package org.wso2.carbon.identity.discovery.builders;

import java.net.URISyntaxException;
import java.util.List;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfigurationException;
import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
import org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.discovery.DiscoveryUtil;
import org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException;
import org.wso2.carbon.identity.discovery.OIDProviderConfigResponse;
import org.wso2.carbon.identity.discovery.OIDProviderRequest;
import org.wso2.carbon.identity.discovery.internal.OIDCDiscoveryDataHolder;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.class */
public class ProviderConfigBuilder {
    private static final Log log = LogFactory.getLog(ProviderConfigBuilder.class);
    private static final String OIDC_CLAIM_DIALECT = "http://wso2.org/oidc/claim";

    public OIDProviderConfigResponse buildOIDProviderConfig(OIDProviderRequest oIDProviderRequest) throws OIDCDiscoveryEndPointException, ServerConfigurationException {
        OIDProviderConfigResponse oIDProviderConfigResponse = new OIDProviderConfigResponse();
        String tenantDomain = oIDProviderRequest.getTenantDomain();
        if (DiscoveryUtil.isUseEntityIdAsIssuerInOidcDiscovery()) {
            try {
                oIDProviderConfigResponse.setIssuer(OAuth2Util.getIdTokenIssuer(tenantDomain));
            } catch (IdentityOAuth2Exception e) {
                throw new ServerConfigurationException(String.format("Error while retrieving OIDC Id token issuer value for tenant domain: %s", tenantDomain), e);
            }
        } else {
            oIDProviderConfigResponse.setIssuer(OAuth2Util.getIDTokenIssuer());
        }
        oIDProviderConfigResponse.setAuthorizationEndpoint(OAuth2Util.OAuthURL.getOAuth2AuthzEPUrl());
        oIDProviderConfigResponse.setPushedAuthorizationRequestEndpoint(OAuth2Util.OAuthURL.getOAuth2ParEPUrl());
        oIDProviderConfigResponse.setTokenEndpoint(OAuth2Util.OAuthURL.getOAuth2TokenEPUrl());
        oIDProviderConfigResponse.setUserinfoEndpoint(OAuth2Util.OAuthURL.getOAuth2UserInfoEPUrl());
        oIDProviderConfigResponse.setRevocationEndpoint(OAuth2Util.OAuthURL.getOAuth2RevocationEPUrl());
        oIDProviderConfigResponse.setRevocationEndpointAuthMethodsSupported((String[]) OAuth2Util.getSupportedClientAuthenticationMethods().toArray(new String[0]));
        oIDProviderConfigResponse.setResponseModesSupported((String[]) OAuth2Util.getSupportedResponseModes().toArray(new String[0]));
        oIDProviderConfigResponse.setIntrospectionEndpointAuthMethodsSupported((String[]) OAuth2Util.getSupportedClientAuthenticationMethods().toArray(new String[0]));
        oIDProviderConfigResponse.setCodeChallengeMethodsSupported((String[]) OAuth2Util.getSupportedCodeChallengeMethods().toArray(new String[0]));
        try {
            oIDProviderConfigResponse.setIntrospectionEndpoint(OAuth2Util.OAuthURL.getOAuth2IntrospectionEPUrl(tenantDomain));
            oIDProviderConfigResponse.setRegistrationEndpoint(OAuth2Util.OAuthURL.getOAuth2DCREPUrl(tenantDomain));
            oIDProviderConfigResponse.setJwksUri(OAuth2Util.OAuthURL.getOAuth2JWKSPageUrl(tenantDomain));
            List oIDCScopes = OAuth2Util.getOIDCScopes(tenantDomain);
            oIDProviderConfigResponse.setScopesSupported((String[]) oIDCScopes.toArray(new String[oIDCScopes.size()]));
            try {
                List externalClaims = OIDCDiscoveryDataHolder.getInstance().getClaimManagementService().getExternalClaims(OIDC_CLAIM_DIALECT, tenantDomain);
                String[] strArr = new String[externalClaims.size() + 2];
                int i = 0;
                while (i < externalClaims.size()) {
                    strArr[i] = ((ExternalClaim) externalClaims.get(i)).getClaimURI();
                    i++;
                }
                strArr[i] = "iss";
                strArr[i + 1] = "acr";
