package be.atbash.ee.security.octopus.config;

import be.atbash.config.AbstractConfiguration;
import be.atbash.config.exception.ConfigurationException;
import be.atbash.config.logging.ConfigEntry;
import be.atbash.config.logging.ModuleConfig;
import be.atbash.config.logging.ModuleConfigName;
import be.atbash.config.logging.StartupLogging;
import be.atbash.ee.security.octopus.keys.KeyManager;
import be.atbash.ee.security.octopus.keys.LocalKeyManager;
import be.atbash.ee.security.octopus.keys.reader.DefaultKeyResourceTypeProvider;
import be.atbash.ee.security.octopus.keys.reader.KeyResourceType;
import be.atbash.ee.security.octopus.keys.reader.KeyResourceTypeProvider;
import be.atbash.ee.security.octopus.keys.reader.password.ConfigKeyResourcePasswordLookup;
import be.atbash.ee.security.octopus.keys.reader.password.KeyResourcePasswordLookup;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEAlgorithm;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSAlgorithm;
import be.atbash.ee.security.octopus.util.PeriodUtil;
import be.atbash.util.CDICheck;
import be.atbash.util.StringUtils;
import be.atbash.util.reflection.ClassUtils;
import jakarta.enterprise.context.ApplicationScoped;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
@ModuleConfigName("Octopus JWT Support Configuration")
/* loaded from: input_file:be/atbash/ee/security/octopus/config/JwtSupportConfiguration.class */
public class JwtSupportConfiguration extends AbstractConfiguration implements ModuleConfig {
    private static final List<JWSAlgorithm> RSA_SUPPORTED_ALGOS = Arrays.asList(JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512, JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512);
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtSupportConfiguration.class);
    private static JwtSupportConfiguration INSTANCE;

    @ConfigEntry
    public String getKeysLocation() {
        return (String) getOptionalValue("keys.location", String.class);
    }

    @ConfigEntry
    public KeyResourcePasswordLookup getPasswordLookup() {
        String str = (String) getOptionalValue("lookup.password.class", ConfigKeyResourcePasswordLookup.class.getName(), String.class);
        if (StringUtils.isEmpty(str)) {
            throw new ConfigurationException("Configuration parameter lookup.password.class is required to have a value.");
        }
        if (!ClassUtils.isAvailable(str)) {
            throw new ConfigurationException("Configuration parameter lookup.password.class class not found.");
        }
        Class forName = ClassUtils.forName(str);
        if (KeyResourcePasswordLookup.class.isAssignableFrom(forName)) {
            return (KeyResourcePasswordLookup) ClassUtils.newInstance(forName);
        }
        throw new ConfigurationException("Configuration parameter lookup.password.class must be an implementation of be.atbash.ee.security.octopus.keys.reader.password.KeyResourcePasswordLookup");
    }

    @ConfigEntry
    public KeyManager getKeyManager() {
        String str = (String) getOptionalValue("key.manager.class", LocalKeyManager.class.getName(), String.class);
        if (StringUtils.isEmpty(str)) {
            throw new ConfigurationException("Configuration parameter key.manager.class is required to have a value.");
        }
        if (!ClassUtils.isAvailable(str)) {
            throw new ConfigurationException("Configuration parameter key.manager.class class not found.");
        }
        Class forName = ClassUtils.forName(str);
        if (KeyManager.class.isAssignableFrom(forName)) {
            return (KeyManager) ClassUtils.newInstance(forName);
        }
        throw new ConfigurationException("Configuration parameter key.manager.class must be an implementation of be.atbash.ee.security.octopus.keys.KeyManager");
    }

    @ConfigEntry
    public KeyResourceTypeProvider getKeyResourceTypeProvider() {
        String str = (String) getOptionalValue("key.resourcetype.provider.class", DefaultKeyResourceTypeProvider.class.getName(), String.class);
        if (StringUtils.isEmpty(str)) {
            throw new ConfigurationException("Configuration parameter key.resourcetype.provider.class is required to have a value.");
        }
        if (!ClassUtils.isAvailable(str)) {
            throw new ConfigurationException("Configuration parameter key.resourcetype.provider.class class not found.");
        }
        Class forName = ClassUtils.forName(str);
        if (KeyResourceTypeProvider.class.isAssignableFrom(forName)) {
            return (KeyResourceTypeProvider) ClassUtils.newInstance(forName);
        }
        throw new ConfigurationException("Configuration parameter key.resourcetype.provider.class must be an implementation of be.atbash.ee.security.octopus.keys.reader.KeyResourceTypeProvider");
    }

    @ConfigEntry
    public PemKeyEncryption getPemKeyEncryption() {
        try {
            return (PemKeyEncryption) getOptionalValue("key.pem.encryption", PemKeyEncryption.PKCS8, PemKeyEncryption.class);
        } catch (IllegalArgumentException e) {
            if (StringUtils.isEmpty((String) getOptionalValue("key.pem.encryption", "", String.class))) {
                return PemKeyEncryption.NONE;
            }
            throw new ConfigurationException("Configuration parameter key.pem.encryption must be PKCS8 or PKCS1");
        }
    }

    @ConfigProperty
    public String getPKCS1EncryptionAlgorithm() {
        return (String) getOptionalValue("key.pem.pkcs1.encryption", "DES-EDE3-CBC", String.class);
    }

    @ConfigProperty
    public String getNameCertificateKeyStore() {
        return (String) getOptionalValue("key.store.certificate.x500name", "CN=localhost", String.class);
    }

    @ConfigProperty
    public String getCertificateSignatureAlgorithmRSA() {
        return (String) getOptionalValue("key.store.signature.algo.RSA", "SHA1WithRSA", String.class);
    }

