package pl.edu.icm.unity.oauth.client.config;

import eu.unicore.util.configuration.ConfigurationException;
import eu.unicore.util.configuration.DocumentationReferenceMeta;
import eu.unicore.util.configuration.DocumentationReferencePrefix;
import eu.unicore.util.configuration.PropertiesHelper;
import eu.unicore.util.configuration.PropertyMD;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.log4j.Logger;
import pl.edu.icm.unity.oauth.client.config.OAuthClientProperties;
import pl.edu.icm.unity.server.utils.Log;

/* loaded from: input_file:pl/edu/icm/unity/oauth/client/config/CustomProviderProperties.class */
public class CustomProviderProperties extends PropertiesHelper {

    @DocumentationReferencePrefix
    public static final String P = "unity.oauth2.client.CLIENT_ID.";
    public static final String PROVIDER_TYPE = "type";
    public static final String PROVIDER_LOCATION = "authEndpoint";
    public static final String ACCESS_TOKEN_ENDPOINT = "accessTokenEndpoint";
    public static final String PROFILE_ENDPOINT = "profileEndpoint";
    public static final String PROVIDER_NAME = "name";
    public static final String CLIENT_ID = "clientId";
    public static final String CLIENT_SECRET = "clientSecret";
    public static final String CLIENT_AUTHN_MODE = "clientAuthenticationMode";
    public static final String SCOPES = "scopes";
    public static final String ACCESS_TOKEN_FORMAT = "accessTokenFormat";
    public static final String OPENID_CONNECT = "openIdConnect";
    public static final String OPENID_DISCOVERY = "openIdConnectDiscoveryEndpoint";
    public static final String REGISTRATION_FORM = "registrationFormForUnknown";
    public static final String TRANSLATION_PROFILE = "translationProfile";
    public static final String ICON_URL = "iconUrl";
    private static final Logger log = Log.getLogger("unity.server.config", CustomProviderProperties.class);

    @DocumentationReferenceMeta
    public static final Map<String, PropertyMD> META = new HashMap();

    /* loaded from: input_file:pl/edu/icm/unity/oauth/client/config/CustomProviderProperties$AccessTokenFormat.class */
    public enum AccessTokenFormat {
        standard,
        httpParams
    }

    /* loaded from: input_file:pl/edu/icm/unity/oauth/client/config/CustomProviderProperties$ClientAuthnMode.class */
    public enum ClientAuthnMode {
        secretPost,
        secretBasic
    }

    public CustomProviderProperties(Properties properties, String str) throws ConfigurationException {
        super(str, properties, META, log);
        if (getBooleanValue(OPENID_CONNECT).booleanValue()) {
            if (!isSet(SCOPES)) {
                setProperty(SCOPES, "openid email");
            }
            if (!isSet(OPENID_DISCOVERY)) {
                throw new ConfigurationException(getKeyDescription(OPENID_DISCOVERY) + " is mandatory in OpenID Connect mode");
            }
            return;
        }
        if (!isSet(PROVIDER_LOCATION)) {
            throw new ConfigurationException(getKeyDescription(PROVIDER_LOCATION) + " is mandatory in non OpenID Connect mode");
        }
        if (!isSet(ACCESS_TOKEN_ENDPOINT)) {
            throw new ConfigurationException(getKeyDescription(ACCESS_TOKEN_ENDPOINT) + " is mandatory in non OpenID Connect mode");
        }
        if (!isSet(PROFILE_ENDPOINT)) {
            throw new ConfigurationException(getKeyDescription(PROFILE_ENDPOINT) + " is mandatory in non OpenID Connect mode");
        }
    }

    public Properties getProperties() {
        return this.properties;
    }

    static {
        META.put(PROVIDER_TYPE, new PropertyMD(OAuthClientProperties.Providers.custom).setDescription("Type of provider. Either a well known provider type can be specified or 'custom'. In the first case only few additional settings are required: client id, secret and translation profile. Other settings as scope can be additionally set to fine tune the remote authentication. In the latter 'custom' case all mandatory options must be set."));
        META.put(PROVIDER_LOCATION, new PropertyMD().setDescription("Location (URL) of OAuth2 provider's authorization endpoint. It is mandatory for non OpenID Connect providers, in whose case the endopint can be discovered."));
        META.put(ACCESS_TOKEN_ENDPOINT, new PropertyMD().setDescription("Location (URL) of OAuth2 provider's access token endpoint. In case of OpenID Connect mode can be discovered, otherwise mandatory."));
        META.put(PROFILE_ENDPOINT, new PropertyMD().setDescription("Location (URL) of OAuth2 provider's user's profile endpoint. It is used to obtain additional user's attributes. It can be autodiscovered for OpenID Connect mode. Otherwise it must be set as otherwise there is no information about the user identity."));
        META.put(PROVIDER_NAME, new PropertyMD().setMandatory().setCanHaveSubkeys().setDescription("Name of the OAuth provider to be displayed. Can be localized with locale subkeys."));
        META.put(ICON_URL, new PropertyMD().setCanHaveSubkeys().setDescription("URL to provider's logo. Can be http(s), file or data scheme. Can be localized."));
        META.put(CLIENT_ID, new PropertyMD().setMandatory().setDescription("Client identifier, obtained during Unity's registration at the provider"));
        META.put(CLIENT_SECRET, new PropertyMD().setSecret().setMandatory().setDescription("Client secret, obtained during Unity's registration at the provider"));
        META.put(CLIENT_AUTHN_MODE, new PropertyMD(ClientAuthnMode.secretBasic).setDescription("Defines how the client secret and id should be passed to the provider."));
        META.put(SCOPES, new PropertyMD().setDescription("Space separated list of authorization scopes to be requested. Most often required if in non OpenID Connect mode, otherwise has a default value of 'openid email'"));
        META.put(ACCESS_TOKEN_FORMAT, new PropertyMD(AccessTokenFormat.standard).setDescription("Some providers (Facebook) use legacy format of a response to the access token query. Non standard format can be set here."));
        META.put(OPENID_CONNECT, new PropertyMD("false").setDescription("If set to true, then the provider is treated as OpenID Connect 1.0 provider. For such providers specifying profileEndpoint is not mandatory as the basic user information is retrieved together with access token. However the discovery endpoint must be set."));
        META.put(OPENID_DISCOVERY, new PropertyMD().setDescription("OpenID Connect Discovery endpoint address, relevant (and required) only when OpenID Connect mode is turned on."));
        META.put(REGISTRATION_FORM, new PropertyMD().setDescription("Registration form to be shown for the locally unknown users which were successfuly authenticated remotely."));
        META.put(TRANSLATION_PROFILE, new PropertyMD().setMandatory().setDescription("Translation profile which will be used to map received user information to a local representation."));
    }
}
