package ch.usp.core.waap.spec.v1.spec.auth;

import ch.usp.core.waap.spec.v1.spec.WaapSpecValidationException;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonPropertyDescription;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import io.fabric8.generator.annotation.Default;
import io.fabric8.generator.annotation.Pattern;
import io.fabric8.generator.annotation.Required;
import io.sundr.model.Node;
import jakarta.json.bind.annotation.JsonbNillable;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.BooleanUtils;

@JsonbNillable
@JsonDeserialize(builder = WaapAuthBuilder.class)
/* loaded from: input_file:ch/usp/core/waap/spec/v1/spec/auth/WaapAuth.class */
public class WaapAuth {

    @Required
    @JsonPropertyDescription("Name to reference in routes || required")
    @Pattern(Node.DOT)
    private String name;

    @JsonPropertyDescription("OIDC OP issuer (mandatory for OIDC authentication, optional if JWT-only authentication)")
    @Pattern("https://.*")
    private String issuer;

    @JsonPropertyDescription("OIDC OP authorization endpoint URL (omit to mark JWT-only authentication; note that tokenEndpoint and credentials must always also be defined resp. omitted accordingly)")
    @Pattern("https://.*")
    private String authorizationEndpoint;

    @JsonPropertyDescription("OIDC OP token endpoint URL (omit if JWT-only authentication)")
    @Pattern("https://.*")
    private String tokenEndpoint;

    @JsonPropertyDescription("How to pass the client_id to the OP (BODY for URL-encoded body parameter, BASIC for basic auth) || default BODY")
    @Default("BODY")
    private TokenEndpointAuthType tokenEndpointAuthType;

    @JsonPropertyDescription("Whether to allow automatic access token refresh using the associated refresh token || default false")
    @Default(BooleanUtils.FALSE)
    @Pattern("(true|false)")
    private boolean useRefreshToken;

    @JsonPropertyDescription("OIDC credentials (client_id and client_secret, omit if only using JWT validation)")
    private WaapAuthCredentials credentials;

    @Required
    @JsonPropertyDescription("OIDC JWKS endpoint URL, offers credentials to verify JWTs (normally use https) || required")
    @Pattern("https?://.*")
    private String jwksEndpoint;

    @JsonPropertyDescription("List of scopes to be claimed in the authorization request")
    @JsonInclude(JsonInclude.Include.NON_EMPTY)
    private List<String> scopes;

    @JsonPropertyDescription("List of accepted JWT audiences (if none is specified the JWT is not matched against the audience list)")
    @JsonInclude(JsonInclude.Include.NON_EMPTY)
    private List<String> audiences;

    @Required
    @JsonPropertyDescription("Settings for propagation to backend || required")
    private WaapAuthBackend backend;

    /* loaded from: input_file:ch/usp/core/waap/spec/v1/spec/auth/WaapAuth$TokenEndpointAuthType.class */
    public enum TokenEndpointAuthType {
        BODY,
        BASIC
    }

    @JsonPOJOBuilder(withPrefix = "", buildMethodName = JsonPOJOBuilder.DEFAULT_BUILD_METHOD)
    /* loaded from: input_file:ch/usp/core/waap/spec/v1/spec/auth/WaapAuth$WaapAuthBuilder.class */
    public static class WaapAuthBuilder {
        private String name;
        private String issuer;
        private String authorizationEndpoint;
        private String tokenEndpoint;
        private boolean tokenEndpointAuthType$set;
        private TokenEndpointAuthType tokenEndpointAuthType$value;
        private boolean useRefreshToken$set;
        private boolean useRefreshToken$value;
        private WaapAuthCredentials credentials;
        private String jwksEndpoint;
        private boolean scopes$set;
        private List<String> scopes$value;
        private boolean audiences$set;
        private List<String> audiences$value;
        private WaapAuthBackend backend;

        WaapAuthBuilder() {
        }

        public WaapAuthBuilder name(String str) {
            this.name = str;
            return this;
        }

        public WaapAuthBuilder issuer(String str) {
            this.issuer = str;
            return this;
        }

        public WaapAuthBuilder authorizationEndpoint(String str) {
            this.authorizationEndpoint = str;
            return this;
        }

        public WaapAuthBuilder tokenEndpoint(String str) {
            this.tokenEndpoint = str;
            return this;
        }

        public WaapAuthBuilder tokenEndpointAuthType(TokenEndpointAuthType tokenEndpointAuthType) {
            this.tokenEndpointAuthType$value = tokenEndpointAuthType;
            this.tokenEndpointAuthType$set = true;
            return this;
        }

