package io.onfhir.authz;

import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.client.ClientInformation;
import com.nimbusds.oauth2.sdk.client.ClientInformationResponse;
import com.nimbusds.oauth2.sdk.client.ClientMetadata;
import com.nimbusds.oauth2.sdk.client.ClientRegistrationErrorResponse;
import com.nimbusds.oauth2.sdk.client.ClientRegistrationRequest;
import com.nimbusds.oauth2.sdk.client.ClientRegistrationResponse;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.Identifier;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import io.onfhir.api.util.FHIRUtil$;
import io.onfhir.config.AuthzConfig;
import io.onfhir.config.OnfhirConfig$;
import io.onfhir.exception.InitializationException;
import io.onfhir.exception.InitializationException$;
import io.onfhir.util.JsonFormatter$;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import net.minidev.json.JSONObject;
import org.json4s.JsonAST;
import org.json4s.package$;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Predef$any2stringadd$;
import scala.Some;
import scala.collection.IterableLike;
import scala.collection.JavaConverters$;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Set$;
import scala.collection.immutable.StringOps;
import scala.io.BufferedSource;
import scala.io.Codec$;
import scala.io.Source$;
import scala.reflect.Manifest;
import scala.reflect.ManifestFactory$;
import scala.runtime.BoxedUnit;

/* compiled from: AuthzConfigurationManager.scala */
/* loaded from: input_file:io/onfhir/authz/AuthzConfigurationManager$.class */
public final class AuthzConfigurationManager$ {
    public static AuthzConfigurationManager$ MODULE$;
    private final Logger logger;
    private final String DEFAULT_PROTECTED_RESOURCE_METADATA_PATH;
    private IAuthorizer authorizationHandler;
    private ITokenResolver tokenResolver;

    static {
        new AuthzConfigurationManager$();
    }

    public Logger logger() {
        return this.logger;
    }

    private final String DEFAULT_PROTECTED_RESOURCE_METADATA_PATH() {
        return this.DEFAULT_PROTECTED_RESOURCE_METADATA_PATH;
    }

    private final String DEFAULT_PROTECTED_RESOURCE_JWKS_FILE_NAME() {
        return "fhir-server.jwks";
    }

    private final String DEFAULT_PROTECTED_RESOURCE_DYNAMIC_REGISTRATION_METADATA_FILE_NAME() {
        return "protected-resource-server-metadata-dynamic.json";
    }

    private final String PARAM_ISSUER() {
        return "issuer";
    }

    private final String PARAM_JWKS_URI() {
        return "jwks_uri";
    }

    private final String PARAM_REGISTRATION_ENDPOINT() {
        return "registration_endpoint";
    }

    private final String PARAM_TOKEN_ENDPOINT() {
        return "token_endpoint";
    }

    private final String PARAM_TOKEN_AUTH_METHODS() {
        return "token_endpoint_auth_methods_supported";
    }

    private final String PARAM_TOKEN_AUTH_SIGNING_ALGS() {
        return "token_endpoint_auth_signing_alg_values_supported";
    }

    private final String PARAM_INTROSPECTION_ENDPOINT() {
        return "introspection_endpoint";
    }

    private final String PARAM_INTROSPECTION_AUTH_METHODS() {
        return "introspection_endpoint_auth_methods_supported";
    }

    private final String PARAM_INTROSPECTION_AUTH_SIGNING_ALGS() {
        return "introspection_endpoint_auth_signing_alg_values_supported";
    }

    public IAuthorizer authorizationHandler() {
        return this.authorizationHandler;
    }

    public void authorizationHandler_$eq(IAuthorizer iAuthorizer) {
        this.authorizationHandler = iAuthorizer;
    }

    public ITokenResolver tokenResolver() {
        return this.tokenResolver;
    }

    public void tokenResolver_$eq(ITokenResolver iTokenResolver) {
        this.tokenResolver = iTokenResolver;
    }

