package com.predic8.membrane.core.interceptor.oauth2.authorizationservice;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCChildElement;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.annot.Required;
import com.predic8.membrane.core.http.xml.Query;
import com.predic8.membrane.core.interceptor.oauth2.ClaimRenamer;
import com.predic8.membrane.core.interceptor.oauth2.Client;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.oauth2.parameter.ClaimsParameter;
import com.predic8.membrane.core.resolver.ResolverMap;
import com.predic8.membrane.core.transport.http2.frame.Error;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;

@MCElement(name = "membrane")
/* loaded from: input_file:com/predic8/membrane/core/interceptor/oauth2/authorizationservice/MembraneAuthorizationService.class */
public class MembraneAuthorizationService extends AuthorizationService {
    private String src;
    private String issuer;
    private String tokenEndpoint;
    private String userInfoEndpoint;
    private String authorizationEndpoint;
    private String publicAuthorizationEndpoint;
    private String revocationEndpoint;
    private String registrationEndpoint;
    private String jwksEndpoint;
    private String endSessionEndpoint;
    private String claims;
    private String claimsIdt;
    private String claimsParameter;
    private DynamicRegistration dynamicRegistration;
    protected boolean encodedScope;
    private String subject = ClaimRenamer.convert("sub");
    private List<String> responseModesSupported = List.of(Query.ELEMENT_NAME, "fragment");

    public static boolean isValidURI(String str) {
        try {
            new URI(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public void init() throws Exception {
        if (this.src == null) {
            throw new Exception("No wellknown file source configured. - Cannot work without one");
        }
        if (this.dynamicRegistration != null) {
            this.dynamicRegistration.init(this.router);
            this.supportsDynamicRegistration = true;
        }
        try {
            String[] split = this.src.split(Pattern.quote(" "), 2);
            if (split.length == 1) {
                parseSrc(resolve(this.router.getResolverMap(), this.router.getBaseLocation(), split[0] + (split[0].endsWith("/") ? "" : "/") + ".well-known/openid-configuration"));
            } else if (split.length == 2) {
                parseSrc(resolve(this.router.getResolverMap(), this.router.getBaseLocation(), split[1] + (split[1].endsWith("/") ? "" : "/") + ".well-known/openid-configuration"));
                this.publicAuthorizationEndpoint = split[0] + new URI(this.authorizationEndpoint).getPath();
            } else if (split.length > 2) {
                throw new RuntimeException("src property is not set correctly: " + this.src);
            }
            adjustScope();
            prepareClaimsForLoginUrl();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public InputStream resolve(ResolverMap resolverMap, String str, String str2) throws Exception {
        return this.dynamicRegistration != null ? this.dynamicRegistration.retrieveOpenIDConfiguration(str2) : super.resolve(resolverMap, str, str2);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public String getIssuer() {
        return this.issuer;
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public String getJwksEndpoint() throws Exception {
        return this.jwksEndpoint;
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public String getEndSessionEndpoint() throws Exception {
        return this.endSessionEndpoint;
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    protected void doDynamicRegistration(List<String> list) throws Exception {
        if (this.dynamicRegistration == null || this.registrationEndpoint == null || this.registrationEndpoint.isEmpty()) {
            throw new RuntimeException("A registration bean is required and src needs to specify a registration endpoint");
        }
        dynamicRegistrationIfNeeded(list);
    }

    private void dynamicRegistrationIfNeeded(List<String> list) throws Exception {
        Client registerWithCallbackAt = this.dynamicRegistration.registerWithCallbackAt(list, this.registrationEndpoint);
        setClientIdAndSecret(registerWithCallbackAt.getClientId(), registerWithCallbackAt.getClientSecret());
    }

    private void prepareClaimsForLoginUrl() throws IOException {
        this.claimsParameter = ClaimsParameter.writeCompleteJson(this.claims, this.claimsIdt);
        if (this.claimsParameter.isEmpty()) {
            this.claimsParameter = null;
        }
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public void setScope(String str) {
        super.setScope(str);
        this.encodedScope = false;
    }

    private void adjustScope() throws UnsupportedEncodingException {
        if (this.scope == null) {
            this.scope = "profile";
        }
        if (this.encodedScope) {
            return;
        }
        this.scope = OAuth2Util.urlencode(this.scope);
        this.encodedScope = true;
    }

    private void parseSrc(InputStream inputStream) throws IOException {
        Map map = (Map) new ObjectMapper().readValue(IOUtils.toString(inputStream), new TypeReference<Map<String, Object>>() { // from class: com.predic8.membrane.core.interceptor.oauth2.authorizationservice.MembraneAuthorizationService.1
        });
        this.tokenEndpoint = (String) map.get("token_endpoint");
        this.userInfoEndpoint = (String) map.get("userinfo_endpoint");
        this.authorizationEndpoint = (String) map.get("authorization_endpoint");
        this.revocationEndpoint = (String) map.get("revocation_endpoint");
        this.registrationEndpoint = (String) map.get("registration_endpoint");
        this.jwksEndpoint = (String) map.get("jwks_uri");
        this.endSessionEndpoint = (String) map.get("end_session_endpoint");
        this.issuer = (String) map.get("issuer");
        if (map.containsKey("response_modes_supported")) {
            this.responseModesSupported = (List) ((List) map.get("response_modes_supported")).stream().filter(obj -> {
                return obj instanceof String;
            }).map(obj2 -> {
                return (String) obj2;
            }).collect(Collectors.toList());
        }
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public String getRevocationEndpoint() {
        return this.revocationEndpoint;
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public String getLoginURL(String str, String str2, String str3) {
        String str4 = this.publicAuthorizationEndpoint;
        if (str4 == null) {
            str4 = this.authorizationEndpoint;
        }
        return str4 + "?client_id=" + getClientId() + "&response_type=code&scope=" + this.scope + "&redirect_uri=" + str2 + "&" + (this.responseModesSupported.contains("form_post") ? "response_mode=form_post&" : "") + "state=security_token%3D" + str + "%26url%3D" + OAuth2Util.urlencode(str3) + getClaimsParameter();
    }

    private String getClaimsParameter() {
        return this.claimsParameter == null ? "" : "&claims=" + OAuth2Util.urlencode(this.claimsParameter);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public String getUserInfoEndpoint() {
        return this.userInfoEndpoint;
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService
    public String getSubject() {
        return this.subject;
    }

    @MCAttribute
    public void setSubject(String str) {
        this.subject = str;
    }

    public String getSrc() {
        return this.src;
    }

    @MCAttribute
    @Required
    public void setSrc(String str) {
        this.src = str;
    }

    public String getClaims() {
        return this.claims;
    }

    @MCAttribute
    public void setClaims(String str) {
        this.claims = str;
    }

    public String getClaimsIdt() {
        return this.claimsIdt;
    }

    @MCAttribute
    public void setClaimsIdt(String str) {
        this.claimsIdt = str;
    }

    public DynamicRegistration getDynamicRegistration() {
        return this.dynamicRegistration;
    }

    @MCChildElement(order = Error.ERROR_CONNECT_ERROR)
    public void setDynamicRegistration(DynamicRegistration dynamicRegistration) {
        this.dynamicRegistration = dynamicRegistration;
    }

    public List<String> getResponseModesSupported() {
        return this.responseModesSupported;
    }
}
