package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.oauth2;

import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.identity.api.server.application.management.v1.AccessTokenConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ClientAuthenticationConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.IdTokenConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.OAuth2PKCEConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.OIDCLogoutConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.PushAuthorizationRequestConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.RefreshTokenConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.SubjectConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.application.management.v1-1.2.152.jar:org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.class */
public class ApiModelToOAuthConsumerApp implements ApiModelToOAuthConsumerAppFunction<OpenIDConnectConfiguration, OAuthConsumerAppDTO> {
    @Override // org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.oauth2.ApiModelToOAuthConsumerAppFunction
    public OAuthConsumerAppDTO apply(String str, OpenIDConnectConfiguration openIDConnectConfiguration) {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        oAuthConsumerAppDTO.setApplicationName(str);
        oAuthConsumerAppDTO.setOauthConsumerKey(openIDConnectConfiguration.getClientId());
        oAuthConsumerAppDTO.setOauthConsumerSecret(openIDConnectConfiguration.getClientSecret());
        oAuthConsumerAppDTO.setCallbackUrl(getCallbackUrl(openIDConnectConfiguration.getCallbackURLs()));
        oAuthConsumerAppDTO.setOAuthVersion("OAuth-2.0");
        oAuthConsumerAppDTO.setGrantTypes(getGrantTypes(openIDConnectConfiguration));
        oAuthConsumerAppDTO.setScopeValidators(getScopeValidators(openIDConnectConfiguration));
        oAuthConsumerAppDTO.setBypassClientCredentials(openIDConnectConfiguration.getPublicClient().booleanValue());
        oAuthConsumerAppDTO.setRequestObjectSignatureValidationEnabled(openIDConnectConfiguration.getValidateRequestObjectSignature().booleanValue());
        updateAllowedOrigins(oAuthConsumerAppDTO, openIDConnectConfiguration.getAllowedOrigins());
        updatePkceConfigurations(oAuthConsumerAppDTO, openIDConnectConfiguration.getPkce());
        updateAccessTokenConfiguration(oAuthConsumerAppDTO, openIDConnectConfiguration.getAccessToken());
        updateRefreshTokenConfiguration(oAuthConsumerAppDTO, openIDConnectConfiguration.getRefreshToken());
        updateIdTokenConfiguration(oAuthConsumerAppDTO, openIDConnectConfiguration.getIdToken());
        updateOidcLogoutConfiguration(oAuthConsumerAppDTO, openIDConnectConfiguration.getLogout());
        updateClientAuthenticationConfigurations(oAuthConsumerAppDTO, openIDConnectConfiguration.getClientAuthentication());
        updateRequestObjectConfiguration(oAuthConsumerAppDTO, openIDConnectConfiguration.getRequestObject());
        updatePARConfigurations(oAuthConsumerAppDTO, openIDConnectConfiguration.getPushAuthorizationRequest());
        updateSubjectConfigurations(oAuthConsumerAppDTO, openIDConnectConfiguration.getSubject());
        oAuthConsumerAppDTO.setFapiConformanceEnabled(openIDConnectConfiguration.getIsFAPIApplication().booleanValue());
        return oAuthConsumerAppDTO;
    }

    private String getGrantTypes(OpenIDConnectConfiguration openIDConnectConfiguration) {
        if (CollectionUtils.isEmpty(openIDConnectConfiguration.getGrantTypes())) {
            return null;
        }
        return StringUtils.join(openIDConnectConfiguration.getGrantTypes(), " ");
    }

    private void updateOidcLogoutConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO, OIDCLogoutConfiguration oIDCLogoutConfiguration) {
        if (oIDCLogoutConfiguration != null) {
            oAuthConsumerAppDTO.setBackChannelLogoutUrl(oIDCLogoutConfiguration.getBackChannelLogoutUrl());
            oAuthConsumerAppDTO.setFrontchannelLogoutUrl(oIDCLogoutConfiguration.getFrontChannelLogoutUrl());
        }
    }

