package org.cloudfoundry.identity.uaa.provider.oauth;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.cloudfoundry.identity.uaa.cache.UrlContentCache;
import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.util.RestTemplateFactory;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/provider/oauth/XOAuthProviderConfigurator.class */
public class XOAuthProviderConfigurator implements IdentityProviderProvisioning {
    private final IdentityProviderProvisioning providerProvisioning;
    private final UrlContentCache contentCache;
    private final RestTemplateFactory restTemplateFactory;

    public XOAuthProviderConfigurator(IdentityProviderProvisioning identityProviderProvisioning, UrlContentCache urlContentCache, RestTemplateFactory restTemplateFactory) {
        this.providerProvisioning = identityProviderProvisioning;
        this.contentCache = urlContentCache;
        this.restTemplateFactory = restTemplateFactory;
    }

    protected OIDCIdentityProviderDefinition overlay(OIDCIdentityProviderDefinition oIDCIdentityProviderDefinition) {
        if (oIDCIdentityProviderDefinition.getDiscoveryUrl() == null) {
            return oIDCIdentityProviderDefinition;
        }
        Map map = (Map) JsonUtils.readValue(this.contentCache.getUrlContent(oIDCIdentityProviderDefinition.getDiscoveryUrl().toString(), this.restTemplateFactory.getRestTemplate(oIDCIdentityProviderDefinition.isSkipSslValidation())), new TypeReference<Map<String, Object>>() { // from class: org.cloudfoundry.identity.uaa.provider.oauth.XOAuthProviderConfigurator.1
        });
        try {
            OIDCIdentityProviderDefinition oIDCIdentityProviderDefinition2 = (OIDCIdentityProviderDefinition) oIDCIdentityProviderDefinition.clone();
            URL url = new URL((String) map.get("authorization_endpoint"));
            URL url2 = new URL((String) map.get("userinfo_endpoint"));
            URL url3 = new URL((String) map.get("token_endpoint"));
            URL url4 = new URL((String) map.get("jwks_uri"));
            String str = (String) map.get("issuer");
            oIDCIdentityProviderDefinition2.setAuthUrl((URL) Optional.ofNullable(oIDCIdentityProviderDefinition2.getAuthUrl()).orElse(url));
            oIDCIdentityProviderDefinition2.setUserInfoUrl((URL) Optional.ofNullable(oIDCIdentityProviderDefinition2.getUserInfoUrl()).orElse(url2));
            oIDCIdentityProviderDefinition2.setTokenUrl((URL) Optional.ofNullable(oIDCIdentityProviderDefinition2.getTokenUrl()).orElse(url3));
            oIDCIdentityProviderDefinition2.setIssuer((String) Optional.ofNullable(oIDCIdentityProviderDefinition2.getIssuer()).orElse(str));
            oIDCIdentityProviderDefinition2.setTokenKeyUrl((URL) Optional.ofNullable(oIDCIdentityProviderDefinition2.getTokenKeyUrl()).orElse(url4));
            return oIDCIdentityProviderDefinition2;
        } catch (CloneNotSupportedException e) {
            throw new IllegalStateException(e);
        } catch (MalformedURLException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public String getCompleteAuthorizationURI(String str, String str2, AbstractXOAuthIdentityProviderDefinition abstractXOAuthIdentityProviderDefinition) {
        try {
            String url = abstractXOAuthIdentityProviderDefinition.getAuthUrl().toString();
            String str3 = url.contains("?") ? "&" : "?";
            ArrayList arrayList = new ArrayList();
            arrayList.add("client_id=" + abstractXOAuthIdentityProviderDefinition.getRelyingPartyId());
            arrayList.add("response_type=" + URLEncoder.encode(abstractXOAuthIdentityProviderDefinition.getResponseType(), "UTF-8"));
            arrayList.add("redirect_uri=" + URLEncoder.encode(str2 + "/login/callback/" + str, "UTF-8"));
            if (abstractXOAuthIdentityProviderDefinition.getScopes() != null && !abstractXOAuthIdentityProviderDefinition.getScopes().isEmpty()) {
                arrayList.add("scope=" + URLEncoder.encode(String.join(" ", abstractXOAuthIdentityProviderDefinition.getScopes()), "UTF-8"));
            }
            if (OIDCIdentityProviderDefinition.class.equals(abstractXOAuthIdentityProviderDefinition.getParameterizedClass())) {
                arrayList.add("nonce=" + new RandomValueStringGenerator(12).generate());
            }
            return url + str3 + String.join("&", arrayList);
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning
    public IdentityProvider create(IdentityProvider identityProvider) {
        return this.providerProvisioning.create(identityProvider);
    }

    @Override // org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning
    public IdentityProvider update(IdentityProvider identityProvider) {
        return this.providerProvisioning.update(identityProvider);
    }

    @Override // org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning
    public IdentityProvider retrieve(String str) {
        IdentityProvider retrieve = this.providerProvisioning.retrieve(str);
        if (retrieve != null && retrieve.getType().equals("oidc1.0")) {
            retrieve.setConfig(overlay((OIDCIdentityProviderDefinition) retrieve.getConfig()));
        }
        return retrieve;
    }

    @Override // org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning
    public List<IdentityProvider> retrieveActive(String str) {
        return retrieveAll(true, str);
    }

    @Override // org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning
    public List<IdentityProvider> retrieveAll(boolean z, String str) {
        List asList = Arrays.asList("oauth2.0", "oidc1.0");
        return (List) ((List) Optional.ofNullable(this.providerProvisioning.retrieveAll(z, str)).orElse(Collections.emptyList())).stream().filter(identityProvider -> {
            return asList.contains(identityProvider.getType());
        }).map(identityProvider2 -> {
            if (identityProvider2.getType().equals("oidc1.0")) {
                identityProvider2.setConfig(overlay((OIDCIdentityProviderDefinition) identityProvider2.getConfig()));
            }
            return identityProvider2;
        }).collect(Collectors.toList());
    }

    @Override // org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning
    public IdentityProvider retrieveByOrigin(String str, String str2) {
        IdentityProvider retrieveByOrigin = this.providerProvisioning.retrieveByOrigin(str, str2);
        if (retrieveByOrigin != null && retrieveByOrigin.getType().equals("oidc1.0")) {
            retrieveByOrigin.setConfig(overlay((OIDCIdentityProviderDefinition) retrieveByOrigin.getConfig()));
        }
        return retrieveByOrigin;
    }
}
