package org.pac4j.oidc.config;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jose.util.ResourceRetriever;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod;
import com.nimbusds.openid.connect.sdk.OIDCResponseTypeValue;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.IOException;
import java.net.URL;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.pac4j.core.client.config.BaseClientConfiguration;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.logout.handler.DefaultLogoutHandler;
import org.pac4j.core.logout.handler.LogoutHandler;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.generator.RandomValueGenerator;
import org.pac4j.core.util.generator.ValueGenerator;
import org.pac4j.oidc.profile.creator.TokenValidator;
import org.pac4j.oidc.util.SessionStoreValueRetriever;
import org.pac4j.oidc.util.ValueRetriever;

/* loaded from: input_file:org/pac4j/oidc/config/OidcConfiguration.class */
public class OidcConfiguration extends BaseClientConfiguration {
    public static final String SCOPE = "scope";
    public static final String CUSTOM_PARAMS = "custom_params";
    public static final String RESPONSE_TYPE = "response_type";
    public static final String RESPONSE_MODE = "response_mode";
    public static final String REDIRECT_URI = "redirect_uri";
    public static final String CLIENT_ID = "client_id";
    public static final String STATE = "state";
    public static final String MAX_AGE = "max_age";
    public static final String PROMPT = "prompt";
    public static final String NONCE = "nonce";
    public static final String CODE_CHALLENGE = "code_challenge";
    public static final String CODE_CHALLENGE_METHOD = "code_challenge_method";
    public static final List<ResponseType> AUTHORIZATION_CODE_FLOWS = Collections.unmodifiableList(Arrays.asList(new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE})));
    public static final List<ResponseType> IMPLICIT_FLOWS = Collections.unmodifiableList(Arrays.asList(new ResponseType(new ResponseType.Value[]{OIDCResponseTypeValue.ID_TOKEN}), new ResponseType(new ResponseType.Value[]{OIDCResponseTypeValue.ID_TOKEN, ResponseType.Value.TOKEN})));
    public static final List<ResponseType> HYBRID_CODE_FLOWS = Collections.unmodifiableList(Arrays.asList(new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE, OIDCResponseTypeValue.ID_TOKEN}), new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE, ResponseType.Value.TOKEN}), new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE, OIDCResponseTypeValue.ID_TOKEN, ResponseType.Value.TOKEN})));
    public static final int DEFAULT_MAX_CLOCK_SKEW = 30;
    public static final int DEFAULT_TOKEN_EXPIRATION_ADVANCE = 0;
    private String clientId;
    private String secret;
    private String discoveryURI;
    private String scope;
    private ClientAuthenticationMethod clientAuthenticationMethod;
    private boolean useNonce;
    private CodeChallengeMethod pkceMethod;
    private JWSAlgorithm preferredJwsAlgorithm;
    private Integer maxAge;
    private ResourceRetriever resourceRetriever;
    private OIDCProviderMetadata providerMetadata;
    private String responseMode;
    private String logoutUrl;
    private LogoutHandler logoutHandler;
    private TokenValidator tokenValidator;
    private Map<String, String> customParams = new HashMap();
    private boolean disablePkce = false;
    private int maxClockSkew = 30;
    private ResponseType responseType = AUTHORIZATION_CODE_FLOWS.get(0);
    private int connectTimeout = 500;
    private int readTimeout = 5000;
    private boolean withState = true;
    private Map<String, String> mappedClaims = new LinkedHashMap();
    private ValueGenerator stateGenerator = new RandomValueGenerator();
    private ValueGenerator codeVerifierGenerator = new RandomValueGenerator(50);
    private ValueRetriever valueRetriever = new SessionStoreValueRetriever();
    private boolean expireSessionWithToken = false;
    private int tokenExpirationAdvance = 0;

    /* JADX INFO: Access modifiers changed from: protected */
    public void internalInit() {
        CommonHelper.assertNotBlank("clientId", getClientId());
        if (!AUTHORIZATION_CODE_FLOWS.contains(this.responseType) && !IMPLICIT_FLOWS.contains(this.responseType) && !HYBRID_CODE_FLOWS.contains(this.responseType)) {
            throw new TechnicalException("Unsupported responseType: " + this.responseType);
        }
        if (!IMPLICIT_FLOWS.contains(this.responseType) && isDisablePkce()) {
            CommonHelper.assertNotBlank("secret", getSecret());
        }
        if (getDiscoveryURI() == null && getProviderMetadata() == null) {
            throw new TechnicalException("You must define either the discovery URL or directly the provider metadata");
        }
        if (getResourceRetriever() == null) {
            setResourceRetriever(new DefaultResourceRetriever(getConnectTimeout(), getReadTimeout()));
        }
        if (getProviderMetadata() == null) {
            CommonHelper.assertNotBlank("discoveryURI", getDiscoveryURI());
            try {
                setProviderMetadata(OIDCProviderMetadata.parse(getResourceRetriever().retrieveResource(new URL(getDiscoveryURI())).getContent()));
            } catch (IOException | ParseException e) {
                throw new TechnicalException(e);
            }
        }
        if (this.logoutHandler == null) {
            this.logoutHandler = new DefaultLogoutHandler();
        }
    }

