package org.eclipse.basyx.components.security.authorization.internal;

import org.apache.commons.lang3.StringUtils;
import org.eclipse.basyx.components.configuration.BaSyxSecurityConfiguration;
import org.eclipse.basyx.extensions.shared.authorization.internal.KeycloakService;
import org.eclipse.basyx.vab.protocol.http.server.JwtBearerTokenAuthenticationConfiguration;

/* loaded from: input_file:BOOT-INF/lib/basyx.components.lib-1.3.0.jar:org/eclipse/basyx/components/security/authorization/internal/KeycloakJwtBearerTokenAuthenticationConfigurationProvider.class */
public class KeycloakJwtBearerTokenAuthenticationConfigurationProvider implements IJwtBearerTokenAuthenticationConfigurationProvider {
    @Override // org.eclipse.basyx.components.security.authorization.internal.IJwtBearerTokenAuthenticationConfigurationProvider
    public JwtBearerTokenAuthenticationConfiguration get(BaSyxSecurityConfiguration baSyxSecurityConfiguration) {
        KeycloakService keycloakService = new KeycloakService(baSyxSecurityConfiguration.getAuthorizationStrategyJwtBearerTokenAuthenticationConfigurationProviderKeycloakServerUrl(), baSyxSecurityConfiguration.getAuthorizationStrategyJwtBearerTokenAuthenticationConfigurationProviderKeycloakRealm());
        String audience = getAudience(baSyxSecurityConfiguration);
        JwtBearerTokenAuthenticationConfiguration createJwtBearerTokenAuthenticationConfiguration = keycloakService.createJwtBearerTokenAuthenticationConfiguration();
        return JwtBearerTokenAuthenticationConfiguration.of(createJwtBearerTokenAuthenticationConfiguration.getIssuerUri(), createJwtBearerTokenAuthenticationConfiguration.getJwkSetUri(), audience);
    }

    private String getAudience(BaSyxSecurityConfiguration baSyxSecurityConfiguration) {
        String authorizationStrategyJwtBearerTokenAuthenticationConfigurationProviderAudience = baSyxSecurityConfiguration.getAuthorizationStrategyJwtBearerTokenAuthenticationConfigurationProviderAudience();
        if (authorizationStrategyJwtBearerTokenAuthenticationConfigurationProviderAudience == null || StringUtils.isBlank(authorizationStrategyJwtBearerTokenAuthenticationConfigurationProviderAudience)) {
            return null;
        }
        return authorizationStrategyJwtBearerTokenAuthenticationConfigurationProviderAudience;
    }
}
