package com.okta.spring.boot.sdk;

import com.okta.sdk.authc.credentials.ClientCredentials;
import com.okta.sdk.authc.credentials.TokenClientCredentials;
import com.okta.sdk.client.AuthenticationScheme;
import com.okta.sdk.client.Client;
import com.okta.sdk.client.ClientBuilder;
import com.okta.sdk.client.Clients;
import com.okta.sdk.client.Proxy;
import com.okta.sdk.lang.Strings;
import com.okta.spring.boot.sdk.cache.SpringCacheManager;
import com.okta.spring.boot.sdk.config.OktaClientProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionMessage;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cache.CacheManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.type.AnnotatedTypeMetadata;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({OktaClientProperties.class})
@Configuration
@ConditionalOnClass({Client.class})
@Conditional({OktaApiTokenCondition.class})
/* loaded from: input_file:com/okta/spring/boot/sdk/OktaSdkConfig.class */
public class OktaSdkConfig {
    private final OktaClientProperties oktaClientProperties;
    private final CacheManager springCacheManager;

    /* loaded from: input_file:com/okta/spring/boot/sdk/OktaSdkConfig$OktaApiTokenCondition.class */
    static class OktaApiTokenCondition extends SpringBootCondition {
        OktaApiTokenCondition() {
        }

        public ConditionOutcome getMatchOutcome(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
            ConditionMessage.Builder forCondition = ConditionMessage.forCondition("Okta Api Token Condition", new Object[0]);
            return StringUtils.hasText(conditionContext.getEnvironment().getProperty("okta.client.token")) ? ConditionOutcome.match(forCondition.foundExactly("provided API token")) : ConditionOutcome.noMatch(forCondition.didNotFind("provided API token").atAll());
        }
    }

    public OktaSdkConfig(OktaClientProperties oktaClientProperties, @Autowired(required = false) CacheManager cacheManager) {
        this.oktaClientProperties = oktaClientProperties;
        this.springCacheManager = cacheManager;
    }

    @Bean
    protected Client oktaSdkClient() {
        ClientBuilder orgUrl = Clients.builder().setCacheManager(oktaSdkCacheManager()).setAuthenticationScheme(oktaSdkAuthenticationScheme()).setConnectionTimeout(this.oktaClientProperties.getConnectionTimeout()).setClientCredentials(oktaSdkClientCredentials()).setOrgUrl(this.oktaClientProperties.getOrgUrl());
        if (oktaSdkProxy() != null) {
            orgUrl.setProxy(oktaSdkProxy());
        }
        return orgUrl.build();
    }

    private AuthenticationScheme oktaSdkAuthenticationScheme() {
        return AuthenticationScheme.SSWS;
    }

    private Proxy oktaSdkProxy() {
        OktaClientProperties.ClientProxyInfo proxy = this.oktaClientProperties.getProxy();
        if (proxy == null || !Strings.hasText(proxy.getHostname())) {
            return null;
        }
        return (Strings.hasText(proxy.getUsername()) || Strings.hasText(proxy.getPassword())) ? new Proxy(proxy.getHostname(), proxy.getPort(), proxy.getUsername(), proxy.getPassword()) : new Proxy(proxy.getHostname(), proxy.getPort());
    }

    private com.okta.sdk.cache.CacheManager oktaSdkCacheManager() {
        if (this.springCacheManager != null) {
            return new SpringCacheManager(this.springCacheManager);
        }
        return null;
    }

    @ConditionalOnMissingBean
    @Bean
    protected ClientCredentials oktaSdkClientCredentials() {
        return new TokenClientCredentials(this.oktaClientProperties.getToken());
    }
}
