package no.nav.helse.dusseldorf.ktor.auth;

import io.ktor.config.ApplicationConfig;
import io.ktor.util.KtorExperimentalAPI;
import java.net.URL;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import no.nav.helse.dusseldorf.ktor.core.ApplicationConfigExtKt;
import org.jetbrains.annotations.NotNull;

/* compiled from: AuthConfig.kt */
@Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 2, d1 = {"��\u001e\n��\n\u0002\u0010\u000e\n��\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\u001a\"\u0010\u0002\u001a\u000e\u0012\u0004\u0012\u00020\u0001\u0012\u0004\u0012\u00020\u00040\u0003*\u00020\u00052\b\b\u0002\u0010\u0006\u001a\u00020\u0001H\u0007\u001a\"\u0010\u0007\u001a\u000e\u0012\u0004\u0012\u00020\u0001\u0012\u0004\u0012\u00020\b0\u0003*\u00020\u00052\b\b\u0002\u0010\u0006\u001a\u00020\u0001H\u0007\"\u000e\u0010��\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��¨\u0006\t"}, d2 = {"AZURE_TYPE", "", "jwtIssuers", "", "Lno/nav/helse/dusseldorf/ktor/auth/Issuer;", "Lio/ktor/config/ApplicationConfig;", "path", "oauth2Clients", "Lno/nav/helse/dusseldorf/ktor/auth/Client;", "dusseldorf-ktor-auth"})
/* loaded from: input_file:no/nav/helse/dusseldorf/ktor/auth/AuthConfigKt.class */
public final class AuthConfigKt {
    private static final String AZURE_TYPE = "azure";

    @KtorExperimentalAPI
    @NotNull
    public static final Map<String, Issuer> jwtIssuers(@NotNull ApplicationConfig applicationConfig, @NotNull String str) {
        Azure issuer;
        Intrinsics.checkParameterIsNotNull(applicationConfig, "$this$jwtIssuers");
        Intrinsics.checkParameterIsNotNull(str, "path");
        List<ApplicationConfig> configList = applicationConfig.configList(str);
        List list = configList;
        if (list == null || list.isEmpty()) {
            return MapsKt.emptyMap();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (ApplicationConfig applicationConfig2 : configList) {
            String requiredString = ApplicationConfigExtKt.getRequiredString(applicationConfig2, "alias", false);
            String requiredString2 = ApplicationConfigExtKt.getRequiredString(applicationConfig2, "issuer", false);
            URL url = new URL(ApplicationConfigExtKt.getRequiredString(applicationConfig2, "jwks_uri", false));
            String optionalString = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "type", false);
            String optionalString2 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "audience", false);
            if (!StringsKt.equals(AZURE_TYPE, optionalString, false)) {
                issuer = new Issuer(requiredString2, url, optionalString2);
            } else {
                if (optionalString2 == null) {
                    throw new IllegalStateException("'audience' må settes for en issuer med type='azure'");
                }
                Set set = CollectionsKt.toSet(ApplicationConfigExtKt.getOptionalList(applicationConfig2, "azure.authorized_clients", false, new Function1<String, String>() { // from class: no.nav.helse.dusseldorf.ktor.auth.AuthConfigKt$jwtIssuers$1$resolvedIssuer$authorizedClient$1
                    @NotNull
                    public final String invoke(@NotNull String str2) {
                        Intrinsics.checkParameterIsNotNull(str2, "value");
                        return str2;
                    }
                }));
                Set set2 = CollectionsKt.toSet(ApplicationConfigExtKt.getOptionalList(applicationConfig2, "azure.required_groups", false, new Function1<String, String>() { // from class: no.nav.helse.dusseldorf.ktor.auth.AuthConfigKt$jwtIssuers$1$resolvedIssuer$requiredGroups$1
                    @NotNull
                    public final String invoke(@NotNull String str2) {
                        Intrinsics.checkParameterIsNotNull(str2, "value");
                        return str2;
                    }
                }));
                Set set3 = CollectionsKt.toSet(ApplicationConfigExtKt.getOptionalList(applicationConfig2, "azure.required_roles", false, new Function1<String, String>() { // from class: no.nav.helse.dusseldorf.ktor.auth.AuthConfigKt$jwtIssuers$1$resolvedIssuer$requiredRoles$1
                    @NotNull
                    public final String invoke(@NotNull String str2) {
                        Intrinsics.checkParameterIsNotNull(str2, "value");
                        return str2;
                    }
                }));
                String optionalString3 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "azure.require_certificate_client_authentication", false);
                issuer = new Azure(requiredString2, url, optionalString2, set, set2, set3, optionalString3 != null && StringsKt.equals("true", optionalString3, true));
            }
            linkedHashMap.put(requiredString, issuer);
        }
        return MapsKt.toMap(linkedHashMap);
    }

    @KtorExperimentalAPI
    @NotNull
    public static /* synthetic */ Map jwtIssuers$default(ApplicationConfig applicationConfig, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = "nav.auth.issuers";
        }
        return jwtIssuers(applicationConfig, str);
    }

    @KtorExperimentalAPI
    @NotNull
    public static final Map<String, Client> oauth2Clients(@NotNull ApplicationConfig applicationConfig, @NotNull String str) {
        Client privateKeyClient;
        Intrinsics.checkParameterIsNotNull(applicationConfig, "$this$oauth2Clients");
        Intrinsics.checkParameterIsNotNull(str, "path");
        List configList = applicationConfig.configList(str);
        List list = configList;
        if (list == null || list.isEmpty()) {
            return MapsKt.emptyMap();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        int i = 0;
        for (Object obj : configList) {
            int i2 = i;
            i++;
            if (i2 < 0) {
                CollectionsKt.throwIndexOverflow();
            }
            ApplicationConfig applicationConfig2 = (ApplicationConfig) obj;
            String requiredString = ApplicationConfigExtKt.getRequiredString(applicationConfig2, "alias", false);
            String optionalString = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "client_secret", true);
            String optionalString2 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "private_key_jwk", true);
            if (optionalString == null && optionalString2 == null) {
                throw new IllegalStateException("Enten '" + str + '[' + i2 + "].client_secret' eller '" + str + '[' + i2 + "].private_key_jwk' må settes.");
            }
            if (optionalString != null && optionalString2 != null) {
                throw new IllegalStateException("Både '" + str + '[' + i2 + "].client_secret' og '" + str + '[' + i2 + "].private_key_jwk' kan ikke settes for samme en og samme client.");
            }
            String requiredString2 = ApplicationConfigExtKt.getRequiredString(applicationConfig2, "client_id", false);
            URL url = new URL(ApplicationConfigExtKt.getRequiredString(applicationConfig2, "token_endpoint", false));
            if (optionalString != null) {
                privateKeyClient = new ClientSecretClient(requiredString2, url, optionalString);
            } else {
                String requiredString3 = ApplicationConfigExtKt.getRequiredString(applicationConfig2, "certificate_hex_thumbprint", false);
                if (optionalString2 == null) {
                    Intrinsics.throwNpe();
                }
                privateKeyClient = new PrivateKeyClient(requiredString2, url, optionalString2, requiredString3);
            }
            linkedHashMap.put(requiredString, privateKeyClient);
        }
        return MapsKt.toMap(linkedHashMap);
    }

    @KtorExperimentalAPI
    @NotNull
    public static /* synthetic */ Map oauth2Clients$default(ApplicationConfig applicationConfig, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = "nav.auth.clients";
        }
        return oauth2Clients(applicationConfig, str);
    }
}
