package com.azure.spring.autoconfigure.aad;

import com.azure.spring.aad.AADAuthorizationGrantType;
import com.azure.spring.aad.webapp.AuthorizationClientProperties;
import com.azure.spring.keyvault.KeyVaultProperties;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.DeprecatedConfigurationProperty;
import org.springframework.util.StringUtils;
import org.springframework.validation.annotation.Validated;

@ConfigurationProperties(AADAuthenticationFilterAutoConfiguration.PROPERTY_PREFIX)
@Validated
/* loaded from: input_file:com/azure/spring/autoconfigure/aad/AADAuthenticationProperties.class */
public class AADAuthenticationProperties implements InitializingBean {
    private static final long DEFAULT_JWK_SET_CACHE_LIFESPAN = TimeUnit.MINUTES.toMillis(5);
    private static final long DEFAULT_JWK_SET_CACHE_REFRESH_TIME = DEFAULT_JWK_SET_CACHE_LIFESPAN;
    private String clientId;
    private String clientSecret;
    private String userNameAttribute;
    private String redirectUriTemplate;
    private String appIdUri;
    private Map<String, Object> authenticateAdditionalParameters;
    private String tenantId;
    private String postLogoutRedirectUri;
    private String baseUri;
    private String graphBaseUri;
    private String graphMembershipUri;
    private UserGroupProperties userGroup = new UserGroupProperties();
    private int jwtConnectTimeout = 500;
    private int jwtReadTimeout = 500;
    private int jwtSizeLimit = 51200;
    private long jwkSetCacheLifespan = DEFAULT_JWK_SET_CACHE_LIFESPAN;
    private long jwkSetCacheRefreshTime = DEFAULT_JWK_SET_CACHE_REFRESH_TIME;
    private boolean allowTelemetry = true;
    private Boolean sessionStateless = false;
    private Map<String, AuthorizationClientProperties> authorizationClients = new HashMap();

    /* loaded from: input_file:com/azure/spring/autoconfigure/aad/AADAuthenticationProperties$UserGroupProperties.class */
    public static class UserGroupProperties {
        private List<String> allowedGroupNames = new ArrayList();
        private Set<String> allowedGroupIds = new HashSet();
        private Boolean enableFullList = false;

        public Set<String> getAllowedGroupIds() {
            return this.allowedGroupIds;
        }

        public void setAllowedGroupIds(Set<String> set) {
            this.allowedGroupIds = set;
        }

        public List<String> getAllowedGroupNames() {
            return this.allowedGroupNames;
        }

        public void setAllowedGroupNames(List<String> list) {
            this.allowedGroupNames = list;
        }

        @DeprecatedConfigurationProperty(reason = "enable-full-list is not easy to understand.", replacement = "allowed-group-ids: all")
        @Deprecated
        public Boolean getEnableFullList() {
            return this.enableFullList;
        }

        public void setEnableFullList(Boolean bool) {
            this.enableFullList = bool;
        }

        @DeprecatedConfigurationProperty(reason = "In order to distinguish between allowed-group-ids and allowed-group-names, set allowed-groups deprecated.", replacement = "azure.activedirectory.user-group.allowed-group-names")
        @Deprecated
        public List<String> getAllowedGroups() {
            return this.allowedGroupNames;
        }

        @Deprecated
        public void setAllowedGroups(List<String> list) {
            this.allowedGroupNames = list;
        }
    }

