package org.eclipse.jetty.security.openid;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.http.HttpClientTransportOverHTTP;
import org.eclipse.jetty.io.ClientConnector;
import org.eclipse.jetty.util.ajax.JSON;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/jetty/security/openid/OpenIdConfiguration.class */
public class OpenIdConfiguration extends ContainerLifeCycle {
    private static final Logger LOG = LoggerFactory.getLogger(OpenIdConfiguration.class);
    private static final String CONFIG_PATH = "/.well-known/openid-configuration";
    private final HttpClient httpClient;
    private final String issuer;
    private final String clientId;
    private final String clientSecret;
    private final List<String> scopes;
    private String authEndpoint;
    private String tokenEndpoint;

    public OpenIdConfiguration(String str, String str2, String str3) {
        this(str, null, null, str2, str3, null);
    }

    public OpenIdConfiguration(String str, String str2, String str3, String str4, String str5, HttpClient httpClient) {
        this.scopes = new ArrayList();
        this.issuer = str;
        this.clientId = str4;
        this.clientSecret = str5;
        this.authEndpoint = str2;
        this.tokenEndpoint = str3;
        this.httpClient = httpClient != null ? httpClient : newHttpClient();
        if (this.issuer == null) {
            throw new IllegalArgumentException("Issuer was not configured");
        }
        addBean(this.httpClient);
    }

    protected void doStart() throws Exception {
        super.doStart();
        if (this.authEndpoint == null || this.tokenEndpoint == null) {
            Map<String, Object> fetchOpenIdConnectMetadata = fetchOpenIdConnectMetadata(this.issuer, this.httpClient);
            this.authEndpoint = (String) fetchOpenIdConnectMetadata.get("authorization_endpoint");
            if (this.authEndpoint == null) {
                throw new IllegalArgumentException("authorization_endpoint");
            }
            this.tokenEndpoint = (String) fetchOpenIdConnectMetadata.get("token_endpoint");
            if (this.tokenEndpoint == null) {
                throw new IllegalArgumentException("token_endpoint");
            }
            if (Objects.equals(fetchOpenIdConnectMetadata.get("issuer"), this.issuer)) {
                return;
            }
            LOG.warn("The issuer in the metadata is not correct.");
        }
    }

    private static HttpClient newHttpClient() {
        ClientConnector clientConnector = new ClientConnector();
        clientConnector.setSslContextFactory(new SslContextFactory.Client(false));
        return new HttpClient(new HttpClientTransportOverHTTP(clientConnector));
    }

    private static Map<String, Object> fetchOpenIdConnectMetadata(String str, HttpClient httpClient) {
        try {
            if (str.endsWith("/")) {
                str = str.substring(0, str.length() - 1);
            }
            String contentAsString = httpClient.GET(str + "/.well-known/openid-configuration").getContentAsString();
            Object fromJSON = new JSON().fromJSON(contentAsString);
            if (!(fromJSON instanceof Map)) {
                LOG.warn("OpenID provider did not return a proper JSON object response. Result was '{}'", contentAsString);
                throw new IllegalStateException("Could not parse OpenID provider's malformed response");
            }
            Map<String, Object> map = (Map) ((Map) fromJSON).entrySet().stream().collect(Collectors.toMap(entry -> {
                return entry.getKey().toString();
            }, (v0) -> {
                return v0.getValue();
            }));
            LOG.debug("discovery document {}", map);
            return map;
        } catch (Exception e) {
            throw new IllegalArgumentException("invalid identity provider", e);
        }
    }

    public HttpClient getHttpClient() {
        return this.httpClient;
    }

    public String getAuthEndpoint() {
        return this.authEndpoint;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    public void addScopes(String... strArr) {
        if (strArr != null) {
            Collections.addAll(this.scopes, strArr);
        }
    }

    public List<String> getScopes() {
        return this.scopes;
    }
}
