package org.forgerock.openam.sts.rest.config;

import com.google.inject.AbstractModule;
import com.google.inject.Key;
import com.google.inject.Provides;
import com.google.inject.Scopes;
import com.google.inject.TypeLiteral;
import com.google.inject.name.Names;
import com.iplanet.am.util.SystemProperties;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.forgerock.json.JsonValue;
import org.forgerock.openam.sts.AMSTSConstants;
import org.forgerock.openam.sts.HttpURLConnectionFactory;
import org.forgerock.openam.sts.HttpURLConnectionWrapperFactory;
import org.forgerock.openam.sts.OpenAMHttpURLConnectionFactory;
import org.forgerock.openam.sts.STSInitializationException;
import org.forgerock.openam.sts.TokenCancellationException;
import org.forgerock.openam.sts.TokenMarshalException;
import org.forgerock.openam.sts.TokenTypeId;
import org.forgerock.openam.sts.TokenValidationException;
import org.forgerock.openam.sts.XMLUtilities;
import org.forgerock.openam.sts.XMLUtilitiesImpl;
import org.forgerock.openam.sts.config.user.AuthTargetMapping;
import org.forgerock.openam.sts.config.user.CustomTokenOperation;
import org.forgerock.openam.sts.rest.RestSTS;
import org.forgerock.openam.sts.rest.RestSTSImpl;
import org.forgerock.openam.sts.rest.config.user.RestSTSInstanceConfig;
import org.forgerock.openam.sts.rest.config.user.TokenTransformConfig;
import org.forgerock.openam.sts.rest.operation.TokenRequestMarshaller;
import org.forgerock.openam.sts.rest.operation.TokenRequestMarshallerImpl;
import org.forgerock.openam.sts.rest.operation.cancel.IssuedTokenCancelOperation;
import org.forgerock.openam.sts.rest.operation.cancel.IssuedTokenCancelOperationImpl;
import org.forgerock.openam.sts.rest.operation.cancel.IssuedTokenCancellerFactory;
import org.forgerock.openam.sts.rest.operation.cancel.IssuedTokenCancellerFactoryImpl;
import org.forgerock.openam.sts.rest.operation.translate.TokenTransformFactory;
import org.forgerock.openam.sts.rest.operation.translate.TokenTransformFactoryImpl;
import org.forgerock.openam.sts.rest.operation.translate.TokenTranslateOperation;
import org.forgerock.openam.sts.rest.operation.translate.TokenTranslateOperationImpl;
import org.forgerock.openam.sts.rest.operation.validate.IssuedTokenValidateOperation;
import org.forgerock.openam.sts.rest.operation.validate.IssuedTokenValidateOperationImpl;
import org.forgerock.openam.sts.rest.operation.validate.IssuedTokenValidatorFactory;
import org.forgerock.openam.sts.rest.operation.validate.IssuedTokenValidatorFactoryImpl;
import org.forgerock.openam.sts.rest.token.provider.oidc.DefaultOpenIdConnectTokenAuthMethodReferencesMapper;
import org.forgerock.openam.sts.rest.token.provider.oidc.DefaultOpenIdConnectTokenAuthnContextMapper;
import org.forgerock.openam.sts.rest.token.provider.oidc.OpenIdConnectTokenAuthMethodReferencesMapper;
import org.forgerock.openam.sts.rest.token.provider.oidc.OpenIdConnectTokenAuthnContextMapper;
import org.forgerock.openam.sts.rest.token.provider.saml.Saml2JsonTokenAuthnContextMapper;
import org.forgerock.openam.sts.rest.token.provider.saml.Saml2JsonTokenAuthnContextMapperImpl;
import org.forgerock.openam.sts.rest.token.validator.disp.OpenIdConnectAuthenticationRequestDispatcher;
import org.forgerock.openam.sts.rest.token.validator.disp.RestUsernameTokenAuthenticationRequestDispatcher;
import org.forgerock.openam.sts.token.AMTokenParser;
import org.forgerock.openam.sts.token.AMTokenParserImpl;
import org.forgerock.openam.sts.token.CTSTokenIdGenerator;
import org.forgerock.openam.sts.token.CTSTokenIdGeneratorImpl;
import org.forgerock.openam.sts.token.ThreadLocalAMTokenCache;
import org.forgerock.openam.sts.token.ThreadLocalAMTokenCacheImpl;
import org.forgerock.openam.sts.token.UrlConstituentCatenator;
import org.forgerock.openam.sts.token.UrlConstituentCatenatorImpl;
import org.forgerock.openam.sts.token.model.OpenIdConnectIdToken;
import org.forgerock.openam.sts.token.model.RestUsernameToken;
import org.forgerock.openam.sts.token.provider.TokenServiceConsumer;
import org.forgerock.openam.sts.token.provider.TokenServiceConsumerImpl;
import org.forgerock.openam.sts.token.validator.AuthenticationHandler;
import org.forgerock.openam.sts.token.validator.AuthenticationHandlerImpl;
import org.forgerock.openam.sts.token.validator.PrincipalFromSession;
import org.forgerock.openam.sts.token.validator.PrincipalFromSessionImpl;
import org.forgerock.openam.sts.token.validator.disp.CertificateAuthenticationRequestDispatcher;
import org.forgerock.openam.sts.token.validator.disp.TokenAuthenticationRequestDispatcher;
import org.forgerock.openam.sts.token.validator.url.AuthenticationUrlProvider;
import org.forgerock.openam.sts.token.validator.url.AuthenticationUrlProviderImpl;
import org.forgerock.openam.sts.user.invocation.RestSTSTokenCancellationInvocationState;
import org.forgerock.openam.sts.user.invocation.RestSTSTokenValidationInvocationState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openam/sts/rest/config/RestSTSInstanceModule.class */
public class RestSTSInstanceModule extends AbstractModule {
    private final RestSTSInstanceConfig stsInstanceConfig;

