package no.nav.helse.dusseldorf.ktor.auth;

import io.ktor.config.ApplicationConfig;
import io.ktor.util.KtorExperimentalAPI;
import java.net.URL;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.coroutines.CoroutineContext;
import kotlin.io.TextStreamsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import kotlinx.coroutines.BuildersKt;
import no.nav.helse.dusseldorf.ktor.core.ApplicationConfigExtKt;
import org.jetbrains.annotations.NotNull;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: AuthConfig.kt */
@Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 2, d1 = {"��>\n��\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n\u0002\b\u0002\n\u0002\u0018\u0002\n��\u001a\"\u0010\t\u001a\u000e\u0012\u0004\u0012\u00020\u0001\u0012\u0004\u0012\u00020\u000b0\n*\u00020\f2\b\b\u0002\u0010\r\u001a\u00020\u0001H\u0007\u001a\u001a\u0010\u000e\u001a\u00020\u000f*\u00020\u00102\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00010\u0012H\u0002\u001a\u001c\u0010\u0013\u001a\u0004\u0018\u00010\u0010*\u00020\u00012\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00010\u0012H\u0002\u001a\"\u0010\u0014\u001a\u000e\u0012\u0004\u0012\u00020\u0001\u0012\u0004\u0012\u00020\u00150\n*\u00020\f2\b\b\u0002\u0010\r\u001a\u00020\u0001H\u0007\"\u000e\u0010��\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0002\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0003\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0004\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n��\"\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0016"}, d2 = {"AZURE_TYPE", "", "ISSUER", "JWKS_URI", "TOKEN_ENDPOINT", "jsonParser", "Lorg/json/simple/parser/JSONParser;", "logger", "Lorg/slf4j/Logger;", "clients", "", "Lno/nav/helse/dusseldorf/ktor/auth/Client;", "Lio/ktor/config/ApplicationConfig;", "path", "containsKeys", "", "Lorg/json/simple/JSONObject;", "requiredAttributes", "", "discover", "issuers", "Lno/nav/helse/dusseldorf/ktor/auth/Issuer;", "dusseldorf-ktor-auth"})
/* loaded from: input_file:no/nav/helse/dusseldorf/ktor/auth/AuthConfigKt.class */
public final class AuthConfigKt {
    private static final String AZURE_TYPE = "azure";
    private static final String ISSUER = "issuer";
    private static final String JWKS_URI = "jwks_uri";
    private static final String TOKEN_ENDPOINT = "token_endpoint";
    private static final JSONParser jsonParser = new JSONParser();
    private static final Logger logger;

