package net.shibboleth.idp.plugin.authn.duo;

import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import javax.security.auth.Subject;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NonnullElements;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.annotation.constraint.Unmodifiable;
import net.shibboleth.shared.component.AbstractInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import org.slf4j.Logger;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/DefaultDuoOIDCIntegration.class */
public final class DefaultDuoOIDCIntegration extends AbstractInitializableComponent implements DynamicDuoOIDCIntegration {

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String apiHost;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String clientId;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String secretKey;

    @GuardedBy("this")
    @Nullable
    private String redirectURI;

    @GuardedBy("this")
    @Nullable
    private String registeredRedirectURI;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String healthEndpoint;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String authorizeEndpoint;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String tokenEndpoint;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DefaultDuoOIDCIntegration.class);

    @Nonnull
    @GuardedBy("this")
    private final Subject supportedPrincipals = new Subject();

    @Nonnull
    @NonnullElements
    @Unmodifiable
    @GuardedBy("this")
    private Set<String> allowedOrigins = Collections.emptySet();

    public synchronized void setAllowedOrigins(@Nullable @NonnullElements Collection<String> collection) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.allowedOrigins = Set.copyOf(StringSupport.normalizeStringCollection((Collection) Constraint.isNotNull(collection, "Types cannot be null")));
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration
    @Unmodifiable
    @Nonnull
    @NotLive
    public synchronized Set<String> getAllowedOrigins() {
        return Collections.unmodifiableSet(this.allowedOrigins);
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @NotEmpty
    @NonnullAfterInit
    public synchronized String getAPIHost() {
        return this.apiHost;
    }

    public synchronized void setAPIHost(@Nonnull @NotEmpty String str) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.apiHost = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "API host cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @NotEmpty
    @NonnullAfterInit
    public synchronized String getHealthCheckEndpoint() {
        return this.healthEndpoint;
    }

    public synchronized void setHealthCheckEndpoint(@Nonnull @NotEmpty String str) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.healthEndpoint = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Health check endpoint cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @NotEmpty
    @NonnullAfterInit
    public synchronized String getAuthorizeEndpoint() {
        return this.authorizeEndpoint;
    }

    public synchronized void setAuthorizeEndpoint(@Nonnull @NotEmpty String str) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.authorizeEndpoint = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Authorize endpoint cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @NotEmpty
    @NonnullAfterInit
    public synchronized String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    public synchronized void setTokenEndpoint(@Nonnull @NotEmpty String str) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.tokenEndpoint = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Token endpoint cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nullable
    public synchronized String getRedirectURI() {
        return this.redirectURI;
    }

    public synchronized void setRegisteredRedirectURI(@Nullable String str) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.registeredRedirectURI = StringSupport.trimOrNull(str);
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration
    @Nullable
    public synchronized String getRegisteredRedirectURI() {
        return this.registeredRedirectURI;
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration
    public synchronized boolean isRedirectURIPreregistered() {
        return getRegisteredRedirectURI() != null;
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration
    public synchronized void setRedirectURIIfAbsent(@Nonnull @NotEmpty String str) {
        Constraint.isNotEmpty(str, "Computed redirect URI can not be null or empty");
        if (this.redirectURI == null) {
            this.log.debug("Integration redirect_uri is being pinned to '{}'", str);
            this.redirectURI = str;
        }
    }

    public synchronized void setClientId(@Nonnull @NotEmpty String str) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.clientId = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "ClientID cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @NotEmpty
    @NonnullAfterInit
    public synchronized String getClientId() {
        return this.clientId;
    }

    public synchronized void setSecretKey(@Nonnull @NotEmpty String str) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.secretKey = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Secret key cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @NotEmpty
    @NonnullAfterInit
    public synchronized String getSecretKey() {
        return this.secretKey;
    }

    @Unmodifiable
    @Nonnull
    @NonnullElements
    public synchronized <T extends Principal> Set<T> getSupportedPrincipals(@Nonnull Class<T> cls) {
        return this.supportedPrincipals.getPrincipals(cls);
    }

    public synchronized <T extends Principal> void setSupportedPrincipals(@Nullable @NonnullElements Collection<T> collection) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.supportedPrincipals.getPrincipals().clear();
        if (collection == null || collection.isEmpty()) {
            return;
        }
        this.supportedPrincipals.getPrincipals().addAll(Set.copyOf(collection));
    }

    protected void doInitialize() throws ComponentInitializationException {
        if (getAPIHost() == null || getClientId() == null || getSecretKey() == null || getHealthCheckEndpoint() == null || getAuthorizeEndpoint() == null || getTokenEndpoint() == null || (getRegisteredRedirectURI() == null && getAllowedOrigins().isEmpty())) {
            throw new ComponentInitializationException("API host, clientId, secret key,token endpoint, health check endpoint, authorization endpoint, and one of redirectURI or allowed redirect URI origins must be set");
        }
    }

    public int hashCode() {
        return Objects.hash(getClientId());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj != null && getClass() == obj.getClass()) {
            return Objects.equals(getClientId(), ((DefaultDuoOIDCIntegration) obj).getClientId());
        }
        return false;
    }

    public String toString() {
        return "DefaultDuoOIDCIntegration [apiHost=" + this.apiHost + ", clientId=" + this.clientId + ", redirectURI=" + this.redirectURI + "]";
    }
}
