package org.cloudfoundry.identity.uaa.provider.oauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URL;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.cloudfoundry.identity.uaa.cache.UrlContentCache;
import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.25.0.jar:org/cloudfoundry/identity/uaa/provider/oauth/OidcMetadataFetcher.class */
public class OidcMetadataFetcher {
    private final UrlContentCache contentCache;
    private final RestTemplate trustingRestTemplate;
    private final RestTemplate nonTrustingRestTemplate;

    public OidcMetadataFetcher(UrlContentCache urlContentCache, RestTemplate restTemplate, RestTemplate restTemplate2) {
        this.contentCache = urlContentCache;
        this.trustingRestTemplate = restTemplate;
        this.nonTrustingRestTemplate = restTemplate2;
    }

    public void fetchMetadataAndUpdateDefinition(OIDCIdentityProviderDefinition oIDCIdentityProviderDefinition) throws OidcMetadataFetchingException {
        if (shouldFetchMetadata(oIDCIdentityProviderDefinition)) {
            updateIdpDefinition(oIDCIdentityProviderDefinition, fetchMetadata(oIDCIdentityProviderDefinition.getDiscoveryUrl(), oIDCIdentityProviderDefinition.isSkipSslValidation()));
        }
    }

    private OidcMetadata fetchMetadata(URL url, boolean z) throws OidcMetadataFetchingException {
        try {
            return (OidcMetadata) new ObjectMapper().readValue(z ? this.contentCache.getUrlContent(url.toString(), this.trustingRestTemplate) : this.contentCache.getUrlContent(url.toString(), this.nonTrustingRestTemplate), OidcMetadata.class);
        } catch (IOException e) {
            throw new OidcMetadataFetchingException(e);
        }
    }

    private void updateIdpDefinition(OIDCIdentityProviderDefinition oIDCIdentityProviderDefinition, OidcMetadata oidcMetadata) {
        oIDCIdentityProviderDefinition.setAuthUrl((URL) Optional.ofNullable(oIDCIdentityProviderDefinition.getAuthUrl()).orElse(oidcMetadata.getAuthorizationEndpoint()));
        oIDCIdentityProviderDefinition.setTokenUrl((URL) Optional.ofNullable(oIDCIdentityProviderDefinition.getTokenUrl()).orElse(oidcMetadata.getTokenEndpoint()));
        oIDCIdentityProviderDefinition.setTokenKeyUrl((URL) Optional.ofNullable(oIDCIdentityProviderDefinition.getTokenKeyUrl()).orElse(oidcMetadata.getJsonWebKeysUri()));
        oIDCIdentityProviderDefinition.setUserInfoUrl((URL) Optional.ofNullable(oIDCIdentityProviderDefinition.getUserInfoUrl()).orElse(oidcMetadata.getUserinfoEndpoint()));
        oIDCIdentityProviderDefinition.setIssuer((String) Optional.ofNullable(oIDCIdentityProviderDefinition.getIssuer()).orElse(oidcMetadata.getIssuer()));
    }

    private boolean shouldFetchMetadata(OIDCIdentityProviderDefinition oIDCIdentityProviderDefinition) {
        return (oIDCIdentityProviderDefinition.getDiscoveryUrl() == null || StringUtils.isBlank(oIDCIdentityProviderDefinition.getDiscoveryUrl().toString())) ? false : true;
    }
}
