package io.jans.inbound;

import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.client.ClientMetadata;
import com.nimbusds.oauth2.sdk.client.ClientRegistrationErrorResponse;
import com.nimbusds.oauth2.sdk.client.ClientRegistrationResponse;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformationResponse;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientRegistrationRequest;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientRegistrationResponseParser;
import io.jans.inbound.oauth2.CodeGrantUtil;
import io.jans.inbound.oauth2.OAuthParams;
import io.jans.service.CacheService;
import io.jans.service.cdi.util.CdiUtil;
import io.jans.util.NetworkUtils;
import io.jans.util.Pair;
import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/inbound/ConfigProcessor.class */
public class ConfigProcessor {
    private static ConfigProcessor instance;
    private static String KEY_PREFIX = "agama-openid-";
    private static Logger logger = LoggerFactory.getLogger(ConfigProcessor.class);

    public static ConfigProcessor getInstance() {
        if (instance == null) {
            instance = new ConfigProcessor();
        }
        return instance;
    }

    public OAuthParams exec(Provider provider) throws Exception {
        logger.info("Processing configurations of provider {}", provider.getDisplayName());
        OpenIdParams openIdParams = provider.getOpenIdParams();
        String str = (String) Optional.ofNullable(openIdParams).map((v0) -> {
            return v0.getHost();
        }).orElse(null);
        OAuthParams oAuthParams = provider.getOAuthParams();
        if (oAuthParams == null) {
            logger.warn("OAuth properties were missing for this provider!");
            oAuthParams = new OAuthParams();
        }
        if (str == null) {
            return oAuthParams;
        }
        logger.info("Issuing a configuration request to OP {}", str);
        OIDCProviderMetadata resolve = OIDCProviderMetadata.resolve(new Issuer(str), 3000, 3000);
        fillMissingEndpoints(oAuthParams, resolve);
        Pair<String, String> pair = new Pair<>(oAuthParams.getClientId(), oAuthParams.getClientSecret());
        if ((pair.getFirst() == null || pair.getSecond() == null) && openIdParams.isUseDCR()) {
            String str2 = KEY_PREFIX + str;
            if (openIdParams.isUseCachedClient()) {
                pair = retrieveCredsFromCache(str2, str);
            }
            if (pair == null) {
                pair = registerClient(resolve.getRegistrationEndpointURI(), oAuthParams.getRedirectUri(), oAuthParams.getScopes(), str2);
            } else {
                logger.info("Using the client credentials already present in cache or configuration");
            }
            oAuthParams.setClientId((String) pair.getFirst());
            oAuthParams.setClientSecret((String) pair.getSecond());
        }
        return oAuthParams;
    }

    private void fillMissingEndpoints(OAuthParams oAuthParams, OIDCProviderMetadata oIDCProviderMetadata) {
        if (oAuthParams.getAuthzEndpoint() == null) {
            logger.info("Grabbing authorization endpoint from OP configuration document");
            oAuthParams.setAuthzEndpoint(oIDCProviderMetadata.getAuthorizationEndpointURI().toString());
        }
        if (oAuthParams.getTokenEndpoint() == null) {
            logger.info("Grabbing token endpoint from OP configuration document");
            oAuthParams.setTokenEndpoint(oIDCProviderMetadata.getTokenEndpointURI().toString());
        }
        if (oAuthParams.getUserInfoEndpoint() == null) {
            logger.info("Grabbing userInfo endpoint from OP configuration document");
            oAuthParams.setUserInfoEndpoint(oIDCProviderMetadata.getUserInfoEndpointURI().toString());
        }
        if (oAuthParams.getRedirectUri() == null) {
            logger.info("Using Agama's default redirect uri");
            oAuthParams.setRedirectUri(NetworkUtils.makeRedirectUri());
        }
    }

    private Pair<String, String> retrieveCredsFromCache(String str, String str2) {
        CacheService cacheService = (CacheService) CdiUtil.bean(CacheService.class);
        try {
            logger.info("Parsing client creds from cache...");
            return (Pair) Optional.ofNullable(cacheService.get(str)).orElse(null);
        } catch (Exception e) {
            logger.error(e.getMessage());
            logger.info("Removing entry from cache");
            cacheService.remove(str);
            return null;
        }
    }

