package com.okta.spring.oauth;

import com.okta.spring.oauth.discovery.OidcDiscoveryClient;
import com.okta.spring.oauth.discovery.OidcDiscoveryMetadata;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.boot.env.YamlPropertySourceLoader;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.EnumerablePropertySource;
import org.springframework.core.env.Environment;
import org.springframework.core.env.PropertySource;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.web.client.ResourceAccessException;

/* loaded from: input_file:com/okta/spring/oauth/OktaPropertiesMappingEnvironmentPostProcessor.class */
public class OktaPropertiesMappingEnvironmentPostProcessor implements EnvironmentPostProcessor {
    private static final String OAUTH_CLIENT_PREFIX = "security.oauth2.client.";
    private static final String OAUTH_RESOURCE_PREFIX = "security.oauth2.resource.";
    private static final String OKTA_OAUTH_PREFIX = "okta.oauth2.";
    private final Logger logger = LoggerFactory.getLogger(OktaPropertiesMappingEnvironmentPostProcessor.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/okta/spring/oauth/OktaPropertiesMappingEnvironmentPostProcessor$MapBasedPropertySource.class */
    public static class MapBasedPropertySource extends EnumerablePropertySource<Map<String, String>> {
        MapBasedPropertySource(String str, Map<String, String> map) {
            super(str, map);
        }

        public Object getProperty(String str) {
            return ((Map) getSource()).get(str);
        }

        public String[] getPropertyNames() {
            return (String[]) ((Map) getSource()).keySet().toArray(new String[((Map) getSource()).size()]);
        }
    }

    public void postProcessEnvironment(ConfigurableEnvironment configurableEnvironment, SpringApplication springApplication) {
        configurableEnvironment.getPropertySources().addLast(remappedOktaToStandardOAuthPropertySource(configurableEnvironment));
        configurableEnvironment.getPropertySources().addLast(discoveryPropertiesSource(configurableEnvironment));
        configurableEnvironment.getPropertySources().addLast(loadYaml(new ClassPathResource("com/okta/spring/okta.yml")));
    }

    private PropertySource<?> loadYaml(Resource resource) {
        YamlPropertySourceLoader yamlPropertySourceLoader = new YamlPropertySourceLoader();
        if (!resource.exists()) {
            throw new IllegalArgumentException("Resource " + resource + " does not exist");
        }
        try {
            return yamlPropertySourceLoader.load("okta-defaults", resource, (String) null);
        } catch (IOException e) {
            throw new IllegalStateException("Failed to load yaml configuration from " + resource, e);
        }
    }

    private PropertySource remappedOktaToStandardOAuthPropertySource(Environment environment) {
        HashMap hashMap = new HashMap();
        hashMap.put("security.oauth2.client.clientId", environment.getProperty("okta.oauth2.clientId"));
        hashMap.put("security.oauth2.client.clientSecret", environment.getProperty("okta.oauth2.clientSecret"));
        hashMap.put("security.oauth2.resource.serviceId", environment.getProperty("okta.oauth2.audience"));
        return new MapBasedPropertySource("okta-to-oauth2", Collections.unmodifiableMap(hashMap));
    }

    private PropertySource discoveryPropertiesSource(Environment environment) {
        if (!Boolean.parseBoolean(environment.getProperty("okta.oauth2.discoveryDisabled"))) {
            String property = environment.getProperty("okta.oauth2.issuer");
            try {
                OidcDiscoveryMetadata discover = new OidcDiscoveryClient(property).discover();
                HashMap hashMap = new HashMap();
                hashMap.put("okta.client.orgUrl", property.substring(0, property.lastIndexOf("/oauth2/")));
                hashMap.put("security.oauth2.client.accessTokenUri", discover.getTokenEndpoint());
                hashMap.put("security.oauth2.client.userAuthorizationUri", discover.getAuthorizationEndpoint());
                hashMap.put("security.oauth2.resource.userInfoUri", discover.getUserinfoEndpoint());
                hashMap.put("security.oauth2.resource.jwk.keySetUri", discover.getJwksUri());
                hashMap.put("security.oauth2.resource.tokenInfoUri", discover.getIntrospectionEndpoint());
                return new MapBasedPropertySource("discovery-to-oauth2", Collections.unmodifiableMap(hashMap));
            } catch (ResourceAccessException e) {
                this.logger.warn("Failed to discover oauth metadata from url: {}", property, e);
            }
        }
        return new MapBasedPropertySource("no-discovery", Collections.emptyMap());
    }
}