    @KtorExperimentalAPI
    @NotNull
    public static final Map<String, Issuer> issuers(@NotNull ApplicationConfig applicationConfig, @NotNull String str) {
        String optionalString;
        String optionalString2;
        Azure issuer;
        Intrinsics.checkParameterIsNotNull(applicationConfig, "$this$issuers");
        Intrinsics.checkParameterIsNotNull(str, "path");
        List<ApplicationConfig> configList = applicationConfig.configList(str);
        List list = configList;
        if (list == null || list.isEmpty()) {
            return MapsKt.emptyMap();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (ApplicationConfig applicationConfig2 : configList) {
            String requiredString = ApplicationConfigExtKt.getRequiredString(applicationConfig2, "alias", false);
            logger.info("Issuer[" + requiredString + ']');
            JSONObject jSONObject = (JSONObject) BuildersKt.runBlocking$default((CoroutineContext) null, new AuthConfigKt$issuers$discoveryJson$1(applicationConfig2, null), 1, (Object) null);
            if (jSONObject != null) {
                Object obj = jSONObject.get(ISSUER);
                if (obj == null) {
                    throw new TypeCastException("null cannot be cast to non-null type kotlin.String");
                }
                optionalString = (String) obj;
            } else {
                optionalString = ApplicationConfigExtKt.getOptionalString(applicationConfig2, ISSUER, false);
            }
            String str2 = optionalString;
            if (jSONObject != null) {
                Object obj2 = jSONObject.get(JWKS_URI);
                if (obj2 == null) {
                    throw new TypeCastException("null cannot be cast to non-null type kotlin.String");
                }
                optionalString2 = (String) obj2;
            } else {
                optionalString2 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, JWKS_URI, false);
            }
            String str3 = optionalString2;
            logger.info("Issuer[" + requiredString + "].issuer = '" + str2 + '\'');
            logger.info("Issuer[" + requiredString + "].jwks_uri =  '" + str3 + '\'');
            if (str2 == null || str3 == null) {
                logger.info("Issuer[" + requiredString + "] ikke konfigurert.");
            } else {
                logger.info("Issuer[" + requiredString + "] er konfigurert.");
                String optionalString3 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "type", false);
                String optionalString4 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "audience", false);
                if (!StringsKt.equals(AZURE_TYPE, optionalString3, false)) {
                    issuer = new Issuer(str2, new URL(str3), optionalString4, requiredString);
                } else {
                    if (optionalString4 == null) {
                        throw new IllegalStateException("'audience' må settes for en issuer med type='azure'");
                    }
                    Set set = CollectionsKt.toSet(ApplicationConfigExtKt.getOptionalList(applicationConfig2, "azure.authorized_clients", false, new Function1<String, String>() { // from class: no.nav.helse.dusseldorf.ktor.auth.AuthConfigKt$issuers$resolvedIssuer$authorizedClient$1
                        @NotNull
                        public final String invoke(@NotNull String str4) {
                            Intrinsics.checkParameterIsNotNull(str4, "value");
                            return str4;
                        }
                    }));
                    Set set2 = CollectionsKt.toSet(ApplicationConfigExtKt.getOptionalList(applicationConfig2, "azure.required_groups", false, new Function1<String, String>() { // from class: no.nav.helse.dusseldorf.ktor.auth.AuthConfigKt$issuers$resolvedIssuer$requiredGroups$1
                        @NotNull
                        public final String invoke(@NotNull String str4) {
                            Intrinsics.checkParameterIsNotNull(str4, "value");
                            return str4;
                        }
                    }));
                    Set set3 = CollectionsKt.toSet(ApplicationConfigExtKt.getOptionalList(applicationConfig2, "azure.required_roles", false, new Function1<String, String>() { // from class: no.nav.helse.dusseldorf.ktor.auth.AuthConfigKt$issuers$resolvedIssuer$requiredRoles$1
                        @NotNull
                        public final String invoke(@NotNull String str4) {
                            Intrinsics.checkParameterIsNotNull(str4, "value");
                            return str4;
                        }
                    }));
                    String optionalString5 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "azure.require_certificate_client_authentication", false);
                    issuer = new Azure(str2, new URL(str3), optionalString4, requiredString, set, set2, set3, optionalString5 != null && StringsKt.equals("true", optionalString5, true));
                }
                linkedHashMap.put(requiredString, issuer);
            }
        }
        logger.info(linkedHashMap.size() + " Issuers konfigueret.");
        return MapsKt.toMap(linkedHashMap);
    }

    @KtorExperimentalAPI
    @NotNull
    public static /* synthetic */ Map issuers$default(ApplicationConfig applicationConfig, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = "nav.auth.issuers";
        }
        return issuers(applicationConfig, str);
    }

