package org.apereo.cas.web.controllers;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.OidcClientRegistrationRequest;
import org.apereo.cas.OidcClientRegistrationResponse;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuthGrantType;
import org.apereo.cas.support.oauth.OAuthResponseType;
import org.apereo.cas.support.oauth.validator.OAuth20Validator;
import org.apereo.cas.support.oauth.web.BaseOAuthWrapperController;
import org.apereo.cas.ticket.accesstoken.AccessTokenFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.gen.RandomStringGenerator;
import org.apereo.cas.util.serialization.StringSerializer;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;

/* loaded from: input_file:org/apereo/cas/web/controllers/OidcDynamicClientRegistrationEndpointController.class */
public class OidcDynamicClientRegistrationEndpointController extends BaseOAuthWrapperController {
    private StringSerializer<OidcClientRegistrationRequest> clientRegistrationRequestSerializer;
    private RandomStringGenerator clientIdGenerator;
    private RandomStringGenerator clientSecretGenerator;

    public OidcDynamicClientRegistrationEndpointController(ServicesManager servicesManager, TicketRegistry ticketRegistry, OAuth20Validator oAuth20Validator, AccessTokenFactory accessTokenFactory, PrincipalFactory principalFactory, ServiceFactory<WebApplicationService> serviceFactory, StringSerializer<OidcClientRegistrationRequest> stringSerializer, RandomStringGenerator randomStringGenerator, RandomStringGenerator randomStringGenerator2) {
        super(servicesManager, ticketRegistry, oAuth20Validator, accessTokenFactory, principalFactory, serviceFactory);
        this.clientRegistrationRequestSerializer = stringSerializer;
        this.clientIdGenerator = randomStringGenerator;
        this.clientSecretGenerator = randomStringGenerator2;
    }

    @PostMapping(value = {"/oidc/register"}, consumes = {"application/json"}, produces = {"application/json"})
    public ResponseEntity<OidcClientRegistrationResponse> handleRequestInternal(@RequestBody String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        try {
            OidcClientRegistrationRequest oidcClientRegistrationRequest = (OidcClientRegistrationRequest) this.clientRegistrationRequestSerializer.from(str);
            this.logger.debug("Received client registration request {}", oidcClientRegistrationRequest);
            OidcRegisteredService oidcRegisteredService = new OidcRegisteredService();
            oidcRegisteredService.setName(oidcClientRegistrationRequest.getClientName());
            oidcRegisteredService.setGenerateRefreshToken(true);
            if (StringUtils.isNotBlank(oidcClientRegistrationRequest.getJwksUri())) {
                oidcRegisteredService.setJwks(oidcClientRegistrationRequest.getJwksUri());
                oidcRegisteredService.setSignIdToken(true);
            }
            oidcRegisteredService.setServiceId(oidcClientRegistrationRequest.getRedirectUris().stream().findFirst().get());
            oidcRegisteredService.setClientId(this.clientIdGenerator.getNewString());
            oidcRegisteredService.setClientSecret(this.clientSecretGenerator.getNewString());
            oidcRegisteredService.setEvaluationOrder(Integer.MIN_VALUE);
            OidcClientRegistrationResponse clientRegistrationResponse = getClientRegistrationResponse(oidcClientRegistrationRequest, oidcRegisteredService);
            oidcRegisteredService.setDescription("Dynamically registered service ".concat(oidcRegisteredService.getName()).concat(" with grant types ").concat(clientRegistrationResponse.getGrantTypes().toString()).concat(" and response types ").concat(clientRegistrationResponse.getResponseTypes().toString()));
            getServicesManager().save(oidcRegisteredService);
            return new ResponseEntity<>(clientRegistrationResponse, HttpStatus.CREATED);
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            HashMap hashMap = new HashMap();
            hashMap.put("error", "invalid_client_metadata");
            hashMap.put("error_message", e.getMessage());
            return new ResponseEntity<>(hashMap, HttpStatus.BAD_REQUEST);
        }
    }

    protected OidcClientRegistrationResponse getClientRegistrationResponse(OidcClientRegistrationRequest oidcClientRegistrationRequest, OidcRegisteredService oidcRegisteredService) {
        OidcClientRegistrationResponse oidcClientRegistrationResponse = new OidcClientRegistrationResponse();
        oidcClientRegistrationResponse.setApplicationType("web");
        oidcClientRegistrationResponse.setClientId(oidcRegisteredService.getClientId());
        oidcClientRegistrationResponse.setClientSecret(oidcRegisteredService.getClientSecret());
        oidcClientRegistrationResponse.setSubjectType("public");
        oidcClientRegistrationResponse.setTokenEndpointAuthMethod(oidcClientRegistrationRequest.getTokenEndpointAuthMethod());
        oidcClientRegistrationResponse.setClientName(oidcRegisteredService.getName());
        oidcClientRegistrationResponse.setGrantTypes(Arrays.asList(OAuthGrantType.AUTHORIZATION_CODE.name().toLowerCase(), OAuthGrantType.REFRESH_TOKEN.name().toLowerCase()));
        oidcClientRegistrationResponse.setRedirectUris(Collections.singletonList(oidcRegisteredService.getServiceId()));
        oidcClientRegistrationResponse.setResponseTypes(Collections.singletonList(OAuthResponseType.CODE.name().toLowerCase()));
        return oidcClientRegistrationResponse;
    }
}
