package org.gluu.oxd.server.op;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.inject.Injector;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.UUID;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.gluu.oxauth.client.RegisterClient;
import org.gluu.oxauth.client.RegisterRequest;
import org.gluu.oxauth.client.RegisterResponse;
import org.gluu.oxauth.model.authorize.AuthorizeResponseParam;
import org.gluu.oxauth.model.common.AuthenticationMethod;
import org.gluu.oxauth.model.common.GrantType;
import org.gluu.oxauth.model.common.SubjectType;
import org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm;
import org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm;
import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.gluu.oxauth.model.register.ApplicationType;
import org.gluu.oxd.common.Command;
import org.gluu.oxd.common.ErrorResponseCode;
import org.gluu.oxd.common.params.RegisterSiteParams;
import org.gluu.oxd.common.response.IOpResponse;
import org.gluu.oxd.common.response.RegisterSiteResponse;
import org.gluu.oxd.server.HttpException;
import org.gluu.oxd.server.Utils;
import org.gluu.oxd.server.mapper.RegisterRequestMapper;
import org.gluu.oxd.server.service.Rp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/oxd/server/op/RegisterSiteOperation.class */
public class RegisterSiteOperation extends BaseOperation<RegisterSiteParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RegisterSiteOperation.class);
    private Rp rp;

    /* JADX INFO: Access modifiers changed from: protected */
    public RegisterSiteOperation(Command command, Injector injector) {
        super(command, injector, RegisterSiteParams.class);
    }

    public RegisterSiteResponse execute_(RegisterSiteParams registerSiteParams) {
        validateParametersAndFallbackIfNeeded(registerSiteParams);
        String uuid = UUID.randomUUID().toString();
        LOG.info("Creating RP ...");
        persistRp(uuid, registerSiteParams);
        LOG.info("RP created: " + this.rp);
        RegisterSiteResponse registerSiteResponse = new RegisterSiteResponse();
        registerSiteResponse.setOxdId(uuid);
        registerSiteResponse.setOpHost(this.rp.getOpHost());
        registerSiteResponse.setClientId(this.rp.getClientId());
        registerSiteResponse.setClientName(this.rp.getClientName());
        registerSiteResponse.setClientSecret(this.rp.getClientSecret());
        registerSiteResponse.setClientRegistrationAccessToken(this.rp.getClientRegistrationAccessToken());
        registerSiteResponse.setClientRegistrationClientUri(this.rp.getClientRegistrationClientUri());
        registerSiteResponse.setClientIdIssuedAt(Utils.date(this.rp.getClientIdIssuedAt()));
        registerSiteResponse.setClientSecretExpiresAt(Utils.date(this.rp.getClientSecretExpiresAt()));
        return registerSiteResponse;
    }

    @Override // org.gluu.oxd.server.op.IOperation
    public IOpResponse execute(RegisterSiteParams registerSiteParams) {
        try {
            return execute_(registerSiteParams);
        } catch (HttpException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), (Throwable) e2);
            throw HttpException.internalError();
        }
    }

    private void validateParametersAndFallbackIfNeeded(RegisterSiteParams registerSiteParams) {
        if (StringUtils.isNotBlank(registerSiteParams.getClientId()) && StringUtils.isBlank(registerSiteParams.getClientSecret())) {
            throw new HttpException(ErrorResponseCode.INVALID_CLIENT_SECRET_REQUIRED);
        }
        if (StringUtils.isNotBlank(registerSiteParams.getClientSecret()) && StringUtils.isBlank(registerSiteParams.getClientId())) {
            throw new HttpException(ErrorResponseCode.INVALID_CLIENT_ID_REQUIRED);
        }
        Rp defaultRp = getConfigurationService().defaultRp();
        LOG.info("Either 'op_configuration_endpoint' or 'op_host' should be set. oxd will now check which of these parameter is available.");
        if (StringUtils.isBlank(registerSiteParams.getOpConfigurationEndpoint())) {
            LOG.warn("'op_configuration_endpoint' is not set for parameter: " + registerSiteParams + ". Look up at configuration file for fallback of 'op_configuration_endpoint'.");
            String opConfigurationEndpoint = defaultRp.getOpConfigurationEndpoint();
            if (StringUtils.isNotBlank(opConfigurationEndpoint)) {