    @ConfigProperty
    public String getCertificateSignatureAlgorithmEC() {
        return (String) getOptionalValue("key.store.signature.algo.EC", "SHA384withECDSA", String.class);
    }

    @ConfigProperty
    public String getKeyStoreType() {
        return (String) getOptionalValue("key.store.type", "PKCS12", String.class);
    }

    @ConfigProperty
    public JWSAlgorithm getJWSAlgorithmForRSA() {
        String str = (String) getOptionalValue("jwt.sign.rsa.algo", "RS256", String.class);
        JWSAlgorithm jWSAlgorithm = null;
        for (JWSAlgorithm jWSAlgorithm2 : RSA_SUPPORTED_ALGOS) {
            if (jWSAlgorithm2.getName().equals(str)) {
                jWSAlgorithm = jWSAlgorithm2;
            }
        }
        if (jWSAlgorithm == null) {
            throw new ConfigurationException(String.format("Unsupported algorithm name %s for RSA signing", str));
        }
        return jWSAlgorithm;
    }

    @ConfigProperty
    public int getClockSkewSeconds() {
        try {
            Integer num = (Integer) getOptionalValue("jwt.clock.skew.secs", 60, Integer.class);
            if (num.intValue() < 0) {
                throw new ConfigurationException(String.format("Clock skew value must be positive, parameter 'jwt.clock.skew.secs' is %s", num));
            }
            return num.intValue();
        } catch (NumberFormatException e) {
            throw new ConfigurationException(String.format("Error in reading parameter value 'jwt.clock.skew.secs' : %s", e.getMessage()));
        }
    }

    @ConfigProperty
    public JWEAlgorithm getDefaultJWEAlgorithmRSA() {
        JWEAlgorithm parse = JWEAlgorithm.parse((String) getOptionalValue("jwt.jwe.algorithm.default.RSA", "RSA-OAEP-256", String.class));
        if (JWEAlgorithm.Family.RSA.contains(parse)) {
            return parse;
        }
        throw new ConfigurationException("The default JWE Algorithm defined in parameter 'jwt.jwe.algorithm.default.RSA' is not valid ");
    }

    @ConfigProperty
    public JWEAlgorithm getDefaultJWEAlgorithmEC() {
        JWEAlgorithm parse = JWEAlgorithm.parse((String) getOptionalValue("jwt.jwe.algorithm.default.EC", "ECDH-ES+A256KW", String.class));
        if (JWEAlgorithm.Family.ECDH_ES.contains(parse)) {
            return parse;
        }
        throw new ConfigurationException("The default JWE Algorithm defined in parameter 'jwt.jwe.algorithm.default.EC' is not valid ");
    }

    @ConfigProperty
    public JWEAlgorithm getDefaultJWEAlgorithmOCT() {
        JWEAlgorithm parse = JWEAlgorithm.parse((String) getOptionalValue("jwt.jwe.algorithm.default.OCT", "A256KW", String.class));
        if (JWEAlgorithm.Family.AES_KW.contains(parse)) {
            return parse;
        }
        throw new ConfigurationException("The default JWE Algorithm defined in parameter 'jwt.jwe.algorithm.default.OCT' is not valid ");
    }

    @ConfigProperty
    public String getJWKSetCachePeriod() {
        String str = (String) getOptionalValue("jwt.remote.jwk.cache.period", "24h", String.class);
        PeriodUtil.defineSecondsInPeriod(str);
        return str;
    }

    @ConfigEntry
    public boolean isJWKEncrypted() {
        return ((Boolean) getOptionalValue("jwt.jwk.encrypted", Boolean.TRUE, Boolean.class)).booleanValue();
    }

    @ConfigProperty
    public List<KeyResourceType> getReaderOrder() {
        ArrayList arrayList = new ArrayList();
        for (String str : ((String) getOptionalValue("jwt.reader.order", "JWKSET, JWK, PEM, KEYSTORE", String.class)).split(",")) {
            KeyResourceType valueFor = KeyResourceType.valueFor(str.trim());
            if (valueFor == null) {
                LOGGER.error(String.format("Parameter 'jwt.reader.order' must contain only values of 'KeyResourceType' but found '%s'.", str));
            } else {
                arrayList.add(valueFor);
            }
        }
        if (arrayList.isEmpty()) {
            LOGGER.error("Parameter 'jwt.reader.order' resulted in an empty list. Taken the default order.");
            arrayList.add(KeyResourceType.JWKSET);
            arrayList.add(KeyResourceType.JWK);
            arrayList.add(KeyResourceType.PEM);
            arrayList.add(KeyResourceType.KEYSTORE);
        }
        return arrayList;
    }

    @ConfigProperty
    public int getSaltLengthPasswordBasedEJWEEncryption() {
        Integer num = (Integer) getOptionalValue("jwt.jwe.pwbased.salt.length", 8, Integer.class);
        if (num.intValue() < 8) {
            throw new ConfigurationException(String.format("The value for the parameter 'jwt.jwe.pwbased.salt.length' must be at minimum 8 but was '%s'.", num));
        }
        return num.intValue();
    }

    @ConfigProperty
    public boolean isContentTypeRequiredForJWE() {
        return ((Boolean) getOptionalValue("jwt.jwe.cty.required", Boolean.FALSE, Boolean.class)).booleanValue();
    }

    public static synchronized JwtSupportConfiguration getInstance() {
        if (INSTANCE == null) {
            INSTANCE = new JwtSupportConfiguration();
            if (!CDICheck.withinContainer()) {
                StartupLogging.logConfiguration(INSTANCE);
            }
        }
        return INSTANCE;
    }
}
