package com.appiancorp.security.auth.oauth;

import com.appiancorp.common.config.AbstractConfiguration;
import com.appiancorp.oauth.inbound.authserver.clients.pm.ProcessMiningFrontEndClientConfig;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import java.net.URI;
import java.net.URISyntaxException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/security/auth/oauth/ProcessMiningFrontEndClientConfiguration.class */
public class ProcessMiningFrontEndClientConfiguration extends AbstractConfiguration implements ProcessMiningFrontEndClientConfig {
    private static final Logger LOG = LoggerFactory.getLogger(ProcessMiningFrontEndClientConfiguration.class);
    private static final String RESOURCE_BUNDLE = "conf.iam.pm";
    private static final String CLIENT_ID_KEY = "unifiedMiningPmClientId";
    private static final String AUDIENCE_KEY = "unifiedMiningPmAudience";
    private static final String REGISTERED_REDIRECT_URI = "unifiedMiningPmRedirectUri";
    private static final String CUSTOMER_OPTED_INTO_UNIFIED_MINING_KEY = "customerOptedIntoUnifiedMining";
    private static final String ACCESS_TOKEN_EXPIRATION_SECONDS_KEY = "accessTokenExpirationInSeconds";
    private static final String REFRESH_TOKEN_EXPIRATION_SECONDS_KEY = "refreshTokenExpirationInSeconds";
    private static final String AUTH_CODE_EXPIRATION_SECONDS_KEY = "authCodeExpirationInSeconds";
    private static final String MAINTENANCE_WINDOW_CADENCE_MINUTES_KEY = "tokenFamilyMaintenanceWindowCadenceInMinutes";
    private static final String HTTPS_SCHEME = "https";
    private final FeatureToggleConfiguration featureToggleConfiguration;

    public ProcessMiningFrontEndClientConfiguration() {
        super(RESOURCE_BUNDLE, true);
        this.featureToggleConfiguration = (FeatureToggleConfiguration) ConfigurationFactory.getConfiguration(FeatureToggleConfiguration.class);
    }

    public boolean isRedirectUriValid(URI uri) {
        if (uri == null) {
            LOG.error("Redirect uri cannot be null.");
            return false;
        }
        if (!isHttpsOrEngineering(uri)) {
            LOG.error("Uri {} does NOT start with https for client {}", uri, getClientId());
            return false;
        }
        URI registeredRedirectUri = getRegisteredRedirectUri();
        if (uri.equals(registeredRedirectUri)) {
            return true;
        }
        LOG.error("Redirect uri {} did not match with one registered {}", uri, registeredRedirectUri);
        return false;
    }

    public String getClientId() {
        return getString(CLIENT_ID_KEY, "");
    }

    public URI getRegisteredRedirectUri() {
        try {
            return new URI(getString(REGISTERED_REDIRECT_URI, ""));
        } catch (URISyntaxException e) {
            LOG.error("Invalid PM redirect URI registered.", e);
            throw new RuntimeException(e);
        }
    }

    public boolean isCustomerOptedIntoUnifiedMining() {
        return getBoolean(CUSTOMER_OPTED_INTO_UNIFIED_MINING_KEY, false);
    }

    public int getAccessTokenExpirationInSecs() {
        return getInt(ACCESS_TOKEN_EXPIRATION_SECONDS_KEY, 30);
    }

    public int getRefreshTokenExpirationInSecs() {
        return getInt(REFRESH_TOKEN_EXPIRATION_SECONDS_KEY, 900);
    }

    public int getAuthCodeExpirationInSecs() {
        return getInt(AUTH_CODE_EXPIRATION_SECONDS_KEY, 60);
    }

    public int getTokenFamilyMaintenanceWindowCadenceInMins() {
        return getInt(MAINTENANCE_WINDOW_CADENCE_MINUTES_KEY, 180);
    }

    public String getAudience() {
        return getString(AUDIENCE_KEY, "processmining");
    }

    private boolean isHttpsOrEngineering(URI uri) {
        if (uri == null) {
            LOG.error("Redirect URI is null");
            return false;
        }
        if (HTTPS_SCHEME.equalsIgnoreCase(uri.getScheme()) || this.featureToggleConfiguration.enableAppianEngineeringFeatures()) {
            return true;
        }
        LOG.error("Redirect URI is non-Engineering and REQUIRED to be HTTPS. The Redirect URI provided is: {}", uri.toString());
        return false;
    }
}
