package com.nimbusds.openid.connect.provider.spi.reg.statement;

import com.nimbusds.common.config.ConfigurationException;
import com.nimbusds.common.config.LoggableConfiguration;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.util.StringUtils;
import com.thetransactioncompany.util.PropertyFilter;
import com.thetransactioncompany.util.PropertyParseException;
import com.thetransactioncompany.util.PropertyRetriever;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/spi/reg/statement/Configuration.class */
public final class Configuration implements LoggableConfiguration {
    public static final String FILE_PATH = "/WEB-INF/softwareStatementVerifier.properties";
    public static final String DEFAULT_PREFIX = "op.ssv.";
    public final boolean enable;
    public final Issuer issuer;
    public final URL issuerJWKSetURL;
    public final Set<JWSAlgorithm> jwsAlgorithms;
    public final int httpConnectTimeout;
    public final int httpReadTimeout;
    public final BearerAccessToken registrationAccessToken;
    public final Set<String> additionalRequiredClaims;
    public final Set<String> logClaims;
    public final boolean clientX509Certificate_require;
    public final String clientX509Certificate_rootDN;
    public final RequestType requestType;
    public final JWKSetSource requestJWT_jwkSetSource;
    public final Set<JWSAlgorithm> requestJWT_jwsAlgorithms;
    public final Set<String> requestJWT_requiredClaims;
    public final List<String> transforms_remove;
    public final Map<String, String> transforms_rename;
    public final List<String> transforms_moveIntoData;
    public final Map<String, ScopeRule> scopeRules;

    public Configuration(Properties properties) throws ConfigurationException {
        PropertyRetriever propertyRetriever = new PropertyRetriever(properties, true);
        try {
            this.enable = propertyRetriever.getOptBoolean("op.ssv.enable", false);
            if (!this.enable) {
                this.issuer = null;
                this.issuerJWKSetURL = null;
                this.jwsAlgorithms = Collections.emptySet();
                this.httpConnectTimeout = 0;
                this.httpReadTimeout = 0;
                this.registrationAccessToken = null;
                this.additionalRequiredClaims = Collections.emptySet();
                this.logClaims = Collections.emptySet();
                this.clientX509Certificate_require = false;
                this.clientX509Certificate_rootDN = null;
                this.requestType = RequestType.JSON;
                this.requestJWT_jwkSetSource = null;
                this.requestJWT_jwsAlgorithms = Collections.emptySet();
                this.requestJWT_requiredClaims = Collections.emptySet();
                this.transforms_remove = Collections.emptyList();
                this.transforms_rename = Collections.emptyMap();
                this.transforms_moveIntoData = Collections.emptyList();
                this.scopeRules = Collections.emptyMap();
                return;
            }
            this.issuer = new Issuer(propertyRetriever.getString("op.ssv.issuer"));
            this.issuerJWKSetURL = propertyRetriever.getURL("op.ssv.issuerJWKSetURL");
            HashSet hashSet = new HashSet();
            Iterator it = propertyRetriever.getStringList("op.ssv.jwsAlgorithms").iterator();
            while (it.hasNext()) {
                hashSet.add(JWSAlgorithm.parse((String) it.next()));
            }
            this.jwsAlgorithms = Collections.unmodifiableSet(hashSet);
            this.httpConnectTimeout = propertyRetriever.getInt("op.ssv.connectTimeout");
            this.httpReadTimeout = propertyRetriever.getInt("op.ssv.readTimeout");
            this.registrationAccessToken = new BearerAccessToken(propertyRetriever.getString("op.ssv.registrationAccessToken"));
            this.additionalRequiredClaims = new HashSet(propertyRetriever.getOptStringList("op.ssv.additionalRequiredClaims", Collections.emptyList()));
            this.logClaims = new LinkedHashSet(propertyRetriever.getOptStringList("op.ssv.logClaims", List.of("iss")));
            this.clientX509Certificate_require = propertyRetriever.getOptBoolean("op.ssv.clientX509Certificate.require", false);
            if (this.clientX509Certificate_require) {
                this.clientX509Certificate_rootDN = propertyRetriever.getOptString("op.ssv.clientX509Certificate.rootDN", (String) null);
            } else {
                this.clientX509Certificate_rootDN = null;
            }
            this.requestType = (RequestType) propertyRetriever.getOptEnum("op.ssv.requestType", RequestType.class, RequestType.JSON);
            if (this.requestType.equals(RequestType.JWT)) {
                try {
                    this.requestJWT_jwkSetSource = new JWKSetSource(propertyRetriever.getURI("op.ssv.requestJWT.jwkSetSource"));
                    HashSet hashSet2 = new HashSet();
                    Iterator it2 = propertyRetriever.getStringList("op.ssv.requestJWT.jwsAlgorithms").iterator();
                    while (it2.hasNext()) {
                        hashSet2.add(JWSAlgorithm.parse((String) it2.next()));
                    }
                    this.requestJWT_jwsAlgorithms = Collections.unmodifiableSet(hashSet2);
                    this.requestJWT_requiredClaims = new HashSet(propertyRetriever.getOptStringList("op.ssv.requestJWT.requiredClaims", Collections.emptyList()));
                } catch (URISyntaxException e) {
                    throw new PropertyParseException(e.getMessage(), "op.ssv.requestJWT.jwkSetSource");
                }
            } else {
                this.requestJWT_jwkSetSource = null;
                this.requestJWT_jwsAlgorithms = Collections.emptySet();
                this.requestJWT_requiredClaims = Collections.emptySet();
            }
            this.transforms_remove = propertyRetriever.getOptStringList("op.ssv.transforms.remove", Collections.emptyList());
            Properties properties2 = new Properties();
            properties2.putAll(properties);
            properties2.putAll(System.getProperties());
            Properties filterWithPrefix = PropertyFilter.filterWithPrefix("op.ssv.transforms.rename.", properties2);
            HashMap hashMap = new HashMap();
            for (String str : filterWithPrefix.stringPropertyNames()) {
                String substring = str.substring("op.ssv.transforms.rename.".length());
                String property = filterWithPrefix.getProperty(str);
                if (StringUtils.isNotBlank(substring) && StringUtils.isNotBlank(property)) {
                    hashMap.put(substring, property);
                }
            }
            this.transforms_rename = Collections.unmodifiableMap(hashMap);
            this.transforms_moveIntoData = propertyRetriever.getOptStringList("op.ssv.transforms.moveIntoData", Collections.emptyList());
            HashMap hashMap2 = new HashMap();
            for (String str2 : PropertyFilter.filterWithPrefix("op.ssv.scopeRules.", properties2).stringPropertyNames()) {
                if (str2.startsWith("op.ssv.scopeRules.") && str2.endsWith(".scope")) {
                    String substring2 = str2.substring("op.ssv.scopeRules.".length(), str2.lastIndexOf(".scope"));
                    hashMap2.put(substring2, new ScopeRule(Scope.parse(propertyRetriever.getString(str2)), propertyRetriever.getString("op.ssv.scopeRules." + substring2 + ".jsonPath")));
                }
            }
            this.scopeRules = Collections.unmodifiableMap(hashMap2);
        } catch (PropertyParseException e2) {
            throw new ConfigurationException(e2.getMessage() + ": Property: " + e2.getPropertyKey());
        }
    }