                oIDProviderConfigResponse.setClaimsSupported(strArr);
                try {
                    oIDProviderConfigResponse.setIdTokenSigningAlgValuesSupported(new String[]{OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm(OAuthServerConfiguration.getInstance().getIdTokenSignatureAlgorithm()).getName()});
                    Set supportedResponseTypeNames = OAuthServerConfiguration.getInstance().getSupportedResponseTypeNames();
                    oIDProviderConfigResponse.setResponseTypesSupported((String[]) supportedResponseTypeNames.toArray(new String[supportedResponseTypeNames.size()]));
                    oIDProviderConfigResponse.setSubjectTypesSupported(new String[]{"public", "pairwise"});
                    oIDProviderConfigResponse.setCheckSessionIframe(OAuth2Util.buildServiceUrl("oidc/checksession", IdentityUtil.getProperty("OAuth.OIDCCheckSessionEPUrl")));
                    oIDProviderConfigResponse.setEndSessionEndpoint(OAuth2Util.buildServiceUrl("oidc/logout", IdentityUtil.getProperty("OAuth.OIDCLogoutEPUrl")));
                    try {
                        oIDProviderConfigResponse.setUserinfoSigningAlgValuesSupported(new String[]{OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm(OAuthServerConfiguration.getInstance().getUserInfoJWTSignatureAlgorithm()).getName()});
                        oIDProviderConfigResponse.setTokenEndpointAuthMethodsSupported(OAuth2Util.getSupportedClientAuthMethods());
                        oIDProviderConfigResponse.setGrantTypesSupported((String[]) OAuth2Util.getSupportedGrantTypes().stream().toArray(i2 -> {
                            return new String[i2];
                        }));
                        oIDProviderConfigResponse.setRequestParameterSupported(Boolean.valueOf(OAuth2Util.isRequestParameterSupported()));
                        oIDProviderConfigResponse.setClaimsParameterSupported(Boolean.valueOf(OAuth2Util.isClaimsParameterSupported()));
                        oIDProviderConfigResponse.setRequestObjectSigningAlgValuesSupported((String[]) OAuth2Util.getRequestObjectSigningAlgValuesSupported().stream().toArray(i3 -> {
                            return new String[i3];
                        }));
                        oIDProviderConfigResponse.setBackchannelLogoutSupported(Boolean.TRUE);
                        oIDProviderConfigResponse.setBackchannelLogoutSessionSupported(Boolean.TRUE);
                        if (OAuth2Util.getSupportedGrantTypes().contains("urn:ietf:params:oauth:grant-type:device_code")) {
                            oIDProviderConfigResponse.setDeviceAuthorizationEndpoint(OAuth2Util.OAuthURL.getDeviceAuthzEPUrl());
                        }
                        oIDProviderConfigResponse.setTokenEndpointAuthSigningAlgValuesSupported((String[]) OAuthServerConfiguration.getInstance().getSupportedTokenEndpointSigningAlgorithms().toArray(new String[0]));
                        oIDProviderConfigResponse.setWebFingerEndpoint(OAuth2Util.OAuthURL.getOidcWebFingerEPUrl());
                        oIDProviderConfigResponse.setTlsClientCertificateBoundAccessTokens(Boolean.valueOf(OAuth2Util.getSupportedTokenBindingTypes().contains("certificate")));
                        return oIDProviderConfigResponse;
                    } catch (IdentityOAuth2Exception e2) {
                        throw new ServerConfigurationException("Unsupported signature algorithm configured.", e2);
                    }
                } catch (IdentityOAuth2Exception e3) {
                    throw new ServerConfigurationException("Unsupported signature algorithm configured.", e3);
                }
            } catch (ClaimMetadataException e4) {
                throw new ServerConfigurationException("Error while retrieving OIDC claim dialect", e4);
            }
        } catch (URISyntaxException e5) {
            throw new ServerConfigurationException("Error while building tenant specific url", e5);
        }
    }
}
