package org.keycloak.services.clientpolicy.executor;

import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.provider.ProviderConfigProperty;

/* loaded from: input_file:org/keycloak/services/clientpolicy/executor/ClientSecretRotationExecutorFactory.class */
public class ClientSecretRotationExecutorFactory implements ClientPolicyExecutorProviderFactory, EnvironmentDependentProviderFactory {
    public static final String PROVIDER_ID = "secret-rotation";
    public static final String SECRET_EXPIRATION_PERIOD = "expiration-period";
    public static final String SECRET_REMAINING_ROTATION_PERIOD = "remaining-rotation-period";
    public static final String SECRET_ROTATED_EXPIRATION_PERIOD = "rotated-expiration-period";
    public static final Integer DEFAULT_SECRET_EXPIRATION_PERIOD = Integer.valueOf(Long.valueOf(TimeUnit.DAYS.toSeconds(29)).intValue());
    public static final Integer DEFAULT_SECRET_REMAINING_ROTATION_PERIOD = Integer.valueOf(Long.valueOf(TimeUnit.DAYS.toSeconds(10)).intValue());
    public static final Integer DEFAULT_SECRET_ROTATED_EXPIRATION_PERIOD = Integer.valueOf(Long.valueOf(TimeUnit.DAYS.toSeconds(2)).intValue());
    private static final List<ProviderConfigProperty> configProperties = new ArrayList();

    public String getHelpText() {
        return "The executor verifies that secret rotation is enabled for the client. If rotation is enabled, it provides validation of secrets and performs rotation if necessary.";
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public ClientPolicyExecutorProvider m583create(KeycloakSession keycloakSession) {
        return new ClientSecretRotationExecutor(keycloakSession);
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void close() {
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public boolean isSupported(Config.Scope scope) {
        return Profile.isFeatureEnabled(Profile.Feature.CLIENT_SECRET_ROTATION);
    }

    static {
        configProperties.add(new ProviderConfigProperty(SECRET_EXPIRATION_PERIOD, "Secret expiration", "When the secret is rotated. The time frequency for generating a new secret. (In seconds)", "String", DEFAULT_SECRET_EXPIRATION_PERIOD));
        configProperties.add(new ProviderConfigProperty(SECRET_ROTATED_EXPIRATION_PERIOD, "Rotated Secret expiration", "When secret is rotated, this is the remaining expiration time for the old secret. This value should be always smaller than Secret expiration. When this is set to 0, the old secret will be immediately removed during client rotation (In seconds)", "String", DEFAULT_SECRET_ROTATED_EXPIRATION_PERIOD));
        configProperties.add(new ProviderConfigProperty(SECRET_REMAINING_ROTATION_PERIOD, "Remain Expiration Time", "During dynamic client registration client-update request, the client secret will be automatically rotated if the remaining expiration time of the current secret is smaller than the value specified by this option. This configuration option is relevant only for dynamic client update requests (In seconds)", "String", DEFAULT_SECRET_REMAINING_ROTATION_PERIOD));
    }
}
