package org.gluu.oxauth.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.gluu.oxauth.ciba.CIBAConfigurationService;
import org.gluu.oxauth.model.common.GrantType;
import org.gluu.oxauth.model.common.ResponseMode;
import org.gluu.oxauth.model.common.ScopeType;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.util.StringUtils;
import org.gluu.oxauth.service.AttributeService;
import org.gluu.oxauth.service.LocalResponseCache;
import org.gluu.oxauth.service.ScopeService;
import org.gluu.oxauth.service.external.ExternalAuthenticationService;
import org.gluu.oxauth.service.external.ExternalDynamicScopeService;
import org.gluu.oxauth.util.ServerUtil;
import org.json.JSONArray;
import org.json.JSONObject;
import org.oxauth.persistence.model.Scope;
import org.oxauth.persistence.model.ScopeAttributes;
import org.slf4j.Logger;

@WebServlet(urlPatterns = {"/.well-known/openid-configuration"}, loadOnStartup = 10)
/* loaded from: input_file:org/gluu/oxauth/servlet/OpenIdConfiguration.class */
public class OpenIdConfiguration extends HttpServlet {
    private static final long serialVersionUID = -8224898157373678903L;

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private AttributeService attributeService;

    @Inject
    private ScopeService scopeService;

    @Inject
    private ExternalAuthenticationService externalAuthenticationService;

    @Inject
    private ExternalDynamicScopeService externalDynamicScopeService;

    @Inject
    private CIBAConfigurationService cibaConfigurationService;

    @Inject
    private LocalResponseCache localResponseCache;

