package com.evolveum.midpoint.authentication.impl.module.configuration;

import com.evolveum.midpoint.authentication.impl.filter.oidc.OpaqueTokenUserDetailsIntrospector;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OidcAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OpaqueTokenOidcResourceServerType;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrations;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.10-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/module/configuration/OpaqueTokenOidcResourceServerConfiguration.class */
public class OpaqueTokenOidcResourceServerConfiguration extends RemoteModuleWebSecurityConfiguration {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) OpaqueTokenOidcResourceServerConfiguration.class);
    private OpaqueTokenIntrospector introspector;

    private OpaqueTokenOidcResourceServerConfiguration() {
    }

    public OpaqueTokenIntrospector getIntrospector() {
        return this.introspector;
    }

    public static OpaqueTokenOidcResourceServerConfiguration build(OidcAuthenticationModuleType oidcAuthenticationModuleType, String str) {
        OpaqueTokenOidcResourceServerConfiguration buildInternal = buildInternal(oidcAuthenticationModuleType, str);
        buildInternal.validate();
        return buildInternal;
    }

    private static OpaqueTokenOidcResourceServerConfiguration buildInternal(OidcAuthenticationModuleType oidcAuthenticationModuleType, String str) {
        OpaqueTokenOidcResourceServerConfiguration opaqueTokenOidcResourceServerConfiguration = new OpaqueTokenOidcResourceServerConfiguration();
        build(opaqueTokenOidcResourceServerConfiguration, oidcAuthenticationModuleType, str);
        OpaqueTokenOidcResourceServerType opaqueToken = oidcAuthenticationModuleType.getResourceServer().getOpaqueToken();
        ClientRegistration.Builder builder = null;
        try {
            builder = ClientRegistrations.fromOidcIssuerLocation(opaqueToken.getIssuerUri());
        } catch (Exception e) {
            LOGGER.debug("Couldn't create oidc client builder by issuer uri.");
        }
        if (builder == null) {
            builder = ClientRegistration.withRegistrationId("unknownRegistrationId");
        } else {
            builder.registrationId("unknownRegistrationId");
        }
        builder.authorizationGrantType(AuthorizationGrantType.JWT_BEARER);
        if (StringUtils.isNotEmpty(opaqueToken.getUserInfoUri())) {
            builder.userInfoUri(opaqueToken.getUserInfoUri());
        }
        if (StringUtils.isNotEmpty(opaqueToken.getNameOfUsernameClaim())) {
            builder.userNameAttributeName(opaqueToken.getNameOfUsernameClaim());
        }
        builder.scope(OidcScopes.OPENID);
        opaqueTokenOidcResourceServerConfiguration.introspector = new OpaqueTokenUserDetailsIntrospector(builder.build());
        return opaqueTokenOidcResourceServerConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.module.configuration.ModuleWebSecurityConfigurationImpl
    public void validate() {
        super.validate();
        if (getIntrospector() == null) {
            throw new IllegalArgumentException("Opaque token introspector is null, please define user info uri or issuer uri in configuration of OIDC authentication module");
        }
    }
}
