package org.apache.nifi.web.security.oidc.registration;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.oidc.OidcConfigurationException;
import org.apache.nifi.web.security.oidc.OidcUrlPath;
import org.apache.nifi.web.security.oidc.client.web.OidcRegistrationProperty;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/apache/nifi/web/security/oidc/registration/StandardClientRegistrationProvider.class */
public class StandardClientRegistrationProvider implements ClientRegistrationProvider {
    private static final String REGISTRATION_REDIRECT_URI = String.format("{baseUrl}%s", OidcUrlPath.CALLBACK.getPath());
    private static final Set<String> STANDARD_SCOPES = Collections.unmodifiableSet(new LinkedHashSet(Arrays.asList("openid", "email")));
    private final NiFiProperties properties;
    private final RestOperations restOperations;

    public StandardClientRegistrationProvider(NiFiProperties niFiProperties, RestOperations restOperations) {
        this.properties = (NiFiProperties) Objects.requireNonNull(niFiProperties, "Properties required");
        this.restOperations = (RestOperations) Objects.requireNonNull(restOperations, "REST Operations required");
    }

    @Override // org.apache.nifi.web.security.oidc.registration.ClientRegistrationProvider
    public ClientRegistration getClientRegistration() {
        String oidcClientId = this.properties.getOidcClientId();
        String oidcClientSecret = this.properties.getOidcClientSecret();
        OIDCProviderMetadata providerMetadata = getProviderMetadata();
        ClientAuthenticationMethod clientAuthenticationMethod = getClientAuthenticationMethod(providerMetadata.getTokenEndpointAuthMethods());
        String value = providerMetadata.getIssuer().getValue();
        String aSCIIString = providerMetadata.getTokenEndpointURI().toASCIIString();
        LinkedHashMap linkedHashMap = new LinkedHashMap((Map) providerMetadata.toJSONObject());
        String aSCIIString2 = providerMetadata.getAuthorizationEndpointURI().toASCIIString();
        String aSCIIString3 = providerMetadata.getJWKSetURI().toASCIIString();
        String aSCIIString4 = providerMetadata.getUserInfoEndpointURI().toASCIIString();
        LinkedHashSet linkedHashSet = new LinkedHashSet(STANDARD_SCOPES);
        linkedHashSet.addAll(this.properties.getOidcAdditionalScopes());
        return ClientRegistration.withRegistrationId(OidcRegistrationProperty.REGISTRATION_ID.getProperty()).clientId(oidcClientId).clientSecret(oidcClientSecret).clientName(value).issuerUri(value).tokenUri(aSCIIString).authorizationUri(aSCIIString2).jwkSetUri(aSCIIString3).userInfoUri(aSCIIString4).providerConfigurationMetadata(linkedHashMap).redirectUri(REGISTRATION_REDIRECT_URI).scope(linkedHashSet).userNameAttributeName(this.properties.getOidcClaimIdentifyingUser()).clientAuthenticationMethod(clientAuthenticationMethod).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).build();
    }

    private OIDCProviderMetadata getProviderMetadata() {
        String oidcDiscoveryUrl = this.properties.getOidcDiscoveryUrl();
        try {
            try {
                return OIDCProviderMetadata.parse((String) this.restOperations.getForObject(oidcDiscoveryUrl, String.class, new Object[0]));
            } catch (ParseException e) {
                throw new OidcConfigurationException("OpenID Connect Metadata parsing failed", e);
            }
        } catch (RuntimeException e2) {
            throw new OidcConfigurationException(String.format("OpenID Connect Metadata URL [%s] retrieval failed", oidcDiscoveryUrl), e2);
        }
    }

    private ClientAuthenticationMethod getClientAuthenticationMethod(List<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod> list) {
        return (list == null || list.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)) ? ClientAuthenticationMethod.CLIENT_SECRET_BASIC : list.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_POST) ? ClientAuthenticationMethod.CLIENT_SECRET_POST : list.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.NONE) ? ClientAuthenticationMethod.NONE : ClientAuthenticationMethod.CLIENT_SECRET_BASIC;
    }
}