                LOG.warn("Fallback to op_configuration_endpoint: " + opConfigurationEndpoint + ", from configuration file.");
                registerSiteParams.setOpConfigurationEndpoint(opConfigurationEndpoint);
            }
        }
        if (Strings.isNullOrEmpty(registerSiteParams.getOpHost()) && Strings.isNullOrEmpty(registerSiteParams.getOpConfigurationEndpoint())) {
            LOG.error("Either 'op_configuration_endpoint' or 'op_host' should be set. Parameter: " + registerSiteParams);
            throw new HttpException(ErrorResponseCode.INVALID_OP_HOST_AND_CONFIGURATION_ENDPOINT);
        }
        ArrayList newArrayList = Lists.newArrayList();
        if (registerSiteParams.getGrantTypes() != null && !registerSiteParams.getGrantTypes().isEmpty()) {
            newArrayList.addAll(registerSiteParams.getGrantTypes());
        }
        if (newArrayList.isEmpty() && defaultRp.getGrantType() != null && !defaultRp.getGrantType().isEmpty()) {
            newArrayList.addAll(defaultRp.getGrantType());
        }
        if (!newArrayList.contains(GrantType.CLIENT_CREDENTIALS.getValue()) && getConfigurationService().getConfiguration().getAddClientCredentialsGrantTypeAutomaticallyDuringClientRegistration().booleanValue()) {
            newArrayList.add(GrantType.CLIENT_CREDENTIALS.getValue());
        }
        registerSiteParams.setGrantTypes(newArrayList);
        if (registerSiteParams.getPostLogoutRedirectUris() != null && registerSiteParams.getPostLogoutRedirectUris().isEmpty() && defaultRp.getPostLogoutRedirectUris() != null && !defaultRp.getPostLogoutRedirectUris().isEmpty()) {
            registerSiteParams.setPostLogoutRedirectUris(defaultRp.getPostLogoutRedirectUris());
        }
        ArrayList newArrayList2 = Lists.newArrayList();
        if (registerSiteParams.getResponseTypes() != null && !registerSiteParams.getResponseTypes().isEmpty()) {
            newArrayList2.addAll(registerSiteParams.getResponseTypes());
        }
        if (newArrayList2.isEmpty() && defaultRp.getResponseTypes() != null && !defaultRp.getResponseTypes().isEmpty()) {
            newArrayList2.addAll(defaultRp.getResponseTypes());
        }
        if (newArrayList2.isEmpty()) {
            newArrayList2.add(AuthorizeResponseParam.CODE);
        }
        registerSiteParams.setResponseTypes(newArrayList2);
        if (registerSiteParams.getRedirectUris() == null || registerSiteParams.getRedirectUris().isEmpty()) {
            registerSiteParams.setRedirectUris(defaultRp.getRedirectUris());
        }
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        if (registerSiteParams.getRedirectUris() == null || registerSiteParams.getRedirectUris().isEmpty() || !registerSiteParams.getRedirectUris().stream().allMatch(str -> {
            return Utils.isValidUrl(str);
        })) {
            throw new HttpException(ErrorResponseCode.INVALID_REDIRECT_URI);
        }
        newLinkedHashSet.addAll(registerSiteParams.getRedirectUris());
        Boolean uma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient = getConfigurationService().getConfiguration().getUma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient();
        if (uma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient != null && uma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient.booleanValue() && !newLinkedHashSet.isEmpty()) {
            if (((String) newLinkedHashSet.iterator().next()).contains(getDiscoveryService().getConnectDiscoveryResponse(registerSiteParams.getOpConfigurationEndpoint(), registerSiteParams.getOpHost(), registerSiteParams.getOpDiscoveryPath()).getIssuer())) {
                String str2 = getDiscoveryService().getUmaDiscovery(registerSiteParams.getOpConfigurationEndpoint(), registerSiteParams.getOpHost(), registerSiteParams.getOpDiscoveryPath()).getClaimsInteractionEndpoint() + "?authentication=true";
                LOG.trace("Register claims interaction endpoint as redirect_uri: " + str2);
                newLinkedHashSet.add(str2);
            } else {
                LOG.trace("Skip auto registration of claims interaction endpoint as redirect_uri because OP host for different uri's is different which will not pass AS redirect_uri's validation (same host must be present).");
            }
        }
        registerSiteParams.setRedirectUris(Lists.newArrayList(newLinkedHashSet));
