package dev.fitko.fitconnect.jwkvalidator;

import com.nimbusds.jose.util.X509CertUtils;
import dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps;
import dev.fitko.fitconnect.jwkvalidator.exceptions.LogLevel;
import java.net.Proxy;
import java.security.cert.TrustAnchor;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/JWKValidatorBuilder.class */
public class JWKValidatorBuilder {
    public static final boolean DEFAULT_IS_X5C_VALIDATION_SILENT = false;
    public static final List<String> DEFAULT_OCSP_RESPONSE_SIGNATURE_ALGORITHMS = List.of(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId());
    public static final List<String> DEFAULT_CRL_SIGNATURE_ALGORITHMS = List.of(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId());
    public static final LogLevel DEFAULT_ERROR_LOG_LEVEL = LogLevel.ERROR;
    private static final Logger log = LoggerFactory.getLogger(JWKValidatorBuilder.class);

    /* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/JWKValidatorBuilder$Full.class */
    static class Full implements JWKValidatorBuilderSteps.JWKValidatorWithX5CValidation, JWKValidatorBuilderSteps.JWKValidatorWithTrustAnchors, JWKValidatorBuilderSteps.JWKValidatorWithOCSPResponseSignatureAlgorithms, JWKValidatorBuilderSteps.JWKValidatorWithCRLSignatureAlgorithms, JWKValidatorBuilderSteps.JWKValidatorX5CErrorHandling, JWKValidatorBuilderSteps.JWKValidatorErrorLogLevel, JWKValidatorBuilderSteps.JWKValidatorCreator {
        private final boolean withX5CValidation;
        private Proxy proxy = null;
        private Set<TrustAnchor> trustAnchors = null;
        private List<String> validOCSPResponseSignatureAlgorithms = null;
        private List<String> validCRLSignatureAlgorithms = null;
        private boolean isX5cValidationSilent = true;
        private LogLevel logLevel = LogLevel.ERROR;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Full(boolean z) {
            this.withX5CValidation = z;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorWithX5CValidation
        public JWKValidatorBuilderSteps.JWKValidatorWithTrustAnchors withProxy(Proxy proxy) throws IllegalArgumentException {
            JWKValidatorBuilder.assertNotNull(proxy, "Proxy value cannot be null");
            this.proxy = proxy;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorWithX5CValidation
        public JWKValidatorBuilderSteps.JWKValidatorWithTrustAnchors withoutProxy() {
            this.proxy = Proxy.NO_PROXY;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorWithTrustAnchors
        public JWKValidatorBuilderSteps.JWKValidatorWithOCSPResponseSignatureAlgorithms withTrustAnchors(Set<TrustAnchor> set) throws IllegalArgumentException {
            JWKValidatorBuilder.assertNotNullOrEmpty(set, "TrustAnchors value cannot be null or empty");
            JWKValidatorBuilder.assertNoNullValues(set, "TrustAnchor values cannot be null");
            this.trustAnchors = set;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorWithTrustAnchors
        public JWKValidatorBuilderSteps.JWKValidatorWithOCSPResponseSignatureAlgorithms withRootCertificatesAsPEM(List<String> list) throws RuntimeException {
            JWKValidatorBuilder.assertNotNullOrEmpty(list, "Root certificates value cannot be null or empty");
            JWKValidatorBuilder.assertNoNullValues(list, "Root certificate values cannot be null");
            this.trustAnchors = JWKValidatorBuilder.generateTrustAnchorsFromPEM(list);
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorWithOCSPResponseSignatureAlgorithms
        public JWKValidatorBuilderSteps.JWKValidatorWithCRLSignatureAlgorithms withDefaultOCSPResponseSignatureAlgorithms() {
            this.validOCSPResponseSignatureAlgorithms = JWKValidatorBuilder.DEFAULT_OCSP_RESPONSE_SIGNATURE_ALGORITHMS;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorWithOCSPResponseSignatureAlgorithms
        public JWKValidatorBuilderSteps.JWKValidatorWithCRLSignatureAlgorithms withOCSPResponseSignatureAlgorithms(List<String> list) {
            this.validOCSPResponseSignatureAlgorithms = list;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorWithCRLSignatureAlgorithms
        public JWKValidatorBuilderSteps.JWKValidatorX5CErrorHandling withDefaultCRLSignatureAlgorithms() {
            this.validCRLSignatureAlgorithms = JWKValidatorBuilder.DEFAULT_CRL_SIGNATURE_ALGORITHMS;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorWithCRLSignatureAlgorithms
        public JWKValidatorBuilderSteps.JWKValidatorX5CErrorHandling withCRLSignatureAlgorithms(List<String> list) {
            this.validCRLSignatureAlgorithms = list;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorX5CErrorHandling
        public JWKValidatorBuilderSteps.JWKValidatorErrorLogLevel withoutThrowingExceptions() {
            this.isX5cValidationSilent = true;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorX5CErrorHandling
        public JWKValidatorBuilderSteps.JWKValidatorErrorLogLevel withThrowingExceptions() {
            this.isX5cValidationSilent = false;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorErrorLogLevel
        public JWKValidatorBuilderSteps.JWKValidatorCreator withDefaultErrorLogLevel() {
            this.logLevel = JWKValidatorBuilder.DEFAULT_ERROR_LOG_LEVEL;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorErrorLogLevel
        public JWKValidatorBuilderSteps.JWKValidatorCreator withErrorLogLevel(LogLevel logLevel) {
            this.logLevel = logLevel;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorCreator
        public JWKValidator build() {
            return this.withX5CValidation ? JWKValidator.withX5CValidation(this.proxy, this.trustAnchors, this.validOCSPResponseSignatureAlgorithms, this.validCRLSignatureAlgorithms, this.isX5cValidationSilent, this.logLevel) : JWKValidator.withoutX5CValidation(this.logLevel);
        }
    }

