package org.infinispan.server.configuration.security;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.function.Supplier;
import org.infinispan.commons.configuration.attributes.AttributeDefinition;
import org.infinispan.commons.configuration.attributes.AttributeSet;
import org.infinispan.commons.configuration.attributes.ConfigurationElement;
import org.infinispan.server.Server;
import org.infinispan.server.configuration.Attribute;
import org.infinispan.server.configuration.Element;
import org.infinispan.server.configuration.ServerConfigurationSerializer;
import org.infinispan.server.security.HostnameVerificationPolicy;
import org.wildfly.security.auth.realm.token.TokenValidator;
import org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator;

/* loaded from: input_file:org/infinispan/server/configuration/security/OAuth2Configuration.class */
public class OAuth2Configuration extends ConfigurationElement<OAuth2Configuration> {
    static final AttributeDefinition<String> CLIENT_ID = AttributeDefinition.builder(Attribute.CLIENT_ID, (Object) null, String.class).immutable().build();
    static final AttributeDefinition<Supplier<char[]>> CLIENT_SECRET = AttributeDefinition.builder(Attribute.CLIENT_SECRET, (Object) null, Supplier.class).serializer(ServerConfigurationSerializer.CREDENTIAL).immutable().build();
    static final AttributeDefinition<String> CLIENT_SSL_CONTEXT = AttributeDefinition.builder(Attribute.CLIENT_SSL_CONTEXT, (Object) null, String.class).immutable().build();
    static final AttributeDefinition<String> HOST_VERIFICATION_POLICY = AttributeDefinition.builder(Attribute.HOST_NAME_VERIFICATION_POLICY, (Object) null, String.class).immutable().build();
    static final AttributeDefinition<String> INTROSPECTION_URL = AttributeDefinition.builder(Attribute.INTROSPECTION_URL, (Object) null, String.class).immutable().build();
    static final AttributeDefinition<Integer> CONNECTION_TIMEOUT = AttributeDefinition.builder(Attribute.CONNECTION_TIMEOUT, 2000, Integer.class).immutable().build();
    static final AttributeDefinition<Integer> READ_TIMEOUT = AttributeDefinition.builder(Attribute.READ_TIMEOUT, 2000, Integer.class).immutable().build();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AttributeSet attributeDefinitionSet() {
        return new AttributeSet(OAuth2Configuration.class, new AttributeDefinition[]{CLIENT_ID, CLIENT_SSL_CONTEXT, INTROSPECTION_URL, HOST_VERIFICATION_POLICY, CONNECTION_TIMEOUT, READ_TIMEOUT, CLIENT_SECRET});
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuth2Configuration(AttributeSet attributeSet) {
        super(Element.OAUTH2_INTROSPECTION, attributeSet, new ConfigurationElement[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenValidator getValidator(SecurityConfiguration securityConfiguration, RealmConfiguration realmConfiguration) {
        OAuth2IntrospectValidator.Builder builder = OAuth2IntrospectValidator.builder();
        builder.clientId((String) this.attributes.attribute(CLIENT_ID).get());
        builder.clientSecret(new String((char[]) ((Supplier) this.attributes.attribute(CLIENT_SECRET).get()).get()));
        try {
            URL url = new URL((String) this.attributes.attribute(INTROSPECTION_URL).get());
            builder.tokenIntrospectionUrl(url);
            if ("https".equalsIgnoreCase(url.getProtocol())) {
                builder.useSslContext((this.attributes.attribute(CLIENT_SSL_CONTEXT).isNull() ? realmConfiguration : securityConfiguration.realms().getRealm((String) this.attributes.attribute(CLIENT_SSL_CONTEXT).get())).clientSSLContext());
                if (!this.attributes.attribute(HOST_VERIFICATION_POLICY).isNull()) {
                    builder.useSslHostnameVerifier(HostnameVerificationPolicy.valueOf((String) this.attributes.attribute(HOST_VERIFICATION_POLICY).get()).getVerifier());
                }
            }
            return builder.build();
        } catch (MalformedURLException e) {
            throw Server.log.invalidUrl((String) this.attributes.attribute(INTROSPECTION_URL).get());
        }
    }
}