    @DeprecatedConfigurationProperty(reason = "Configuration moved to UserGroup class to keep UserGroup properties together", replacement = "azure.activedirectory.user-group.allowed-group-names")
    public List<String> getActiveDirectoryGroups() {
        return this.userGroup.getAllowedGroups();
    }

    public boolean allowedGroupNamesConfigured() {
        return ((Boolean) Optional.of(getUserGroup()).map((v0) -> {
            return v0.getAllowedGroupNames();
        }).map(list -> {
            return Boolean.valueOf(!list.isEmpty());
        }).orElse(false)).booleanValue();
    }

    public boolean allowedGroupIdsConfigured() {
        return ((Boolean) Optional.of(getUserGroup()).map((v0) -> {
            return v0.getAllowedGroupIds();
        }).map(set -> {
            return Boolean.valueOf(!set.isEmpty());
        }).orElse(false)).booleanValue();
    }

    public UserGroupProperties getUserGroup() {
        return this.userGroup;
    }

    public void setUserGroup(UserGroupProperties userGroupProperties) {
        this.userGroup = userGroupProperties;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public String getUserNameAttribute() {
        return this.userNameAttribute;
    }

    public void setUserNameAttribute(String str) {
        this.userNameAttribute = str;
    }

    public String getRedirectUriTemplate() {
        return this.redirectUriTemplate;
    }

    public void setRedirectUriTemplate(String str) {
        this.redirectUriTemplate = str;
    }

    @Deprecated
    public void setActiveDirectoryGroups(List<String> list) {
        this.userGroup.setAllowedGroups(list);
    }

    public String getAppIdUri() {
        return this.appIdUri;
    }

    public void setAppIdUri(String str) {
        this.appIdUri = str;
    }

    public Map<String, Object> getAuthenticateAdditionalParameters() {
        return this.authenticateAdditionalParameters;
    }

    public void setAuthenticateAdditionalParameters(Map<String, Object> map) {
        this.authenticateAdditionalParameters = map;
    }

    public int getJwtConnectTimeout() {
        return this.jwtConnectTimeout;
    }

    public void setJwtConnectTimeout(int i) {
        this.jwtConnectTimeout = i;
    }

    public int getJwtReadTimeout() {
        return this.jwtReadTimeout;
    }

    public void setJwtReadTimeout(int i) {
        this.jwtReadTimeout = i;
    }

    public int getJwtSizeLimit() {
        return this.jwtSizeLimit;
    }

    public void setJwtSizeLimit(int i) {
        this.jwtSizeLimit = i;
    }

    public long getJwkSetCacheLifespan() {
        return this.jwkSetCacheLifespan;
    }

    public void setJwkSetCacheLifespan(long j) {
        this.jwkSetCacheLifespan = j;
    }

    public long getJwkSetCacheRefreshTime() {
        return this.jwkSetCacheRefreshTime;
    }

    public void setJwkSetCacheRefreshTime(long j) {
        this.jwkSetCacheRefreshTime = j;
    }

    public String getTenantId() {
        return this.tenantId;
    }

    public void setTenantId(String str) {
        this.tenantId = str;
    }

    public String getPostLogoutRedirectUri() {
        return this.postLogoutRedirectUri;
    }

    public void setPostLogoutRedirectUri(String str) {
        this.postLogoutRedirectUri = str;
    }

    @DeprecatedConfigurationProperty(reason = "Deprecate the telemetry endpoint and use HTTP header User Agent instead.")
    @Deprecated
    public boolean isAllowTelemetry() {
        return this.allowTelemetry;
    }

    public void setAllowTelemetry(boolean z) {
        this.allowTelemetry = z;
    }

    public Boolean getSessionStateless() {
        return this.sessionStateless;
    }

    public void setSessionStateless(Boolean bool) {
        this.sessionStateless = bool;
    }

    public String getBaseUri() {
        return this.baseUri;
    }

    public void setBaseUri(String str) {
        this.baseUri = str;
    }

    public String getGraphBaseUri() {
        return this.graphBaseUri;
    }

    public void setGraphBaseUri(String str) {
        this.graphBaseUri = str;
    }

    public String getGraphMembershipUri() {
        return this.graphMembershipUri;
    }

    public void setGraphMembershipUri(String str) {
        this.graphMembershipUri = str;
    }

    public Map<String, AuthorizationClientProperties> getAuthorizationClients() {
        return this.authorizationClients;
    }

    public void setAuthorizationClients(Map<String, AuthorizationClientProperties> map) {
        this.authorizationClients = map;
    }

