package org.wcdevs.blog.cdk;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awscdk.core.Construct;
import software.amazon.awscdk.core.Duration;
import software.amazon.awscdk.core.Environment;
import software.amazon.awscdk.core.Stack;
import software.amazon.awscdk.core.StackProps;
import software.amazon.awscdk.customresources.AwsCustomResource;
import software.amazon.awscdk.customresources.AwsCustomResourcePolicy;
import software.amazon.awscdk.customresources.AwsSdkCall;
import software.amazon.awscdk.customresources.PhysicalResourceId;
import software.amazon.awscdk.customresources.SdkCallsPolicyOptions;
import software.amazon.awscdk.services.cognito.AccountRecovery;
import software.amazon.awscdk.services.cognito.AutoVerifiedAttrs;
import software.amazon.awscdk.services.cognito.CognitoDomainOptions;
import software.amazon.awscdk.services.cognito.IUserPool;
import software.amazon.awscdk.services.cognito.Mfa;
import software.amazon.awscdk.services.cognito.OAuthFlows;
import software.amazon.awscdk.services.cognito.OAuthScope;
import software.amazon.awscdk.services.cognito.OAuthSettings;
import software.amazon.awscdk.services.cognito.PasswordPolicy;
import software.amazon.awscdk.services.cognito.SignInAliases;
import software.amazon.awscdk.services.cognito.StandardAttribute;
import software.amazon.awscdk.services.cognito.StandardAttributes;
import software.amazon.awscdk.services.cognito.UserPool;
import software.amazon.awscdk.services.cognito.UserPoolClient;
import software.amazon.awscdk.services.cognito.UserPoolClientIdentityProvider;
import software.amazon.awscdk.services.cognito.UserPoolDomain;
import software.amazon.awscdk.services.secretsmanager.ISecret;
import software.amazon.awscdk.services.secretsmanager.Secret;
import software.amazon.awscdk.services.secretsmanager.SecretStringGenerator;
import software.amazon.awscdk.services.ssm.StringParameter;

/* loaded from: input_file:org/wcdevs/blog/cdk/CognitoStack.class */
public final class CognitoStack extends Stack {
    static final String DEFAULT_COGNITO_LOGOUT_URL_TPL = "https://%s.auth.%s.amazoncognito.com/logout";
    static final String DEFAULT_COGNITO_OAUTH_LOGIN_URL_TEMPLATE = "%s/login/oauth2/code/cognito";
    static final String PARAM_USER_POOL_CLIENT_SECRET_ARN = "userPoolClientSecretArn";
    private static final String PARAM_USER_POOL_LOGOUT_URL = "userPoolLogoutUrl";
    private static final String PARAM_USER_POOL_PROVIDER_URL = "userPoolProviderUrl";
    private static final String CONSTRUCT_NAME = "cognito-stack";
    public static final String USER_POOL_CLIENT_SECRET_HOLDER = "userPoolClientSecret";
    public static final String USER_POOL_ID_HOLDER = "userPoolId";
    public static final String USER_POOL_CLIENT_ID_HOLDER = "userPoolClientId";
    public static final String USER_POOL_CLIENT_NAME_HOLDER = "userPoolClientName";

    /* loaded from: input_file:org/wcdevs/blog/cdk/CognitoStack$InputParameters.class */
    public static final class InputParameters {
        private String cognitoLogoutUrlTemplate;
        private String loginPageDomainPrefix;
        private boolean selfSignUpEnabled;
        private AccountRecovery accountRecovery;
        private boolean signInAutoVerifyEmail;
        private boolean signInAutoVerifyPhone;
        private boolean signInAliasUsername;
        private boolean signInAliasEmail;
        private boolean signInAliasPhone;
        private boolean signInCaseSensitive;
        private boolean signInEmailRequired;
        private boolean signInEmailMutable;
        private boolean signInPhoneRequired;
        private boolean signInPhoneMutable;
        private Mfa mfa;
        private boolean passwordRequireLowercase;
        private boolean passwordRequireDigits;
        private boolean passwordRequireSymbols;
        private boolean passwordRequireUppercase;
        private int passwordMinLength;
        private int tempPasswordValidityInDays;
        private List<UserPoolClientParameter> userPoolClientConfigurations;

