package com.hazelcast.webmonitor.cli;

import com.hazelcast.webmonitor.repositories.sql.GroupedSettingsDAO;
import com.hazelcast.webmonitor.repositories.sql.SettingsDAO;
import com.hazelcast.webmonitor.security.spi.impl.SecurityConfigurationManager;
import com.hazelcast.webmonitor.security.spi.impl.oidc.OidcConfig;
import com.hazelcast.webmonitor.security.spi.impl.oidc.OidcSecurityProvider;
import com.hazelcast.webmonitor.security.spi.impl.oidc.PersistentOidcConfig;
import java.io.PrintWriter;
import org.jdbi.v3.core.Jdbi;
import picocli.CommandLine;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/com/hazelcast/webmonitor/cli/ConfigureOidcTask.class
 */
@CommandLine.Command(description = {"Configure OpenID Connect Security Provider. No Security Provider should be already configured when using this task. If you need to overwrite security provider configuration, use 'security reset' task first.%n*Important notice* Make sure that Management Center web application is stopped (offline) before starting this task.%n"}, mixinStandardHelpOptions = true, sortOptions = false, showDefaultValues = true)
/* loaded from: input_file:com/hazelcast/webmonitor/cli/ConfigureOidcTask.class */
public class ConfigureOidcTask extends BaseCliTask {

    @CommandLine.Option(names = {"-ci", "--client-id"}, required = true, description = {"OpenID Connect client application ID."})
    private String clientID;

    @CommandLine.Option(names = {"-cs", "--client-secret"}, required = true, description = {"OpenID Connect client application secret."})
    private String clientSecret;

    @CommandLine.Option(names = {"-aeu", "--authorization-endpoint"}, required = true, description = {"Authorization endpoint of the OpenID Connect provider."})
    private String authorizationEndpoint;

    @CommandLine.Option(names = {"-uieu", "--user-info-endpoint"}, required = true, description = {"UserInfo endpoint of the OpenID Connect provider."})
    private String userInfoEndpoint;

    @CommandLine.Option(names = {"-teu", "--token-endpoint"}, required = true, description = {"Token endpoint of the OpenID Connect provider."})
    private String tokenEndpoint;

    @CommandLine.Option(names = {"-jsu", "--jwk-set-endpoint"}, required = true, description = {"JWK Set endpoint of the OpenID Connect provider."})
    private String jwkSetEndpoint;

    @CommandLine.Option(names = {"-is", "--issuer"}, required = true, description = {"Issuer identifier of the OpenID Connect provider. It is usually (but not always) a URL."})
    private String issuer;

    @CommandLine.Option(names = {"-ru", "--redirect-url"}, required = true, description = {"URL of the Hazelcast Management Center endpoint that will handle redirects from the OpenID Connect provider. Formed by appending '/oidc/auth' to the base URL of Hazelcast Management Center."})
    private String redirectURL;

    @CommandLine.Option(names = {"-gcn", "--groups-claim-name"}, required = true, defaultValue = "groups", description = {"Name of the claim that contains the user's groups."})
    private String groupsClaimName;

    @CommandLine.Option(names = {"-ja", "--jws-algorithm"}, required = true, defaultValue = OidcConfig.DEFAULT_JWS_ALGORITHM, description = {"JWS algorithm to use."})
    private String jwsAlgorithm;

    @CommandLine.Mixin
    private GroupsToRolesMappingOptions groupsToRolesMappingOptions;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfigureOidcTask(PrintWriter printWriter) {
        super(printWriter);
    }

    @Override // com.hazelcast.webmonitor.cli.BaseCliTask
    public void execute() {
        Jdbi initJdbi = initJdbi();
        SettingsDAO settingsDAO = new SettingsDAO(initJdbi);
        SecurityConfigurationManager securityConfigurationManager = new SecurityConfigurationManager(settingsDAO);
        if (securityConfigurationManager.getCurrentSecurityProviderName() != null) {
            throw new CliException("Security Provider is already configured. Use 'security reset' task first, if you want to set up new security provider.");
        }
        new PersistentOidcConfig(new GroupedSettingsDAO(initJdbi, settingsDAO)).write(oidcConfig());
        securityConfigurationManager.setCurrentSecurityProviderName(OidcSecurityProvider.OIDC_SECURITY_PROVIDER_NAME);
        printf("Successfully set up OpenID Connect security provider.%n", new Object[0]);
    }

    private OidcConfig oidcConfig() {
        return OidcConfig.builder().clientId(this.clientID).clientSecret(this.clientSecret).authorizationEndpoint(this.authorizationEndpoint).userInfoEndpoint(this.userInfoEndpoint).tokenEndpoint(this.tokenEndpoint).jwkSetEndpoint(this.jwkSetEndpoint).issuer(this.issuer).redirectURL(this.redirectURL).groupsClaimName(this.groupsClaimName).jwsAlgorithm(this.jwsAlgorithm).adminGroup(this.groupsToRolesMappingOptions.getAdminGroups()).userGroup(this.groupsToRolesMappingOptions.getReadWriteUserGroups()).readonlyUserGroup(this.groupsToRolesMappingOptions.getReadonlyUserGroups()).metricsOnlyGroup(this.groupsToRolesMappingOptions.getMetricsOnlyGroups()).build();
    }

    @Override // com.hazelcast.webmonitor.cli.BaseCliTask
    public /* bridge */ /* synthetic */ boolean isLenient() {
        return super.isLenient();
    }

    @Override // com.hazelcast.webmonitor.cli.BaseCliTask
    public /* bridge */ /* synthetic */ boolean isVerbose() {
        return super.isVerbose();
    }

    @Override // com.hazelcast.webmonitor.cli.BaseCliTask, java.lang.Runnable
    public /* bridge */ /* synthetic */ void run() {
        super.run();
    }
}
