package org.forgerock.openam.authentication.modules.oauth2;

import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.forgerock.openam.authentication.modules.oauth2.service.DefaultServiceUrlProvider;
import org.forgerock.openam.authentication.modules.oauth2.service.ESIAServiceUrlProvider;
import org.forgerock.openam.authentication.modules.oauth2.service.ServiceUrlProvider;
import org.forgerock.openam.utils.MappingUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:org/forgerock/openam/authentication/modules/oauth2/OAuthConf.class */
public class OAuthConf {
    static final String CLIENT = "genericHTML";
    static final String ESIA_PREFIX = "esia";
    static final String ESIA_KEY_PATH = "[esia-key-path]";
    static final String ESIA_CERT_PATH = "[esia-cert-path]";
    private boolean openIDConnect;
    private String accountProvider;
    private String clientId;
    private String clientSecret;
    private String scope;
    private String authServiceUrl;
    private String tokenServiceUrl;
    private String profileServiceUrl;
    private String profileServiceParam;
    private String ssoProxyUrl;
    private String accountMapper;
    private Set<String> attributeMappers;
    private String createAccountFlag;
    private String promptPasswordFlag;
    private String useAnonymousUserFlag;
    private String anonymousUser;
    private Map<String, String> accountMapperConfig;
    private Map<String, String> attributeMapperConfig;
    private String saveAttributesToSessionFlag;
    private String mailAttribute;
    private String logoutServiceUrl;
    private String logoutBehaviour;
    private String gatewayEmailImplClass;
    private String smtpHostName;
    private String smtpPort;
    private String smtpUserName;
    private String smtpUserPassword;
    private String smtpSSLEnabled;
    private String emailFrom;
    private String authLevel;
    private Map<String, String> customProperties;
    private ServiceUrlProvider serviceUrlProvider;

