package org.springframework.security.oauth2.client.registration;

import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.net.URI;
import java.util.Collections;
import java.util.List;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/springframework/security/oauth2/client/registration/ClientRegistrations.class */
public final class ClientRegistrations {
    public static ClientRegistration.Builder fromOidcIssuerLocation(String str) {
        OIDCProviderMetadata parse = parse(getOpenidConfiguration(str));
        String value = parse.getIssuer().getValue();
        if (!str.equals(value)) {
            throw new IllegalStateException("The Issuer \"" + value + "\" provided in the OpenID Configuration did not match the requested issuer \"" + str + "\"");
        }
        String host = URI.create(str).getHost();
        ClientAuthenticationMethod clientAuthenticationMethod = getClientAuthenticationMethod(str, parse.getTokenEndpointAuthMethods());
        List grantTypes = parse.getGrantTypes();
        if (grantTypes != null && !grantTypes.contains(GrantType.AUTHORIZATION_CODE)) {
            throw new IllegalArgumentException("Only AuthorizationGrantType.AUTHORIZATION_CODE is supported. The issuer \"" + str + "\" returned a configuration of " + grantTypes);
        }
        return ClientRegistration.withRegistrationId(host).userNameAttributeName("sub").scope(getScopes(parse)).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientAuthenticationMethod(clientAuthenticationMethod).redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}").authorizationUri(parse.getAuthorizationEndpointURI().toASCIIString()).jwkSetUri(parse.getJWKSetURI().toASCIIString()).userInfoUri(parse.getUserInfoEndpointURI().toASCIIString()).tokenUri(parse.getTokenEndpointURI().toASCIIString()).clientName(str);
    }

    private static String getOpenidConfiguration(String str) {
        try {
            return (String) new RestTemplate().getForObject(str + "/.well-known/openid-configuration", String.class, new Object[0]);
        } catch (RuntimeException e) {
            throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of \"" + str + "\"", e);
        }
    }

    private static ClientAuthenticationMethod getClientAuthenticationMethod(String str, List<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod> list) {
        if (list == null || list.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)) {
            return ClientAuthenticationMethod.BASIC;
        }
        if (list.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_POST)) {
            return ClientAuthenticationMethod.POST;
        }
        throw new IllegalArgumentException("Only ClientAuthenticationMethod.BASIC and ClientAuthenticationMethod.POST are supported. The issuer \"" + str + "\" returned a configuration of " + list);
    }

    private static List<String> getScopes(OIDCProviderMetadata oIDCProviderMetadata) {
        Scope scopes = oIDCProviderMetadata.getScopes();
        return scopes == null ? Collections.singletonList("openid") : scopes.toStringList();
    }

    private static OIDCProviderMetadata parse(String str) {
        try {
            return OIDCProviderMetadata.parse(str);
        } catch (ParseException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private ClientRegistrations() {
    }
}