    public void log() {
        Logger logger = LogManager.getLogger("MAIN");
        logger.info("[SSV0000] Software statement verifier configuration:");
        logger.info("[SSV0001] Software statement verifier enabled: {}", Boolean.valueOf(this.enable));
        if (this.enable) {
            logger.info("[SSV0002] Software statement issuer: {}", this.issuer);
            if ("https".equalsIgnoreCase(this.issuerJWKSetURL.getProtocol())) {
                logger.info("[SSV0003] Software statement issuer JWK set URL: {}", this.issuerJWKSetURL);
            } else {
                logger.warn("[SSV0003] Software statement issuer JWK set URL (unsecured, consider using HTTPS): {}", this.issuerJWKSetURL);
            }
            logger.info("[SSV0011] Software statement JWS algorithms: {}", this.jwsAlgorithms);
            logger.info("[SSV0004] HTTP connect timeout: {} ms", Integer.valueOf(this.httpConnectTimeout));
            logger.info("[SSV0005] HTTP read timeout: {} ms", Integer.valueOf(this.httpReadTimeout));
            logger.info("[SSV0006] Registration access token configured: {}", Boolean.valueOf(this.registrationAccessToken != null));
            logger.info("[SSV0007] Additional required software statement JWT claims: {}", this.additionalRequiredClaims != null ? this.additionalRequiredClaims : "none");
            logger.info("[SSV0018] Software statement claims to log at INFO level under SSV0100: {}", this.logClaims);
            logger.info("[SSV0008] Client X.509 certificate required: {}", Boolean.valueOf(this.clientX509Certificate_require));
            if (this.clientX509Certificate_require) {
                logger.info("[SSV0014] Client X.509 certificate root DN: {}", this.clientX509Certificate_rootDN != null ? this.clientX509Certificate_rootDN : "not specified");
            }
            logger.info("[SSV0009] Accepted registration request type: {}", this.requestType);
            if (this.requestType.equals(RequestType.JWT)) {
                logger.info("[SSV0010] JWK set source for validating registration request JWTs: {}", this.requestJWT_jwkSetSource);
                logger.info("[SSV0012] Registration request JWS algorithms: {}", this.requestJWT_jwsAlgorithms);
                logger.info("[SSV0013] Required registration request JWT claims: {}", this.requestJWT_requiredClaims != null ? this.requestJWT_requiredClaims : "none");
            }
            logger.info("[SSV0015] Merged client metadata transforms: Rename map: {}", this.transforms_rename);
            logger.info("[SSV0016] Merged client metadata transforms: Move into \"data\" list: {}", this.transforms_moveIntoData);
            logger.info("[SSV0017] Merged client metadata transforms: Remove list: {}", this.transforms_remove);
            logger.info("[SSV0019] Scope rules: {}", this.scopeRules);
        }
    }
}
