.SECONDS, cache.getRefreshTimeout(), TimeUnit.SECONDS);
                PreemptiveRefresh preemptiveRefresh = cache.getPreemptiveRefresh();
                if (preemptiveRefresh == null || !preemptiveRefresh.isEnabled()) {
                    accessTokenProviderBuilder.preemptiveCacheRefresh(false);
                } else {
                    accessTokenProviderBuilder.preemptiveCacheRefresh(preemptiveRefresh.getTime(), TimeUnit.SECONDS);
                }
            }
            accessTokenProviderBuilder.health(z);
            return accessTokenProviderBuilder.build();
        }
    }

    @Bean
    @Qualifier("jwtRestTemplate")
    public RestTemplate jwtRestTemplate(RestTemplateBuilder restTemplateBuilder, SpringJwtClientProperties springJwtClientProperties) {
        Integer connectTimeout = springJwtClientProperties.getConnectTimeout();
        Integer readTimeout = springJwtClientProperties.getReadTimeout();
        if (connectTimeout == null || readTimeout == null) {
            Integer timeout = getTimeout(springJwtClientProperties);
            if (connectTimeout == null) {
                connectTimeout = timeout;
            }
            if (readTimeout == null) {
                readTimeout = timeout;
            }
        }
        if (connectTimeout != null) {
            restTemplateBuilder = restTemplateBuilder.setConnectTimeout(Duration.of(connectTimeout.longValue(), ChronoUnit.SECONDS));
        }
        if (readTimeout != null) {
            restTemplateBuilder = restTemplateBuilder.setReadTimeout(Duration.of(readTimeout.longValue(), ChronoUnit.SECONDS));
        }
        return restTemplateBuilder.build();
    }

    private Integer getTimeout(SpringJwtClientProperties springJwtClientProperties) {
        return getTimeout(springJwtClientProperties.getAuth0(), getTimeout(springJwtClientProperties.getKeycloak(), null));
    }

    private Integer getTimeout(Map<String, ? extends AbstractJwtClientProperties> map, Integer num) {
        JwtClientCache cache;
        Iterator<Map.Entry<String, ? extends AbstractJwtClientProperties>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            AbstractJwtClientProperties value = it.next().getValue();
            if (value.isEnabled() && (cache = value.getCache()) != null && cache.isEnabled()) {
                num = num == null ? Integer.valueOf(cache.getRefreshTimeout()) : Integer.valueOf(Math.min(num.intValue(), cache.getRefreshTimeout()));
            }
        }
        return num;
    }

    @Bean
    public static BeanDefinitionRegistryPostProcessor jwtClientBeanDefinitionRegistryPostProcessor() {
        return new JwtClientBeanDefinitionRegistryPostProcessor();
    }

    @Bean
    public JwtClientBeanDefinitionRegistryPostProcessorSupport jwtClientBeanDefinitionRegistryPostProcessorSupport(@Qualifier("jwtRestTemplate") RestTemplate restTemplate, SpringJwtClientProperties springJwtClientProperties) {
        return new JwtClientBeanDefinitionRegistryPostProcessorSupport(restTemplate, springJwtClientProperties);
    }

    @ConditionalOnProperty(value = {"entur.jwt.clients.health-indicator.enabled"}, matchIfMissing = true)
    @Bean
    public AccessTokenProviderHealthIndicator provider(AccessTokenProvider[] accessTokenProviderArr) {
        return new AccessTokenProviderHealthIndicator(accessTokenProviderArr);
    }
}