    /* loaded from: input_file:dev/fitko/fitconnect/jwkvalidator/JWKValidatorBuilder$Recommended.class */
    static class Recommended implements JWKValidatorBuilderSteps.RecommendedJWKValidatorWithX5CValidation, JWKValidatorBuilderSteps.RecommendedJWKValidatorWithTrustAnchors, JWKValidatorBuilderSteps.JWKValidatorCreator {
        private Proxy proxy = null;
        private Set<TrustAnchor> trustAnchors = null;

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.RecommendedJWKValidatorWithX5CValidation
        public JWKValidatorBuilderSteps.RecommendedJWKValidatorWithTrustAnchors withProxy(Proxy proxy) throws IllegalArgumentException {
            JWKValidatorBuilder.assertNotNull(proxy, "Proxy value cannot be null");
            this.proxy = proxy;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.RecommendedJWKValidatorWithX5CValidation
        public JWKValidatorBuilderSteps.RecommendedJWKValidatorWithTrustAnchors withoutProxy() {
            this.proxy = Proxy.NO_PROXY;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.RecommendedJWKValidatorWithTrustAnchors
        public JWKValidatorBuilderSteps.JWKValidatorCreator withTrustAnchors(Set<TrustAnchor> set) throws IllegalArgumentException {
            JWKValidatorBuilder.assertNotNullOrEmpty(set, "TrustAnchors value cannot be null or empty");
            JWKValidatorBuilder.assertNoNullValues(set, "TrustAnchor values cannot be null");
            this.trustAnchors = set;
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.RecommendedJWKValidatorWithTrustAnchors
        public JWKValidatorBuilderSteps.JWKValidatorCreator withRootCertificatesAsPEM(List<String> list) throws RuntimeException {
            JWKValidatorBuilder.assertNotNullOrEmpty(list, "Root certificates value cannot be null or empty");
            JWKValidatorBuilder.assertNoNullValues(list, "Root certificate values cannot be null");
            this.trustAnchors = JWKValidatorBuilder.generateTrustAnchorsFromPEM(list);
            return this;
        }

        @Override // dev.fitko.fitconnect.jwkvalidator.JWKValidatorBuilderSteps.JWKValidatorCreator
        public JWKValidator build() {
            return JWKValidator.withX5CValidation(this.proxy, this.trustAnchors, JWKValidatorBuilder.DEFAULT_OCSP_RESPONSE_SIGNATURE_ALGORITHMS, JWKValidatorBuilder.DEFAULT_CRL_SIGNATURE_ALGORITHMS, false, JWKValidatorBuilder.DEFAULT_ERROR_LOG_LEVEL);
        }
    }

    private static void assertNotNull(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(str);
        }
    }

    private static void assertNotNullOrEmpty(Collection<?> collection, String str) {
        if (collection == null || collection.isEmpty()) {
            throw new IllegalArgumentException(str);
        }
    }

    private static void assertNoNullValues(Collection<?> collection, String str) {
        Iterator<?> it = collection.iterator();
        while (it.hasNext()) {
            if (it.next() == null) {
                throw new IllegalArgumentException(str);
            }
        }
    }

    private static Set<TrustAnchor> generateTrustAnchorsFromPEM(List<String> list) {
        HashSet hashSet = new HashSet();
        for (String str : list) {
            try {
                hashSet.add(new TrustAnchor(X509CertUtils.parse(str), null));
            } catch (Exception e) {
                log.error("Invalid Base64 encoding in PEM {}", str, e);
                throw new RuntimeException("Invalid Base64 encoding in PEM " + str, e);
            }
        }
        return hashSet;
    }
}
