package net.shibboleth.idp.plugin.authn.duo;

import java.security.Principal;
import java.util.Collection;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import javax.security.auth.Subject;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NonnullElements;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.annotation.constraint.Unmodifiable;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.AbstractInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/DefaultDuoOIDCIntegration.class */
public final class DefaultDuoOIDCIntegration extends AbstractInitializableComponent implements DynamicDuoOIDCIntegration {

    @GuardedBy("this")
    private boolean passwordless;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String apiHost;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String clientId;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String secretKey;

    @GuardedBy("this")
    @Nullable
    private String redirectURI;

    @GuardedBy("this")
    @Nullable
    private String registeredRedirectURI;

    @GuardedBy("this")
    @Nullable
    @NonnullElements
    private Set<String> allowedFactors;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String healthEndpoint;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String authorizeEndpoint;

    @GuardedBy("this")
    @NotEmpty
    @NonnullAfterInit
    private String tokenEndpoint;

    @GuardedBy("this")
    @Nullable
    private Function<ProfileRequestContext, Collection<Principal>> contextToPrincipalMappingStrategy;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DefaultDuoOIDCIntegration.class);

    @Nonnull
    @GuardedBy("this")
    private final Subject supportedPrincipals = new Subject();

    @Nonnull
    @GuardedBy("this")
    @NonnullElements
    private Set<String> allowedOrigins = CollectionSupport.emptySet();

    public synchronized void setPasswordless(boolean z) {
        checkSetterPreconditions();
        this.passwordless = z;
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    public synchronized boolean isPasswordless() {
        checkComponentActive();
        return this.passwordless;
    }

    public synchronized void setAllowedOrigins(@Nullable @NonnullElements Collection<String> collection) {
        checkSetterPreconditions();
        this.allowedOrigins = CollectionSupport.copyToSet(StringSupport.normalizeStringCollection(collection));
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration
    @Unmodifiable
    @Nonnull
    @NotLive
    public synchronized Set<String> getAllowedOrigins() {
        return this.allowedOrigins;
    }

    public synchronized void setAllowedFactors(@Nullable @NonnullElements Collection<String> collection) {
        checkSetterPreconditions();
        this.allowedFactors = collection != null ? CollectionSupport.copyToSet(StringSupport.normalizeStringCollection(collection)) : null;
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Unmodifiable
    @NotLive
    @Nullable
    public synchronized Set<String> getAllowedFactors() {
        return this.allowedFactors;
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nonnull
    @NotEmpty
    public synchronized String getAPIHost() {
        checkComponentActive();
        if ($assertionsDisabled || this.apiHost != null) {
            return this.apiHost;
        }
        throw new AssertionError();
    }

    public synchronized void setAPIHost(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.apiHost = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "API host cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nonnull
    @NotEmpty
    public synchronized String getHealthCheckEndpoint() {
        checkComponentActive();
        if ($assertionsDisabled || this.healthEndpoint != null) {
            return this.healthEndpoint;
        }
        throw new AssertionError();
    }

    public synchronized void setHealthCheckEndpoint(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.healthEndpoint = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Health check endpoint cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nonnull
    @NotEmpty
    public synchronized String getAuthorizeEndpoint() {
        checkComponentActive();
        if ($assertionsDisabled || this.authorizeEndpoint != null) {
            return this.authorizeEndpoint;
        }
        throw new AssertionError();
    }

    public synchronized void setAuthorizeEndpoint(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.authorizeEndpoint = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Authorize endpoint cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nonnull
    @NotEmpty
    public synchronized String getTokenEndpoint() {
        checkComponentActive();
        if ($assertionsDisabled || this.tokenEndpoint != null) {
            return this.tokenEndpoint;
        }
        throw new AssertionError();
    }

    public synchronized void setTokenEndpoint(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.tokenEndpoint = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Token endpoint cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nullable
    public synchronized String getRedirectURI() {
        return this.redirectURI;
    }

    public synchronized void setRegisteredRedirectURI(@Nullable String str) {
        checkSetterPreconditions();
        this.registeredRedirectURI = StringSupport.trimOrNull(str);
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration
    @Nullable
    public synchronized String getRegisteredRedirectURI() {
        return this.registeredRedirectURI;
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration
    public synchronized boolean isRedirectURIPreregistered() {
        return getRegisteredRedirectURI() != null;
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration
    public synchronized void setRedirectURIIfAbsent(@Nonnull @NotEmpty String str) {
        Constraint.isNotEmpty(str, "Computed redirect URI can not be null or empty");
        if (this.redirectURI == null) {
            this.log.debug("Integration redirect_uri is being pinned to '{}'", str);
            this.redirectURI = str;
        }
    }

    public synchronized void setClientId(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.clientId = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "ClientID cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nonnull
    @NotEmpty
    public synchronized String getClientId() {
        checkComponentActive();
        if ($assertionsDisabled || this.clientId != null) {
            return this.clientId;
        }
        throw new AssertionError();
    }

    public synchronized void setSecretKey(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.secretKey = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Secret key cannot be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nonnull
    @NotEmpty
    public synchronized String getSecretKey() {
        checkComponentActive();
        if ($assertionsDisabled || this.secretKey != null) {
            return this.secretKey;
        }
        throw new AssertionError();
    }

    @Unmodifiable
    @Nonnull
    @NonnullElements
    public synchronized <T extends Principal> Set<T> getSupportedPrincipals(@Nonnull Class<T> cls) {
        Set<T> principals = this.supportedPrincipals.getPrincipals(cls);
        if ($assertionsDisabled || principals != null) {
            return principals;
        }
        throw new AssertionError();
    }

    public synchronized <T extends Principal> void setSupportedPrincipals(@Nullable @NonnullElements Collection<T> collection) {
        checkSetterPreconditions();
        this.supportedPrincipals.getPrincipals().clear();
        if (collection == null || collection.isEmpty()) {
            return;
        }
        this.supportedPrincipals.getPrincipals().addAll(Set.copyOf(collection));
    }

    public void setContextToPrincipalMappingStrategy(@Nullable Function<ProfileRequestContext, Collection<Principal>> function) {
        checkSetterPreconditions();
        this.contextToPrincipalMappingStrategy = function;
    }

    @Override // net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration
    @Nullable
    public Function<ProfileRequestContext, Collection<Principal>> getContextToPrincipalMappingStrategy() {
        checkComponentActive();
        return this.contextToPrincipalMappingStrategy;
    }

    protected void doInitialize() throws ComponentInitializationException {
        synchronized (this) {
            if (this.apiHost == null || this.clientId == null || this.secretKey == null || this.healthEndpoint == null || this.authorizeEndpoint == null || this.tokenEndpoint == null || (this.registeredRedirectURI == null && this.allowedOrigins.isEmpty())) {
                throw new ComponentInitializationException("API host, clientId, secret key,token endpoint, health check endpoint, authorization endpoint, and one of redirectURI or allowed redirect URI origins must be set");
            }
        }
    }

    public int hashCode() {
        return Objects.hash(getClientId());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj != null && getClass() == obj.getClass()) {
            return Objects.equals(getClientId(), ((DefaultDuoOIDCIntegration) obj).getClientId());
        }
        return false;
    }

    public String toString() {
        return "DefaultDuoOIDCIntegration [apiHost=" + this.apiHost + ", clientId=" + this.clientId + ", redirectURI=" + this.redirectURI + "]";
    }

    static {
        $assertionsDisabled = !DefaultDuoOIDCIntegration.class.desiredAssertionStatus();
    }
}
