package org.springframework.security.oauth2.server.authorization.oidc;

import java.io.Serializable;
import java.net.URI;
import java.net.URL;
import java.time.Instant;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.3.2.jar:org/springframework/security/oauth2/server/authorization/oidc/OidcClientRegistration.class */
public final class OidcClientRegistration implements OidcClientMetadataClaimAccessor, Serializable {
    private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
    private final Map<String, Object> claims;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.3.2.jar:org/springframework/security/oauth2/server/authorization/oidc/OidcClientRegistration$Builder.class */
    public static final class Builder {
        private final Map<String, Object> claims = new LinkedHashMap();

        private Builder() {
        }

        public Builder clientId(String str) {
            return claim("client_id", str);
        }

        public Builder clientIdIssuedAt(Instant instant) {
            return claim(OidcClientMetadataClaimNames.CLIENT_ID_ISSUED_AT, instant);
        }

        public Builder clientSecret(String str) {
            return claim("client_secret", str);
        }

        public Builder clientSecretExpiresAt(Instant instant) {
            return claim(OidcClientMetadataClaimNames.CLIENT_SECRET_EXPIRES_AT, instant);
        }

        public Builder clientName(String str) {
            return claim(OidcClientMetadataClaimNames.CLIENT_NAME, str);
        }

        public Builder redirectUri(String str) {
            addClaimToClaimList(OidcClientMetadataClaimNames.REDIRECT_URIS, str);
            return this;
        }

        public Builder redirectUris(Consumer<List<String>> consumer) {
            acceptClaimValues(OidcClientMetadataClaimNames.REDIRECT_URIS, consumer);
            return this;
        }

        public Builder postLogoutRedirectUri(String str) {
            addClaimToClaimList(OidcClientMetadataClaimNames.POST_LOGOUT_REDIRECT_URIS, str);
            return this;
        }

        public Builder postLogoutRedirectUris(Consumer<List<String>> consumer) {
            acceptClaimValues(OidcClientMetadataClaimNames.POST_LOGOUT_REDIRECT_URIS, consumer);
            return this;
        }

        public Builder tokenEndpointAuthenticationMethod(String str) {
            return claim(OidcClientMetadataClaimNames.TOKEN_ENDPOINT_AUTH_METHOD, str);
        }

        public Builder tokenEndpointAuthenticationSigningAlgorithm(String str) {
            return claim(OidcClientMetadataClaimNames.TOKEN_ENDPOINT_AUTH_SIGNING_ALG, str);
        }

        public Builder grantType(String str) {
            addClaimToClaimList(OidcClientMetadataClaimNames.GRANT_TYPES, str);
            return this;
        }

        public Builder grantTypes(Consumer<List<String>> consumer) {
            acceptClaimValues(OidcClientMetadataClaimNames.GRANT_TYPES, consumer);
            return this;
        }

        public Builder responseType(String str) {
            addClaimToClaimList(OidcClientMetadataClaimNames.RESPONSE_TYPES, str);
            return this;
        }

        public Builder responseTypes(Consumer<List<String>> consumer) {
            acceptClaimValues(OidcClientMetadataClaimNames.RESPONSE_TYPES, consumer);
            return this;
        }

        public Builder scope(String str) {
            addClaimToClaimList("scope", str);
            return this;
        }

        public Builder scopes(Consumer<List<String>> consumer) {
            acceptClaimValues("scope", consumer);
            return this;
        }

        public Builder jwkSetUrl(String str) {
            return claim("jwks_uri", str);
        }

        public Builder idTokenSignedResponseAlgorithm(String str) {
            return claim(OidcClientMetadataClaimNames.ID_TOKEN_SIGNED_RESPONSE_ALG, str);
        }

        public Builder registrationAccessToken(String str) {
            return claim(OidcClientMetadataClaimNames.REGISTRATION_ACCESS_TOKEN, str);
        }

        public Builder registrationClientUrl(String str) {
            return claim(OidcClientMetadataClaimNames.REGISTRATION_CLIENT_URI, str);
        }

        public Builder claim(String str, Object obj) {
            Assert.hasText(str, "name cannot be empty");
            Assert.notNull(obj, "value cannot be null");
            this.claims.put(str, obj);
            return this;
        }

        public Builder claims(Consumer<Map<String, Object>> consumer) {
            consumer.accept(this.claims);
            return this;
        }

        public OidcClientRegistration build() {
            validate();
            return new OidcClientRegistration(this.claims);
        }