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!this.externalAuthenticationService.isLoaded() || !this.externalDynamicScopeService.isLoaded()) {
            httpServletResponse.sendError(503);
            this.log.error("oxAuth still starting up!");
            return;
        }
        httpServletResponse.setContentType("application/json");
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            Throwable th = null;
            try {
                JSONObject discoveryResponse = this.localResponseCache.getDiscoveryResponse();
                if (discoveryResponse != null) {
                    this.log.trace("Cached discovery response returned.");
                    writer.println(ServerUtil.toPrettyJson(discoveryResponse).replace("\\/", "/"));
                    if (writer != null) {
                        if (0 == 0) {
                            writer.close();
                            return;
                        }
                        try {
                            writer.close();
                            return;
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                            return;
                        }
                    }
                    return;
                }
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("issuer", this.appConfiguration.getIssuer());
                jSONObject.put("authorization_endpoint", this.appConfiguration.getAuthorizationEndpoint());
                jSONObject.put("token_endpoint", this.appConfiguration.getTokenEndpoint());
                jSONObject.put("token_revocation_endpoint", this.appConfiguration.getTokenRevocationEndpoint());
                jSONObject.put("revocation_endpoint", this.appConfiguration.getTokenRevocationEndpoint());
                jSONObject.put("session_revocation_endpoint", endpointUrl("/revoke_session"));
                jSONObject.put("userinfo_endpoint", this.appConfiguration.getUserInfoEndpoint());
                jSONObject.put("clientinfo_endpoint", this.appConfiguration.getClientInfoEndpoint());
                jSONObject.put("check_session_iframe", this.appConfiguration.getCheckSessionIFrame());
                jSONObject.put("end_session_endpoint", this.appConfiguration.getEndSessionEndpoint());
                jSONObject.put("jwks_uri", this.appConfiguration.getJwksUri());
                jSONObject.put("registration_endpoint", this.appConfiguration.getRegistrationEndpoint());
                jSONObject.put("id_generation_endpoint", this.appConfiguration.getIdGenerationEndpoint());
                jSONObject.put("introspection_endpoint", this.appConfiguration.getIntrospectionEndpoint());
                jSONObject.put("device_authorization_endpoint", this.appConfiguration.getDeviceAuthzEndpoint());
                JSONArray jSONArray = new JSONArray();
                Iterator it = this.appConfiguration.getResponseTypesSupported().iterator();
                while (it.hasNext()) {
                    jSONArray.put(StringUtils.implode((Set) it.next(), " "));
                }
                if (jSONArray.length() > 0) {
                    jSONObject.put("response_types_supported", jSONArray);
                }
                JSONArray jSONArray2 = new JSONArray();
                if (this.appConfiguration.getResponseModesSupported() != null) {
                    Iterator it2 = this.appConfiguration.getResponseModesSupported().iterator();
                    while (it2.hasNext()) {
                        jSONArray2.put((ResponseMode) it2.next());
                    }
                }
                if (jSONArray2.length() > 0) {
                    jSONObject.put("response_modes_supported", jSONArray2);
                }
                JSONArray jSONArray3 = new JSONArray();
                Iterator it3 = this.appConfiguration.getGrantTypesSupported().iterator();
                while (it3.hasNext()) {
                    jSONArray3.put((GrantType) it3.next());
                }
                if (jSONArray3.length() > 0) {
                    jSONObject.put("grant_types_supported", jSONArray3);
                }
                JSONArray jSONArray4 = new JSONArray();
                Iterator<String> it4 = this.externalAuthenticationService.getAcrValuesList().iterator();
                while (it4.hasNext()) {
                    jSONArray4.put(it4.next());
                }
                jSONObject.put("acr_values_supported", jSONArray4);
                jSONObject.put("auth_level_mapping", createAuthLevelMapping());
                JSONArray jSONArray5 = new JSONArray();
                Iterator it5 = this.appConfiguration.getSubjectTypesSupported().iterator();
                while (it5.hasNext()) {
                    jSONArray5.put((String) it5.next());
                }
                if (jSONArray5.length() > 0) {
                    jSONObject.put("subject_types_supported", jSONArray5);
                }
                JSONArray jSONArray6 = new JSONArray();
                Iterator it6 = this.appConfiguration.getUserInfoSigningAlgValuesSupported().iterator();
                while (it6.hasNext()) {
                    jSONArray6.put((String) it6.next());
                }
                if (jSONArray6.length() > 0) {
                    jSONObject.put("userinfo_signing_alg_values_supported", jSONArray6);
                }
                JSONArray jSONArray7 = new JSONArray();
                Iterator it7 = this.appConfiguration.getUserInfoEncryptionAlgValuesSupported().iterator();
                while (it7.hasNext()) {
                    jSONArray7.put((String) it7.next());
                }
                if (jSONArray7.length() > 0) {
                    jSONObject.put("userinfo_encryption_alg_values_supported", jSONArray7);
                }
                JSONArray jSONArray8 = new JSONArray();
                Iterator it8 = this.appConfiguration.getUserInfoEncryptionEncValuesSupported().iterator();
                while (it8.hasNext()) {
                    jSONArray8.put((String) it8.next());
                }
                if (jSONArray7.length() > 0) {
                    jSONObject.put("userinfo_encryption_enc_values_supported", jSONArray7);
                }
                JSONArray jSONArray9 = new JSONArray();
                Iterator it9 = this.appConfiguration.getIdTokenSigningAlgValuesSupported().iterator();
                while (it9.hasNext()) {
                    jSONArray9.put((String) it9.next());
                }
                if (jSONArray9.length() > 0) {
                    jSONObject.put("id_token_signing_alg_values_supported", jSONArray9);
                }
                JSONArray jSONArray10 = new JSONArray();
                Iterator it10 = this.appConfiguration.getIdTokenEncryptionAlgValuesSupported().iterator();
                while (it10.hasNext()) {
                    jSONArray10.put((String) it10.next());
                }
                if (jSONArray10.length() > 0) {
                    jSONObject.put("id_token_encryption_alg_values_supported", jSONArray10);
                }
                JSONArray jSONArray11 = new JSONArray();