        public WaapAuthBuilder useRefreshToken(boolean z) {
            this.useRefreshToken$value = z;
            this.useRefreshToken$set = true;
            return this;
        }

        public WaapAuthBuilder credentials(WaapAuthCredentials waapAuthCredentials) {
            this.credentials = waapAuthCredentials;
            return this;
        }

        public WaapAuthBuilder jwksEndpoint(String str) {
            this.jwksEndpoint = str;
            return this;
        }

        public WaapAuthBuilder scopes(List<String> list) {
            this.scopes$value = list;
            this.scopes$set = true;
            return this;
        }

        public WaapAuthBuilder audiences(List<String> list) {
            this.audiences$value = list;
            this.audiences$set = true;
            return this;
        }

        public WaapAuthBuilder backend(WaapAuthBackend waapAuthBackend) {
            this.backend = waapAuthBackend;
            return this;
        }

        public WaapAuth build() {
            TokenEndpointAuthType tokenEndpointAuthType = this.tokenEndpointAuthType$value;
            if (!this.tokenEndpointAuthType$set) {
                tokenEndpointAuthType = TokenEndpointAuthType.BODY;
            }
            boolean z = this.useRefreshToken$value;
            if (!this.useRefreshToken$set) {
                z = WaapAuth.$default$useRefreshToken();
            }
            List<String> list = this.scopes$value;
            if (!this.scopes$set) {
                list = WaapAuth.$default$scopes();
            }
            List<String> list2 = this.audiences$value;
            if (!this.audiences$set) {
                list2 = WaapAuth.$default$audiences();
            }
            return new WaapAuth(this.name, this.issuer, this.authorizationEndpoint, this.tokenEndpoint, tokenEndpointAuthType, z, this.credentials, this.jwksEndpoint, list, list2, this.backend);
        }

        public String toString() {
            return "WaapAuth.WaapAuthBuilder(name=" + this.name + ", issuer=" + this.issuer + ", authorizationEndpoint=" + this.authorizationEndpoint + ", tokenEndpoint=" + this.tokenEndpoint + ", tokenEndpointAuthType$value=" + this.tokenEndpointAuthType$value + ", useRefreshToken$value=" + this.useRefreshToken$value + ", credentials=" + this.credentials + ", jwksEndpoint=" + this.jwksEndpoint + ", scopes$value=" + this.scopes$value + ", audiences$value=" + this.audiences$value + ", backend=" + this.backend + ")";
        }
    }

    @JsonIgnore
    public boolean isWithOAuth() {
        return this.authorizationEndpoint != null;
    }

    @JsonIgnore
    public URI getOpEndpointUri() {
        try {
            return new URI(this.jwksEndpoint);
        } catch (URISyntaxException e) {
            throw new RuntimeException("Internal error: Unexpected exception while getting OP endpoint URI (has the WAAP Spec been validated?)");
        }
    }

    public static void validateList(List<WaapAuth> list) {
        list.forEach((v0) -> {
            v0.validate();
        });
        if (((Set) list.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet())).size() < list.size()) {
            throw new WaapSpecValidationException("Authentications contain duplicate names");
        }
    }

    @JsonIgnore
    public void validate() {
        toUriOrNull("issuer", this.issuer);
        URI uriOrNull = toUriOrNull("authorization endpoint", this.authorizationEndpoint);
        URI uriOrNull2 = toUriOrNull("token endpoint", this.tokenEndpoint);
        URI uriOrNull3 = toUriOrNull("JWKS endpoint", this.jwksEndpoint);
        if (this.jwksEndpoint == null) {
            throw new WaapSpecValidationException("The JWKS endoint for authentication '" + this.name + "' is not set");
        }
        if (this.authorizationEndpoint == null) {
            if (this.tokenEndpoint != null || this.credentials != null) {
                throw new WaapSpecValidationException("The authorization endpoint for authentication '" + this.name + "' is not set, marking JWT-only authentication, but token endpoint and/or credentials are set");
            }
        } else {
            if (this.issuer == null || this.tokenEndpoint == null || this.credentials == null) {
                throw new WaapSpecValidationException("The authorization endpoint for authentication '" + this.name + "' is set, marking OAuth2 authentication, but issuer, token endpoint and/or credentials are not set");
            }
            if (!isSameBaseUri(uriOrNull, uriOrNull2) || !isSameBaseUri(uriOrNull2, uriOrNull3)) {
                throw new WaapSpecValidationException("The authorization, token or JWKS endpoints for authentication '" + this.name + "' point to different host:port combinations");
            }
            this.credentials.validate(this.name);
        }
        this.backend.validate(this.name);
    }