    private void storeCredentials(String str, Pair<String, String> pair, Long l) {
        CacheService cacheService = (CacheService) CdiUtil.bean(CacheService.class);
        try {
            logger.info("Writing SimpleOAuthParams instance to cache...");
            cacheService.put(l.intValue() - 1, str, pair);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
    }

    private Pair<String, String> registerClient(URI uri, String str, List<String> list, String str2) throws Exception {
        if (uri == null) {
            logger.error("Unable to determine client registration endpoint URI." + " OP does not support dynamic client registration?");
            throw new IOException("Unable to determine client registration endpoint URI.");
        }
        logger.info("Sending a client registration request to {}", uri);
        ClientRegistrationResponse parse = OIDCClientRegistrationResponseParser.parse(getRegistrationResponse(new OIDCClientRegistrationRequest(uri, makeClientMetadata(str, list), (BearerAccessToken) null)));
        if (!parse.indicatesSuccess()) {
            throw CodeGrantUtil.exFromError(((ClientRegistrationErrorResponse) ClientRegistrationErrorResponse.class.cast(parse)).getErrorObject());
        }
        OIDCClientInformation oIDCClientInformation = ((OIDCClientInformationResponse) OIDCClientInformationResponse.class.cast(parse)).getOIDCClientInformation();
        checkScopes(oIDCClientInformation.getOIDCMetadata(), list);
        String value = oIDCClientInformation.getID().getValue();
        Secret secret = oIDCClientInformation.getSecret();
        Date expirationDate = secret.getExpirationDate();
        boolean z = expirationDate == null;
        logger.debug("Client ID is {}. Expiring {}", value, z ? "NEVER" : expirationDate);
        long time = z ? 2147483647L : (expirationDate.getTime() - System.currentTimeMillis()) / 1000;
        Pair<String, String> pair = new Pair<>(value, secret.getValue());
        storeCredentials(str2, pair, Long.valueOf(time));
        return pair;
    }

    private OIDCClientMetadata makeClientMetadata(String str, List<String> list) {
        logger.debug("Building client metadata");
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.applyDefaults();
        oIDCClientMetadata.setResponseTypes(Collections.singleton(ResponseType.CODE));
        oIDCClientMetadata.setScope(new Scope((String[]) list.toArray(new String[0])));
        oIDCClientMetadata.setRedirectionURI(URI.create(str));
        oIDCClientMetadata.setName(KEY_PREFIX + System.currentTimeMillis());
        return oIDCClientMetadata;
    }

    private HTTPResponse getRegistrationResponse(OIDCClientRegistrationRequest oIDCClientRegistrationRequest) throws Exception {
        HTTPResponse send = oIDCClientRegistrationRequest.toHTTPRequest().send();
        JSONObject bodyAsJSONObject = send.getBodyAsJSONObject();
        Object obj = bodyAsJSONObject.get("backchannel_logout_uri");
        boolean z = obj != null;
        if (!z || String.class.isInstance(obj)) {
            return send;
        }
        if (JSONArray.class.isInstance(obj)) {
            JSONArray jSONArray = (JSONArray) obj;
            if (!jSONArray.isEmpty()) {
                Object obj2 = jSONArray.get(0);
                if (String.class.isInstance(obj2)) {
                    z = false;
                    logger.debug("Setting {} to {}", "backchannel_logout_uri", obj2.toString());
                    bodyAsJSONObject.put("backchannel_logout_uri", obj2.toString());
                }
            }
        }
        if (z) {
            logger.debug("Nullifying {}", "backchannel_logout_uri");
            bodyAsJSONObject.put("backchannel_logout_uri", (Object) null);
        }
        send.setBody(bodyAsJSONObject.toString());
        return send;
    }

    private void checkScopes(ClientMetadata clientMetadata, List<String> list) {
        Set set = (Set) clientMetadata.getScope().toStringList().stream().collect(Collectors.toSet());
        Set set2 = (Set) list.stream().collect(Collectors.toSet());
        if (set.equals(set2)) {
            return;
        }
        logger.warn("Scopes differ!. Original: {}; scopes now: {}", set2, set);
    }

    private ConfigProcessor() {
    }
}
