package no.nav.apiapp.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.function.Consumer;
import no.nav.apiapp.ApiApplication;
import no.nav.apiapp.rest.SwaggerResource;
import no.nav.apiapp.selftest.impl.OpenAMHelsesjekk;
import no.nav.apiapp.util.UrlUtils;
import no.nav.brukerdialog.security.Constants;
import no.nav.brukerdialog.security.jaspic.OidcAuthModule;
import no.nav.brukerdialog.security.oidc.SystemUserTokenProvider;
import no.nav.brukerdialog.security.oidc.SystemUserTokenProviderConfig;
import no.nav.brukerdialog.security.oidc.provider.AzureADB2CConfig;
import no.nav.brukerdialog.security.oidc.provider.AzureADB2CProvider;
import no.nav.brukerdialog.security.oidc.provider.IssoOidcProvider;
import no.nav.brukerdialog.security.oidc.provider.IssoOidcProviderConfig;
import no.nav.brukerdialog.security.oidc.provider.OidcProvider;
import no.nav.brukerdialog.security.oidc.provider.SecurityTokenServiceOidcProvider;
import no.nav.brukerdialog.security.oidc.provider.SecurityTokenServiceOidcProviderConfig;
import no.nav.brukerdialog.security.pingable.IssoIsAliveHelsesjekk;
import no.nav.brukerdialog.security.pingable.IssoSystemBrukerTokenHelsesjekk;
import no.nav.common.auth.AuthorizationModule;
import no.nav.common.auth.LoginFilter;
import no.nav.common.auth.LoginProvider;
import no.nav.common.auth.openam.sbs.OpenAMLoginFilter;
import no.nav.common.auth.openam.sbs.OpenAmConfig;
import no.nav.json.JsonProvider;
import no.nav.sbl.dialogarena.common.jetty.Jetty;
import no.nav.sbl.dialogarena.types.Pingable;
import no.nav.sbl.util.EnvironmentUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/apiapp/config/Konfigurator.class */
public class Konfigurator implements ApiAppConfigurator {
    private static final Logger log = LoggerFactory.getLogger(Konfigurator.class);
    private static final Logger LOGGER = LoggerFactory.getLogger(Konfigurator.class);
    private final Jetty.JettyBuilder jettyBuilder;
    private AuthorizationModule authorizationModule;
    private final List<OidcProvider> oidcProviders = new ArrayList();
    private final List<LoginProvider> loginProviders = new ArrayList();
    private final List<Consumer<Jetty>> jettyCustomizers = new ArrayList();
    private final List<Consumer<Jetty.JettyBuilder>> jettyBuilderCustomizers = new ArrayList();
    private final List<String> publicPaths = new ArrayList();
    private final List<Object> springBonner = new ArrayList();
    private final List<Pingable> pingables = new ArrayList();
    private ObjectMapper objectMapper = JsonProvider.createObjectMapper();

    public Konfigurator(Jetty.JettyBuilder jettyBuilder, ApiApplication apiApplication) {
        this.jettyBuilder = jettyBuilder;
        String apiBasePath = apiApplication.getApiBasePath();
        addPublicPath("/internal/.*").addPublicPath("/ws/.*").addPublicPath(UrlUtils.joinPaths(apiBasePath, "/ping")).addPublicPath(UrlUtils.joinPaths(apiBasePath, SwaggerResource.SWAGGER_JSON));
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator sts() {
        return sts(defaultStsConfig());
    }

