package com.sap.cloud.security.token.validation.validators;

import com.sap.cloud.security.config.OAuth2ServiceConfiguration;
import com.sap.cloud.security.config.Service;
import com.sap.cloud.security.token.Token;
import com.sap.cloud.security.token.validation.CombiningValidator;
import com.sap.cloud.security.token.validation.ValidationListener;
import com.sap.cloud.security.token.validation.Validator;
import com.sap.cloud.security.xsuaa.Assertions;
import com.sap.cloud.security.xsuaa.client.DefaultOAuth2TokenKeyService;
import com.sap.cloud.security.xsuaa.client.DefaultOidcConfigurationService;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenKeyService;
import com.sap.cloud.security.xsuaa.client.OidcConfigurationService;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
import org.apache.http.impl.client.CloseableHttpClient;

/* loaded from: input_file:com/sap/cloud/security/token/validation/validators/JwtValidatorBuilder.class */
public class JwtValidatorBuilder {
    private static Map<OAuth2ServiceConfiguration, JwtValidatorBuilder> instances = new HashMap();
    private OAuth2ServiceConfiguration configuration;
    private OAuth2ServiceConfiguration otherConfiguration;
    private Validator<Token> customAudienceValidator;
    private final Collection<Validator<Token>> validators = new ArrayList();
    private final List<ValidationListener> validationListeners = new ArrayList();
    private OidcConfigurationService oidcConfigurationService = null;
    private OAuth2TokenKeyService tokenKeyService = null;

    private JwtValidatorBuilder() {
    }

    public static JwtValidatorBuilder getInstance(OAuth2ServiceConfiguration oAuth2ServiceConfiguration) {
        Assertions.assertNotNull(oAuth2ServiceConfiguration, "configuration must not be null");
        if (instances.containsKey(oAuth2ServiceConfiguration)) {
            return instances.get(oAuth2ServiceConfiguration);
        }
        JwtValidatorBuilder jwtValidatorBuilder = new JwtValidatorBuilder();
        jwtValidatorBuilder.configuration = oAuth2ServiceConfiguration;
        instances.put(oAuth2ServiceConfiguration, jwtValidatorBuilder);
        return jwtValidatorBuilder;
    }

    public JwtValidatorBuilder with(Validator<Token> validator) {
        this.validators.add(validator);
        return this;
    }

    public JwtValidatorBuilder withAudienceValidator(Validator<Token> validator) {
        this.customAudienceValidator = validator;
        return this;
    }

    @Deprecated
    public JwtValidatorBuilder withOAuth2TokenKeyService(OAuth2TokenKeyService oAuth2TokenKeyService) {
        this.tokenKeyService = oAuth2TokenKeyService;
        return this;
    }

    @Deprecated
    public JwtValidatorBuilder withOidcConfigurationService(OidcConfigurationService oidcConfigurationService) {
        this.oidcConfigurationService = oidcConfigurationService;
        return this;
    }

    public JwtValidatorBuilder withHttpClient(CloseableHttpClient closeableHttpClient) {
        if (closeableHttpClient != null) {
            this.oidcConfigurationService = new DefaultOidcConfigurationService(closeableHttpClient);
            this.tokenKeyService = new DefaultOAuth2TokenKeyService(closeableHttpClient);
        }
        return this;
    }

    public JwtValidatorBuilder configureAnotherServiceInstance(@Nullable OAuth2ServiceConfiguration oAuth2ServiceConfiguration) {
        if (oAuth2ServiceConfiguration != this.configuration) {
            this.otherConfiguration = oAuth2ServiceConfiguration;
        }
        return this;
    }

    public JwtValidatorBuilder withValidatorListener(ValidationListener validationListener) {
        this.validationListeners.add(validationListener);
        return this;
    }

    public CombiningValidator<Token> build() {
        List<Validator<Token>> createDefaultValidators = createDefaultValidators();
        createDefaultValidators.addAll(this.validators);
        CombiningValidator<Token> combiningValidator = new CombiningValidator<>(createDefaultValidators);
        List<ValidationListener> list = this.validationListeners;
        combiningValidator.getClass();
        list.forEach(combiningValidator::registerValidationListener);
        return combiningValidator;
    }

    private List<Validator<Token>> createDefaultValidators() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JwtTimestampValidator());
        if (this.configuration.getService() == Service.XSUAA) {
            if (!this.configuration.isLegacyMode()) {
                arrayList.add(new XsuaaJwtIssuerValidator(this.configuration.getProperty("uaadomain")));
            }
        } else if (this.configuration.getService() == Service.IAS) {
            arrayList.add(new JwtIssuerValidator(this.configuration.getUrl()));
        }
        arrayList.add(new JwtSignatureValidator(this.configuration, getTokenKeyServiceWithCache(), getOidcConfigurationServiceWithCache()));
        Optional ofNullable = Optional.ofNullable(this.customAudienceValidator);
        arrayList.getClass();
        ofNullable.ifPresent((v1) -> {
            r1.add(v1);
        });
        if (this.customAudienceValidator == null) {
            arrayList.add(createAudienceValidator());
        }
        return arrayList;
    }

    private JwtAudienceValidator createAudienceValidator() {
        JwtAudienceValidator jwtAudienceValidator = new JwtAudienceValidator(this.configuration.getClientId());
        if (this.configuration.hasProperty("xsappname")) {
            jwtAudienceValidator.configureTrustedClientId(this.configuration.getProperty("xsappname"));
        }
        if (this.otherConfiguration != null) {
            jwtAudienceValidator.configureTrustedClientId(this.otherConfiguration.getClientId());
            if (this.otherConfiguration.hasProperty("xsappname")) {
                jwtAudienceValidator.configureTrustedClientId(this.otherConfiguration.getProperty("xsappname"));
            }
        }
        return jwtAudienceValidator;
    }

    private OAuth2TokenKeyServiceWithCache getTokenKeyServiceWithCache() {
        return this.tokenKeyService != null ? OAuth2TokenKeyServiceWithCache.getInstance().withTokenKeyService(this.tokenKeyService) : OAuth2TokenKeyServiceWithCache.getInstance();
    }

    private OidcConfigurationServiceWithCache getOidcConfigurationServiceWithCache() {
        return this.oidcConfigurationService != null ? OidcConfigurationServiceWithCache.getInstance().withOidcConfigurationService(this.oidcConfigurationService) : OidcConfigurationServiceWithCache.getInstance();
    }
}