        /* loaded from: input_file:org/wcdevs/blog/cdk/CognitoStack$InputParameters$InputParametersBuilder.class */
        public static class InputParametersBuilder {
            private boolean cognitoLogoutUrlTemplate$set;
            private String cognitoLogoutUrlTemplate$value;
            private String loginPageDomainPrefix;
            private boolean selfSignUpEnabled;
            private boolean accountRecovery$set;
            private AccountRecovery accountRecovery$value;
            private boolean signInAutoVerifyEmail;
            private boolean signInAutoVerifyPhone;
            private boolean signInAliasUsername$set;
            private boolean signInAliasUsername$value;
            private boolean signInAliasEmail$set;
            private boolean signInAliasEmail$value;
            private boolean signInAliasPhone;
            private boolean signInCaseSensitive$set;
            private boolean signInCaseSensitive$value;
            private boolean signInEmailRequired$set;
            private boolean signInEmailRequired$value;
            private boolean signInEmailMutable;
            private boolean signInPhoneRequired;
            private boolean signInPhoneMutable;
            private boolean mfa$set;
            private Mfa mfa$value;
            private boolean passwordRequireLowercase$set;
            private boolean passwordRequireLowercase$value;
            private boolean passwordRequireDigits$set;
            private boolean passwordRequireDigits$value;
            private boolean passwordRequireSymbols$set;
            private boolean passwordRequireSymbols$value;
            private boolean passwordRequireUppercase$set;
            private boolean passwordRequireUppercase$value;
            private boolean passwordMinLength$set;
            private int passwordMinLength$value;
            private boolean tempPasswordValidityInDays$set;
            private int tempPasswordValidityInDays$value;
            private boolean userPoolClientConfigurations$set;
            private List<UserPoolClientParameter> userPoolClientConfigurations$value;

            InputParametersBuilder() {
            }

            public InputParametersBuilder cognitoLogoutUrlTemplate(String str) {
                this.cognitoLogoutUrlTemplate$value = str;
                this.cognitoLogoutUrlTemplate$set = true;
                return this;
            }

            public InputParametersBuilder loginPageDomainPrefix(String str) {
                this.loginPageDomainPrefix = str;
                return this;
            }

            public InputParametersBuilder selfSignUpEnabled(boolean z) {
                this.selfSignUpEnabled = z;
                return this;
            }

            public InputParametersBuilder accountRecovery(AccountRecovery accountRecovery) {
                this.accountRecovery$value = accountRecovery;
                this.accountRecovery$set = true;
                return this;
            }

            public InputParametersBuilder signInAutoVerifyEmail(boolean z) {
                this.signInAutoVerifyEmail = z;
                return this;
            }

            public InputParametersBuilder signInAutoVerifyPhone(boolean z) {
                this.signInAutoVerifyPhone = z;
                return this;
            }

            public InputParametersBuilder signInAliasUsername(boolean z) {
                this.signInAliasUsername$value = z;
                this.signInAliasUsername$set = true;
                return this;
            }

            public InputParametersBuilder signInAliasEmail(boolean z) {
                this.signInAliasEmail$value = z;
                this.signInAliasEmail$set = true;
                return this;
            }

            public InputParametersBuilder signInAliasPhone(boolean z) {
                this.signInAliasPhone = z;
                return this;
            }

            public InputParametersBuilder signInCaseSensitive(boolean z) {
                this.signInCaseSensitive$value = z;
                this.signInCaseSensitive$set = true;
                return this;
            }

            public InputParametersBuilder signInEmailRequired(boolean z) {
                this.signInEmailRequired$value = z;
                this.signInEmailRequired$set = true;
                return this;
            }

            public InputParametersBuilder signInEmailMutable(boolean z) {
                this.signInEmailMutable = z;
                return this;
            }

            public InputParametersBuilder signInPhoneRequired(boolean z) {
                this.signInPhoneRequired = z;
                return this;
            }

            public InputParametersBuilder signInPhoneMutable(boolean z) {
                this.signInPhoneMutable = z;
                return this;
            }

            public InputParametersBuilder mfa(Mfa mfa) {
                this.mfa$value = mfa;
                this.mfa$set = true;
                return this;
            }

            public InputParametersBuilder passwordRequireLowercase(boolean z) {
                this.passwordRequireLowercase$value = z;
                this.passwordRequireLowercase$set = true;
                return this;
            }

            public InputParametersBuilder passwordRequireDigits(boolean z) {
                this.passwordRequireDigits$value = z;
                this.passwordRequireDigits$set = true;
                return this;
            }

            public InputParametersBuilder passwordRequireSymbols(boolean z) {
                this.passwordRequireSymbols$value = z;
                this.passwordRequireSymbols$set = true;
                return this;
            }

            public InputParametersBuilder passwordRequireUppercase(boolean z) {
                this.passwordRequireUppercase$value = z;
                this.passwordRequireUppercase$set = true;
                return this;
            }

            public InputParametersBuilder passwordMinLength(int i) {
                this.passwordMinLength$value = i;
                this.passwordMinLength$set = true;
                return this;
            }

            public InputParametersBuilder tempPasswordValidityInDays(int i) {
                this.tempPasswordValidityInDays$value = i;
                this.tempPasswordValidityInDays$set = true;
                return this;
            }

