package org.springframework.security.oauth2.server.authorization;

import java.io.Serializable;
import java.net.URI;
import java.net.URL;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.3.2.jar:org/springframework/security/oauth2/server/authorization/AbstractOAuth2AuthorizationServerMetadata.class */
public abstract class AbstractOAuth2AuthorizationServerMetadata implements OAuth2AuthorizationServerMetadataClaimAccessor, Serializable {
    private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
    private final Map<String, Object> claims;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.3.2.jar:org/springframework/security/oauth2/server/authorization/AbstractOAuth2AuthorizationServerMetadata$AbstractBuilder.class */
    protected static abstract class AbstractBuilder<T extends AbstractOAuth2AuthorizationServerMetadata, B extends AbstractBuilder<T, B>> {
        private final Map<String, Object> claims = new LinkedHashMap();

        /* JADX INFO: Access modifiers changed from: protected */
        public Map<String, Object> getClaims() {
            return this.claims;
        }

        protected final B getThis() {
            return this;
        }

        public B issuer(String str) {
            return claim(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, str);
        }

        public B authorizationEndpoint(String str) {
            return claim(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, str);
        }

        public B deviceAuthorizationEndpoint(String str) {
            return claim(OAuth2AuthorizationServerMetadataClaimNames.DEVICE_AUTHORIZATION_ENDPOINT, str);
        }

        public B tokenEndpoint(String str) {
            return claim(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, str);
        }

        public B tokenEndpointAuthenticationMethod(String str) {
            addClaimToClaimList(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, str);
            return getThis();
        }

        public B tokenEndpointAuthenticationMethods(Consumer<List<String>> consumer) {
            acceptClaimValues(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, consumer);
            return getThis();
        }

        public B jwkSetUrl(String str) {
            return claim("jwks_uri", str);
        }

        public B scope(String str) {
            addClaimToClaimList(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED, str);
            return getThis();
        }

        public B scopes(Consumer<List<String>> consumer) {
            acceptClaimValues(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED, consumer);
            return getThis();
        }

        public B responseType(String str) {
            addClaimToClaimList(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, str);
            return getThis();
        }

        public B responseTypes(Consumer<List<String>> consumer) {
            acceptClaimValues(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, consumer);
            return getThis();
        }

        public B grantType(String str) {
            addClaimToClaimList(OAuth2AuthorizationServerMetadataClaimNames.GRANT_TYPES_SUPPORTED, str);
            return getThis();
        }

        public B grantTypes(Consumer<List<String>> consumer) {
            acceptClaimValues(OAuth2AuthorizationServerMetadataClaimNames.GRANT_TYPES_SUPPORTED, consumer);
            return getThis();
        }

        public B tokenRevocationEndpoint(String str) {
            return claim(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, str);
        }

        public B tokenRevocationEndpointAuthenticationMethod(String str) {
            addClaimToClaimList(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT_AUTH_METHODS_SUPPORTED, str);
            return getThis();
        }

        public B tokenRevocationEndpointAuthenticationMethods(Consumer<List<String>> consumer) {
            acceptClaimValues(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT_AUTH_METHODS_SUPPORTED, consumer);
            return getThis();
        }

        public B tokenIntrospectionEndpoint(String str) {
            return claim(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, str);
        }

        public B tokenIntrospectionEndpointAuthenticationMethod(String str) {
            addClaimToClaimList(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED, str);
            return getThis();
        }

        public B tokenIntrospectionEndpointAuthenticationMethods(Consumer<List<String>> consumer) {
            acceptClaimValues(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED, consumer);
            return getThis();
        }

        public B clientRegistrationEndpoint(String str) {
            return claim(OAuth2AuthorizationServerMetadataClaimNames.REGISTRATION_ENDPOINT, str);
        }

        public B codeChallengeMethod(String str) {
            addClaimToClaimList(OAuth2AuthorizationServerMetadataClaimNames.CODE_CHALLENGE_METHODS_SUPPORTED, str);
            return getThis();
        }

        public B codeChallengeMethods(Consumer<List<String>> consumer) {
            acceptClaimValues(OAuth2AuthorizationServerMetadataClaimNames.CODE_CHALLENGE_METHODS_SUPPORTED, consumer);
            return getThis();
        }

        public B tlsClientCertificateBoundAccessTokens(boolean z) {
            return claim(OAuth2AuthorizationServerMetadataClaimNames.TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, Boolean.valueOf(z));
        }

        public B claim(String str, Object obj) {
            Assert.hasText(str, "name cannot be empty");
            Assert.notNull(obj, "value cannot be null");
            this.claims.put(str, obj);
            return getThis();
        }

        public B claims(Consumer<Map<String, Object>> consumer) {
            consumer.accept(this.claims);
            return getThis();
        }

        public abstract T build();