    public RestSTSInstanceModule(RestSTSInstanceConfig restSTSInstanceConfig) {
        this.stsInstanceConfig = restSTSInstanceConfig;
    }

    public void configure() {
        bind(ThreadLocalAMTokenCache.class).to(ThreadLocalAMTokenCacheImpl.class).in(Scopes.SINGLETON);
        bind(AuthenticationUrlProvider.class).to(AuthenticationUrlProviderImpl.class);
        bind(new TypeLiteral<TokenAuthenticationRequestDispatcher<RestUsernameToken>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.1
        }).to(RestUsernameTokenAuthenticationRequestDispatcher.class);
        bind(new TypeLiteral<AuthenticationHandler<RestUsernameToken>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.3
        }).to(new TypeLiteral<AuthenticationHandlerImpl<RestUsernameToken>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.2
        });
        bind(new TypeLiteral<TokenAuthenticationRequestDispatcher<OpenIdConnectIdToken>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.4
        }).to(OpenIdConnectAuthenticationRequestDispatcher.class);
        bind(new TypeLiteral<AuthenticationHandler<OpenIdConnectIdToken>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.6
        }).to(new TypeLiteral<AuthenticationHandlerImpl<OpenIdConnectIdToken>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.5
        });
        bind(new TypeLiteral<TokenAuthenticationRequestDispatcher<X509Certificate[]>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.7
        }).to(CertificateAuthenticationRequestDispatcher.class);
        bind(new TypeLiteral<AuthenticationHandler<X509Certificate[]>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.9
        }).to(new TypeLiteral<AuthenticationHandlerImpl<X509Certificate[]>>() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.8
        });
        bind(TokenRequestMarshaller.class).to(TokenRequestMarshallerImpl.class);
        bind(TokenTransformFactory.class).to(TokenTransformFactoryImpl.class);
        bind(IssuedTokenValidatorFactory.class).to(IssuedTokenValidatorFactoryImpl.class);
        bind(IssuedTokenCancellerFactory.class).to(IssuedTokenCancellerFactoryImpl.class);
        bind(TokenTranslateOperation.class).to(TokenTranslateOperationImpl.class);
        bind(AMTokenParser.class).to(AMTokenParserImpl.class);
        bind(PrincipalFromSession.class).to(PrincipalFromSessionImpl.class);
        bind(RestSTS.class).to(RestSTSImpl.class).in(Scopes.SINGLETON);
        bind(UrlConstituentCatenator.class).to(UrlConstituentCatenatorImpl.class);
        bind(TokenServiceConsumer.class).to(TokenServiceConsumerImpl.class);
        bind(HttpURLConnectionFactory.class).to(OpenAMHttpURLConnectionFactory.class).in(Scopes.SINGLETON);
        bind(HttpURLConnectionWrapperFactory.class).in(Scopes.SINGLETON);
        bind(CTSTokenIdGenerator.class).to(CTSTokenIdGeneratorImpl.class).in(Scopes.SINGLETON);
        bind(XMLUtilities.class).to(XMLUtilitiesImpl.class).in(Scopes.SINGLETON);
    }

    @Provides
    @Named("am_realm")
    String realm() {
        return this.stsInstanceConfig.getDeploymentConfig().getRealm();
    }

    @Singleton
    @Provides
    @Named("am_deployment_url")
    String amDeploymentUrl() {
        return SystemProperties.getServerInstanceName();
    }

    @Singleton
    @Provides
    @Named("am_rest_authn")
    String restAuthnUriElement() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("am_rest_authn")));
    }

    @Singleton
    @Provides
    @Named("am_rest_logout")
    String restLogoutUriElement() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("am_rest_logout")));
    }