            public InputParametersBuilder userPoolClientConfigurations(List<UserPoolClientParameter> list) {
                this.userPoolClientConfigurations$value = list;
                this.userPoolClientConfigurations$set = true;
                return this;
            }

            public InputParameters build() {
                String str;
                String str2 = this.cognitoLogoutUrlTemplate$value;
                if (!this.cognitoLogoutUrlTemplate$set) {
                    str = CognitoStack.DEFAULT_COGNITO_LOGOUT_URL_TPL;
                    str2 = str;
                }
                AccountRecovery accountRecovery = this.accountRecovery$value;
                if (!this.accountRecovery$set) {
                    accountRecovery = AccountRecovery.EMAIL_ONLY;
                }
                boolean z = this.signInAliasUsername$value;
                if (!this.signInAliasUsername$set) {
                    z = InputParameters.$default$signInAliasUsername();
                }
                boolean z2 = this.signInAliasEmail$value;
                if (!this.signInAliasEmail$set) {
                    z2 = InputParameters.$default$signInAliasEmail();
                }
                boolean z3 = this.signInCaseSensitive$value;
                if (!this.signInCaseSensitive$set) {
                    z3 = InputParameters.$default$signInCaseSensitive();
                }
                boolean z4 = this.signInEmailRequired$value;
                if (!this.signInEmailRequired$set) {
                    z4 = InputParameters.$default$signInEmailRequired();
                }
                Mfa mfa = this.mfa$value;
                if (!this.mfa$set) {
                    mfa = Mfa.OFF;
                }
                boolean z5 = this.passwordRequireLowercase$value;
                if (!this.passwordRequireLowercase$set) {
                    z5 = InputParameters.$default$passwordRequireLowercase();
                }
                boolean z6 = this.passwordRequireDigits$value;
                if (!this.passwordRequireDigits$set) {
                    z6 = InputParameters.$default$passwordRequireDigits();
                }
                boolean z7 = this.passwordRequireSymbols$value;
                if (!this.passwordRequireSymbols$set) {
                    z7 = InputParameters.$default$passwordRequireSymbols();
                }
                boolean z8 = this.passwordRequireUppercase$value;
                if (!this.passwordRequireUppercase$set) {
                    z8 = InputParameters.$default$passwordRequireUppercase();
                }
                int i = this.passwordMinLength$value;
                if (!this.passwordMinLength$set) {
                    i = InputParameters.$default$passwordMinLength();
                }
                int i2 = this.tempPasswordValidityInDays$value;
                if (!this.tempPasswordValidityInDays$set) {
                    i2 = InputParameters.$default$tempPasswordValidityInDays();
                }
                List<UserPoolClientParameter> list = this.userPoolClientConfigurations$value;
                if (!this.userPoolClientConfigurations$set) {
                    list = InputParameters.$default$userPoolClientConfigurations();
                }
                return new InputParameters(str2, this.loginPageDomainPrefix, this.selfSignUpEnabled, accountRecovery, this.signInAutoVerifyEmail, this.signInAutoVerifyPhone, z, z2, this.signInAliasPhone, z3, z4, this.signInEmailMutable, this.signInPhoneRequired, this.signInPhoneMutable, mfa, z5, z6, z7, z8, i, i2, list);
            }

            public String toString() {
                return "CognitoStack.InputParameters.InputParametersBuilder(cognitoLogoutUrlTemplate$value=" + this.cognitoLogoutUrlTemplate$value + ", loginPageDomainPrefix=" + this.loginPageDomainPrefix + ", selfSignUpEnabled=" + this.selfSignUpEnabled + ", accountRecovery$value=" + this.accountRecovery$value + ", signInAutoVerifyEmail=" + this.signInAutoVerifyEmail + ", signInAutoVerifyPhone=" + this.signInAutoVerifyPhone + ", signInAliasUsername$value=" + this.signInAliasUsername$value + ", signInAliasEmail$value=" + this.signInAliasEmail$value + ", signInAliasPhone=" + this.signInAliasPhone + ", signInCaseSensitive$value=" + this.signInCaseSensitive$value + ", signInEmailRequired$value=" + this.signInEmailRequired$value + ", signInEmailMutable=" + this.signInEmailMutable + ", signInPhoneRequired=" + this.signInPhoneRequired + ", signInPhoneMutable=" + this.signInPhoneMutable + ", mfa$value=" + this.mfa$value + ", passwordRequireLowercase$value=" + this.passwordRequireLowercase$value + ", passwordRequireDigits$value=" + this.passwordRequireDigits$value + ", passwordRequireSymbols$value=" + this.passwordRequireSymbols$value + ", passwordRequireUppercase$value=" + this.passwordRequireUppercase$value + ", passwordMinLength$value=" + this.passwordMinLength$value + ", tempPasswordValidityInDays$value=" + this.tempPasswordValidityInDays$value + ", userPoolClientConfigurations$value=" + this.userPoolClientConfigurations$value + ")";
            }
        }