        /* JADX INFO: Access modifiers changed from: protected */
        public void validate() {
            Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer cannot be null");
            validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer must be a valid URL");
            Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint cannot be null");
            validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint must be a valid URL");
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.DEVICE_AUTHORIZATION_ENDPOINT) != null) {
                validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.DEVICE_AUTHORIZATION_ENDPOINT), "deviceAuthorizationEndpoint must be a valid URL");
            }
            Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint cannot be null");
            validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint must be a valid URL");
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED) != null) {
                Assert.isInstanceOf((Class<?>) List.class, getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED), "tokenEndpointAuthenticationMethods must be of type List");
                Assert.notEmpty((List) getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED), "tokenEndpointAuthenticationMethods cannot be empty");
            }
            if (getClaims().get("jwks_uri") != null) {
                validateURL(getClaims().get("jwks_uri"), "jwksUri must be a valid URL");
            }
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED) != null) {
                Assert.isInstanceOf((Class<?>) List.class, getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED), "scopes must be of type List");
                Assert.notEmpty((List) getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED), "scopes cannot be empty");
            }
            Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED), "responseTypes cannot be null");
            Assert.isInstanceOf((Class<?>) List.class, getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED), "responseTypes must be of type List");
            Assert.notEmpty((List) getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED), "responseTypes cannot be empty");
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.GRANT_TYPES_SUPPORTED) != null) {
                Assert.isInstanceOf((Class<?>) List.class, getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.GRANT_TYPES_SUPPORTED), "grantTypes must be of type List");
                Assert.notEmpty((List) getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.GRANT_TYPES_SUPPORTED), "grantTypes cannot be empty");
            }
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT) != null) {
                validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT), "tokenRevocationEndpoint must be a valid URL");
            }
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT_AUTH_METHODS_SUPPORTED) != null) {
                Assert.isInstanceOf((Class<?>) List.class, getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT_AUTH_METHODS_SUPPORTED), "tokenRevocationEndpointAuthenticationMethods must be of type List");
                Assert.notEmpty((List) getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT_AUTH_METHODS_SUPPORTED), "tokenRevocationEndpointAuthenticationMethods cannot be empty");
            }
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT) != null) {
                validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT), "tokenIntrospectionEndpoint must be a valid URL");
            }
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED) != null) {
                Assert.isInstanceOf((Class<?>) List.class, getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED), "tokenIntrospectionEndpointAuthenticationMethods must be of type List");
                Assert.notEmpty((List) getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED), "tokenIntrospectionEndpointAuthenticationMethods cannot be empty");
            }
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.REGISTRATION_ENDPOINT) != null) {
                validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.REGISTRATION_ENDPOINT), "clientRegistrationEndpoint must be a valid URL");
            }
            if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.CODE_CHALLENGE_METHODS_SUPPORTED) != null) {
                Assert.isInstanceOf((Class<?>) List.class, getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.CODE_CHALLENGE_METHODS_SUPPORTED), "codeChallengeMethods must be of type List");
                Assert.notEmpty((List) getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.CODE_CHALLENGE_METHODS_SUPPORTED), "codeChallengeMethods cannot be empty");
            }
        }

        private void addClaimToClaimList(String str, String str2) {
            Assert.hasText(str, "name cannot be empty");
            Assert.notNull(str2, "value cannot be null");
            getClaims().computeIfAbsent(str, str3 -> {
                return new LinkedList();
            });
            ((List) getClaims().get(str)).add(str2);
        }

        private void acceptClaimValues(String str, Consumer<List<String>> consumer) {
            Assert.hasText(str, "name cannot be empty");
            Assert.notNull(consumer, "valuesConsumer cannot be null");
            getClaims().computeIfAbsent(str, str2 -> {
                return new LinkedList();
            });
            consumer.accept((List) getClaims().get(str));
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public static void validateURL(Object obj, String str) {
            if (URL.class.isAssignableFrom(obj.getClass())) {
                return;
            }
            try {
                new URI(obj.toString()).toURL();
            } catch (Exception e) {
                throw new IllegalArgumentException(str, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractOAuth2AuthorizationServerMetadata(Map<String, Object> map) {
        Assert.notEmpty(map, "claims cannot be empty");
        this.claims = Collections.unmodifiableMap(new LinkedHashMap(map));
    }

    @Override // org.springframework.security.oauth2.core.ClaimAccessor
    public Map<String, Object> getClaims() {
        return this.claims;
    }
}
