package be.atbash.ee.security.octopus.sso.config;

import be.atbash.config.AbstractConfiguration;
import be.atbash.config.logging.ConfigEntry;
import be.atbash.config.logging.ModuleConfig;
import be.atbash.config.logging.ModuleConfigName;
import be.atbash.ee.security.octopus.config.exception.ConfigurationException;
import be.atbash.ee.security.octopus.sso.client.config.OctopusSSOServerClientConfiguration;
import be.atbash.ee.security.octopus.sso.core.client.SSOFlow;
import be.atbash.util.StringUtils;
import com.nimbusds.jose.util.Base64;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;

@ApplicationScoped
@ModuleConfigName("Octopus SSO Client Configuration")
/* loaded from: input_file:be/atbash/ee/security/octopus/sso/config/OctopusSSOClientConfiguration.class */
public class OctopusSSOClientConfiguration extends AbstractConfiguration implements ModuleConfig {

    @Inject
    private OctopusSSOServerClientConfiguration serverClientConfiguration;

    @Inject
    @ConfigProperty(name = "unauthorizedExceptionPage", defaultValue = "/unauthorized.xhtml")
    private String unauthorizedPage;

    @ConfigEntry
    public String getLoginPage() {
        return this.serverClientConfiguration.getOctopusSSOServer() + "/octopus/sso/authenticate";
    }

    @ConfigEntry
    public String getUnauthorizedExceptionPage() {
        return this.unauthorizedPage;
    }

    @ConfigEntry
    public String getSSOApplicationSuffix() {
        return (String) getOptionalValue("SSO.application.suffix", "", String.class);
    }

    @ConfigEntry
    public String getSSOClientId() {
        String defineConfigValue = defineConfigValue("SSO.clientId");
        if (StringUtils.isEmpty(defineConfigValue)) {
            throw new ConfigurationException("Value for {SSO.application}SSO.clientId parameter is empty");
        }
        return defineConfigValue;
    }

    @ConfigEntry(noLogging = true)
    public byte[] getSSOClientSecret() {
        String defineConfigValue = defineConfigValue("SSO.clientSecret");
        if (getSSOType() == SSOFlow.AUTHORIZATION_CODE && StringUtils.isEmpty(defineConfigValue)) {
            throw new ConfigurationException("Value for {SSO.application}SSO.clientSecret parameter is empty");
        }
        if (defineConfigValue == null || defineConfigValue.trim().isEmpty()) {
            return new byte[0];
        }
        byte[] decode = new Base64(defineConfigValue).decode();
        if (decode.length < 32) {
            throw new ConfigurationException("value for {SSO.application}SSO.clientSecret must be at least 32 byte (256 bit)");
        }
        return decode;
    }

    @ConfigEntry(noLogging = true)
    public byte[] getSSOIdTokenSecret() {
        String defineConfigValue = defineConfigValue("SSO.idTokenSecret");
        if (StringUtils.isEmpty(defineConfigValue)) {
            throw new ConfigurationException("Value for {SSO.application}SSO.idTokenSecret parameter is empty");
        }
        byte[] decode = new Base64(defineConfigValue).decode();
        if (decode.length < 32) {
            throw new ConfigurationException("value for {SSO.application}SSO.idTokenSecret must be at least 32 byte (256 bit)");
        }
        return decode;
    }

    @ConfigEntry
    public SSOFlow getSSOType() {
        SSOFlow defineFlow = SSOFlow.defineFlow(defineConfigValue("SSO.flow"));
        if (defineFlow == null) {
            throw new ConfigurationException("Value for {SSO.application}SSO.flow parameter is invalid. Must be 'token' or 'code'");
        }
        return defineFlow;
    }

    @ConfigEntry
    public String getSSOScopes() {
        String defineConfigValue = defineConfigValue("SSO.scopes");
        if (defineConfigValue == null) {
            defineConfigValue = "";
        }
        return defineConfigValue;
    }

    private String defineConfigValue(String str) {
        String str2 = (String) getOptionalValue((this.serverClientConfiguration.getSSOApplication() + getSSOApplicationSuffix()) + '.' + str, "", String.class);
        if (str2.trim().isEmpty()) {
            str2 = (String) getOptionalValue(str, "", String.class);
        }
        return str2;
    }

    @ConfigEntry
    public String getAccessPermission() {
        return (String) getOptionalValue("SSO.application.permission.access", "", String.class);
    }
}