        if ((registerSiteParams.getClaimsRedirectUri() == null || registerSiteParams.getClaimsRedirectUri().isEmpty()) && defaultRp.getClaimsRedirectUri() != null && !defaultRp.getClaimsRedirectUri().isEmpty()) {
            registerSiteParams.setClaimsRedirectUri(defaultRp.getClaimsRedirectUri());
        }
        HashSet newHashSet = Sets.newHashSet();
        if (registerSiteParams.getClaimsRedirectUri() != null && !registerSiteParams.getClaimsRedirectUri().isEmpty()) {
            newHashSet.addAll(registerSiteParams.getClaimsRedirectUri());
        }
        registerSiteParams.setClaimsRedirectUri(Lists.newArrayList(newHashSet));
        if (registerSiteParams.getScope() == null || registerSiteParams.getScope().isEmpty()) {
            registerSiteParams.setScope(defaultRp.getScope());
        }
        if (registerSiteParams.getScope() == null || registerSiteParams.getScope().isEmpty()) {
            throw new HttpException(ErrorResponseCode.INVALID_SCOPE);
        }
        if (registerSiteParams.getAcrValues() == null || registerSiteParams.getAcrValues().isEmpty()) {
            registerSiteParams.setAcrValues(defaultRp.getAcrValues());
        }
        if (Strings.isNullOrEmpty(registerSiteParams.getClientJwksUri()) && !Strings.isNullOrEmpty(defaultRp.getClientJwksUri())) {
            registerSiteParams.setClientJwksUri(defaultRp.getClientJwksUri());
        }
        if (registerSiteParams.getContacts() == null || registerSiteParams.getContacts().isEmpty()) {
            registerSiteParams.setContacts(defaultRp.getContacts());
        }
        if (registerSiteParams.getUiLocales() == null || registerSiteParams.getUiLocales().isEmpty()) {
            registerSiteParams.setUiLocales(defaultRp.getUiLocales());
        }
        if ((registerSiteParams.getClaimsLocales() == null || registerSiteParams.getClaimsLocales().isEmpty()) && defaultRp.getClaimsLocales() != null && !defaultRp.getClaimsLocales().isEmpty()) {
            registerSiteParams.setClaimsLocales(defaultRp.getClaimsLocales());
        }
        if (StringUtils.isBlank(registerSiteParams.getClientName()) && StringUtils.isNotBlank(defaultRp.getClientName())) {
            registerSiteParams.setClientName(defaultRp.getClientName());
        }
        if (StringUtils.isBlank(registerSiteParams.getClientJwksUri()) && StringUtils.isNotBlank(defaultRp.getClientJwksUri())) {
            registerSiteParams.setClientJwksUri(defaultRp.getClientJwksUri());
        }
        if (StringUtils.isBlank(registerSiteParams.getClientTokenEndpointAuthMethod()) && StringUtils.isNotBlank(defaultRp.getTokenEndpointAuthMethod())) {
            registerSiteParams.setClientTokenEndpointAuthMethod(defaultRp.getTokenEndpointAuthMethod());
        }
        if (StringUtils.isBlank(registerSiteParams.getClientTokenEndpointAuthSigningAlg()) && StringUtils.isNotBlank(defaultRp.getTokenEndpointAuthSigningAlg())) {
            registerSiteParams.setClientTokenEndpointAuthSigningAlg(defaultRp.getTokenEndpointAuthSigningAlg());
        }
        if ((registerSiteParams.getClientRequestUris() == null || registerSiteParams.getClientRequestUris().isEmpty()) && defaultRp.getRequestUris() != null && !defaultRp.getRequestUris().isEmpty()) {
            registerSiteParams.setClientRequestUris(defaultRp.getRequestUris());
        }
        if ((registerSiteParams.getClientFrontchannelLogoutUris() == null || registerSiteParams.getClientFrontchannelLogoutUris().isEmpty()) && defaultRp.getFrontChannelLogoutUris() != null && !defaultRp.getFrontChannelLogoutUris().isEmpty()) {
            registerSiteParams.setClientFrontchannelLogoutUris(defaultRp.getFrontChannelLogoutUris());
        }
        if (StringUtils.isBlank(registerSiteParams.getClientSectorIdentifierUri()) && StringUtils.isNotBlank(defaultRp.getSectorIdentifierUri())) {
            registerSiteParams.setClientSectorIdentifierUri(defaultRp.getSectorIdentifierUri());
        }
        if (StringUtils.isBlank(registerSiteParams.getClientId()) && StringUtils.isNotBlank(defaultRp.getClientId())) {
            registerSiteParams.setClientId(defaultRp.getClientId());
        }
        if (StringUtils.isBlank(registerSiteParams.getClientSecret()) && StringUtils.isNotBlank(defaultRp.getClientSecret())) {
            registerSiteParams.setClientSecret(defaultRp.getClientSecret());
        }
        if (StringUtils.isBlank(registerSiteParams.getAccessTokenSigningAlg()) && StringUtils.isNotBlank(defaultRp.getAccessTokenSigningAlg())) {