        String getFullLogoutUrlForRegion(String str) {
            return String.format(getCognitoLogoutUrlTemplate(), getLoginPageDomainPrefix(), str);
        }

        private static boolean $default$signInAliasUsername() {
            return true;
        }

        private static boolean $default$signInAliasEmail() {
            return true;
        }

        private static boolean $default$signInCaseSensitive() {
            return true;
        }

        private static boolean $default$signInEmailRequired() {
            return true;
        }

        private static boolean $default$passwordRequireLowercase() {
            return true;
        }

        private static boolean $default$passwordRequireDigits() {
            return true;
        }

        private static boolean $default$passwordRequireSymbols() {
            return true;
        }

        private static boolean $default$passwordRequireUppercase() {
            return true;
        }

        private static int $default$passwordMinLength() {
            return 8;
        }

        private static int $default$tempPasswordValidityInDays() {
            return 7;
        }

        private static List<UserPoolClientParameter> $default$userPoolClientConfigurations() {
            return Collections.emptyList();
        }

        InputParameters(String str, String str2, boolean z, AccountRecovery accountRecovery, boolean z2, boolean z3, boolean z4, boolean z5, boolean z6, boolean z7, boolean z8, boolean z9, boolean z10, boolean z11, Mfa mfa, boolean z12, boolean z13, boolean z14, boolean z15, int i, int i2, List<UserPoolClientParameter> list) {
            this.cognitoLogoutUrlTemplate = str;
            this.loginPageDomainPrefix = str2;
            this.selfSignUpEnabled = z;
            this.accountRecovery = accountRecovery;
            this.signInAutoVerifyEmail = z2;
            this.signInAutoVerifyPhone = z3;
            this.signInAliasUsername = z4;
            this.signInAliasEmail = z5;
            this.signInAliasPhone = z6;
            this.signInCaseSensitive = z7;
            this.signInEmailRequired = z8;
            this.signInEmailMutable = z9;
            this.signInPhoneRequired = z10;
            this.signInPhoneMutable = z11;
            this.mfa = mfa;
            this.passwordRequireLowercase = z12;
            this.passwordRequireDigits = z13;
            this.passwordRequireSymbols = z14;
            this.passwordRequireUppercase = z15;
            this.passwordMinLength = i;
            this.tempPasswordValidityInDays = i2;
            this.userPoolClientConfigurations = list;
        }

        public static InputParametersBuilder builder() {
            return new InputParametersBuilder();
        }

        String getCognitoLogoutUrlTemplate() {
            return this.cognitoLogoutUrlTemplate;
        }

        String getLoginPageDomainPrefix() {
            return this.loginPageDomainPrefix;
        }

        boolean isSelfSignUpEnabled() {
            return this.selfSignUpEnabled;
        }

        AccountRecovery getAccountRecovery() {
            return this.accountRecovery;
        }

        boolean isSignInAutoVerifyEmail() {
            return this.signInAutoVerifyEmail;
        }

        boolean isSignInAutoVerifyPhone() {
            return this.signInAutoVerifyPhone;
        }

        boolean isSignInAliasUsername() {
            return this.signInAliasUsername;
        }

        boolean isSignInAliasEmail() {
            return this.signInAliasEmail;
        }

        boolean isSignInAliasPhone() {
            return this.signInAliasPhone;
        }

        boolean isSignInCaseSensitive() {
            return this.signInCaseSensitive;
        }

        boolean isSignInEmailRequired() {
            return this.signInEmailRequired;
        }

        boolean isSignInEmailMutable() {
            return this.signInEmailMutable;
        }

        boolean isSignInPhoneRequired() {
            return this.signInPhoneRequired;
        }

        boolean isSignInPhoneMutable() {
            return this.signInPhoneMutable;
        }

        Mfa getMfa() {
            return this.mfa;
        }

        boolean isPasswordRequireLowercase() {
            return this.passwordRequireLowercase;
        }

        boolean isPasswordRequireDigits() {
            return this.passwordRequireDigits;
        }

        boolean isPasswordRequireSymbols() {
            return this.passwordRequireSymbols;
        }

        boolean isPasswordRequireUppercase() {
            return this.passwordRequireUppercase;
        }

        int getPasswordMinLength() {
            return this.passwordMinLength;
        }

        int getTempPasswordValidityInDays() {
            return this.tempPasswordValidityInDays;
        }

