package com.nimbusds.openid.connect.provider.spi.reg.statement;

import com.nimbusds.common.config.ConfigurationException;
import com.nimbusds.common.config.LoggableConfiguration;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.thetransactioncompany.util.PropertyParseException;
import com.thetransactioncompany.util.PropertyRetriever;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Properties;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/nimbusds/openid/connect/provider/spi/reg/statement/Configuration.class */
public final class Configuration implements LoggableConfiguration {
    public static final String FILE_PATH = "/WEB-INF/softwareStatementVerifier.properties";
    public static final String DEFAULT_PREFIX = "op.softwareStatements.";
    public final boolean enable;
    public final Issuer issuer;
    public final URL issuerJWKSetURL;
    public final Set<JWSAlgorithm> jwsAlgorithms;
    public final int httpConnectTimeout;
    public final int httpReadTimeout;
    public final BearerAccessToken registrationAccessToken;
    public final Set<String> additionalRequiredClaims;
    public final boolean clientX509Certificate_require;
    public final String clientX509Certificate_rootDN;
    public final RequestType requestType;
    public final JWKSetSource requestJWT_jwkSetSource;
    public final Set<JWSAlgorithm> requestJWT_jwsAlgorithms;
    public final Set<String> requestJWT_requiredClaims;

    public Configuration(Properties properties) throws ConfigurationException {
        PropertyRetriever propertyRetriever = new PropertyRetriever(properties, true);
        try {
            this.enable = propertyRetriever.getOptBoolean("op.softwareStatements.enable", false);
            if (!this.enable) {
                this.issuer = null;
                this.issuerJWKSetURL = null;
                this.jwsAlgorithms = Collections.emptySet();
                this.httpConnectTimeout = 0;
                this.httpReadTimeout = 0;
                this.registrationAccessToken = null;
                this.additionalRequiredClaims = Collections.emptySet();
                this.clientX509Certificate_require = false;
                this.clientX509Certificate_rootDN = null;
                this.requestType = RequestType.JSON;
                this.requestJWT_jwkSetSource = null;
                this.requestJWT_jwsAlgorithms = Collections.emptySet();
                this.requestJWT_requiredClaims = Collections.emptySet();
                return;
            }
            this.issuer = new Issuer(propertyRetriever.getString("op.softwareStatements.issuer"));
            this.issuerJWKSetURL = propertyRetriever.getURL("op.softwareStatements.issuerJWKSetURL");
            HashSet hashSet = new HashSet();
            Iterator it = propertyRetriever.getStringList("op.softwareStatements.jwsAlgorithms").iterator();
            while (it.hasNext()) {
                hashSet.add(JWSAlgorithm.parse((String) it.next()));
            }
            this.jwsAlgorithms = Collections.unmodifiableSet(hashSet);
            this.httpConnectTimeout = propertyRetriever.getInt("op.softwareStatements.connectTimeout");
            this.httpReadTimeout = propertyRetriever.getInt("op.softwareStatements.readTimeout");
            this.registrationAccessToken = new BearerAccessToken(propertyRetriever.getString("op.softwareStatements.registrationAccessToken"));
            this.additionalRequiredClaims = new HashSet(propertyRetriever.getOptStringList("op.softwareStatements.additionalRequiredClaims", Collections.emptyList()));
            this.clientX509Certificate_require = propertyRetriever.getOptBoolean("op.softwareStatements.clientX509Certificate.require", false);
            if (this.clientX509Certificate_require) {
                this.clientX509Certificate_rootDN = propertyRetriever.getOptString("op.softwareStatements.clientX509Certificate.rootDN", (String) null);
            } else {
                this.clientX509Certificate_rootDN = null;
            }
            this.requestType = (RequestType) propertyRetriever.getOptEnum("op.softwareStatements.requestType", RequestType.class, RequestType.JSON);
            if (this.requestType.equals(RequestType.JWT)) {
                try {
                    this.requestJWT_jwkSetSource = new JWKSetSource(propertyRetriever.getURI("op.softwareStatements.requestJWT.jwkSetSource"));
                    HashSet hashSet2 = new HashSet();
                    Iterator it2 = propertyRetriever.getStringList("op.softwareStatements.requestJWT.jwsAlgorithms").iterator();
                    while (it2.hasNext()) {
                        hashSet2.add(JWSAlgorithm.parse((String) it2.next()));
                    }
                    this.requestJWT_jwsAlgorithms = Collections.unmodifiableSet(hashSet2);
                    this.requestJWT_requiredClaims = new HashSet(propertyRetriever.getOptStringList("op.softwareStatements.requestJWT.requiredClaims", Collections.emptyList()));
                } catch (URISyntaxException e) {
                    throw new PropertyParseException(e.getMessage(), "op.softwareStatements.requestJWT.jwkSetSource");
                }
            } else {
                this.requestJWT_jwkSetSource = null;
                this.requestJWT_jwsAlgorithms = Collections.emptySet();
                this.requestJWT_requiredClaims = Collections.emptySet();
            }
        } catch (PropertyParseException e2) {
            throw new ConfigurationException(e2.getMessage() + ": Property: " + e2.getPropertyKey());
        }
    }

    public void log() {
        Logger logger = LogManager.getLogger("MAIN");
        logger.info("[STV0000] Software statement verifier configuration:");
        logger.info("[STV0001] Software statement verifier enabled: {}", Boolean.valueOf(this.enable));
        if (this.enable) {
            logger.info("[STV0002] Software statement issuer: {}", this.issuer);
            if ("https".equalsIgnoreCase(this.issuerJWKSetURL.getProtocol())) {
                logger.info("[STV0003] Software statement issuer JWK set URL: {}", this.issuerJWKSetURL);
            } else {
                logger.warn("[STV0003] Software statement issuer JWK set URL (unsecured, consider using HTTPS): {}", this.issuerJWKSetURL);
            }
            logger.info("[STV0011] Software statement JWS algorithms: {}", this.jwsAlgorithms);
            logger.info("[STV0004] HTTP connect timeout: {} ms", Integer.valueOf(this.httpConnectTimeout));
            logger.info("[STV0005] HTTP read timeout: {} ms", Integer.valueOf(this.httpReadTimeout));
            logger.info("[STV0006] Registration access token configured: {}", Boolean.valueOf(this.registrationAccessToken != null));
            logger.info("[STV0007] Additional required software statement JWT claims: {}", this.additionalRequiredClaims != null ? this.additionalRequiredClaims : "none");
            logger.info("[STV0008] Client X.509 certificate required: {}", Boolean.valueOf(this.clientX509Certificate_require));
            if (this.clientX509Certificate_require) {
                logger.info("[STV0014] Client X.509 certificate root DN: {}", this.clientX509Certificate_rootDN != null ? this.clientX509Certificate_rootDN : "not specified");
            }
            logger.info("[STV0009] Accepted registration request type: {}", this.requestType);
            if (this.requestType.equals(RequestType.JWT)) {
                logger.info("[STV0010] JWK set source for validating registration request JWTs: {}", this.requestJWT_jwkSetSource);
                logger.info("[STV0012] Registration request JWS algorithms: {}", this.requestJWT_jwsAlgorithms);
                logger.info("[STV0013] Required registration request JWT claims: {}", this.requestJWT_requiredClaims != null ? this.requestJWT_requiredClaims : "none");
            }
        }
    }
}