    public void initialize(Option<IAuthorizer> option, Option<ITokenResolver> option2) {
        if (OnfhirConfig$.MODULE$.authzConfig().isSecure()) {
            configureForAuthorizationServer();
            configureProtectedResourceServer();
            authorizationHandler_$eq((IAuthorizer) option.getOrElse(() -> {
                if ("smart-on-fhir".equals(OnfhirConfig$.MODULE$.authzConfig().authorizationMethod())) {
                    return new SmartAuthorizer();
                }
                throw new InitializationException(new StringBuilder(38).append("Unknown default authorization method ").append(OnfhirConfig$.MODULE$.authzConfig().authorizationMethod()).append("!").toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
            }));
            tokenResolver_$eq((ITokenResolver) option2.getOrElse(() -> {
                ITokenResolver resolverWithTokenIntrospection;
                String str = OnfhirConfig$.MODULE$.authzConfig().tokenResolutionMethod();
                if ("jwt".equals(str)) {
                    resolverWithTokenIntrospection = new JWTResolver(OnfhirConfig$.MODULE$.authzConfig());
                } else {
                    if (!"introspection".equals(str)) {
                        throw new InitializationException(new StringBuilder(48).append("Unknown default access token resolution method ").append(OnfhirConfig$.MODULE$.authzConfig().tokenResolutionMethod()).append("!").toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
                    }
                    resolverWithTokenIntrospection = new ResolverWithTokenIntrospection(OnfhirConfig$.MODULE$.authzConfig());
                }
                return resolverWithTokenIntrospection;
            }));
        }
    }