        List<UserPoolClientParameter> getUserPoolClientConfigurations() {
            return this.userPoolClientConfigurations;
        }
    }

    /* loaded from: input_file:org/wcdevs/blog/cdk/CognitoStack$OutputParameters.class */
    public static final class OutputParameters {
        private final String logoutUrl;
        private final String providerUrl;

        public String getLogoutUrl() {
            return this.logoutUrl;
        }

        public String getProviderUrl() {
            return this.providerUrl;
        }

        OutputParameters(String str, String str2) {
            this.logoutUrl = str;
            this.providerUrl = str2;
        }
    }

    /* loaded from: input_file:org/wcdevs/blog/cdk/CognitoStack$UserPoolClientParameter.class */
    public static final class UserPoolClientParameter {
        private String cognitoOauthLoginUrlTemplate;
        private String applicationName;
        private String applicationUrl;
        private List<String> userPoolOauthCallBackUrls;
        private boolean flowAuthorizationCodeGrantEnabled;
        private boolean flowImplicitCodeGrantEnabled;
        private boolean flowClientCredentialsEnabled;
        private List<UserPoolClientIdentityProvider> userPoolSuppoertedIdentityProviders;
        private List<OAuthScope> scopes;

        /* loaded from: input_file:org/wcdevs/blog/cdk/CognitoStack$UserPoolClientParameter$UserPoolClientParameterBuilder.class */
        public static class UserPoolClientParameterBuilder {
            private boolean cognitoOauthLoginUrlTemplate$set;
            private String cognitoOauthLoginUrlTemplate$value;
            private String applicationName;
            private String applicationUrl;
            private boolean userPoolOauthCallBackUrls$set;
            private List<String> userPoolOauthCallBackUrls$value;
            private boolean flowAuthorizationCodeGrantEnabled;
            private boolean flowImplicitCodeGrantEnabled;
            private boolean flowClientCredentialsEnabled;
            private boolean userPoolSuppoertedIdentityProviders$set;
            private List<UserPoolClientIdentityProvider> userPoolSuppoertedIdentityProviders$value;
            private boolean scopes$set;
            private List<OAuthScope> scopes$value;

            UserPoolClientParameterBuilder() {
            }

            public UserPoolClientParameterBuilder cognitoOauthLoginUrlTemplate(String str) {
                this.cognitoOauthLoginUrlTemplate$value = str;
                this.cognitoOauthLoginUrlTemplate$set = true;
                return this;
            }

            public UserPoolClientParameterBuilder applicationName(String str) {
                this.applicationName = str;
                return this;
            }

            public UserPoolClientParameterBuilder applicationUrl(String str) {
                this.applicationUrl = str;
                return this;
            }

            public UserPoolClientParameterBuilder userPoolOauthCallBackUrls(List<String> list) {
                this.userPoolOauthCallBackUrls$value = list;
                this.userPoolOauthCallBackUrls$set = true;
                return this;
            }

            public UserPoolClientParameterBuilder flowAuthorizationCodeGrantEnabled(boolean z) {
                this.flowAuthorizationCodeGrantEnabled = z;
                return this;
            }

            public UserPoolClientParameterBuilder flowImplicitCodeGrantEnabled(boolean z) {
                this.flowImplicitCodeGrantEnabled = z;
                return this;
            }

            public UserPoolClientParameterBuilder flowClientCredentialsEnabled(boolean z) {
                this.flowClientCredentialsEnabled = z;
                return this;
            }

            public UserPoolClientParameterBuilder userPoolSuppoertedIdentityProviders(List<UserPoolClientIdentityProvider> list) {
                this.userPoolSuppoertedIdentityProviders$value = list;
                this.userPoolSuppoertedIdentityProviders$set = true;
                return this;
            }

            public UserPoolClientParameterBuilder scopes(List<OAuthScope> list) {
                this.scopes$value = list;
                this.scopes$set = true;
                return this;
            }

            public UserPoolClientParameter build() {
                String str;
                String str2 = this.cognitoOauthLoginUrlTemplate$value;
                if (!this.cognitoOauthLoginUrlTemplate$set) {
                    str = CognitoStack.DEFAULT_COGNITO_OAUTH_LOGIN_URL_TEMPLATE;
                    str2 = str;
                }
                List<String> list = this.userPoolOauthCallBackUrls$value;
                if (!this.userPoolOauthCallBackUrls$set) {
                    list = UserPoolClientParameter.$default$userPoolOauthCallBackUrls();
                }
                List<UserPoolClientIdentityProvider> list2 = this.userPoolSuppoertedIdentityProviders$value;
                if (!this.userPoolSuppoertedIdentityProviders$set) {
                    list2 = UserPoolClientParameter.$default$userPoolSuppoertedIdentityProviders();
                }
                List<OAuthScope> list3 = this.scopes$value;
                if (!this.scopes$set) {
                    list3 = UserPoolClientParameter.$default$scopes();
                }
                return new UserPoolClientParameter(str2, this.applicationName, this.applicationUrl, list, this.flowAuthorizationCodeGrantEnabled, this.flowImplicitCodeGrantEnabled, this.flowClientCredentialsEnabled, list2, list3);
            }