    StsConfig defaultStsConfig() {
        return StsConfig.builder().url(getConfigProperty("no.nav.modig.security.sts.url", "SECURITYTOKENSERVICE_URL")).username(getConfigProperty("no.nav.modig.security.systemuser.username", EnvironmentUtils.resolveSrvUserPropertyName())).password(getConfigProperty("no.nav.modig.security.systemuser.password", EnvironmentUtils.resolverSrvPasswordPropertyName())).build();
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator sts(StsConfig stsConfig) {
        EnvironmentUtils.setProperty("no.nav.modig.security.sts.url", stsConfig.url, EnvironmentUtils.Type.PUBLIC);
        EnvironmentUtils.setProperty("no.nav.modig.security.systemuser.username", stsConfig.username, EnvironmentUtils.Type.PUBLIC);
        EnvironmentUtils.setProperty("no.nav.modig.security.systemuser.password", stsConfig.password, EnvironmentUtils.Type.SECRET);
        return this;
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator openAmLogin() {
        return openAmLogin(OpenAmConfig.fromSystemProperties());
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator openAmLogin(OpenAmConfig openAmConfig) {
        this.loginProviders.add(new OpenAMLoginFilter(openAmConfig));
        this.springBonner.add(new OpenAMHelsesjekk(openAmConfig));
        return this;
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator issoLogin() {
        return issoLogin(IssoConfig.builder().username(getConfigProperty("no.nav.modig.security.systemuser.username", EnvironmentUtils.resolveSrvUserPropertyName())).password(getConfigProperty("no.nav.modig.security.systemuser.password", EnvironmentUtils.resolverSrvPasswordPropertyName())).issoHostUrl(Constants.getIssoHostUrl()).issoRpUserUsername(Constants.getIssoRpUserUsername()).issoRpUserPassword(Constants.getIssoRpUserPassword()).issoJwksUrl(Constants.getIssoJwksUrl()).issoExpectedTokenIssuer(Constants.getIssoExpectedTokenIssuer()).oidcRedirectUrl(Constants.getOidcRedirectUrl()).isAliveUrl(Constants.getIssoIsaliveUrl()).build());
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator issoLogin(IssoConfig issoConfig) {
        SystemUserTokenProviderConfig build = SystemUserTokenProviderConfig.builder().srvUsername(issoConfig.username).srvPassword(issoConfig.password).issoHostUrl(issoConfig.issoHostUrl).issoRpUserUsername(issoConfig.issoRpUserUsername).issoRpUserPassword(issoConfig.issoRpUserPassword).issoJwksUrl(issoConfig.issoJwksUrl).issoExpectedTokenIssuer(issoConfig.issoExpectedTokenIssuer).oidcRedirectUrl(issoConfig.oidcRedirectUrl).build();
        SystemUserTokenProvider systemUserTokenProvider = new SystemUserTokenProvider(build);
        this.springBonner.add(systemUserTokenProvider);
        this.springBonner.add(new IssoSystemBrukerTokenHelsesjekk(systemUserTokenProvider));
        this.springBonner.add(new IssoIsAliveHelsesjekk(issoConfig.isAliveUrl));
        return oidcProvider(new IssoOidcProvider(IssoOidcProviderConfig.from(build)));
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    @Deprecated
    public ApiAppConfigurator azureADB2CLogin() {
        return azureADB2CLogin(AzureADB2CConfig.configureAzureAdForExternalUsers());
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    @Deprecated
    public ApiAppConfigurator azureADB2CLogin(AzureADB2CConfig azureADB2CConfig) {
        return oidcProvider(new AzureADB2CProvider(azureADB2CConfig));
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator validateAzureAdExternalUserTokens() {
        return oidcProvider(new AzureADB2CProvider(AzureADB2CConfig.configureAzureAdForExternalUsers()));
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator validateAzureAdInternalUsersTokens() {
        return oidcProvider(new AzureADB2CProvider(AzureADB2CConfig.configureAzureAdForInternalUsers()));
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator securityTokenServiceLogin() {
        return securityTokenServiceLogin(SecurityTokenServiceOidcProviderConfig.readFromSystemProperties());
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator securityTokenServiceLogin(SecurityTokenServiceOidcProviderConfig securityTokenServiceOidcProviderConfig) {
        return oidcProvider(new SecurityTokenServiceOidcProvider(securityTokenServiceOidcProviderConfig));
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator oidcProvider(OidcProvider oidcProvider) {
        this.oidcProviders.add(oidcProvider);
        this.springBonner.add(oidcProvider);
        return this;
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator addPublicPath(String str) {
        this.publicPaths.add(str);
        return this;
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator authorizationModule(AuthorizationModule authorizationModule) {
        this.authorizationModule = authorizationModule;
        return this;
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator customizeJetty(Consumer<Jetty> consumer) {
        this.jettyCustomizers.add(consumer);
        return this;
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator customizeJettyBuilder(Consumer<Jetty.JettyBuilder> consumer) {
        this.jettyBuilderCustomizers.add(consumer);
        return this;
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator selfTest(Pingable pingable) {
        return selfTests(Collections.singletonList(pingable));
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator selfTests(Pingable... pingableArr) {
        return selfTests(Arrays.asList(pingableArr));
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator selfTests(Collection<? extends Pingable> collection) {
        this.pingables.addAll(collection);
        return this;
    }

    @Override // no.nav.apiapp.config.ApiAppConfigurator
    public ApiAppConfigurator objectMapper(ObjectMapper objectMapper) {
        this.objectMapper = objectMapper;
        return this;
    }

    private String getConfigProperty(String str, String str2) {
        LOGGER.info("reading config-property {} / {}", str, str2);
        return (String) EnvironmentUtils.getOptionalProperty(str, new String[0]).orElseGet(() -> {
            return EnvironmentUtils.getRequiredProperty(str2, new String[0]);
        });
    }

    public Jetty buildJetty() {
        if (!this.oidcProviders.isEmpty()) {
            this.loginProviders.add(new OidcAuthModule(this.oidcProviders));
        }
        if (hasLogin()) {
            log.info("adding {} with loginProviders={} authorizationModule={} publicPaths={}", new Object[]{LoginFilter.class.getSimpleName(), this.loginProviders, this.authorizationModule, this.publicPaths});
            this.jettyBuilder.addFilter(new LoginFilter(this.loginProviders, this.authorizationModule, this.publicPaths));
        }
        this.jettyBuilderCustomizers.forEach(consumer -> {
            consumer.accept(this.jettyBuilder);
        });
        Jetty buildJetty = this.jettyBuilder.buildJetty();
        this.jettyCustomizers.forEach(consumer2 -> {
            consumer2.accept(buildJetty);
        });
        return buildJetty;
    }

    public boolean hasLogin() {
        return (this.oidcProviders.isEmpty() && this.loginProviders.isEmpty() && this.authorizationModule == null) ? false : true;
    }

    public List<Object> getSpringBonner() {
        return this.springBonner;
    }

    public List<Pingable> getPingables() {
        return this.pingables;
    }

    public ObjectMapper getObjectMapper() {
        return this.objectMapper;
    }
}