    private void configureForAuthorizationServer() {
        AuthorizationServerMetadata authorizationServerMetadata;
        logger().info("Configuring for authorization server...");
        try {
            AuthzConfig authzConfig = OnfhirConfig$.MODULE$.authzConfig();
            String authorizationServerDiscovery = OnfhirConfig$.MODULE$.authzConfig().authorizationServerDiscovery();
            if ("none".equals(authorizationServerDiscovery)) {
                logger().debug(new StringBuilder(67).append("Configuring from existing Authorization Server's metadata file ").append(OnfhirConfig$.MODULE$.authzConfig().authorizationServerMetadataPath()).append(" ...").toString());
                String mkString = Source$.MODULE$.fromFile((String) OnfhirConfig$.MODULE$.authzConfig().authorizationServerMetadataPath().get(), Codec$.MODULE$.fallbackSystemCodec()).mkString();
                if (OnfhirConfig$.MODULE$.authzConfig().authorizationServerUrl().isDefined()) {
                    mkString = new StringOps(Predef$.MODULE$.augmentString("\\$\\{AUTHZ_SERVER_ROOT_URL\\}")).r().replaceAllIn(mkString, (String) OnfhirConfig$.MODULE$.authzConfig().authorizationServerUrl().get());
                    logger().debug(new StringBuilder(46).append("Authorization server root url configured: ").append(OnfhirConfig$.MODULE$.authzConfig().authorizationServerUrl().get()).append(" ...").toString());
                }
                authorizationServerMetadata = parseAuthorizationServerMetadata(mkString);
            } else if ("oauth2".equals(authorizationServerDiscovery)) {
                logger().debug(new StringBuilder(49).append("Configuring by OAuth discovery protocol from ").append(OnfhirConfig$.MODULE$.authzConfig().authorizationServerDiscoveryURL()).append(" ...").toString());
                authorizationServerMetadata = parseAuthorizationServerMetadata(new HTTPRequest(HTTPRequest.Method.GET, new URL(OnfhirConfig$.MODULE$.authzConfig().authorizationServerDiscoveryURL())).send().getContent());
            } else {
                if (!"oidc".equals(authorizationServerDiscovery)) {
                    throw new MatchError(authorizationServerDiscovery);
                }
                logger().debug(new StringBuilder(47).append("Configuring by OID discovery protocol from ").append(OnfhirConfig$.MODULE$.authzConfig().authorizationServerDiscoveryURL()).append(" ...").toString());
                OIDCProviderMetadata parse = OIDCProviderMetadata.parse(new HTTPRequest(HTTPRequest.Method.GET, new URL(OnfhirConfig$.MODULE$.authzConfig().authorizationServerDiscoveryURL())).send().getContentAsJSONObject());
                authorizationServerMetadata = new AuthorizationServerMetadata(parse.getIssuer().getValue(), parse.getJWKSetURI(), Option$.MODULE$.apply(parse.getRegistrationEndpointURI()), Option$.MODULE$.apply(parse.getTokenEndpointURI()), ((TraversableOnce) JavaConverters$.MODULE$.asScalaBufferConverter(parse.getTokenEndpointAuthMethods()).asScala()).toSet(), ((TraversableOnce) JavaConverters$.MODULE$.asScalaBufferConverter(parse.getTokenEndpointJWSAlgs()).asScala()).toSet(), Option$.MODULE$.apply(parse.getIntrospectionEndpointURI()), ((TraversableOnce) JavaConverters$.MODULE$.asScalaBufferConverter(parse.getTokenEndpointAuthMethods()).asScala()).toSet(), ((TraversableOnce) JavaConverters$.MODULE$.asScalaBufferConverter(parse.getTokenEndpointJWSAlgs()).asScala()).toSet());
            }
            authzConfig.authzServerMetadata_$eq(authorizationServerMetadata);
            if (OnfhirConfig$.MODULE$.authzConfig().tokenResolutionMethod().equals("introspection") && (OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().introspection_endpoint().isEmpty() || OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().introspection_endpoint_auth_methods_supported().isEmpty() || OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().introspection_endpoint_auth_signing_alg_values_supported().isEmpty())) {
                throw new InitializationException(new StringBuilder(215).append("Introspection endpoint configuration(s) are invalid! Please check if all the ").append("introspection_endpoint").append(", ").append("introspection_endpoint_auth_methods_supported").append(", ").append("introspection_endpoint_auth_signing_alg_values_supported").append(" exists... ").toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
            }
            if (OnfhirConfig$.MODULE$.authzConfig().tokenResolutionMethod().equals("jwt") && (OnfhirConfig$.MODULE$.authzConfig().jwtSignatureAlgorithm().isEmpty() || ((!JWSAlgorithm.Family.RSA.contains(OnfhirConfig$.MODULE$.authzConfig().jwtSignatureAlgorithm().get()) && !JWSAlgorithm.Family.HMAC_SHA.contains(OnfhirConfig$.MODULE$.authzConfig().jwtSignatureAlgorithm().get())) || ((JWSAlgorithm.Family.RSA.contains(OnfhirConfig$.MODULE$.authzConfig().jwtSignatureAlgorithm().get()) && (OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata() == null || OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().jwks_uri() == null)) || (JWSAlgorithm.Family.HMAC_SHA.contains(OnfhirConfig$.MODULE$.authzConfig().jwtSignatureAlgorithm().get()) && OnfhirConfig$.MODULE$.authzConfig().jwtSignatureSecretKey().isEmpty()))))) {
                throw new InitializationException("JWT token resolutionconfiguration(s) are invalid!", InitializationException$.MODULE$.$lessinit$greater$default$2());
            }
            logger().info("Configured for the authorization server...");
        } catch (Exception e) {
            logger().error("Error while configuring for authorization server!");
            throw new InitializationException(e.getMessage(), InitializationException$.MODULE$.$lessinit$greater$default$2());
        }
    }

    private boolean isResourceServerDynamicallyRegistered() {
        return OnfhirConfig$.MODULE$.authzConfig().isAuthorizationServerRegistrationDynamic() && new File(new StringBuilder(49).append("./").append("protected-resource-server-metadata-dynamic.json").toString()).exists();
    }