            public String toString() {
                return "CognitoStack.UserPoolClientParameter.UserPoolClientParameterBuilder(cognitoOauthLoginUrlTemplate$value=" + this.cognitoOauthLoginUrlTemplate$value + ", applicationName=" + this.applicationName + ", applicationUrl=" + this.applicationUrl + ", userPoolOauthCallBackUrls$value=" + this.userPoolOauthCallBackUrls$value + ", flowAuthorizationCodeGrantEnabled=" + this.flowAuthorizationCodeGrantEnabled + ", flowImplicitCodeGrantEnabled=" + this.flowImplicitCodeGrantEnabled + ", flowClientCredentialsEnabled=" + this.flowClientCredentialsEnabled + ", userPoolSuppoertedIdentityProviders$value=" + this.userPoolSuppoertedIdentityProviders$value + ", scopes$value=" + this.scopes$value + ")";
            }
        }

        String getAppLoginUrl() {
            return String.format(getCognitoOauthLoginUrlTemplate(), getApplicationUrl());
        }

        private static List<String> $default$userPoolOauthCallBackUrls() {
            return Collections.emptyList();
        }

        private static List<UserPoolClientIdentityProvider> $default$userPoolSuppoertedIdentityProviders() {
            return Collections.emptyList();
        }

        private static List<OAuthScope> $default$scopes() {
            return List.of(OAuthScope.EMAIL, OAuthScope.OPENID, OAuthScope.PROFILE);
        }

        UserPoolClientParameter(String str, String str2, String str3, List<String> list, boolean z, boolean z2, boolean z3, List<UserPoolClientIdentityProvider> list2, List<OAuthScope> list3) {
            this.cognitoOauthLoginUrlTemplate = str;
            this.applicationName = str2;
            this.applicationUrl = str3;
            this.userPoolOauthCallBackUrls = list;
            this.flowAuthorizationCodeGrantEnabled = z;
            this.flowImplicitCodeGrantEnabled = z2;
            this.flowClientCredentialsEnabled = z3;
            this.userPoolSuppoertedIdentityProviders = list2;
            this.scopes = list3;
        }

        public static UserPoolClientParameterBuilder builder() {
            return new UserPoolClientParameterBuilder();
        }

        String getCognitoOauthLoginUrlTemplate() {
            return this.cognitoOauthLoginUrlTemplate;
        }

        String getApplicationName() {
            return this.applicationName;
        }

        String getApplicationUrl() {
            return this.applicationUrl;
        }

        List<String> getUserPoolOauthCallBackUrls() {
            return this.userPoolOauthCallBackUrls;
        }

        boolean isFlowAuthorizationCodeGrantEnabled() {
            return this.flowAuthorizationCodeGrantEnabled;
        }

        boolean isFlowImplicitCodeGrantEnabled() {
            return this.flowImplicitCodeGrantEnabled;
        }

        boolean isFlowClientCredentialsEnabled() {
            return this.flowClientCredentialsEnabled;
        }

        List<UserPoolClientIdentityProvider> getUserPoolSuppoertedIdentityProviders() {
            return this.userPoolSuppoertedIdentityProviders;
        }

        List<OAuthScope> getScopes() {
            return this.scopes;
        }
    }

    private CognitoStack(Construct construct, String str, StackProps stackProps) {
        super(construct, str, stackProps);
    }

    public static CognitoStack newInstance(Construct construct, Environment environment, ApplicationEnvironment applicationEnvironment, InputParameters inputParameters) {
        InputParameters inputParameters2 = (InputParameters) Objects.requireNonNull(inputParameters);
        ApplicationEnvironment applicationEnvironment2 = (ApplicationEnvironment) Objects.requireNonNull(applicationEnvironment);
        String str = (String) Objects.requireNonNull(environment.getRegion());
        String prefixed = applicationEnvironment2.prefixed(CONSTRUCT_NAME);
        CognitoStack cognitoStack = new CognitoStack(construct, prefixed, StackProps.builder().stackName(prefixed).env(environment).build());
        UserPool userPool = userPool(cognitoStack, inputParameters2, applicationEnvironment2);
        createUserPoolDomain(cognitoStack, userPool, inputParameters2);
        String prefixed2 = applicationEnvironment2.prefixed(USER_POOL_CLIENT_SECRET_HOLDER);
        createUserPoolClients(cognitoStack, userPool, inputParameters2.getUserPoolClientConfigurations()).forEach(userPoolClient -> {
            createStringParameter(cognitoStack, applicationEnvironment2, clientSecretArnParamHolder(userPoolClient.getUserPoolClientName()), createUserPoolClientSecret(cognitoStack, str, userPool.getUserPoolId(), userPoolClient.getUserPoolClientId(), userPoolClient.getUserPoolClientName(), prefixed2));
        });
        createStringParameter(cognitoStack, applicationEnvironment2, PARAM_USER_POOL_LOGOUT_URL, inputParameters2.getFullLogoutUrlForRegion(str));
        createStringParameter(cognitoStack, applicationEnvironment2, PARAM_USER_POOL_PROVIDER_URL, userPool.getUserPoolProviderUrl());
        return cognitoStack;
    }