    private void updateIdTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO, IdTokenConfiguration idTokenConfiguration) {
        if (idTokenConfiguration != null) {
            Long expiryInSeconds = idTokenConfiguration.getExpiryInSeconds();
            Objects.requireNonNull(oAuthConsumerAppDTO);
            Utils.setIfNotNull(expiryInSeconds, (Consumer<Long>) (v1) -> {
                r1.setIdTokenExpiryTime(v1);
            });
            oAuthConsumerAppDTO.setAudiences((String[]) Optional.ofNullable(idTokenConfiguration.getAudience()).map(list -> {
                return (String[]) list.toArray(new String[0]);
            }).orElse(new String[0]));
            oAuthConsumerAppDTO.setIdTokenSignatureAlgorithm(idTokenConfiguration.getIdTokenSignedResponseAlg());
            if (idTokenConfiguration.getEncryption() != null) {
                boolean isIdTokenEncryptionEnabled = isIdTokenEncryptionEnabled(idTokenConfiguration);
                oAuthConsumerAppDTO.setIdTokenEncryptionEnabled(isIdTokenEncryptionEnabled);
                if (isIdTokenEncryptionEnabled) {
                    oAuthConsumerAppDTO.setIdTokenEncryptionAlgorithm(idTokenConfiguration.getEncryption().getAlgorithm());
                    oAuthConsumerAppDTO.setIdTokenEncryptionMethod(idTokenConfiguration.getEncryption().getMethod());
                }
            }
        }
    }

    private boolean isIdTokenEncryptionEnabled(IdTokenConfiguration idTokenConfiguration) {
        return idTokenConfiguration.getEncryption().getEnabled() != null && idTokenConfiguration.getEncryption().getEnabled().booleanValue();
    }

    private void updateRefreshTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO, RefreshTokenConfiguration refreshTokenConfiguration) {
        if (refreshTokenConfiguration != null) {
            oAuthConsumerAppDTO.setRefreshTokenExpiryTime(refreshTokenConfiguration.getExpiryInSeconds().longValue());
            oAuthConsumerAppDTO.setRenewRefreshTokenEnabled(refreshTokenConfiguration.getRenewRefreshToken() != null ? String.valueOf(refreshTokenConfiguration.getRenewRefreshToken()) : null);
        }
    }

    private void updateAllowedOrigins(OAuthConsumerAppDTO oAuthConsumerAppDTO, List<String> list) {
    }

    private void updateAccessTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO, AccessTokenConfiguration accessTokenConfiguration) {
        if (accessTokenConfiguration != null) {
            oAuthConsumerAppDTO.setTokenType(accessTokenConfiguration.getType());
            oAuthConsumerAppDTO.setUserAccessTokenExpiryTime(accessTokenConfiguration.getUserAccessTokenExpiryInSeconds().longValue());
            oAuthConsumerAppDTO.setApplicationAccessTokenExpiryTime(accessTokenConfiguration.getApplicationAccessTokenExpiryInSeconds().longValue());
            oAuthConsumerAppDTO.setTokenBindingType(accessTokenConfiguration.getBindingType());
            if (accessTokenConfiguration.getRevokeTokensWhenIDPSessionTerminated() != null) {
                oAuthConsumerAppDTO.setTokenRevocationWithIDPSessionTerminationEnabled(accessTokenConfiguration.getRevokeTokensWhenIDPSessionTerminated().booleanValue());
            } else {
                oAuthConsumerAppDTO.setTokenRevocationWithIDPSessionTerminationEnabled(false);
            }
            if (accessTokenConfiguration.getValidateTokenBinding() != null) {
                oAuthConsumerAppDTO.setTokenBindingValidationEnabled(accessTokenConfiguration.getValidateTokenBinding().booleanValue());
            } else {
                oAuthConsumerAppDTO.setTokenBindingValidationEnabled(false);
            }
        }
    }