    private void configureProtectedResourceServer() {
        BufferedSource fromFile;
        BufferedSource bufferedSource;
        logger().info("Configuring fhir-server as protected resource server...");
        try {
            if (isResourceServerDynamicallyRegistered()) {
                bufferedSource = Source$.MODULE$.fromFile(new StringBuilder(49).append("./").append("protected-resource-server-metadata-dynamic.json").toString(), Codec$.MODULE$.fallbackSystemCodec());
            } else {
                Some protectedResourceMetadataPath = OnfhirConfig$.MODULE$.authzConfig().protectedResourceMetadataPath();
                if (None$.MODULE$.equals(protectedResourceMetadataPath)) {
                    fromFile = Source$.MODULE$.fromInputStream(getClass().getResourceAsStream(DEFAULT_PROTECTED_RESOURCE_METADATA_PATH()), Codec$.MODULE$.fallbackSystemCodec());
                } else {
                    if (!(protectedResourceMetadataPath instanceof Some)) {
                        throw new MatchError(protectedResourceMetadataPath);
                    }
                    fromFile = Source$.MODULE$.fromFile((String) protectedResourceMetadataPath.value(), Codec$.MODULE$.fallbackSystemCodec());
                }
                bufferedSource = fromFile;
            }
            JSONObject parse = JSONObjectUtils.parse(bufferedSource.mkString());
            if (needJWKSetCreation(parse)) {
                File file = new File((String) OnfhirConfig$.MODULE$.authzConfig().protectedResourceJWKSPath().getOrElse(() -> {
                    return "./fhir-server.jwks";
                }));
                JWKSet load = file.exists() ? JWKSet.load(file) : createAndStoreJWKSet(file.getPath());
                OnfhirConfig$.MODULE$.authzConfig().protectedResourceJWKSet_$eq(load);
                List select = new JWKSelector(new JWKMatcher.Builder().keyType(KeyType.RSA).keyUse(KeyUse.SIGNATURE).build()).select(load);
                if (select.size() == 0) {
                    throw new InitializationException("Signing key not found in JWKSet for resource provider!", InitializationException$.MODULE$.$lessinit$greater$default$2());
                }
                OnfhirConfig$.MODULE$.authzConfig().protectedResourceCurrentSignerKeyId_$eq(((JWK) ((IterableLike) JavaConverters$.MODULE$.asScalaBufferConverter(select).asScala()).head()).getKeyID());
            }
            parse.put("jwks_uri", new StringBuilder(5).append(OnfhirConfig$.MODULE$.fhirRootUrl()).append("/jwks").toString());
            OnfhirConfig$.MODULE$.authzConfig().protectedResourceInformation_$eq((!OnfhirConfig$.MODULE$.authzConfig().isAuthorizationServerRegistrationDynamic() || isResourceServerDynamicallyRegistered()) ? ClientInformation.parse(parse) : registerResourceServerToAuthzServer((URI) OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().registration_endpoint().get(), parse));
            checkEverythingOk();
        } catch (Exception e) {
            logger().error("Error while configuring fhir-server as protected resource server!", e);
            throw new InitializationException(e.getMessage(), InitializationException$.MODULE$.$lessinit$greater$default$2());
        } catch (InitializationException e2) {
            throw e2;
        }
    }

    private ClientInformation registerResourceServerToAuthzServer(URI uri, JSONObject jSONObject) {
        ClientMetadata parse = ClientMetadata.parse(jSONObject);
        parse.setRedirectionURI(new URI(OnfhirConfig$.MODULE$.fhirRootUrl()));
        parse.setGrantTypes((Set) JavaConverters$.MODULE$.setAsJavaSetConverter(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new GrantType[]{GrantType.CLIENT_CREDENTIALS}))).asJava());
        Scope scope = new Scope();
        scope.add("patient");
        scope.add("user");
        scope.add("openid");
        parse.setScope(scope);
        ClientInformationResponse parse2 = ClientRegistrationResponse.parse(new ClientRegistrationRequest(uri, parse, (BearerAccessToken) null).toHTTPRequest().send());
        if (parse2 instanceof ClientInformationResponse) {
            ClientInformationResponse clientInformationResponse = parse2;
            saveClientInformationFile(new StringBuilder(49).append("./").append("protected-resource-server-metadata-dynamic.json").toString(), clientInformationResponse.getClientInformation());
            return clientInformationResponse.getClientInformation();
        }
        if (parse2 instanceof ClientRegistrationErrorResponse) {
            throw new InitializationException(new StringBuilder(65).append("Error while registering resource-server to authorization server: ").append(((ClientRegistrationErrorResponse) parse2).getErrorObject().getDescription()).toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
        }
        throw new MatchError(parse2);
    }

