package org.apereo.cas.okta;

import com.okta.authn.sdk.client.AuthenticationClient;
import com.okta.authn.sdk.client.AuthenticationClientBuilder;
import com.okta.authn.sdk.client.AuthenticationClients;
import com.okta.commons.http.config.Proxy;
import com.okta.sdk.authc.credentials.TokenClientCredentials;
import com.okta.sdk.client.AuthorizationMode;
import com.okta.sdk.client.Client;
import com.okta.sdk.client.ClientBuilder;
import com.okta.sdk.client.Clients;
import java.nio.charset.StandardCharsets;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.model.support.okta.BaseOktaApiProperties;
import org.apereo.cas.configuration.model.support.okta.OktaAuthenticationProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.function.FunctionUtils;

/* loaded from: input_file:org/apereo/cas/okta/OktaConfigurationFactory.class */
public class OktaConfigurationFactory {
    public static Client buildClient(BaseOktaApiProperties baseOktaApiProperties) {
        ClientBuilder connectionTimeout = Clients.builder().setOrgUrl(baseOktaApiProperties.getOrganizationUrl()).setConnectionTimeout(baseOktaApiProperties.getConnectionTimeout());
        FunctionUtils.doIfNotNull(baseOktaApiProperties.getApiToken(), str -> {
            connectionTimeout.setClientCredentials(new TokenClientCredentials(str));
        });
        FunctionUtils.doIfNotNull(baseOktaApiProperties.getPrivateKey().getLocation(), resource -> {
            connectionTimeout.setAuthorizationMode(AuthorizationMode.PRIVATE_KEY).setPrivateKey(IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8)).setClientId(baseOktaApiProperties.getClientId()).setScopes(CollectionUtils.wrapHashSet(baseOktaApiProperties.getScopes()));
        });
        if (StringUtils.isNotBlank(baseOktaApiProperties.getProxyHost()) && baseOktaApiProperties.getProxyPort() > 0) {
            if (StringUtils.isNotBlank(baseOktaApiProperties.getProxyUsername()) && StringUtils.isNotBlank(baseOktaApiProperties.getProxyPassword())) {
                connectionTimeout.setProxy(new Proxy(baseOktaApiProperties.getProxyHost(), baseOktaApiProperties.getProxyPort(), baseOktaApiProperties.getProxyUsername(), baseOktaApiProperties.getProxyPassword()));
            } else {
                connectionTimeout.setProxy(new Proxy(baseOktaApiProperties.getProxyHost(), baseOktaApiProperties.getProxyPort()));
            }
        }
        return connectionTimeout.build();
    }

    public static AuthenticationClient buildAuthenticationClient(OktaAuthenticationProperties oktaAuthenticationProperties) {
        AuthenticationClientBuilder connectionTimeout = AuthenticationClients.builder().setOrgUrl(oktaAuthenticationProperties.getOrganizationUrl()).setConnectionTimeout(oktaAuthenticationProperties.getConnectionTimeout());
        if (StringUtils.isNotBlank(oktaAuthenticationProperties.getProxyHost()) && oktaAuthenticationProperties.getProxyPort() > 0) {
            if (StringUtils.isNotBlank(oktaAuthenticationProperties.getProxyUsername()) && StringUtils.isNotBlank(oktaAuthenticationProperties.getProxyPassword())) {
                connectionTimeout.setProxy(new Proxy(oktaAuthenticationProperties.getProxyHost(), oktaAuthenticationProperties.getProxyPort(), oktaAuthenticationProperties.getProxyUsername(), oktaAuthenticationProperties.getProxyPassword()));
            } else {
                connectionTimeout.setProxy(new Proxy(oktaAuthenticationProperties.getProxyHost(), oktaAuthenticationProperties.getProxyPort()));
            }
        }
        return connectionTimeout.build();
    }
}