    @Singleton
    @Provides
    @Named("am_rest_id_from_session")
    String restAMTokenValidationUriElement() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("am_rest_id_from_session")));
    }

    @Singleton
    @Provides
    @Named("am_rest_token_gen_service")
    String tokenGenerationServiceUriElement() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("am_rest_token_gen_service")));
    }

    @Singleton
    @Provides
    @Named("am_session_cookie_name")
    String getAMSessionCookieName() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("am_session_cookie_name")));
    }

    @Singleton
    @Provides
    @Named("am_rest_authn_json_root")
    String getJsonRoot() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("am_rest_authn_json_root")));
    }

    @Provides
    AuthTargetMapping authTargetMapping() {
        return this.stsInstanceConfig.getDeploymentConfig().getAuthTargetMapping();
    }

    @Provides
    @Named("rest_supported_token_transforms")
    Set<TokenTransformConfig> getSupportedTokenTransforms() {
        return this.stsInstanceConfig.getSupportedTokenTransforms();
    }

    @Provides
    @Named("sts_instance_id")
    String getSTSInstanceId() {
        return this.stsInstanceConfig.getDeploymentSubPath();
    }

    @Inject
    @Provides
    OpenIdConnectTokenAuthnContextMapper getOpenIdConnectTokenAuthnContextMapper(Logger logger) {
        String customAuthnContextMapperClass;
        if (this.stsInstanceConfig.getOpenIdConnectTokenConfig() != null && (customAuthnContextMapperClass = this.stsInstanceConfig.getOpenIdConnectTokenConfig().getCustomAuthnContextMapperClass()) != null) {
            try {
                return (OpenIdConnectTokenAuthnContextMapper) Class.forName(customAuthnContextMapperClass).asSubclass(OpenIdConnectTokenAuthnContextMapper.class).newInstance();
            } catch (Exception e) {
                logger.error("Exception caught instantiating custom OpenIdConnectTokenAuthnContextMapper class: " + e + ". Default implementation will be returned. This means that acr claims will not be included in issued OIDC tokens.");
            }
        }
        return new DefaultOpenIdConnectTokenAuthnContextMapper();
    }

    @Inject
    @Provides
    OpenIdConnectTokenAuthMethodReferencesMapper getOpenIdConnectTokenAuthMethodReferencesMapper(Logger logger) {
        String customAuthnMethodReferencesMapperClass;
        if (this.stsInstanceConfig.getOpenIdConnectTokenConfig() != null && (customAuthnMethodReferencesMapperClass = this.stsInstanceConfig.getOpenIdConnectTokenConfig().getCustomAuthnMethodReferencesMapperClass()) != null) {
            try {
                return (OpenIdConnectTokenAuthMethodReferencesMapper) Class.forName(customAuthnMethodReferencesMapperClass).asSubclass(OpenIdConnectTokenAuthMethodReferencesMapper.class).newInstance();
            } catch (Exception e) {
                logger.error("Exception caught instantiating custom OpenIdConnectTokenAuthMethodReferencesMapper class: " + e + ". Default implementation will be returned. This means that amr claims will not be included in issued OIDC tokens.");
            }
        }
        return new DefaultOpenIdConnectTokenAuthMethodReferencesMapper();
    }

    @Inject
    @Provides
    Saml2JsonTokenAuthnContextMapper getSaml2AuthnContextMapper(Logger logger) {
        String customAuthNContextMapperClassName;
        if (this.stsInstanceConfig.getSaml2Config() != null && (customAuthNContextMapperClassName = this.stsInstanceConfig.getSaml2Config().getCustomAuthNContextMapperClassName()) != null) {
            try {
                return (Saml2JsonTokenAuthnContextMapper) Class.forName(customAuthNContextMapperClassName).asSubclass(Saml2JsonTokenAuthnContextMapper.class).newInstance();
            } catch (Exception e) {
                logger.error("Exception caught instantiating custom Saml2JsonTokenAuthnContextMapper class " + customAuthNContextMapperClassName + "; Returning default Saml2JsonTokenAuthnContextMapperImpl. The exception: " + e);
            }
        }
        return new Saml2JsonTokenAuthnContextMapperImpl(logger);
    }

    @Provides
    Logger getSlf4jLogger() {
        return LoggerFactory.getLogger("am_rest_sts");
    }

    @Provides
    @Named("deployment-offloaded-two-way-tls-header-key")
    String getOffloadedTwoWayTLSHeaderKey() {
        String offloadedTwoWayTlsHeaderKey = this.stsInstanceConfig.getDeploymentConfig().getOffloadedTwoWayTlsHeaderKey();
        return offloadedTwoWayTlsHeaderKey == null ? "" : offloadedTwoWayTlsHeaderKey;
    }

