package com.atlassian.plugins.authentication.sso.config.oidc;

import com.atlassian.plugins.authentication.api.config.SsoType;
import com.atlassian.plugins.authentication.api.config.ValidationError;
import com.atlassian.plugins.authentication.api.config.oidc.OidcConfig;
import com.atlassian.plugins.authentication.sso.config.AbstractIdpConfigValidator;
import com.atlassian.plugins.authentication.sso.config.ValidationContext;
import com.atlassian.plugins.authentication.sso.util.HttpsValidator;
import com.atlassian.plugins.authentication.sso.util.ValidationUtils;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSetMultimap;
import com.google.common.collect.Multimap;
import java.net.URL;
import javax.annotation.Nonnull;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/config/oidc/OidcConfigValidator.class */
public class OidcConfigValidator extends AbstractIdpConfigValidator<OidcConfig> {
    private static final Logger log = LoggerFactory.getLogger(OidcConfigValidator.class);

    @Inject
    public OidcConfigValidator(HttpsValidator httpsValidator) {
        super(httpsValidator);
    }

    @Override // com.atlassian.plugins.authentication.sso.config.AbstractIdpConfigValidator
    protected SsoType getSsoType() {
        return SsoType.OIDC;
    }

    @Override // com.atlassian.plugins.authentication.sso.config.AbstractIdpConfigValidator
    protected Class<OidcConfig> getSsoClass() {
        return OidcConfig.class;
    }

    /* renamed from: validate, reason: avoid collision after fix types in other method */
    protected void validate2(@Nonnull ImmutableMultimap.Builder<String, ValidationError> builder, @Nonnull OidcConfig oidcConfig) {
        builder.putAll("issuer-url", validateRequiredField(oidcConfig.getIssuer()));
        builder.putAll("client-id", validateRequiredField(oidcConfig.getClientId()));
        builder.putAll("client-secret", validateRequiredField(oidcConfig.getClientSecret()));
        builder.putAll("authorization-endpoint", validateRequiredField(oidcConfig.getAuthorizationEndpoint()));
        builder.putAll("token-endpoint", validateRequiredField(oidcConfig.getTokenEndpoint()));
        builder.putAll("userinfo-endpoint", validateRequiredField(oidcConfig.getUserInfoEndpoint()));
        builder.putAll("issuer-url", validateIssuer(oidcConfig.getIssuer()));
        builder.putAll("authorization-endpoint", validateUrl(oidcConfig.getAuthorizationEndpoint()));
        builder.putAll("token-endpoint", validateUrl(oidcConfig.getTokenEndpoint()));
        builder.putAll("userinfo-endpoint", validateUrl(oidcConfig.getUserInfoEndpoint()));
        builder.putAll("additional-scopes", validateAdditionalScopes(oidcConfig.getAdditionalScopes()));
        builder.putAll("username-claim", validateMappingExpression(oidcConfig.getUsernameClaim()));
        builder.putAll(validateJitFields(oidcConfig.getJustInTimeConfig()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.plugins.authentication.sso.config.AbstractIdpConfigValidator
    public Multimap<String, ValidationError> validateInContext(OidcConfig oidcConfig, ValidationContext validationContext) {
        ImmutableSetMultimap.Builder builder = ImmutableSetMultimap.builder();
        if (validationContext != ValidationContext.OIDC_DISCOVERY) {
            throw new IllegalArgumentException("Validation in context " + validationContext + " is not supported for OIDC configuration");
        }
        builder.putAll("issuer-url", validateRequiredField(oidcConfig.getIssuer()));
        builder.putAll("issuer-url", validateIssuer(oidcConfig.getIssuer()));
        builder.putAll("client-id", validateRequiredField(oidcConfig.getClientId()));
        builder.putAll("client-secret", validateRequiredField(oidcConfig.getClientSecret()));
        return builder.build();
    }

    private Iterable<ValidationError> validateIssuer(String str) {
        Iterable<ValidationError> validateUrl = validateUrl(str);
        if (validateUrl.iterator().hasNext()) {
            return validateUrl;
        }
        URL convertToUrl = ValidationUtils.convertToUrl(str);
        if (convertToUrl == null || (("http".equalsIgnoreCase(convertToUrl.getProtocol()) || "https".equalsIgnoreCase(convertToUrl.getProtocol())) && convertToUrl.getQuery() == null)) {
            return NO_ERRORS;
        }
        log.error("Invalid issuer, specified protocol: {}, query path: {}", convertToUrl.getProtocol(), convertToUrl.getQuery());
        return ERROR_INCORRECT;
    }

    private Iterable<ValidationError> validateAdditionalScopes(Iterable<String> iterable) {
        for (String str : iterable) {
            if (StringUtils.isEmpty(str) || !StringUtils.isAsciiPrintable(str) || StringUtils.containsWhitespace(str)) {
                return ERROR_INCORRECT;
            }
        }
        return NO_ERRORS;
    }

    @Override // com.atlassian.plugins.authentication.sso.config.AbstractIdpConfigValidator
    protected /* bridge */ /* synthetic */ void validate(@Nonnull ImmutableMultimap.Builder builder, @Nonnull OidcConfig oidcConfig) {
        validate2((ImmutableMultimap.Builder<String, ValidationError>) builder, oidcConfig);
    }
}
