package com.atlassian.asap.core.server;

import com.atlassian.asap.VisibleForTesting;
import com.atlassian.asap.api.server.http.RequestAuthenticator;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.keys.PemReader;
import com.atlassian.asap.core.keys.publickey.HttpPublicKeyProvider;
import com.atlassian.asap.core.keys.publickey.PublicKeyProviderFactory;
import com.atlassian.asap.core.parser.JwtParser;
import com.atlassian.asap.core.server.http.RequestAuthenticatorImpl;
import com.atlassian.asap.core.validator.JwtClaimsValidator;
import com.atlassian.asap.core.validator.JwtValidator;
import com.atlassian.asap.core.validator.JwtValidatorImpl;
import com.atlassian.asap.nimbus.parser.NimbusJwtParser;
import java.security.PublicKey;
import java.time.Clock;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.client5.http.classic.HttpClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;

@Configuration
/* loaded from: input_file:com/atlassian/asap/core/server/AsapServerConfiguration.class */
public class AsapServerConfiguration {
    private final String audience;
    private final Set<String> audienceOverride;
    private final String publicKeyRepositoryAdditionalUrl;

    AsapServerConfiguration(String str, String str2, String str3) {
        this(str, new String[]{str2}, str3);
    }

    @Autowired
    AsapServerConfiguration(@Value("${asap.audience}") String str, @Value("${asap.audience_override:}") String[] strArr, @Value("${asap.public_key_repository.additional_url:}") String str2) {
        this.audience = str;
        this.audienceOverride = new HashSet(Arrays.asList(strArr));
        this.publicKeyRepositoryAdditionalUrl = str2;
    }

    @Bean
    public JwtValidator jwtValidator(KeyProvider<PublicKey> keyProvider, JwtParser jwtParser, JwtClaimsValidator jwtClaimsValidator) {
        return new JwtValidatorImpl(keyProvider, jwtParser, jwtClaimsValidator, getAllAudiences());
    }

    Set<String> getAllAudiences() {
        return this.audienceOverride.isEmpty() ? Collections.singleton(this.audience) : this.audienceOverride;
    }

    @Bean
    public JwtClaimsValidator jwtClaimsValidator() {
        return new JwtClaimsValidator(Clock.systemUTC());
    }

    @Bean
    public JwtParser jwtParser() {
        return new NimbusJwtParser();
    }

    @Bean
    public KeyProvider<PublicKey> publicKeyProvider(@Value("${asap.public_key_repository.url}") String str, @Qualifier("asap") HttpClient httpClient) {
        return new PublicKeyProviderFactory(httpClient, new PemReader()).createPublicKeyProvider(getCombinedPublicKeyRepositoryBaseUrl(str));
    }

    @VisibleForTesting
    String getCombinedPublicKeyRepositoryBaseUrl(String str) {
        return StringUtils.isBlank(this.publicKeyRepositoryAdditionalUrl) ? str : str + " , " + this.publicKeyRepositoryAdditionalUrl;
    }

    @Bean
    @Lazy
    @Qualifier("asap")
    public HttpClient asapHttpClient() {
        return HttpPublicKeyProvider.defaultHttpClient();
    }

    @Bean
    public RequestAuthenticator requestAuthenticator(JwtValidator jwtValidator) {
        return new RequestAuthenticatorImpl(jwtValidator);
    }

    public String getAudience() {
        return this.audience;
    }
}
