package org.mitre.openid.connect.client.service.impl;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.mitre.oauth2.model.RegisteredClientFields;
import org.mitre.openid.connect.client.service.ServerConfigurationService;
import org.mitre.openid.connect.config.ServerConfiguration;
import org.mitre.util.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:WEB-INF/lib/openid-connect-client-1.2.0.jar:org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.class */
public class DynamicServerConfigurationService implements ServerConfigurationService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DynamicServerConfigurationService.class);
    private Set<String> whitelist = new HashSet();
    private Set<String> blacklist = new HashSet();
    private LoadingCache<String, ServerConfiguration> servers = CacheBuilder.newBuilder().build(new OpenIDConnectServiceConfigurationFetcher());

    /* loaded from: input_file:WEB-INF/lib/openid-connect-client-1.2.0.jar:org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService$OpenIDConnectServiceConfigurationFetcher.class */
    private class OpenIDConnectServiceConfigurationFetcher extends CacheLoader<String, ServerConfiguration> {
        private HttpClient httpClient;
        private HttpComponentsClientHttpRequestFactory httpFactory;
        private JsonParser parser;

        private OpenIDConnectServiceConfigurationFetcher() {
            this.httpClient = HttpClientBuilder.create().useSystemProperties().build();
            this.httpFactory = new HttpComponentsClientHttpRequestFactory(this.httpClient);
            this.parser = new JsonParser();
        }

