package org.mitre.openid.connect.client.service.impl;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.Lists;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.google.gson.Gson;
import com.google.gson.JsonElement;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor;
import org.mitre.openid.connect.client.service.ClientConfigurationService;
import org.mitre.openid.connect.client.service.RegisteredClientService;
import org.mitre.openid.connect.config.ServerConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:WEB-INF/lib/openid-connect-client-1.2.0.jar:org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.class */
public class DynamicRegistrationClientConfigurationService implements ClientConfigurationService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DynamicRegistrationClientConfigurationService.class);
    private RegisteredClient template;
    private RegisteredClientService registeredClientService = new InMemoryRegisteredClientService();
    private Set<String> whitelist = new HashSet();
    private Set<String> blacklist = new HashSet();
    private LoadingCache<ServerConfiguration, RegisteredClient> clients = CacheBuilder.newBuilder().build(new DynamicClientRegistrationLoader());

    /* loaded from: input_file:WEB-INF/lib/openid-connect-client-1.2.0.jar:org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService$DynamicClientRegistrationLoader.class */
    public class DynamicClientRegistrationLoader extends CacheLoader<ServerConfiguration, RegisteredClient> {
        private HttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
        private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(this.httpClient);
        private Gson gson = new Gson();

        public DynamicClientRegistrationLoader() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // com.google.common.cache.CacheLoader
        public RegisteredClient load(ServerConfiguration serverConfiguration) throws Exception {
            RestTemplate restTemplate = new RestTemplate(this.httpFactory);
            RegisteredClient byIssuer = DynamicRegistrationClientConfigurationService.this.registeredClientService.getByIssuer(serverConfiguration.getIssuer());
            if (byIssuer != null) {
                if (byIssuer.getClientId() != null) {
                    return byIssuer;
                }
                HttpHeaders httpHeaders = new HttpHeaders();
                httpHeaders.set("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, byIssuer.getRegistrationAccessToken()));
                httpHeaders.setAccept(Lists.newArrayList(MediaType.APPLICATION_JSON));
                return ClientDetailsEntityJsonProcessor.parseRegistered((String) restTemplate.exchange(byIssuer.getRegistrationClientUri(), HttpMethod.GET, new HttpEntity<>((MultiValueMap<String, String>) httpHeaders), String.class, new Object[0]).getBody());
            }
            String json = this.gson.toJson((JsonElement) ClientDetailsEntityJsonProcessor.serialize(DynamicRegistrationClientConfigurationService.this.template));
            HttpHeaders httpHeaders2 = new HttpHeaders();
            httpHeaders2.setContentType(MediaType.APPLICATION_JSON);
            httpHeaders2.setAccept(Lists.newArrayList(MediaType.APPLICATION_JSON));
            RegisteredClient parseRegistered = ClientDetailsEntityJsonProcessor.parseRegistered((String) restTemplate.postForObject(serverConfiguration.getRegistrationEndpointUri(), new HttpEntity(json, httpHeaders2), String.class, new Object[0]));
            DynamicRegistrationClientConfigurationService.this.registeredClientService.save(serverConfiguration.getIssuer(), parseRegistered);
            return parseRegistered;
        }
    }

    @Override // org.mitre.openid.connect.client.service.ClientConfigurationService
    public RegisteredClient getClientConfiguration(ServerConfiguration serverConfiguration) {
        try {
            if (!this.whitelist.isEmpty() && !this.whitelist.contains(serverConfiguration.getIssuer())) {
                throw new AuthenticationServiceException("Whitelist was nonempty, issuer was not in whitelist: " + serverConfiguration);
            }
            if (this.blacklist.contains(serverConfiguration.getIssuer())) {
                throw new AuthenticationServiceException("Issuer was in blacklist: " + serverConfiguration);
            }
            return this.clients.get(serverConfiguration);
        } catch (UncheckedExecutionException | ExecutionException e) {
            logger.warn("Unable to get client configuration", e);
            return null;
        }
    }

    public RegisteredClient getTemplate() {
        return this.template;
    }

    public void setTemplate(RegisteredClient registeredClient) {
        if (registeredClient != null) {
            registeredClient.setClientId(null);
            registeredClient.setClientSecret(null);
            registeredClient.setRegistrationClientUri(null);
            registeredClient.setRegistrationAccessToken(null);
        }
        this.template = registeredClient;
    }

    public RegisteredClientService getRegisteredClientService() {
        return this.registeredClientService;
    }

    public void setRegisteredClientService(RegisteredClientService registeredClientService) {
        this.registeredClientService = registeredClientService;
    }

    public Set<String> getWhitelist() {
        return this.whitelist;
    }

    public void setWhitelist(Set<String> set) {
        this.whitelist = set;
    }

    public Set<String> getBlacklist() {
        return this.blacklist;
    }

    public void setBlacklist(Set<String> set) {
        this.blacklist = set;
    }
}
