package org.eclipse.ditto.services.gateway.security.authentication.jwt;

import javax.annotation.Nullable;
import org.eclipse.ditto.model.base.common.ConditionChecker;
import org.eclipse.ditto.services.gateway.security.utils.HttpClientFacade;
import org.eclipse.ditto.services.gateway.util.config.security.OAuthConfig;
import org.eclipse.ditto.services.utils.cache.config.CacheConfig;

/* loaded from: input_file:org/eclipse/ditto/services/gateway/security/authentication/jwt/JwtAuthenticationFactory.class */
public final class JwtAuthenticationFactory {
    private static final String PUBLIC_KEY_CACHE_NAME = "ditto_authorization_jwt_publicKeys_cache";
    private final OAuthConfig oAuthConfig;
    private final CacheConfig publicKeyCacheConfig;
    private final HttpClientFacade httpClientFacade;

    @Nullable
    private JwtValidator jwtValidator;

    @Nullable
    private JwtSubjectIssuersConfig jwtSubjectIssuersConfig;

    @Nullable
    private PublicKeyProvider publicKeyProvider;

    private JwtAuthenticationFactory(OAuthConfig oAuthConfig, CacheConfig cacheConfig, HttpClientFacade httpClientFacade) {
        this.oAuthConfig = (OAuthConfig) ConditionChecker.checkNotNull(oAuthConfig, "authenticationConfig");
        this.publicKeyCacheConfig = (CacheConfig) ConditionChecker.checkNotNull(cacheConfig, "publicKeyCacheConfig");
        this.httpClientFacade = (HttpClientFacade) ConditionChecker.checkNotNull(httpClientFacade, "httpClientFacade");
    }

    public static JwtAuthenticationFactory newInstance(OAuthConfig oAuthConfig, CacheConfig cacheConfig, HttpClientFacade httpClientFacade) {
        return new JwtAuthenticationFactory(oAuthConfig, cacheConfig, httpClientFacade);
    }

    public JwtValidator getJwtValidator() {
        if (null == this.jwtValidator) {
            this.jwtValidator = DefaultJwtValidator.of(getPublicKeyProvider());
        }
        return this.jwtValidator;
    }

    private PublicKeyProvider getPublicKeyProvider() {
        if (null == this.publicKeyProvider) {
            this.publicKeyProvider = DittoPublicKeyProvider.of(getJwtSubjectIssuersConfig(), this.httpClientFacade, this.publicKeyCacheConfig, PUBLIC_KEY_CACHE_NAME);
        }
        return this.publicKeyProvider;
    }

    private JwtSubjectIssuersConfig getJwtSubjectIssuersConfig() {
        if (null == this.jwtSubjectIssuersConfig) {
            this.jwtSubjectIssuersConfig = JwtSubjectIssuersConfig.fromOAuthConfig(this.oAuthConfig);
        }
        return this.jwtSubjectIssuersConfig;
    }

    public JwtAuthenticationResultProvider newJwtAuthenticationResultProvider() {
        return DefaultJwtAuthenticationResultProvider.of(DittoJwtAuthorizationSubjectsProvider.of(getJwtSubjectIssuersConfig()));
    }
}