        @Override // com.google.common.cache.CacheLoader
        public ServerConfiguration load(String str) throws Exception {
            RestTemplate restTemplate = new RestTemplate(this.httpFactory);
            ServerConfiguration serverConfiguration = new ServerConfiguration();
            String str2 = str + "/.well-known/openid-configuration";
            JsonElement parse = this.parser.parse((String) restTemplate.getForObject(str2, String.class, new Object[0]));
            if (!parse.isJsonObject()) {
                throw new IllegalStateException("Couldn't parse server discovery results for " + str2);
            }
            JsonObject asJsonObject = parse.getAsJsonObject();
            if (!asJsonObject.has("issuer")) {
                throw new IllegalStateException("Returned object did not have an 'issuer' field");
            }
            if (!str.equals(asJsonObject.get("issuer").getAsString())) {
                DynamicServerConfigurationService.logger.info("Issuer used for discover was " + str + " but final issuer is " + asJsonObject.get("issuer").getAsString());
            }
            serverConfiguration.setIssuer(asJsonObject.get("issuer").getAsString());
            serverConfiguration.setAuthorizationEndpointUri(JsonUtils.getAsString(asJsonObject, "authorization_endpoint"));
            serverConfiguration.setTokenEndpointUri(JsonUtils.getAsString(asJsonObject, "token_endpoint"));
            serverConfiguration.setJwksUri(JsonUtils.getAsString(asJsonObject, RegisteredClientFields.JWKS_URI));
            serverConfiguration.setUserInfoUri(JsonUtils.getAsString(asJsonObject, "userinfo_endpoint"));
            serverConfiguration.setRegistrationEndpointUri(JsonUtils.getAsString(asJsonObject, "registration_endpoint"));
            serverConfiguration.setIntrospectionEndpointUri(JsonUtils.getAsString(asJsonObject, "introspection_endpoint"));
            serverConfiguration.setAcrValuesSupported(JsonUtils.getAsStringList(asJsonObject, "acr_values_supported"));
            serverConfiguration.setCheckSessionIframe(JsonUtils.getAsString(asJsonObject, "check_session_iframe"));
            serverConfiguration.setClaimsLocalesSupported(JsonUtils.getAsStringList(asJsonObject, "claims_locales_supported"));
            serverConfiguration.setClaimsParameterSupported(JsonUtils.getAsBoolean(asJsonObject, "claims_parameter_supported"));
            serverConfiguration.setClaimsSupported(JsonUtils.getAsStringList(asJsonObject, "claims_supported"));
            serverConfiguration.setDisplayValuesSupported(JsonUtils.getAsStringList(asJsonObject, "display_values_supported"));
            serverConfiguration.setEndSessionEndpoint(JsonUtils.getAsString(asJsonObject, "end_session_endpoint"));
            serverConfiguration.setGrantTypesSupported(JsonUtils.getAsStringList(asJsonObject, "grant_types_supported"));
            serverConfiguration.setIdTokenSigningAlgValuesSupported(JsonUtils.getAsJwsAlgorithmList(asJsonObject, "id_token_signing_alg_values_supported"));
            serverConfiguration.setIdTokenEncryptionAlgValuesSupported(JsonUtils.getAsJweAlgorithmList(asJsonObject, "id_token_encryption_alg_values_supported"));
            serverConfiguration.setIdTokenEncryptionEncValuesSupported(JsonUtils.getAsEncryptionMethodList(asJsonObject, "id_token_encryption_enc_values_supported"));
            serverConfiguration.setOpPolicyUri(JsonUtils.getAsString(asJsonObject, "op_policy_uri"));
            serverConfiguration.setOpTosUri(JsonUtils.getAsString(asJsonObject, "op_tos_uri"));
            serverConfiguration.setRequestObjectEncryptionAlgValuesSupported(JsonUtils.getAsJweAlgorithmList(asJsonObject, "request_object_encryption_alg_values_supported"));
            serverConfiguration.setRequestObjectEncryptionEncValuesSupported(JsonUtils.getAsEncryptionMethodList(asJsonObject, "request_object_encryption_enc_values_supported"));
            serverConfiguration.setRequestObjectSigningAlgValuesSupported(JsonUtils.getAsJwsAlgorithmList(asJsonObject, "request_object_signing_alg_values_supported"));
            serverConfiguration.setRequestParameterSupported(JsonUtils.getAsBoolean(asJsonObject, "request_parameter_supported"));
            serverConfiguration.setRequestUriParameterSupported(JsonUtils.getAsBoolean(asJsonObject, "request_uri_parameter_supported"));
            serverConfiguration.setResponseTypesSupported(JsonUtils.getAsStringList(asJsonObject, "response_types_supported"));
            serverConfiguration.setScopesSupported(JsonUtils.getAsStringList(asJsonObject, "scopes_supported"));
            serverConfiguration.setSubjectTypesSupported(JsonUtils.getAsStringList(asJsonObject, "subject_types_supported"));
            serverConfiguration.setServiceDocumentation(JsonUtils.getAsString(asJsonObject, "service_documentation"));
            serverConfiguration.setTokenEndpointAuthMethodsSupported(JsonUtils.getAsStringList(asJsonObject, "token_endpoint_auth_methods"));
            serverConfiguration.setTokenEndpointAuthSigningAlgValuesSupported(JsonUtils.getAsJwsAlgorithmList(asJsonObject, "token_endpoint_auth_signing_alg_values_supported"));
            serverConfiguration.setUiLocalesSupported(JsonUtils.getAsStringList(asJsonObject, "ui_locales_supported"));
            serverConfiguration.setUserinfoEncryptionAlgValuesSupported(JsonUtils.getAsJweAlgorithmList(asJsonObject, "userinfo_encryption_alg_values_supported"));
            serverConfiguration.setUserinfoEncryptionEncValuesSupported(JsonUtils.getAsEncryptionMethodList(asJsonObject, "userinfo_encryption_enc_values_supported"));
            serverConfiguration.setUserinfoSigningAlgValuesSupported(JsonUtils.getAsJwsAlgorithmList(asJsonObject, "userinfo_signing_alg_values_supported"));
            return serverConfiguration;
        }
    }

    public Set<String> getWhitelist() {
        return this.whitelist;
    }

    public void setWhitelist(Set<String> set) {
        this.whitelist = set;
    }

    public Set<String> getBlacklist() {
        return this.blacklist;
    }

    public void setBlacklist(Set<String> set) {
        this.blacklist = set;
    }

    @Override // org.mitre.openid.connect.client.service.ServerConfigurationService
    public ServerConfiguration getServerConfiguration(String str) {
        try {
            if (!this.whitelist.isEmpty() && !this.whitelist.contains(str)) {
                throw new AuthenticationServiceException("Whitelist was nonempty, issuer was not in whitelist: " + str);
            }
            if (this.blacklist.contains(str)) {
                throw new AuthenticationServiceException("Issuer was in blacklist: " + str);
            }
            return this.servers.get(str);
        } catch (UncheckedExecutionException | ExecutionException e) {
            logger.warn("Couldn't load configuration for " + str + ": " + e);
            return null;
        }
    }
}
