package org.forgerock.jaspi.modules.openid.resolvers.service;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import java.util.Map;
import org.forgerock.caf.authentication.framework.AuthenticationFramework;
import org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolver;

/* loaded from: input_file:org/forgerock/jaspi/modules/openid/resolvers/service/OpenIdResolverServiceConfiguratorImpl.class */
public class OpenIdResolverServiceConfiguratorImpl implements OpenIdResolverServiceConfigurator {
    @Override // org.forgerock.jaspi.modules.openid.resolvers.service.OpenIdResolverServiceConfigurator
    public boolean configureService(OpenIdResolverService openIdResolverService, List<Map<String, String>> list) {
        if (list == null || list.size() < 1) {
            return false;
        }
        boolean z = false;
        for (Map<String, String> map : list) {
            String str = map.get(OpenIdResolver.KEY_ALIAS_KEY);
            String str2 = map.get(OpenIdResolver.CLIENT_SECRET_KEY);
            String str3 = map.get(OpenIdResolver.JWK);
            String str4 = map.get(OpenIdResolver.WELL_KNOWN_CONFIGURATION);
            if (str4 != null) {
                z = openIdConfiguration(openIdResolverService, str4);
            } else {
                String str5 = map.get(OpenIdResolver.ISSUER_KEY);
                if (str5 == null) {
                    AuthenticationFramework.LOG.debug("No issuer name found for non-Open ID Configuration configured resolver");
                } else if (str3 != null) {
                    z = jwkConfiguration(openIdResolverService, str3, str5);
                } else if (str != null) {
                    z = keystoreConfiguration(openIdResolverService, map.get(OpenIdResolver.KEYSTORE_LOCATION_KEY), map.get(OpenIdResolver.KEYSTORE_PASS_KEY), map.get(OpenIdResolver.KEYSTORE_TYPE_KEY), str, str5);
                } else if (str2 != null) {
                    z = sharedSecretConfiguration(openIdResolverService, str2, str5);
                }
            }
        }
        return z;
    }

    private boolean keystoreConfiguration(OpenIdResolverService openIdResolverService, String str, String str2, String str3, String str4, String str5) {
        if (str == null || str.isEmpty() || str3 == null || str3.isEmpty() || str2 == null || str2.isEmpty()) {
            AuthenticationFramework.LOG.debug("Unable to configure resolver using keyAlias for {}", str5);
            return false;
        }
        if (openIdResolverService.configureResolverWithKey(str5, str4, str, str3, str2)) {
            return true;
        }
        AuthenticationFramework.LOG.debug("Unable to configure resolver using keyAlias for {}", str5);
        return false;
    }

    private boolean sharedSecretConfiguration(OpenIdResolverService openIdResolverService, String str, String str2) {
        if (openIdResolverService.configureResolverWithSecret(str2, str)) {
            return true;
        }
        AuthenticationFramework.LOG.debug("Unable to configure resolver using sharedSecret for {}", str2);
        return false;
    }

    private boolean jwkConfiguration(OpenIdResolverService openIdResolverService, String str, String str2) {
        try {
            if (openIdResolverService.configureResolverWithJWK(str2, new URL(str))) {
                return true;
            }
            AuthenticationFramework.LOG.debug("Unable to configure resolver using JWK for {}", str2);
            return false;
        } catch (MalformedURLException e) {
            AuthenticationFramework.LOG.debug("Supplied JWKs URL at {} is invalid.", str);
            return false;
        }
    }

    private boolean openIdConfiguration(OpenIdResolverService openIdResolverService, String str) {
        try {
            if (openIdResolverService.configureResolverWithWellKnownOpenIdConfiguration(new URL(str))) {
                return true;
            }
            AuthenticationFramework.LOG.debug("Unable to configure resolver using Open ID Configuration at url: {}", str);
            return false;
        } catch (MalformedURLException e) {
            AuthenticationFramework.LOG.debug("Supplied JWKs URL at {} is invalid.", str);
            return false;
        }
    }
}