    public OIDCProviderMetadata getProviderMetadata() {
        return this.providerMetadata;
    }

    public OIDCProviderMetadata findProviderMetadata() {
        init();
        return this.providerMetadata;
    }

    public void setProviderMetadata(OIDCProviderMetadata oIDCProviderMetadata) {
        this.providerMetadata = oIDCProviderMetadata;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getSecret() {
        return this.secret;
    }

    public void setSecret(String str) {
        this.secret = str;
    }

    public String getDiscoveryURI() {
        return this.discoveryURI;
    }

    public void defaultDiscoveryURI(String str) {
        if (this.discoveryURI == null) {
            this.discoveryURI = str;
        }
    }

    public String getScope() {
        return this.scope;
    }

    public void setScope(String str) {
        this.scope = str;
    }

    public Map<String, String> getCustomParams() {
        return this.customParams;
    }

    public String getCustomParam(String str) {
        return this.customParams.get(str);
    }

    public void setCustomParams(Map<String, String> map) {
        CommonHelper.assertNotNull("customParams", map);
        this.customParams = map;
    }

    public void addCustomParam(String str, String str2) {
        this.customParams.put(str, str2);
    }

    public ClientAuthenticationMethod getClientAuthenticationMethod() {
        return this.clientAuthenticationMethod;
    }

    public void setClientAuthenticationMethod(ClientAuthenticationMethod clientAuthenticationMethod) {
        this.clientAuthenticationMethod = clientAuthenticationMethod;
    }

    public void setClientAuthenticationMethodAsString(String str) {
        this.clientAuthenticationMethod = ClientAuthenticationMethod.parse(str);
    }

    public boolean isUseNonce() {
        return this.useNonce;
    }

    public void setUseNonce(boolean z) {
        this.useNonce = z;
    }

    public boolean isDisablePkce() {
        return this.disablePkce;
    }

    public void setDisablePkce(boolean z) {
        this.disablePkce = z;
    }

    public CodeChallengeMethod findPkceMethod() {
        List codeChallengeMethods;
        init();
        if (isDisablePkce()) {
            return null;
        }
        if (getPkceMethod() != null) {
            return getPkceMethod();
        }
        if (getProviderMetadata() == null || (codeChallengeMethods = getProviderMetadata().getCodeChallengeMethods()) == null || codeChallengeMethods.isEmpty()) {
            return null;
        }
        return codeChallengeMethods.contains(CodeChallengeMethod.S256) ? CodeChallengeMethod.S256 : (CodeChallengeMethod) codeChallengeMethods.get(0);
    }

    public CodeChallengeMethod getPkceMethod() {
        return this.pkceMethod;
    }

    public void setPkceMethod(CodeChallengeMethod codeChallengeMethod) {
        this.pkceMethod = codeChallengeMethod;
    }

    public JWSAlgorithm getPreferredJwsAlgorithm() {
        return this.preferredJwsAlgorithm;
    }

    public void setPreferredJwsAlgorithm(JWSAlgorithm jWSAlgorithm) {
        this.preferredJwsAlgorithm = jWSAlgorithm;
    }

    public void setPreferredJwsAlgorithmAsString(String str) {
        this.preferredJwsAlgorithm = JWSAlgorithm.parse(str);
    }

    public Integer getMaxAge() {
        return this.maxAge;
    }

    public void setMaxAge(Integer num) {
        this.maxAge = num;
    }

    public int getMaxClockSkew() {
        return this.maxClockSkew;
    }

    public void setMaxClockSkew(int i) {
        this.maxClockSkew = i;
    }

    public int getConnectTimeout() {
        return this.connectTimeout;
    }

    public void setConnectTimeout(int i) {
        this.connectTimeout = i;
    }

    public int getReadTimeout() {
        return this.readTimeout;
    }

    public void setReadTimeout(int i) {
        this.readTimeout = i;
    }

    public void configureHttpRequest(HTTPRequest hTTPRequest) {
        hTTPRequest.setConnectTimeout(getConnectTimeout());
        hTTPRequest.setReadTimeout(getReadTimeout());
    }