    public boolean isAllowedGroup(String str) {
        return ((List) Optional.ofNullable(getUserGroup()).map((v0) -> {
            return v0.getAllowedGroupNames();
        }).orElseGet(Collections::emptyList)).contains(str) || ((Set) Optional.ofNullable(getUserGroup()).map((v0) -> {
            return v0.getAllowedGroupIds();
        }).orElseGet(Collections::emptySet)).contains(str);
    }

    public void afterPropertiesSet() {
        if (StringUtils.hasText(this.baseUri)) {
            this.baseUri = addSlash(this.baseUri);
        } else {
            this.baseUri = "https://login.microsoftonline.com/";
        }
        if (!StringUtils.hasText(this.redirectUriTemplate)) {
            this.redirectUriTemplate = "{baseUrl}/login/oauth2/code/";
        }
        if (StringUtils.hasText(this.graphBaseUri)) {
            this.graphBaseUri = addSlash(this.graphBaseUri);
        } else {
            this.graphBaseUri = "https://graph.microsoft.com/";
        }
        if (!StringUtils.hasText(this.graphMembershipUri)) {
            this.graphMembershipUri = this.graphBaseUri + "v1.0/me/memberOf";
        }
        if (!this.graphMembershipUri.startsWith(this.graphBaseUri)) {
            throw new IllegalStateException("azure.activedirectory.graph-base-uri should be the prefix of azure.activedirectory.graph-membership-uri. azure.activedirectory.graph-base-uri = " + this.graphBaseUri + ", azure.activedirectory.graph-membership-uri = " + this.graphMembershipUri + KeyVaultProperties.DELIMITER);
        }
        Set<String> allowedGroupIds = this.userGroup.getAllowedGroupIds();
        if (allowedGroupIds.size() > 1 && allowedGroupIds.contains("all")) {
            throw new IllegalStateException("When azure.activedirectory.user-group.allowed-group-ids contains 'all', no other group ids can be configured. But actually azure.activedirectory.user-group.allowed-group-ids=" + allowedGroupIds);
        }
        if (!StringUtils.hasText(this.tenantId)) {
            this.tenantId = "common";
        }
        if (isMultiTenantsApplication(this.tenantId) && !this.userGroup.getAllowedGroups().isEmpty()) {
            throw new IllegalStateException("When azure.activedirectory.tenant-id is 'common/organizations/consumers', azure.activedirectory.user-group.allowed-groups/allowed-group-names should be empty. But actually azure.activedirectory.tenant-id=" + this.tenantId + ", and azure.activedirectory.user-group.allowed-groups/allowed-group-names=" + this.userGroup.getAllowedGroups());
        }
        if (isMultiTenantsApplication(this.tenantId) && !this.userGroup.getAllowedGroupIds().isEmpty()) {
            throw new IllegalStateException("When azure.activedirectory.tenant-id is 'common/organizations/consumers', azure.activedirectory.user-group.allowed-group-ids should be empty. But actually azure.activedirectory.tenant-id=" + this.tenantId + ", and azure.activedirectory.user-group.allowed-group-ids=" + this.userGroup.getAllowedGroupIds());
        }
        this.authorizationClients.values().stream().filter((v0) -> {
            return v0.isOnDemand();
        }).map((v0) -> {
            return v0.getAuthorizationGrantType();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(aADAuthorizationGrantType -> {
            return !AADAuthorizationGrantType.AUTHORIZATION_CODE.equals(aADAuthorizationGrantType);
        }).findAny().ifPresent(aADAuthorizationGrantType2 -> {
            throw new IllegalStateException("onDemand only support authorization_code grant type. ");
        });
    }

    private boolean isMultiTenantsApplication(String str) {
        return "common".equals(str) || "organizations".equals(str) || "consumers".equals(str);
    }

    private String addSlash(String str) {
        return str.endsWith("/") ? str : str + "/";
    }
}