    private void checkEverythingOk() {
        boolean z;
        String str = OnfhirConfig$.MODULE$.authzConfig().tokenResolutionMethod();
        if (!"introspection".equals(str)) {
            if ("jwt".equals(str)) {
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
                return;
            } else {
                if (!"jwt-introspection".equals(str)) {
                    throw new MatchError(str);
                }
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                return;
            }
        }
        if (Option$.MODULE$.apply(OnfhirConfig$.MODULE$.authzConfig().protectedResourceInformation().getID()).isEmpty()) {
            throw new InitializationException("Problem with registration to Authz Server, client id is missing!", InitializationException$.MODULE$.$lessinit$greater$default$2());
        }
        Option apply = Option$.MODULE$.apply(OnfhirConfig$.MODULE$.authzConfig().protectedResourceInformation().getMetadata().getTokenEndpointAuthMethod());
        if (apply.isEmpty()) {
            throw new InitializationException("The configuration param 'token_endpoint_auth_method' can not be empty if token resolution is with introspection!", InitializationException$.MODULE$.$lessinit$greater$default$2());
        }
        if (!OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().introspection_endpoint_auth_methods_supported().contains(apply.get())) {
            throw new InitializationException(new StringBuilder(127).append("Token introspection client authentication method does not match between Authorization Server (").append(OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().introspection_endpoint_auth_methods_supported()).append(") and Proteced Resource Server (").append(((Identifier) apply.get()).getValue()).append(")").toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
        }
        ClientAuthenticationMethod clientAuthenticationMethod = (ClientAuthenticationMethod) apply.get();
        ClientAuthenticationMethod clientAuthenticationMethod2 = ClientAuthenticationMethod.CLIENT_SECRET_JWT;
        if (clientAuthenticationMethod2 != null ? !clientAuthenticationMethod2.equals(clientAuthenticationMethod) : clientAuthenticationMethod != null) {
            ClientAuthenticationMethod clientAuthenticationMethod3 = ClientAuthenticationMethod.PRIVATE_KEY_JWT;
            z = clientAuthenticationMethod3 != null ? clientAuthenticationMethod3.equals(clientAuthenticationMethod) : clientAuthenticationMethod == null;
        } else {
            z = true;
        }
        if (z) {
            Option apply2 = Option$.MODULE$.apply(OnfhirConfig$.MODULE$.authzConfig().protectedResourceInformation().getMetadata().getTokenEndpointAuthJWSAlg());
            if (apply2.isEmpty()) {
                throw new InitializationException(new StringBuilder(160).append("The configuration param 'token_endpoint_auth_signing_alg' can not be empty if token resolution is with introspection and client authentication method is ").append(ClientAuthenticationMethod.CLIENT_SECRET_JWT.getValue()).append(" or ").append(ClientAuthenticationMethod.PRIVATE_KEY_JWT).append("  !").toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
            }
            if (!OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().introspection_endpoint_auth_signing_alg_values_supported().contains(apply2.get())) {
                throw new InitializationException(new StringBuilder(139).append("Token introspection client authentication  signing algorithm does not match between Authorization Server (").append(OnfhirConfig$.MODULE$.authzConfig().authzServerMetadata().introspection_endpoint_auth_signing_alg_values_supported()).append(") and Proteced Resource Server (").append(((Algorithm) apply2.get()).getName()).append(")").toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
            }
            BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
        } else {
            ClientAuthenticationMethod clientAuthenticationMethod4 = ClientAuthenticationMethod.CLIENT_SECRET_BASIC;
            if (clientAuthenticationMethod4 != null ? !clientAuthenticationMethod4.equals(clientAuthenticationMethod) : clientAuthenticationMethod != null) {
                BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
            } else {
                if (Option$.MODULE$.apply(OnfhirConfig$.MODULE$.authzConfig().protectedResourceInformation().getSecret()).isEmpty()) {
                    throw new InitializationException("Problem with registration to Authz Server, client secret is missing!", InitializationException$.MODULE$.$lessinit$greater$default$2());
                }
                BoxedUnit boxedUnit5 = BoxedUnit.UNIT;
            }
        }
        BoxedUnit boxedUnit6 = BoxedUnit.UNIT;
    }