    @JsonIgnore
    private URI toUriOrNull(String str, String str2) {
        if (str2 == null) {
            return null;
        }
        try {
            return new URI(str2);
        } catch (URISyntaxException e) {
            throw new WaapSpecValidationException("The " + str + " '" + str2 + "' for authentication '" + this.name + "' is not a valid URI: " + e);
        }
    }

    private static boolean isSameBaseUri(URI uri, URI uri2) {
        if (uri == null && uri2 == null) {
            return true;
        }
        return uri != null && uri2 != null && uri.getScheme().equals(uri2.getScheme()) && uri.getHost().equals(uri2.getHost()) && uri.getPort() == uri2.getPort();
    }

    private static boolean $default$useRefreshToken() {
        return false;
    }

    private static List<String> $default$scopes() {
        return new LinkedList();
    }

    private static List<String> $default$audiences() {
        return new LinkedList();
    }

    public static WaapAuthBuilder builder() {
        return new WaapAuthBuilder();
    }

    public String getName() {
        return this.name;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public String getAuthorizationEndpoint() {
        return this.authorizationEndpoint;
    }

    public String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    public TokenEndpointAuthType getTokenEndpointAuthType() {
        return this.tokenEndpointAuthType;
    }

    public boolean isUseRefreshToken() {
        return this.useRefreshToken;
    }

    public WaapAuthCredentials getCredentials() {
        return this.credentials;
    }

    public String getJwksEndpoint() {
        return this.jwksEndpoint;
    }

    public List<String> getScopes() {
        return this.scopes;
    }

    public List<String> getAudiences() {
        return this.audiences;
    }

    public WaapAuthBackend getBackend() {
        return this.backend;
    }

    public void setName(String str) {
        this.name = str;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public void setAuthorizationEndpoint(String str) {
        this.authorizationEndpoint = str;
    }

    public void setTokenEndpoint(String str) {
        this.tokenEndpoint = str;
    }

    public void setTokenEndpointAuthType(TokenEndpointAuthType tokenEndpointAuthType) {
        this.tokenEndpointAuthType = tokenEndpointAuthType;
    }

    public void setUseRefreshToken(boolean z) {
        this.useRefreshToken = z;
    }

    public void setCredentials(WaapAuthCredentials waapAuthCredentials) {
        this.credentials = waapAuthCredentials;
    }

    public void setJwksEndpoint(String str) {
        this.jwksEndpoint = str;
    }

    public void setScopes(List<String> list) {
        this.scopes = list;
    }

    public void setAudiences(List<String> list) {
        this.audiences = list;
    }

    public void setBackend(WaapAuthBackend waapAuthBackend) {
        this.backend = waapAuthBackend;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof WaapAuth)) {
            return false;
        }
        WaapAuth waapAuth = (WaapAuth) obj;
        if (!waapAuth.canEqual(this) || isUseRefreshToken() != waapAuth.isUseRefreshToken()) {
            return false;
        }
        String name = getName();
        String name2 = waapAuth.getName();
        if (name == null) {
            if (name2 != null) {
                return false;
            }
        } else if (!name.equals(name2)) {
            return false;
        }
        String issuer = getIssuer();
        String issuer2 = waapAuth.getIssuer();
        if (issuer == null) {
            if (issuer2 != null) {
                return false;
            }
        } else if (!issuer.equals(issuer2)) {
            return false;
        }
        String authorizationEndpoint = getAuthorizationEndpoint();
        String authorizationEndpoint2 = waapAuth.getAuthorizationEndpoint();
        if (authorizationEndpoint == null) {
            if (authorizationEndpoint2 != null) {
                return false;
            }
        } else if (!authorizationEndpoint.equals(authorizationEndpoint2)) {
            return false;
        }
        String tokenEndpoint = getTokenEndpoint();
        String tokenEndpoint2 = waapAuth.getTokenEndpoint();
        if (tokenEndpoint == null) {
            if (tokenEndpoint2 != null) {
                return false;
            }
        } else if (!tokenEndpoint.equals(tokenEndpoint2)) {
            return false;
        }
        TokenEndpointAuthType tokenEndpointAuthType = getTokenEndpointAuthType();
        TokenEndpointAuthType tokenEndpointAuthType2 = waapAuth.getTokenEndpointAuthType();
        if (tokenEndpointAuthType == null) {
            if (tokenEndpointAuthType2 != null) {
                return false;
            }
        } else if (!tokenEndpointAuthType.equals(tokenEndpointAuthType2)) {
            return false;
        }
        WaapAuthCredentials credentials = getCredentials();
        WaapAuthCredentials credentials2 = waapAuth.getCredentials();
        if (credentials == null) {
            if (credentials2 != null) {
                return false;
            }
        } else if (!credentials.equals(credentials2)) {
            return false;
        }
        String jwksEndpoint = getJwksEndpoint();
        String jwksEndpoint2 = waapAuth.getJwksEndpoint();
        if (jwksEndpoint == null) {
            if (jwksEndpoint2 != null) {
                return false;
            }
        } else if (!jwksEndpoint.equals(jwksEndpoint2)) {
            return false;
        }
        List<String> scopes = getScopes();
        List<String> scopes2 = waapAuth.getScopes();
        if (scopes == null) {
            if (scopes2 != null) {
                return false;
            }
        } else if (!scopes.equals(scopes2)) {
            return false;
        }
        List<String> audiences = getAudiences();
        List<String> audiences2 = waapAuth.getAudiences();
        if (audiences == null) {
            if (audiences2 != null) {
                return false;
            }
        } else if (!audiences.equals(audiences2)) {
            return false;
        }
        WaapAuthBackend backend = getBackend();
        WaapAuthBackend backend2 = waapAuth.getBackend();
        return backend == null ? backend2 == null : backend.equals(backend2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof WaapAuth;
    }