                Iterator it11 = this.appConfiguration.getIdTokenEncryptionEncValuesSupported().iterator();
                while (it11.hasNext()) {
                    jSONArray11.put((String) it11.next());
                }
                if (jSONArray11.length() > 0) {
                    jSONObject.put("id_token_encryption_enc_values_supported", jSONArray11);
                }
                JSONArray jSONArray12 = new JSONArray();
                Iterator it12 = this.appConfiguration.getRequestObjectSigningAlgValuesSupported().iterator();
                while (it12.hasNext()) {
                    jSONArray12.put((String) it12.next());
                }
                if (jSONArray12.length() > 0) {
                    jSONObject.put("request_object_signing_alg_values_supported", jSONArray12);
                }
                JSONArray jSONArray13 = new JSONArray();
                Iterator it13 = this.appConfiguration.getRequestObjectEncryptionAlgValuesSupported().iterator();
                while (it13.hasNext()) {
                    jSONArray13.put((String) it13.next());
                }
                if (jSONArray13.length() > 0) {
                    jSONObject.put("request_object_encryption_alg_values_supported", jSONArray13);
                }
                JSONArray jSONArray14 = new JSONArray();
                Iterator it14 = this.appConfiguration.getRequestObjectEncryptionEncValuesSupported().iterator();
                while (it14.hasNext()) {
                    jSONArray14.put((String) it14.next());
                }
                if (jSONArray14.length() > 0) {
                    jSONObject.put("request_object_encryption_enc_values_supported", jSONArray14);
                }
                JSONArray jSONArray15 = new JSONArray();
                Iterator it15 = this.appConfiguration.getTokenEndpointAuthMethodsSupported().iterator();
                while (it15.hasNext()) {
                    jSONArray15.put((String) it15.next());
                }
                if (jSONArray15.length() > 0) {
                    jSONObject.put("token_endpoint_auth_methods_supported", jSONArray15);
                }
                JSONArray jSONArray16 = new JSONArray();
                Iterator it16 = this.appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported().iterator();
                while (it16.hasNext()) {
                    jSONArray16.put((String) it16.next());
                }
                if (jSONArray16.length() > 0) {
                    jSONObject.put("token_endpoint_auth_signing_alg_values_supported", jSONArray16);
                }
                JSONArray jSONArray17 = new JSONArray();
                Iterator it17 = this.appConfiguration.getDisplayValuesSupported().iterator();
                while (it17.hasNext()) {
                    jSONArray17.put((String) it17.next());
                }
                if (jSONArray17.length() > 0) {
                    jSONObject.put("display_values_supported", jSONArray17);
                }
                JSONArray jSONArray18 = new JSONArray();
                Iterator it18 = this.appConfiguration.getClaimTypesSupported().iterator();
                while (it18.hasNext()) {
                    jSONArray18.put((String) it18.next());
                }
                if (jSONArray18.length() > 0) {
                    jSONObject.put("claim_types_supported", jSONArray18);
                }
                jSONObject.put("service_documentation", this.appConfiguration.getServiceDocumentation());
                JSONArray jSONArray19 = new JSONArray();
                Iterator it19 = this.appConfiguration.getIdTokenTokenBindingCnfValuesSupported().iterator();
                while (it19.hasNext()) {
                    jSONArray19.put((String) it19.next());
                }
                jSONObject.put("id_token_token_binding_cnf_values_supported", jSONArray19);
                JSONArray jSONArray20 = new JSONArray();
                Iterator it20 = this.appConfiguration.getClaimsLocalesSupported().iterator();
                while (it20.hasNext()) {
                    jSONArray20.put((String) it20.next());
                }
                if (jSONArray20.length() > 0) {
                    jSONObject.put("claims_locales_supported", jSONArray20);
                }
                JSONArray jSONArray21 = new JSONArray();
                Iterator it21 = this.appConfiguration.getUiLocalesSupported().iterator();
                while (it21.hasNext()) {
                    jSONArray21.put((String) it21.next());
                }
                if (jSONArray21.length() > 0) {
                    jSONObject.put("ui_locales_supported", jSONArray21);
                }
                JSONArray jSONArray22 = new JSONArray();
                JSONArray jSONArray23 = new JSONArray();
                JSONArray createScopeToClaimsMapping = createScopeToClaimsMapping(jSONArray22, jSONArray23);
                if (jSONArray22.length() > 0) {
                    jSONObject.put("scopes_supported", jSONArray22);
                }
                if (jSONArray23.length() > 0) {
                    jSONObject.put("claims_supported", jSONArray23);
                }
                jSONObject.put("scope_to_claims_mapping", createScopeToClaimsMapping);
                jSONObject.put("claims_parameter_supported", this.appConfiguration.getClaimsParameterSupported());
                jSONObject.put("request_parameter_supported", this.appConfiguration.getRequestParameterSupported());
                jSONObject.put("request_uri_parameter_supported", this.appConfiguration.getRequestUriParameterSupported());
                jSONObject.put("require_request_uri_registration", this.appConfiguration.getRequireRequestUriRegistration());
                jSONObject.put("op_policy_uri", this.appConfiguration.getOpPolicyUri());
                jSONObject.put("op_tos_uri", this.appConfiguration.getOpTosUri());
                jSONObject.put("tls_client_certificate_bound_access_tokens", Boolean.TRUE);
                jSONObject.put("backchannel_logout_supported", Boolean.TRUE);
                jSONObject.put("backchannel_logout_session_supported", Boolean.TRUE);
                jSONObject.put("frontchannel_logout_supported", Boolean.TRUE);
                jSONObject.put("frontchannel_logout_session_supported", Boolean.TRUE);
                jSONObject.put("frontchannel_logout_session_supported", this.appConfiguration.getFrontChannelLogoutSessionSupported());
                this.cibaConfigurationService.processConfiguration(jSONObject);
                this.localResponseCache.putDiscoveryResponse(jSONObject);
                writer.println(ServerUtil.toPrettyJson(jSONObject).replace("\\/", "/"));
                if (writer != null) {
                    if (0 != 0) {
                        try {
                            writer.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        writer.close();
                    }
                }
                return;
            } finally {
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
        this.log.error(e.getMessage(), e);
    }