    public ResourceRetriever getResourceRetriever() {
        return this.resourceRetriever;
    }

    public ResourceRetriever findResourceRetriever() {
        init();
        return this.resourceRetriever;
    }

    public void setDiscoveryURI(String str) {
        this.discoveryURI = str;
    }

    public void setResourceRetriever(ResourceRetriever resourceRetriever) {
        this.resourceRetriever = resourceRetriever;
    }

    public String getResponseType() {
        return this.responseType.toString();
    }

    public void setResponseType(String str) {
        try {
            this.responseType = ResponseType.parse(str);
        } catch (ParseException e) {
            throw new TechnicalException("Unrecognised responseType: " + str, e);
        }
    }

    public String getResponseMode() {
        return this.responseMode;
    }

    public void setResponseMode(String str) {
        this.responseMode = str;
    }

    public String findLogoutUrl() {
        init();
        return (this.logoutUrl != null || getProviderMetadata().getEndSessionEndpointURI() == null) ? this.logoutUrl : getProviderMetadata().getEndSessionEndpointURI().toString();
    }

    public String getLogoutUrl() {
        return this.logoutUrl;
    }

    public void setLogoutUrl(String str) {
        this.logoutUrl = str;
    }

    public boolean isWithState() {
        return this.withState;
    }

    public void setWithState(boolean z) {
        this.withState = z;
    }

    public boolean isExpireSessionWithToken() {
        return this.expireSessionWithToken;
    }

    public void setExpireSessionWithToken(boolean z) {
        this.expireSessionWithToken = z;
    }

    public int getTokenExpirationAdvance() {
        if (isExpireSessionWithToken()) {
            return this.tokenExpirationAdvance;
        }
        return -1;
    }

    public void setTokenExpirationAdvance(int i) {
        this.tokenExpirationAdvance = i;
    }

    public ValueGenerator getStateGenerator() {
        return this.stateGenerator;
    }

    public void setStateGenerator(ValueGenerator valueGenerator) {
        CommonHelper.assertNotNull("stateGenerator", valueGenerator);
        this.stateGenerator = valueGenerator;
    }

    public ValueGenerator getCodeVerifierGenerator() {
        return this.codeVerifierGenerator;
    }

    public void setCodeVerifierGenerator(ValueGenerator valueGenerator) {
        CommonHelper.assertNotNull("codeVerifierGenerator", valueGenerator);
        this.codeVerifierGenerator = valueGenerator;
    }

    public ValueRetriever getValueRetriever() {
        return this.valueRetriever;
    }

    public void setValueRetriever(ValueRetriever valueRetriever) {
        CommonHelper.assertNotNull("valueRetriever", valueRetriever);
        this.valueRetriever = valueRetriever;
    }

    public LogoutHandler findLogoutHandler() {
        init();
        return this.logoutHandler;
    }

    public void setLogoutHandler(LogoutHandler logoutHandler) {
        this.logoutHandler = logoutHandler;
    }

    public TokenValidator getTokenValidator() {
        return this.tokenValidator;
    }

    public void setTokenValidator(TokenValidator tokenValidator) {
        this.tokenValidator = tokenValidator;
    }

    public TokenValidator findTokenValidator() {
        if (this.tokenValidator == null) {
            setTokenValidator(new TokenValidator(this));
        }
        return this.tokenValidator;
    }

    public Map<String, String> getMappedClaims() {
        return this.mappedClaims;
    }

    public void setMappedClaims(Map<String, String> map) {
        this.mappedClaims = map;
    }

    public String toString() {
        return CommonHelper.toNiceString(getClass(), new Object[]{"clientId", this.clientId, "secret", "[protected]", "discoveryURI", this.discoveryURI, SCOPE, this.scope, "customParams", this.customParams, "clientAuthenticationMethod", this.clientAuthenticationMethod, "useNonce", Boolean.valueOf(this.useNonce), "preferredJwsAlgorithm", this.preferredJwsAlgorithm, "maxAge", this.maxAge, "maxClockSkew", Integer.valueOf(this.maxClockSkew), "connectTimeout", Integer.valueOf(this.connectTimeout), "readTimeout", Integer.valueOf(this.readTimeout), "resourceRetriever", this.resourceRetriever, "responseType", this.responseType, "responseMode", this.responseMode, "logoutUrl", this.logoutUrl, "withState", Boolean.valueOf(this.withState), "stateGenerator", this.stateGenerator, "logoutHandler", this.logoutHandler, "tokenValidator", this.tokenValidator, "mappedClaims", this.mappedClaims});
    }
}