    @Provides
    @Named("rest_custom_token_validators")
    Set<CustomTokenOperation> getCustomTokenValidators() {
        return this.stsInstanceConfig.getCustomTokenValidators();
    }

    @Provides
    @Named("rest_custom_token_providers")
    Set<CustomTokenOperation> getCustomTokenProviders() {
        return this.stsInstanceConfig.getCustomTokenProviders();
    }

    @Provides
    @Named("rest_custom_token_translations")
    Set<TokenTransformConfig> getCustomTokenTransforms() {
        return this.stsInstanceConfig.getCustomTokenTransforms();
    }

    @Inject
    @Provides
    @Named("issued_token_types")
    Set<TokenTypeId> getIssuedTokenTypes(@Named("rest_supported_token_transforms") Set<TokenTransformConfig> set) {
        HashSet hashSet = new HashSet();
        for (TokenTransformConfig tokenTransformConfig : set) {
            if (!hashSet.contains(tokenTransformConfig.getOutputTokenType())) {
                hashSet.add(tokenTransformConfig.getOutputTokenType());
            }
        }
        return hashSet;
    }

    @Provides
    @Named("deployment-tls-offload-engine-hosts")
    Set<String> getTlsOffloadEngineHostIpAddrs() {
        return this.stsInstanceConfig.getDeploymentConfig().getTlsOffloadEngineHostIpAddrs();
    }

    @Provides
    @Named("issued_tokens_persisted_in_cts")
    boolean issuedTokensPersistedInCTS() {
        return this.stsInstanceConfig.persistIssuedTokensInCTS();
    }

    @Inject
    @Provides
    IssuedTokenValidateOperation getIssuedTokenValidateOperation(@Named("issued_tokens_persisted_in_cts") boolean z, IssuedTokenValidatorFactory issuedTokenValidatorFactory, TokenRequestMarshaller tokenRequestMarshaller, @Named("issued_token_types") Set<TokenTypeId> set) throws STSInitializationException {
        return z ? new IssuedTokenValidateOperationImpl(issuedTokenValidatorFactory, tokenRequestMarshaller, set) : new IssuedTokenValidateOperation() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.10
            @Override // org.forgerock.openam.sts.rest.operation.validate.IssuedTokenValidateOperation
            public JsonValue validateToken(RestSTSTokenValidationInvocationState restSTSTokenValidationInvocationState) throws TokenMarshalException, TokenValidationException {
                throw new TokenMarshalException(409, "This rest-sts instance is not configured to persist tokens in the CoreTokenStore, which is a pre-requisite for token validation. Update the rest-sts instance to persist issued tokens in the CTS, and functional token validation will be configured for token types issued by this sts instance.");
            }
        };
    }

    @Inject
    @Provides
    IssuedTokenCancelOperation getIssuedTokenCancelOperation(@Named("issued_tokens_persisted_in_cts") boolean z, IssuedTokenCancellerFactory issuedTokenCancellerFactory, TokenRequestMarshaller tokenRequestMarshaller, @Named("issued_token_types") Set<TokenTypeId> set) throws STSInitializationException {
        return z ? new IssuedTokenCancelOperationImpl(issuedTokenCancellerFactory, tokenRequestMarshaller, set) : new IssuedTokenCancelOperation() { // from class: org.forgerock.openam.sts.rest.config.RestSTSInstanceModule.11
            @Override // org.forgerock.openam.sts.rest.operation.cancel.IssuedTokenCancelOperation
            public JsonValue cancelToken(RestSTSTokenCancellationInvocationState restSTSTokenCancellationInvocationState) throws TokenMarshalException, TokenCancellationException {
                throw new TokenMarshalException(409, "This rest-sts instance is not configured to persist tokens in the CoreTokenStore, which is a pre-requisite for token cancellation. Update the rest-sts instance to persist issued tokens in the CTS, and functional token cancellation will be configured for token types issued by this sts instance.");
            }
        };
    }

    @Singleton
    @Provides
    @Named("crest_version_session_service")
    String getSessionServiceVersion() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("crest_version_session_service")));
    }

    @Singleton
    @Provides
    @Named("crest_version_authn_service")
    String getAuthNServiceVersion() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("crest_version_authn_service")));
    }

    @Singleton
    @Provides
    @Named("crest_version_token_gen_service")
    String getTokenGenServiceVersion() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("crest_version_token_gen_service")));
    }

    @Singleton
    @Provides
    @Named("crest_version_users_service")
    String getUsersServiceVersion() {
        return (String) RestSTSInjectorHolder.getInstance(Key.get(String.class, Names.named("crest_version_users_service")));
    }

    @Singleton
    @Provides
    AMSTSConstants.STSType getSTSType() {
        return AMSTSConstants.STSType.REST;
    }
}