        private void validate() {
            if (this.claims.get(OidcClientMetadataClaimNames.CLIENT_ID_ISSUED_AT) != null || this.claims.get("client_secret") != null) {
                Assert.notNull(this.claims.get("client_id"), "client_id cannot be null");
            }
            if (this.claims.get(OidcClientMetadataClaimNames.CLIENT_ID_ISSUED_AT) != null) {
                Assert.isInstanceOf((Class<?>) Instant.class, this.claims.get(OidcClientMetadataClaimNames.CLIENT_ID_ISSUED_AT), "client_id_issued_at must be of type Instant");
            }
            if (this.claims.get(OidcClientMetadataClaimNames.CLIENT_SECRET_EXPIRES_AT) != null) {
                Assert.notNull(this.claims.get("client_secret"), "client_secret cannot be null");
                Assert.isInstanceOf((Class<?>) Instant.class, this.claims.get(OidcClientMetadataClaimNames.CLIENT_SECRET_EXPIRES_AT), "client_secret_expires_at must be of type Instant");
            }
            Assert.notNull(this.claims.get(OidcClientMetadataClaimNames.REDIRECT_URIS), "redirect_uris cannot be null");
            Assert.isInstanceOf((Class<?>) List.class, this.claims.get(OidcClientMetadataClaimNames.REDIRECT_URIS), "redirect_uris must be of type List");
            Assert.notEmpty((List) this.claims.get(OidcClientMetadataClaimNames.REDIRECT_URIS), "redirect_uris cannot be empty");
            if (this.claims.get(OidcClientMetadataClaimNames.POST_LOGOUT_REDIRECT_URIS) != null) {
                Assert.isInstanceOf((Class<?>) List.class, this.claims.get(OidcClientMetadataClaimNames.POST_LOGOUT_REDIRECT_URIS), "post_logout_redirect_uris must be of type List");
                Assert.notEmpty((List) this.claims.get(OidcClientMetadataClaimNames.POST_LOGOUT_REDIRECT_URIS), "post_logout_redirect_uris cannot be empty");
            }
            if (this.claims.get(OidcClientMetadataClaimNames.GRANT_TYPES) != null) {
                Assert.isInstanceOf((Class<?>) List.class, this.claims.get(OidcClientMetadataClaimNames.GRANT_TYPES), "grant_types must be of type List");
                Assert.notEmpty((List) this.claims.get(OidcClientMetadataClaimNames.GRANT_TYPES), "grant_types cannot be empty");
            }
            if (this.claims.get(OidcClientMetadataClaimNames.RESPONSE_TYPES) != null) {
                Assert.isInstanceOf((Class<?>) List.class, this.claims.get(OidcClientMetadataClaimNames.RESPONSE_TYPES), "response_types must be of type List");
                Assert.notEmpty((List) this.claims.get(OidcClientMetadataClaimNames.RESPONSE_TYPES), "response_types cannot be empty");
            }
            if (this.claims.get("scope") != null) {
                Assert.isInstanceOf((Class<?>) List.class, this.claims.get("scope"), "scope must be of type List");
                Assert.notEmpty((List) this.claims.get("scope"), "scope cannot be empty");
            }
            if (this.claims.get("jwks_uri") != null) {
                validateURL(this.claims.get("jwks_uri"), "jwksUri must be a valid URL");
            }
        }

        private void addClaimToClaimList(String str, String str2) {
            Assert.hasText(str, "name cannot be empty");
            Assert.notNull(str2, "value cannot be null");
            this.claims.computeIfAbsent(str, str3 -> {
                return new LinkedList();
            });
            ((List) this.claims.get(str)).add(str2);
        }

        private void acceptClaimValues(String str, Consumer<List<String>> consumer) {
            Assert.hasText(str, "name cannot be empty");
            Assert.notNull(consumer, "valuesConsumer cannot be null");
            this.claims.computeIfAbsent(str, str2 -> {
                return new LinkedList();
            });
            consumer.accept((List) this.claims.get(str));
        }

        private static void validateURL(Object obj, String str) {
            if (URL.class.isAssignableFrom(obj.getClass())) {
                return;
            }
            try {
                new URI(obj.toString()).toURL();
            } catch (Exception e) {
                throw new IllegalArgumentException(str, e);
            }
        }
    }

    private OidcClientRegistration(Map<String, Object> map) {
        Assert.notEmpty(map, "claims cannot be empty");
        this.claims = Collections.unmodifiableMap(new LinkedHashMap(map));
    }

    @Override // org.springframework.security.oauth2.core.ClaimAccessor
    public Map<String, Object> getClaims() {
        return this.claims;
    }

    public static Builder builder() {
        return new Builder();
    }

    public static Builder withClaims(Map<String, Object> map) {
        Assert.notEmpty(map, "claims cannot be empty");
        return new Builder().claims(map2 -> {
            map2.putAll(map);
        });
    }
}
