package org.cloudfoundry.identity.uaa.provider.oauth;

import java.util.ArrayList;
import java.util.stream.Collectors;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.cloudfoundry.identity.uaa.provider.AbstractIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderConfigValidator;
import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.16.0.jar:org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidator.class */
public class XOAuthIdentityProviderConfigValidator implements IdentityProviderConfigValidator {
    @Override // org.cloudfoundry.identity.uaa.provider.IdentityProviderConfigValidator
    public void validate(AbstractIdentityProviderDefinition abstractIdentityProviderDefinition) {
        AbstractXOAuthIdentityProviderDefinition abstractXOAuthIdentityProviderDefinition = (AbstractXOAuthIdentityProviderDefinition) abstractIdentityProviderDefinition;
        if (abstractXOAuthIdentityProviderDefinition == null) {
            throw new IllegalArgumentException("Config cannot be null for OAUTH2.0/OIDC1.0 provider");
        }
        ArrayList arrayList = new ArrayList();
        if (!(abstractXOAuthIdentityProviderDefinition instanceof OIDCIdentityProviderDefinition) || ((OIDCIdentityProviderDefinition) abstractIdentityProviderDefinition).getDiscoveryUrl() == null) {
            if (abstractXOAuthIdentityProviderDefinition.getAuthUrl() == null) {
                arrayList.add("Authorization URL must be a valid URL");
            }
            if (abstractXOAuthIdentityProviderDefinition.getTokenUrl() == null) {
                arrayList.add("Token URL must be a valid URL");
            }
            if (!StringUtils.hasText(abstractXOAuthIdentityProviderDefinition.getTokenKey()) && abstractXOAuthIdentityProviderDefinition.getTokenKeyUrl() == null) {
                arrayList.add("Either token key or token key URL must be specified");
            }
        }
        if (!StringUtils.hasText(abstractXOAuthIdentityProviderDefinition.getRelyingPartyId())) {
            arrayList.add("Relying Party Id must be the client-id for the UAA that is registered with the external IDP");
        }
        if (!StringUtils.hasText(abstractXOAuthIdentityProviderDefinition.getRelyingPartySecret()) && !abstractXOAuthIdentityProviderDefinition.getResponseType().contains(SchemaSymbols.ATTVAL_TOKEN)) {
            arrayList.add("Relying Party Secret must be the client-secret for the UAA that is registered with the external IDP");
        }
        if (abstractXOAuthIdentityProviderDefinition.isShowLinkText() && !StringUtils.hasText(abstractXOAuthIdentityProviderDefinition.getLinkText())) {
            arrayList.add("Link Text must be specified because showLinkText is true");
        }
        if (arrayList.isEmpty()) {
            return;
        }
        throw new IllegalArgumentException("Invalid config for Identity Provider " + ((String) arrayList.stream().collect(Collectors.joining(","))));
    }
}