    @KtorExperimentalAPI
    @NotNull
    public static final Map<String, Client> clients(@NotNull ApplicationConfig applicationConfig, @NotNull String str) {
        String requiredString;
        Client privateKeyClient;
        Intrinsics.checkParameterIsNotNull(applicationConfig, "$this$clients");
        Intrinsics.checkParameterIsNotNull(str, "path");
        List<ApplicationConfig> configList = applicationConfig.configList(str);
        List list = configList;
        if (list == null || list.isEmpty()) {
            return MapsKt.emptyMap();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (ApplicationConfig applicationConfig2 : configList) {
            String requiredString2 = ApplicationConfigExtKt.getRequiredString(applicationConfig2, "alias", false);
            logger.info("Client[" + requiredString2 + ']');
            String optionalString = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "client_id", false);
            if (optionalString == null) {
                logger.info("Client[" + requiredString2 + "] ikke konfigurert.");
            } else {
                logger.info("Client[" + requiredString2 + "] er konfigurert.");
                String optionalString2 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "client_secret", true);
                String optionalString3 = ApplicationConfigExtKt.getOptionalString(applicationConfig2, "private_key_jwk", true);
                if (optionalString2 != null && optionalString3 != null) {
                    throw new IllegalStateException("Både 'private_key_jwk' og 'client_secret' satt for Client[" + requiredString2 + "]. Kun en av disse kan settes per client.");
                }
                if (optionalString2 == null && optionalString3 == null) {
                    throw new IllegalStateException("Hverken 'private_key_jwk' eller 'client_secret' satt for Client[" + requiredString2 + "]. En av disse må settes per client.");
                }
                JSONObject jSONObject = (JSONObject) BuildersKt.runBlocking$default((CoroutineContext) null, new AuthConfigKt$clients$discoveryJson$1(applicationConfig2, null), 1, (Object) null);
                if (jSONObject != null) {
                    Object obj = jSONObject.get(TOKEN_ENDPOINT);
                    if (obj == null) {
                        throw new TypeCastException("null cannot be cast to non-null type kotlin.String");
                    }
                    requiredString = (String) obj;
                } else {
                    requiredString = ApplicationConfigExtKt.getRequiredString(applicationConfig2, TOKEN_ENDPOINT, false);
                }
                URL url = new URL(requiredString);
                logger.info("Client[" + requiredString2 + "].token_endpoint = '" + url + '\'');
                if (optionalString2 != null) {
                    privateKeyClient = new ClientSecretClient(optionalString, url, optionalString2);
                } else {
                    String requiredString3 = ApplicationConfigExtKt.getRequiredString(applicationConfig2, "certificate_hex_thumbprint", false);
                    if (optionalString3 == null) {
                        Intrinsics.throwNpe();
                    }
                    privateKeyClient = new PrivateKeyClient(optionalString, url, optionalString3, requiredString3);
                }
                linkedHashMap.put(requiredString2, privateKeyClient);
            }
        }
        logger.info(linkedHashMap.size() + " clients konfigurert.");
        return MapsKt.toMap(linkedHashMap);
    }

    @KtorExperimentalAPI
    @NotNull
    public static /* synthetic */ Map clients$default(ApplicationConfig applicationConfig, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = "nav.auth.clients";
        }
        return clients(applicationConfig, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final JSONObject discover(@NotNull String str, List<String> list) {
        String str2 = new String(TextStreamsKt.readBytes(new URL(str)), Charsets.UTF_8);
        Object parse = jsonParser.parse(str2);
        if (parse == null) {
            throw new TypeCastException("null cannot be cast to non-null type org.json.simple.JSONObject");
        }
        JSONObject jSONObject = (JSONObject) parse;
        if (containsKeys(jSONObject, list)) {
            return jSONObject;
        }
        logger.warn("Response fra Discovery Endpoint inneholdt ikke attributtene '[" + CollectionsKt.joinToString$default(list, (CharSequence) null, (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 63, (Object) null) + "]'. Response='" + str2 + '\'');
        return null;
    }

    private static final boolean containsKeys(@NotNull JSONObject jSONObject, List<String> list) {
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            if (!jSONObject.containsKey((String) it.next())) {
                return false;
            }
        }
        return true;
    }

    static {
        Logger logger2 = LoggerFactory.getLogger("no.nav.helse.dusseldorf.ktor.auth.AuthConfig");
        Intrinsics.checkExpressionValueIsNotNull(logger2, "LoggerFactory.getLogger(…rf.ktor.auth.AuthConfig\")");
        logger = logger2;
    }
}