    private boolean needJWKSetCreation(JSONObject jSONObject) {
        boolean z;
        ClientAuthenticationMethod clientAuthenticationMethod = new ClientAuthenticationMethod(JSONObjectUtils.getString(jSONObject, "token_endpoint_auth_method"));
        ClientAuthenticationMethod clientAuthenticationMethod2 = ClientAuthenticationMethod.CLIENT_SECRET_BASIC;
        if (clientAuthenticationMethod2 != null ? !clientAuthenticationMethod2.equals(clientAuthenticationMethod) : clientAuthenticationMethod != null) {
            ClientAuthenticationMethod clientAuthenticationMethod3 = ClientAuthenticationMethod.NONE;
            z = clientAuthenticationMethod3 != null ? clientAuthenticationMethod3.equals(clientAuthenticationMethod) : clientAuthenticationMethod == null;
        } else {
            z = true;
        }
        return !z;
    }

    private String getRequiredParam(JsonAST.JObject jObject, String str) {
        Some extractValueOption = FHIRUtil$.MODULE$.extractValueOption(jObject, str, ManifestFactory$.MODULE$.classType(String.class));
        if (None$.MODULE$.equals(extractValueOption)) {
            throw new InitializationException(new StringBuilder(19).append("Param ").append(str).append(" is required!").toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
        }
        if (extractValueOption instanceof Some) {
            return (String) extractValueOption.value();
        }
        throw new MatchError(extractValueOption);
    }