    private void updatePkceConfigurations(OAuthConsumerAppDTO oAuthConsumerAppDTO, OAuth2PKCEConfiguration oAuth2PKCEConfiguration) {
        if (oAuth2PKCEConfiguration != null) {
            oAuthConsumerAppDTO.setPkceMandatory(oAuth2PKCEConfiguration.getMandatory().booleanValue());
            oAuthConsumerAppDTO.setPkceSupportPlain(oAuth2PKCEConfiguration.getSupportPlainTransformAlgorithm().booleanValue());
        }
    }

    private String[] getScopeValidators(OpenIDConnectConfiguration openIDConnectConfiguration) {
        return (String[]) Optional.ofNullable(openIDConnectConfiguration.getScopeValidators()).map(list -> {
            return (String[]) list.toArray(new String[0]);
        }).orElse(new String[0]);
    }

    private String getCallbackUrl(List<String> list) {
        if (!CollectionUtils.isNotEmpty(list)) {
            return null;
        }
        if (list.size() > 1) {
            throw Utils.buildNotImplementedError("Multiple callbacks for OAuth2 are not supported yet. Please use regex to define multiple callbacks.");
        }
        if (list.size() == 1) {
            return list.get(0);
        }
        return null;
    }

    private void updateClientAuthenticationConfigurations(OAuthConsumerAppDTO oAuthConsumerAppDTO, ClientAuthenticationConfiguration clientAuthenticationConfiguration) {
        if (clientAuthenticationConfiguration != null) {
            oAuthConsumerAppDTO.setTokenEndpointAuthMethod(clientAuthenticationConfiguration.getTokenEndpointAuthMethod());
            oAuthConsumerAppDTO.setTokenEndpointAuthSignatureAlgorithm(clientAuthenticationConfiguration.getTokenEndpointAuthSigningAlg());
            oAuthConsumerAppDTO.setTlsClientAuthSubjectDN(clientAuthenticationConfiguration.getTlsClientAuthSubjectDn());
        }
    }

    private void updatePARConfigurations(OAuthConsumerAppDTO oAuthConsumerAppDTO, PushAuthorizationRequestConfiguration pushAuthorizationRequestConfiguration) {
        if (pushAuthorizationRequestConfiguration != null) {
            oAuthConsumerAppDTO.setRequirePushedAuthorizationRequests(pushAuthorizationRequestConfiguration.getRequirePushAuthorizationRequest().booleanValue());
        }
    }

    private void updateRequestObjectConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO, RequestObjectConfiguration requestObjectConfiguration) {
        if (requestObjectConfiguration != null) {
            if (requestObjectConfiguration.getEncryption() != null && requestObjectConfiguration.getEncryption().getAlgorithm() != null) {
                oAuthConsumerAppDTO.setRequestObjectEncryptionAlgorithm(requestObjectConfiguration.getEncryption().getAlgorithm());
            }
            if (requestObjectConfiguration.getEncryption() != null && requestObjectConfiguration.getEncryption().getMethod() != null) {
                oAuthConsumerAppDTO.setRequestObjectEncryptionMethod(requestObjectConfiguration.getEncryption().getMethod());
            }
            if (requestObjectConfiguration.getRequestObjectSigningAlg() != null) {
                oAuthConsumerAppDTO.setRequestObjectSignatureAlgorithm(requestObjectConfiguration.getRequestObjectSigningAlg());
            }
        }
    }

    private void updateSubjectConfigurations(OAuthConsumerAppDTO oAuthConsumerAppDTO, SubjectConfiguration subjectConfiguration) {
        if (subjectConfiguration != null) {
            oAuthConsumerAppDTO.setSubjectType(subjectConfiguration.getSubjectType());
            oAuthConsumerAppDTO.setSectorIdentifierURI(subjectConfiguration.getSectorIdentifierUri());
        }
    }
}