    public int hashCode() {
        int i = (1 * 59) + (isUseRefreshToken() ? 79 : 97);
        String name = getName();
        int hashCode = (i * 59) + (name == null ? 43 : name.hashCode());
        String issuer = getIssuer();
        int hashCode2 = (hashCode * 59) + (issuer == null ? 43 : issuer.hashCode());
        String authorizationEndpoint = getAuthorizationEndpoint();
        int hashCode3 = (hashCode2 * 59) + (authorizationEndpoint == null ? 43 : authorizationEndpoint.hashCode());
        String tokenEndpoint = getTokenEndpoint();
        int hashCode4 = (hashCode3 * 59) + (tokenEndpoint == null ? 43 : tokenEndpoint.hashCode());
        TokenEndpointAuthType tokenEndpointAuthType = getTokenEndpointAuthType();
        int hashCode5 = (hashCode4 * 59) + (tokenEndpointAuthType == null ? 43 : tokenEndpointAuthType.hashCode());
        WaapAuthCredentials credentials = getCredentials();
        int hashCode6 = (hashCode5 * 59) + (credentials == null ? 43 : credentials.hashCode());
        String jwksEndpoint = getJwksEndpoint();
        int hashCode7 = (hashCode6 * 59) + (jwksEndpoint == null ? 43 : jwksEndpoint.hashCode());
        List<String> scopes = getScopes();
        int hashCode8 = (hashCode7 * 59) + (scopes == null ? 43 : scopes.hashCode());
        List<String> audiences = getAudiences();
        int hashCode9 = (hashCode8 * 59) + (audiences == null ? 43 : audiences.hashCode());
        WaapAuthBackend backend = getBackend();
        return (hashCode9 * 59) + (backend == null ? 43 : backend.hashCode());
    }

    public String toString() {
        return "WaapAuth(name=" + getName() + ", issuer=" + getIssuer() + ", authorizationEndpoint=" + getAuthorizationEndpoint() + ", tokenEndpoint=" + getTokenEndpoint() + ", tokenEndpointAuthType=" + getTokenEndpointAuthType() + ", useRefreshToken=" + isUseRefreshToken() + ", credentials=" + getCredentials() + ", jwksEndpoint=" + getJwksEndpoint() + ", scopes=" + getScopes() + ", audiences=" + getAudiences() + ", backend=" + getBackend() + ")";
    }

    public WaapAuth() {
        this.tokenEndpointAuthType = TokenEndpointAuthType.BODY;
        this.useRefreshToken = $default$useRefreshToken();
        this.scopes = $default$scopes();
        this.audiences = $default$audiences();
    }

    public WaapAuth(String str, String str2, String str3, String str4, TokenEndpointAuthType tokenEndpointAuthType, boolean z, WaapAuthCredentials waapAuthCredentials, String str5, List<String> list, List<String> list2, WaapAuthBackend waapAuthBackend) {
        this.name = str;
        this.issuer = str2;
        this.authorizationEndpoint = str3;
        this.tokenEndpoint = str4;
        this.tokenEndpointAuthType = tokenEndpointAuthType;
        this.useRefreshToken = z;
        this.credentials = waapAuthCredentials;
        this.jwksEndpoint = str5;
        this.scopes = list;
        this.audiences = list2;
        this.backend = waapAuthBackend;
    }
}