    OAuthConf() {
        this.clientId = null;
        this.clientSecret = null;
        this.scope = null;
        this.authServiceUrl = null;
        this.tokenServiceUrl = null;
        this.profileServiceUrl = null;
        this.profileServiceParam = null;
        this.ssoProxyUrl = null;
        this.accountMapper = null;
        this.attributeMappers = null;
        this.createAccountFlag = null;
        this.promptPasswordFlag = null;
        this.useAnonymousUserFlag = null;
        this.anonymousUser = null;
        this.accountMapperConfig = null;
        this.attributeMapperConfig = null;
        this.saveAttributesToSessionFlag = null;
        this.mailAttribute = null;
        this.logoutServiceUrl = null;
        this.logoutBehaviour = null;
        this.gatewayEmailImplClass = null;
        this.smtpHostName = null;
        this.smtpPort = null;
        this.smtpUserName = null;
        this.smtpUserPassword = null;
        this.smtpSSLEnabled = "false";
        this.emailFrom = null;
        this.authLevel = "0";
        this.customProperties = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuthConf(Map map) {
        this.clientId = null;
        this.clientSecret = null;
        this.scope = null;
        this.authServiceUrl = null;
        this.tokenServiceUrl = null;
        this.profileServiceUrl = null;
        this.profileServiceParam = null;
        this.ssoProxyUrl = null;
        this.accountMapper = null;
        this.attributeMappers = null;
        this.createAccountFlag = null;
        this.promptPasswordFlag = null;
        this.useAnonymousUserFlag = null;
        this.anonymousUser = null;
        this.accountMapperConfig = null;
        this.attributeMapperConfig = null;
        this.saveAttributesToSessionFlag = null;
        this.mailAttribute = null;
        this.logoutServiceUrl = null;
        this.logoutBehaviour = null;
        this.gatewayEmailImplClass = null;
        this.smtpHostName = null;
        this.smtpPort = null;
        this.smtpUserName = null;
        this.smtpUserPassword = null;
        this.smtpSSLEnabled = "false";
        this.emailFrom = null;
        this.authLevel = "0";
        this.customProperties = null;
        this.clientId = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-client-id");
        this.clientSecret = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-client-secret");
        this.scope = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-scope");
        if (StringUtils.isNotEmpty(this.scope)) {
            this.openIDConnect = Arrays.asList(this.scope.split(OAuthParam.SCOPE_SEPARATOR)).contains(OAuthParam.OIDC_SCOPE);
        } else {
            this.openIDConnect = false;
        }
        this.authServiceUrl = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-auth-service");
        this.tokenServiceUrl = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-token-service");
        this.profileServiceUrl = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-user-profile-service");
        this.profileServiceParam = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-user-profile-param", OAuthParam.PARAM_ACCESS_TOKEN);
        this.ssoProxyUrl = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-sso-proxy-url");
        this.accountProvider = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-account-provider");
        this.accountMapper = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-account-mapper");
        this.accountMapperConfig = MappingUtils.parseMappings((Set) map.get("org-forgerock-auth-oauth-account-mapper-configuration"));
        this.attributeMappers = (Set) map.get("org-forgerock-auth-oauth-attribute-mapper");
        this.attributeMapperConfig = MappingUtils.parseMappings((Set) map.get("org-forgerock-auth-oauth-attribute-mapper-configuration"));
        this.saveAttributesToSessionFlag = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-save-attributes-to-session-flag");
        this.mailAttribute = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-mail-attribute");
        this.createAccountFlag = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-createaccount-flag");
        this.promptPasswordFlag = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-prompt-password-flag");
        this.useAnonymousUserFlag = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-map-to-anonymous-flag");
        this.anonymousUser = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-anonymous-user");
        this.logoutServiceUrl = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-logout-service-url");
        this.logoutBehaviour = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-logout-behaviour");
        this.gatewayEmailImplClass = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-email-gwy-impl");
        this.smtpHostName = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-smtp-hostname");
        this.smtpPort = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-smtp-port");
        this.smtpUserName = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-smtp-username");
        this.smtpUserPassword = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-smtp-password");
        this.smtpSSLEnabled = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-smtp-ssl_enabled");
        this.emailFrom = CollectionHelper.getMapAttr(map, "org-forgerock-auth-oauth-smtp-email-from");
        this.authLevel = CollectionHelper.getMapAttr(map, "iplanet-am-auth-oauth-auth-level");
        this.customProperties = CollectionUtils.isNotEmpty((Set) map.get("openam-auth-oauth2-custom-properties")) ? MappingUtils.parseMappings((Set) map.get("openam-auth-oauth2-custom-properties")) : Collections.EMPTY_MAP;
        if (this.authServiceUrl == null || !this.authServiceUrl.contains(ESIA_PREFIX)) {
            this.serviceUrlProvider = new DefaultServiceUrlProvider();
        } else {
            this.serviceUrlProvider = new ESIAServiceUrlProvider(this.customProperties.get(ESIA_KEY_PATH), this.customProperties.get(ESIA_CERT_PATH));
        }
    }

    public int getAuthnLevel() {
        int i = 0;
        if (this.authLevel != null) {
            try {
                i = Integer.parseInt(this.authLevel);
            } catch (Exception e) {
                OAuthUtil.debugError("Unable to find a valid auth level " + this.authLevel + ", defaulting to 0", e);
            }
        }
        return i;
    }

    public String getGatewayImplClass() throws AuthLoginException {
        return this.gatewayEmailImplClass;
    }

    public Map<String, String> getSMTPConfig() {
        HashMap hashMap = new HashMap();
        hashMap.put("org-forgerock-auth-oauth-email-gwy-impl", this.gatewayEmailImplClass);
        hashMap.put("org-forgerock-auth-oauth-smtp-hostname", this.smtpHostName);
        hashMap.put("org-forgerock-auth-oauth-smtp-port", this.smtpPort);
        hashMap.put("org-forgerock-auth-oauth-smtp-username", this.smtpUserName);
        hashMap.put("org-forgerock-auth-oauth-smtp-password", this.smtpUserPassword);
        hashMap.put("org-forgerock-auth-oauth-smtp-ssl_enabled", this.smtpSSLEnabled);
        return hashMap;
    }

    public String getLogoutServiceUrl() {
        return this.logoutServiceUrl;
    }

    public String getLogoutBhaviour() {
        return this.logoutBehaviour;
    }

    public String getEmailFrom() {
        return this.emailFrom;
    }

    public String getAccountMapper() {
        return this.accountMapper;
    }

    public String getAccountProvider() {
        return this.accountProvider;
    }

    public Set<String> getAttributeMappers() {
        return this.attributeMappers;
    }