    private String endpointUrl(String str) {
        return org.apache.commons.lang.StringUtils.replace(this.appConfiguration.getEndSessionEndpoint(), "/end_session", str);
    }

    @Deprecated
    private JSONArray createScopeToClaimsMapping(JSONArray jSONArray, JSONArray jSONArray2) {
        JSONArray jSONArray3 = new JSONArray();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        try {
            for (Scope scope : this.scopeService.getAllScopesList()) {
                if (scope.getScopeType() != ScopeType.SPONTANEOUS || !scope.isDeletable().booleanValue()) {
                    if (canShowInConfigEndpoint(scope.getAttributes())) {
                        JSONArray jSONArray4 = new JSONArray();
                        JSONObject jSONObject = new JSONObject();
                        jSONObject.put(scope.getId(), jSONArray4);
                        hashSet.add(scope.getId());
                        jSONArray3.put(jSONObject);
                        if (ScopeType.DYNAMIC.equals(scope.getScopeType())) {
                            for (String str : this.externalDynamicScopeService.executeExternalGetSupportedClaimsMethods(Arrays.asList(scope))) {
                                if (org.apache.commons.lang.StringUtils.isNotBlank(str)) {
                                    jSONArray4.put(str);
                                    hashSet2.add(str);
                                }
                            }
                        } else {
                            List oxAuthClaims = scope.getOxAuthClaims();
                            if (oxAuthClaims != null && !oxAuthClaims.isEmpty()) {
                                Iterator it = oxAuthClaims.iterator();
                                while (it.hasNext()) {
                                    String oxAuthClaimName = this.attributeService.getAttributeByDn((String) it.next()).getOxAuthClaimName();
                                    if (org.apache.commons.lang.StringUtils.isNotBlank(oxAuthClaimName)) {
                                        jSONArray4.put(oxAuthClaimName);
                                        hashSet2.add(oxAuthClaimName);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                jSONArray.put((String) it2.next());
            }
            Iterator it3 = hashSet2.iterator();
            while (it3.hasNext()) {
                jSONArray2.put((String) it3.next());
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
        return jSONArray3;
    }

    private boolean canShowInConfigEndpoint(ScopeAttributes scopeAttributes) {
        return scopeAttributes.isShowInConfigurationEndpoint();
    }

    @Deprecated
    private JSONObject createAuthLevelMapping() {
        JSONObject jSONObject = new JSONObject();
        try {
            Map<Integer, Set<String>> levelToAcrMapping = this.externalAuthenticationService.levelToAcrMapping();
            for (Integer num : levelToAcrMapping.keySet()) {
                jSONObject.put(num.toString(), (Collection) levelToAcrMapping.get(num));
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
        return jSONObject;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    public String getServletInfo() {
        return "OpenID Provider Configuration Information";
    }
}
