package net.tirasa.connid.bundles.okta;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.okta.commons.lang.Assert;
import com.okta.sdk.authc.credentials.ClientCredentials;
import com.okta.sdk.cache.CacheManager;
import com.okta.sdk.cache.Caches;
import com.okta.sdk.client.AuthenticationScheme;
import com.okta.sdk.client.AuthorizationMode;
import com.okta.sdk.client.ClientBuilder;
import com.okta.sdk.error.ErrorHandler;
import com.okta.sdk.impl.api.DefaultClientCredentialsResolver;
import com.okta.sdk.impl.client.DefaultClientBuilder;
import com.okta.sdk.impl.config.ClientConfiguration;
import com.okta.sdk.impl.deserializer.UserProfileDeserializer;
import com.okta.sdk.impl.oauth2.AccessTokenRetrieverServiceImpl;
import com.okta.sdk.impl.oauth2.OAuth2ClientCredentials;
import com.okta.sdk.impl.serializer.UserProfileSerializer;
import com.okta.sdk.impl.util.ConfigUtil;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.ProxyAuthenticationStrategy;
import org.openapitools.client.ApiClient;
import org.openapitools.client.model.UserProfile;
import org.openapitools.jackson.nullable.JsonNullableModule;
import org.springframework.http.MediaType;
import org.springframework.http.client.BufferingClientHttpRequestFactory;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.DefaultUriBuilderFactory;

/* loaded from: input_file:WEB-INF/classes/bundles/net.tirasa.connid.bundles.okta-3.0.0-bundle.jar:net/tirasa/connid/bundles/okta/ConnIdClientBuilder.class */
public class ConnIdClientBuilder extends DefaultClientBuilder {
    protected final CacheManager cacheManager = Caches.newDisabledCacheManager();
    protected ClientCredentials clientCredentials;

    public ConnIdClientBuilder() {
        setCacheManager(this.cacheManager);
    }

    @Override // com.okta.sdk.impl.client.DefaultClientBuilder, com.okta.sdk.client.ClientBuilder
    public ClientBuilder setClientCredentials(ClientCredentials clientCredentials) {
        super.setClientCredentials(clientCredentials);
        this.clientCredentials = clientCredentials;
        return this;
    }

    protected BufferingClientHttpRequestFactory requestFactory() {
        HttpClientBuilder create = HttpClientBuilder.create();
        ClientConfiguration clientConfiguration = getClientConfiguration();
        if (clientConfiguration.getProxy() != null) {
            create.useSystemProperties();
            create.setProxy(new HttpHost(clientConfiguration.getProxyHost(), clientConfiguration.getProxyPort()));
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(new AuthScope(clientConfiguration.getProxyHost(), clientConfiguration.getProxyPort()), new UsernamePasswordCredentials(clientConfiguration.getProxyUsername(), clientConfiguration.getProxyPassword()));
            create.setDefaultCredentialsProvider(basicCredentialsProvider);
            create.setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
        }
        HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory();
        httpComponentsClientHttpRequestFactory.setHttpClient(create.build());
        httpComponentsClientHttpRequestFactory.setConnectionRequestTimeout(clientConfiguration.getConnectionTimeout() * 1000);
        httpComponentsClientHttpRequestFactory.setConnectTimeout(clientConfiguration.getConnectionTimeout() * 1000);
        httpComponentsClientHttpRequestFactory.setReadTimeout(clientConfiguration.getConnectionTimeout() * 1000);
        return new BufferingClientHttpRequestFactory(httpComponentsClientHttpRequestFactory);
    }

    protected RestTemplate restTemplate() {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        objectMapper.registerModule(new JavaTimeModule());
        objectMapper.registerModule(new JsonNullableModule());
        SimpleModule simpleModule = new SimpleModule();
        simpleModule.addSerializer(UserProfile.class, new UserProfileSerializer());
        simpleModule.addDeserializer(UserProfile.class, new UserProfileDeserializer());
        objectMapper.registerModule(simpleModule);
        MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter(objectMapper);
        mappingJackson2HttpMessageConverter.setSupportedMediaTypes(Arrays.asList(MediaType.APPLICATION_JSON, MediaType.parseMediaType("application/x-pem-file"), MediaType.parseMediaType("application/x-x509-ca-cert"), MediaType.parseMediaType("application/pkix-cert")));
        ArrayList arrayList = new ArrayList();
        arrayList.add(mappingJackson2HttpMessageConverter);
        DefaultUriBuilderFactory defaultUriBuilderFactory = new DefaultUriBuilderFactory();
        defaultUriBuilderFactory.setEncodingMode(DefaultUriBuilderFactory.EncodingMode.VALUES_ONLY);
        RestTemplate restTemplate = new RestTemplate(arrayList);
        restTemplate.setErrorHandler(new ErrorHandler());
        restTemplate.setRequestFactory(requestFactory());
        restTemplate.setUriTemplateHandler(defaultUriBuilderFactory);
        return restTemplate;
    }

    protected void validateOAuth2ClientConfig() {
        ClientConfiguration clientConfiguration = getClientConfiguration();
        Assert.notNull(clientConfiguration.getClientId(), "clientId cannot be null");
        Assert.isTrue((clientConfiguration.getScopes() == null || clientConfiguration.getScopes().isEmpty()) ? false : true, "At least one scope is required");
        String privateKey = clientConfiguration.getPrivateKey();
        Assert.hasText(privateKey, "privateKey cannot be null (either PEM file path (or) full PEM content must be supplied)");
        if (ConfigUtil.hasPrivateKeyContentWrapper(privateKey)) {
            return;
        }
        try {
            Assert.isTrue(Files.exists(Paths.get(privateKey, new String[0]), LinkOption.NOFOLLOW_LINKS), "privateKey file does not exist");
        } catch (InvalidPathException e) {
            throw new IllegalArgumentException("Invalid privateKey file path", e);
        }
    }

    @Override // com.okta.sdk.impl.client.DefaultClientBuilder, com.okta.sdk.client.ClientBuilder
    public ApiClient build() {
        ApiClient apiClient = new ApiClient(restTemplate(), this.cacheManager, getClientConfiguration());
        apiClient.setBasePath(getClientConfiguration().getBaseUrl());
        if (getClientConfiguration().getAuthorizationMode() != AuthorizationMode.PRIVATE_KEY) {
            if (getClientConfiguration().getClientCredentialsResolver() == null && this.clientCredentials != null) {
                getClientConfiguration().setClientCredentialsResolver(new DefaultClientCredentialsResolver(this.clientCredentials));
            } else if (getClientConfiguration().getClientCredentialsResolver() == null) {
                getClientConfiguration().setClientCredentialsResolver(new DefaultClientCredentialsResolver(getClientConfiguration()));
            }
            apiClient.setApiKeyPrefix("SSWS");
            apiClient.setApiKey((String) getClientConfiguration().getClientCredentialsResolver().getClientCredentials().getCredentials());
        } else {
            getClientConfiguration().setAuthenticationScheme(AuthenticationScheme.OAUTH2_PRIVATE_KEY);
            validateOAuth2ClientConfig();
            getClientConfiguration().setClientCredentialsResolver(new DefaultClientCredentialsResolver(new OAuth2ClientCredentials(new AccessTokenRetrieverServiceImpl(getClientConfiguration(), apiClient))));
        }
        return apiClient;
    }
}