    private static Stream<UserPoolClient> createUserPoolClients(Stack stack, IUserPool iUserPool, Collection<UserPoolClientParameter> collection) {
        return collection.stream().map(userPoolClientParameter -> {
            return userPoolClient(stack, iUserPool, userPoolClientParameter);
        });
    }

    public static ISecret getUserPoolClientSecret(Stack stack, ApplicationEnvironment applicationEnvironment) {
        return Secret.fromSecretCompleteArn(stack, clientSecretArnParamHolder(clientName(applicationEnvironment.getApplicationName())), getParameterUserPoolClientSecretArn(stack, applicationEnvironment));
    }

    private static String clientSecretArnParamHolder(String str) {
        return "userPoolClientSecretArn" + str;
    }

    private static String clientName(String str) {
        return Util.joinedString(Util.DASH_JOINER, str, "up", "client");
    }

    private static UserPool userPool(Stack stack, InputParameters inputParameters, ApplicationEnvironment applicationEnvironment) {
        AutoVerifiedAttrs build = AutoVerifiedAttrs.builder().email(Boolean.valueOf(inputParameters.isSignInAutoVerifyEmail())).phone(Boolean.valueOf(inputParameters.isSignInAutoVerifyPhone())).build();
        SignInAliases build2 = SignInAliases.builder().username(Boolean.valueOf(inputParameters.isSignInAliasUsername())).email(Boolean.valueOf(inputParameters.isSignInAliasEmail())).phone(Boolean.valueOf(inputParameters.isSignInAliasPhone())).build();
        StandardAttribute build3 = StandardAttribute.builder().required(Boolean.valueOf(inputParameters.isSignInEmailRequired())).mutable(Boolean.valueOf(inputParameters.isSignInEmailMutable())).build();
        StandardAttributes build4 = StandardAttributes.builder().email(build3).phoneNumber(StandardAttribute.builder().required(Boolean.valueOf(inputParameters.isSignInPhoneRequired())).mutable(Boolean.valueOf(inputParameters.isSignInPhoneMutable())).build()).build();
        return UserPool.Builder.create(stack, "userPool").userPoolName(applicationEnvironment.prefixed("user-pool")).selfSignUpEnabled(Boolean.valueOf(inputParameters.isSelfSignUpEnabled())).accountRecovery(inputParameters.getAccountRecovery()).autoVerify(build).signInAliases(build2).signInCaseSensitive(Boolean.valueOf(inputParameters.isSignInCaseSensitive())).standardAttributes(build4).mfa(inputParameters.getMfa()).passwordPolicy(PasswordPolicy.builder().requireLowercase(Boolean.valueOf(inputParameters.isPasswordRequireLowercase())).requireDigits(Boolean.valueOf(inputParameters.isPasswordRequireDigits())).requireSymbols(Boolean.valueOf(inputParameters.isPasswordRequireSymbols())).requireUppercase(Boolean.valueOf(inputParameters.isPasswordRequireUppercase())).minLength(Integer.valueOf(inputParameters.getPasswordMinLength())).tempPasswordValidity(Duration.days(Integer.valueOf(inputParameters.getTempPasswordValidityInDays()))).build()).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static UserPoolClient userPoolClient(Stack stack, IUserPool iUserPool, UserPoolClientParameter userPoolClientParameter) {
        List join = join(userPoolClientParameter.getUserPoolOauthCallBackUrls(), userPoolClientParameter.getAppLoginUrl());
        OAuthSettings build = OAuthSettings.builder().callbackUrls(join).logoutUrls(List.of(userPoolClientParameter.getApplicationUrl())).flows(OAuthFlows.builder().authorizationCodeGrant(Boolean.valueOf(userPoolClientParameter.isFlowAuthorizationCodeGrantEnabled())).implicitCodeGrant(Boolean.valueOf(userPoolClientParameter.isFlowImplicitCodeGrantEnabled())).clientCredentials(Boolean.valueOf(userPoolClientParameter.isFlowClientCredentialsEnabled())).build()).scopes(userPoolClientParameter.getScopes()).build();
        List join2 = join(userPoolClientParameter.getUserPoolSuppoertedIdentityProviders(), UserPoolClientIdentityProvider.COGNITO);
        String clientName = clientName(userPoolClientParameter.getApplicationName());
        return UserPoolClient.Builder.create(stack, "userPoolClient" + clientName).userPoolClientName(clientName).generateSecret(true).userPool(iUserPool).oAuth(build).supportedIdentityProviders(join2).build();
    }