    private AuthorizationServerMetadata parseAuthorizationServerMetadata(String str) {
        JsonAST.JObject parseJson = JsonFormatter$.MODULE$.parseFromJson(str).parseJson();
        try {
            return new AuthorizationServerMetadata(getRequiredParam(parseJson, "issuer"), new URI(getRequiredParam(parseJson, "jwks_uri")), package$.MODULE$.jvalue2extractable(package$.MODULE$.jvalue2monadic(parseJson).$bslash("registration_endpoint")).extractOpt(JsonFormatter$.MODULE$.formats(), ManifestFactory$.MODULE$.classType(String.class)).map(str2 -> {
                return new URI(str2);
            }), package$.MODULE$.jvalue2extractable(package$.MODULE$.jvalue2monadic(parseJson).$bslash("token_endpoint")).extractOpt(JsonFormatter$.MODULE$.formats(), ManifestFactory$.MODULE$.classType(String.class)).map(str3 -> {
                return new URI(str3);
            }), (scala.collection.immutable.Set) package$.MODULE$.jvalue2extractable(package$.MODULE$.jvalue2monadic(parseJson).$bslash("token_endpoint_auth_methods_supported")).extractOpt(JsonFormatter$.MODULE$.formats(), ManifestFactory$.MODULE$.classType(scala.collection.immutable.List.class, ManifestFactory$.MODULE$.classType(String.class), Predef$.MODULE$.wrapRefArray(new Manifest[0]))).map(list -> {
                return (scala.collection.immutable.Set) list.toSet().map(str4 -> {
                    return ClientAuthenticationMethod.parse(str4);
                }, Set$.MODULE$.canBuildFrom());
            }).getOrElse(() -> {
                return Predef$.MODULE$.Set().empty();
            }), (scala.collection.immutable.Set) package$.MODULE$.jvalue2extractable(package$.MODULE$.jvalue2monadic(parseJson).$bslash("token_endpoint_auth_signing_alg_values_supported")).extractOpt(JsonFormatter$.MODULE$.formats(), ManifestFactory$.MODULE$.classType(scala.collection.immutable.List.class, ManifestFactory$.MODULE$.classType(String.class), Predef$.MODULE$.wrapRefArray(new Manifest[0]))).map(list2 -> {
                return (scala.collection.immutable.Set) list2.toSet().map(str4 -> {
                    return JWSAlgorithm.parse(str4);
                }, Set$.MODULE$.canBuildFrom());
            }).getOrElse(() -> {
                return Predef$.MODULE$.Set().empty();
            }), package$.MODULE$.jvalue2extractable(package$.MODULE$.jvalue2monadic(parseJson).$bslash("introspection_endpoint")).extractOpt(JsonFormatter$.MODULE$.formats(), ManifestFactory$.MODULE$.classType(String.class)).map(str4 -> {
                return new URI(str4);
            }), (scala.collection.immutable.Set) package$.MODULE$.jvalue2extractable(package$.MODULE$.jvalue2monadic(parseJson).$bslash("introspection_endpoint_auth_methods_supported")).extractOpt(JsonFormatter$.MODULE$.formats(), ManifestFactory$.MODULE$.classType(scala.collection.immutable.List.class, ManifestFactory$.MODULE$.classType(String.class), Predef$.MODULE$.wrapRefArray(new Manifest[0]))).map(list3 -> {
                return (scala.collection.immutable.Set) list3.toSet().map(str5 -> {
                    return ClientAuthenticationMethod.parse(str5);
                }, Set$.MODULE$.canBuildFrom());
            }).getOrElse(() -> {
                return Predef$.MODULE$.Set().empty();
            }), (scala.collection.immutable.Set) package$.MODULE$.jvalue2extractable(package$.MODULE$.jvalue2monadic(parseJson).$bslash("introspection_endpoint_auth_signing_alg_values_supported")).extractOpt(JsonFormatter$.MODULE$.formats(), ManifestFactory$.MODULE$.classType(scala.collection.immutable.List.class, ManifestFactory$.MODULE$.classType(String.class), Predef$.MODULE$.wrapRefArray(new Manifest[0]))).map(list4 -> {
                return (scala.collection.immutable.Set) list4.toSet().map(str5 -> {
                    return JWSAlgorithm.parse(str5);
                }, Set$.MODULE$.canBuildFrom());
            }).getOrElse(() -> {
                return Predef$.MODULE$.Set().empty();
            }));
        } catch (URISyntaxException e) {
            throw new InitializationException(new StringBuilder(13).append("Invalid uri! ").append(e.getMessage()).toString(), InitializationException$.MODULE$.$lessinit$greater$default$2());
        }
    }

    private JWKSet createAndStoreJWKSet(String str) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        JWKSet jWKSet = new JWKSet(new RSAKey.Builder((RSAPublicKey) generateKeyPair.getPublic()).privateKey((RSAPrivateKey) generateKeyPair.getPrivate()).keyID(UUID.randomUUID().toString()).keyUse(KeyUse.SIGNATURE).build());
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(new File(str)));
        bufferedWriter.write(jWKSet.toString());
        bufferedWriter.close();
        return jWKSet;
    }

    private void saveClientInformationFile(String str, ClientInformation clientInformation) {
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(new File(str)));
        bufferedWriter.write(clientInformation.toJSONObject().toJSONString());
        bufferedWriter.close();
    }

    private AuthzConfigurationManager$() {
        MODULE$ = this;
        this.logger = LoggerFactory.getLogger(getClass());
        this.DEFAULT_PROTECTED_RESOURCE_METADATA_PATH = Predef$any2stringadd$.MODULE$.$plus$extension(Predef$.MODULE$.any2stringadd(io.onfhir.api.package$.MODULE$.DEFAULT_ROOT_FOLDER()), "/protected-resource-server-metadata.json");
    }
}