    public Map<String, String> getAccountMapperConfig() {
        return this.accountMapperConfig;
    }

    public Map<String, String> getAttributeMapperConfig() {
        return this.attributeMapperConfig;
    }

    public boolean getSaveAttributesToSessionFlag() {
        return this.saveAttributesToSessionFlag.equalsIgnoreCase("true");
    }

    public String getMailAttribute() {
        return this.mailAttribute;
    }

    public boolean getCreateAccountFlag() {
        return this.createAccountFlag.equalsIgnoreCase("true");
    }

    public boolean getPromptPasswordFlag() {
        return this.promptPasswordFlag.equalsIgnoreCase("true");
    }

    public boolean getUseAnonymousUserFlag() {
        return this.useAnonymousUserFlag.equalsIgnoreCase("true");
    }

    public String getAnonymousUser() {
        return this.anonymousUser;
    }

    public String getProxyURL() {
        return this.ssoProxyUrl;
    }

    public String getScope() {
        return this.scope;
    }

    public String getAuthServiceUrl() {
        return this.authServiceUrl;
    }

    public String getAuthServiceUrl(String str, String str2) throws AuthLoginException {
        return this.serviceUrlProvider.getServiceUri(this, str, str2);
    }

    private void addParam(StringBuilder sb, String str, String str2) {
        sb.append(sb.toString().contains("?") ? "&" : "?").append(str).append("=").append(str2);
    }

    public String getTokenServiceUrl() {
        return this.tokenServiceUrl;
    }

    public Map<String, String> getTokenServiceGETParameters(String str, String str2) throws AuthLoginException {
        return this.serviceUrlProvider.getTokenServiceGETparameters(this, str, str2);
    }

    public Map<String, String> getTokenServicePOSTparameters(String str, String str2) throws AuthLoginException {
        return this.serviceUrlProvider.getTokenServicePOSTparameters(this, str, str2);
    }

    public String getProfileServiceUrl() {
        return this.profileServiceUrl;
    }

    public Map<String, String> getProfileServiceGetParameters() {
        return Collections.emptyMap();
    }

    public void validateConfiguration() throws AuthLoginException {
        if (this.clientId == null || this.clientId.isEmpty()) {
            OAuthUtil.debugError("The Client Id can not be empty");
            throw new AuthLoginException("The Client Id can not be empty");
        }
        if (this.clientSecret == null || this.clientSecret.isEmpty()) {
            OAuthUtil.debugError("The Client Secret can not be empty");
            throw new AuthLoginException("The Client Secret can not be empty");
        }
        if (this.authServiceUrl == null || this.authServiceUrl.isEmpty() || this.tokenServiceUrl == null || this.tokenServiceUrl.isEmpty() || (!this.openIDConnect && (this.profileServiceUrl == null || this.profileServiceUrl.isEmpty()))) {
            OAuthUtil.debugError("One or more of the OAuth2 Provider endpoints is empty");
            throw new AuthLoginException("One or more of the OAuth2 Provider endpoints is empty");
        }
        if (this.accountMapper == null || this.accountMapper.isEmpty() || this.attributeMappers == null || this.attributeMappers.isEmpty()) {
            OAuthUtil.debugError("One or more of the Mappers is empty");
            throw new AuthLoginException("One or more of the Mappers is empty");
        }
        if (getAccountMapperConfig().isEmpty() && !getUseAnonymousUserFlag()) {
            OAuthUtil.debugError("The account mapper configuration is empty and anonymous mapping was not enabled");
            throw new AuthLoginException("Aborting authentication, Account Mapper configuration is empty and anonymous mapping was not enabled!");
        }
        if (getUseAnonymousUserFlag() && getCreateAccountFlag()) {
            OAuthUtil.debugError("Map to anonymous user and Create Account if does not exist can not be selected at the same time");
            throw new AuthLoginException("Map to anonymous user and Create Account if does not exist can not be selected at the same time");
        }
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public boolean isOpenIDConnect() {
        return this.openIDConnect;
    }

    public Map<String, String> getCustomProperties() {
        return this.customProperties;
    }

    public ServiceUrlProvider getServiceUrlProvider() {
        return this.serviceUrlProvider;
    }
}