    private static void createUserPoolDomain(Stack stack, IUserPool iUserPool, InputParameters inputParameters) {
        UserPoolDomain.Builder.create(stack, "userPoolDomain").userPool(iUserPool).cognitoDomain(CognitoDomainOptions.builder().domainPrefix(inputParameters.getLoginPageDomainPrefix()).build()).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void createStringParameter(Stack stack, ApplicationEnvironment applicationEnvironment, String str, String str2) {
        StringParameter.Builder.create(stack, str).parameterName(createParameterName(applicationEnvironment, str)).stringValue(str2).build();
    }

    private static String createParameterName(ApplicationEnvironment applicationEnvironment, String str) {
        return Util.joinedString(Util.DASH_JOINER, applicationEnvironment.getEnvironmentName(), CONSTRUCT_NAME, str);
    }

    @SafeVarargs
    private static <T> List<T> join(Collection<? extends T> collection, T... tArr) {
        return (List) Stream.concat(Stream.of((Object[]) Objects.requireNonNull(tArr)), (Stream) Objects.requireNonNull(collection.stream())).collect(Collectors.toList());
    }

    private static String createUserPoolClientSecret(Stack stack, String str, String str2, String str3, String str4, String str5) {
        return Secret.Builder.create(stack, "userPoolClientSecret" + str4).secretName(str5 + str3).description("Secret holding the user pool client (" + str4 + ") secret values").generateSecretString(SecretStringGenerator.builder().secretStringTemplate(String.format("{\"%s\": \"%s\",\"%s\": \"%s\",\"%s\": \"%s\",\"%s\": \"%s\"}", USER_POOL_ID_HOLDER, str2, USER_POOL_CLIENT_ID_HOLDER, str3, USER_POOL_CLIENT_NAME_HOLDER, str4, USER_POOL_CLIENT_SECRET_HOLDER, userPoolClientSecretValue(stack, str, str2, str3))).generateStringKey("ignored").passwordLength(10).build()).build().getSecretArn();
    }

    private static String userPoolClientSecretValue(Stack stack, String str, String str2, String str3) {
        Map of = Map.of("UserPoolId", str2, "ClientId", str3);
        AwsSdkCall build = AwsSdkCall.builder().region(str).service("CognitoIdentityServiceProvider").action("describeUserPoolClient").parameters(of).physicalResourceId(PhysicalResourceId.of(str3)).build();
        return AwsCustomResource.Builder.create(stack, "describeUserPool" + str3).resourceType("Custom::DescribeCognitoUserPoolClient").installLatestAwsSdk(false).onUpdate(build).onCreate(build).policy(AwsCustomResourcePolicy.fromSdkCalls(SdkCallsPolicyOptions.builder().resources(AwsCustomResourcePolicy.ANY_RESOURCE).build())).build().getResponseField("UserPoolClient.ClientSecret");
    }

    public static OutputParameters getOutputParameters(Stack stack, ApplicationEnvironment applicationEnvironment) {
        return new OutputParameters(getParameterLogoutUrl(stack, applicationEnvironment), getParameterUserPoolProviderUrl(stack, applicationEnvironment));
    }

    public static String getParameter(Stack stack, ApplicationEnvironment applicationEnvironment, String str) {
        return StringParameter.fromStringParameterName(stack, str, createParameterName(applicationEnvironment, str)).getStringValue();
    }

    public static String getParameterUserPoolClientSecretArn(Stack stack, ApplicationEnvironment applicationEnvironment) {
        return getParameter(stack, applicationEnvironment, clientSecretArnParamHolder(clientName(applicationEnvironment.getApplicationName())));
    }

    public static String getParameterLogoutUrl(Stack stack, ApplicationEnvironment applicationEnvironment) {
        return getParameter(stack, applicationEnvironment, PARAM_USER_POOL_LOGOUT_URL);
    }

    public static String getParameterUserPoolProviderUrl(Stack stack, ApplicationEnvironment applicationEnvironment) {
        return getParameter(stack, applicationEnvironment, PARAM_USER_POOL_PROVIDER_URL);
    }
}