            registerSiteParams.setAccessTokenSigningAlg(defaultRp.getAccessTokenSigningAlg());
        }
        if (StringUtils.isBlank(registerSiteParams.getLogoUri()) && StringUtils.isNotBlank(defaultRp.getLogoUri())) {
            registerSiteParams.setLogoUri(defaultRp.getLogoUri());
        }
        if (StringUtils.isBlank(registerSiteParams.getClientUri()) && StringUtils.isNotBlank(defaultRp.getClientUri())) {
            registerSiteParams.setClientUri(defaultRp.getClientUri());
        }
        if (StringUtils.isBlank(registerSiteParams.getPolicyUri()) && StringUtils.isNotBlank(defaultRp.getPolicyUri())) {
            registerSiteParams.setPolicyUri(defaultRp.getPolicyUri());
        }
        if (StringUtils.isBlank(registerSiteParams.getTosUri()) && StringUtils.isNotBlank(defaultRp.getTosUri())) {
            registerSiteParams.setTosUri(defaultRp.getTosUri());
        }
        if (StringUtils.isBlank(registerSiteParams.getJwks()) && StringUtils.isNotBlank(defaultRp.getJwks())) {
            registerSiteParams.setJwks(defaultRp.getJwks());
        }
        if (StringUtils.isBlank(registerSiteParams.getIdTokenBindingCnf()) && StringUtils.isNotBlank(defaultRp.getIdTokenBindingCnf())) {
            registerSiteParams.setIdTokenBindingCnf(defaultRp.getIdTokenBindingCnf());
        }
        if (StringUtils.isBlank(registerSiteParams.getTlsClientAuthSubjectDn()) && StringUtils.isNotBlank(defaultRp.getTlsClientAuthSubjectDn())) {
            registerSiteParams.setTlsClientAuthSubjectDn(defaultRp.getTlsClientAuthSubjectDn());
        }
        if (StringUtils.isBlank(registerSiteParams.getIdTokenSignedResponseAlg()) && StringUtils.isNotBlank(defaultRp.getIdTokenSignedResponseAlg())) {
            registerSiteParams.setIdTokenSignedResponseAlg(defaultRp.getIdTokenSignedResponseAlg());
        }
        if (StringUtils.isBlank(registerSiteParams.getIdTokenEncryptedResponseAlg()) && StringUtils.isNotBlank(defaultRp.getIdTokenEncryptedResponseAlg())) {
            registerSiteParams.setIdTokenEncryptedResponseAlg(defaultRp.getIdTokenEncryptedResponseAlg());
        }
        if (StringUtils.isBlank(registerSiteParams.getIdTokenEncryptedResponseEnc()) && StringUtils.isNotBlank(defaultRp.getIdTokenEncryptedResponseEnc())) {
            registerSiteParams.setIdTokenEncryptedResponseEnc(defaultRp.getIdTokenEncryptedResponseEnc());
        }
        if (StringUtils.isBlank(registerSiteParams.getUserInfoSignedResponseAlg()) && StringUtils.isNotBlank(defaultRp.getUserInfoSignedResponseAlg())) {
            registerSiteParams.setUserInfoSignedResponseAlg(defaultRp.getUserInfoSignedResponseAlg());
        }
        if (StringUtils.isBlank(registerSiteParams.getUserInfoEncryptedResponseAlg()) && StringUtils.isNotBlank(defaultRp.getUserInfoEncryptedResponseAlg())) {
            registerSiteParams.setUserInfoEncryptedResponseAlg(defaultRp.getUserInfoEncryptedResponseAlg());
        }
        if (StringUtils.isBlank(registerSiteParams.getUserInfoEncryptedResponseEnc()) && StringUtils.isNotBlank(defaultRp.getUserInfoEncryptedResponseEnc())) {
            registerSiteParams.setUserInfoEncryptedResponseEnc(defaultRp.getUserInfoEncryptedResponseEnc());
        }
        if (StringUtils.isBlank(registerSiteParams.getRequestObjectSigningAlg()) && StringUtils.isNotBlank(defaultRp.getRequestObjectSigningAlg())) {
            registerSiteParams.setRequestObjectSigningAlg(defaultRp.getRequestObjectSigningAlg());
        }
        if (StringUtils.isBlank(registerSiteParams.getRequestObjectEncryptionAlg()) && StringUtils.isNotBlank(defaultRp.getRequestObjectEncryptionAlg())) {
            registerSiteParams.setRequestObjectEncryptionAlg(defaultRp.getRequestObjectEncryptionAlg());
        }
        if (StringUtils.isBlank(registerSiteParams.getRequestObjectEncryptionEnc()) && StringUtils.isNotBlank(defaultRp.getRequestObjectEncryptionEnc())) {
            registerSiteParams.setRequestObjectEncryptionEnc(defaultRp.getRequestObjectEncryptionEnc());
        }
        if (registerSiteParams.getDefaultMaxAge() == null && defaultRp.getDefaultMaxAge() != null) {
            registerSiteParams.setDefaultMaxAge(defaultRp.getDefaultMaxAge());
        }
        if (StringUtils.isBlank(registerSiteParams.getInitiateLoginUri()) && StringUtils.isNotBlank(defaultRp.getInitiateLoginUri())) {
            registerSiteParams.setInitiateLoginUri(defaultRp.getInitiateLoginUri());
        }
        if ((registerSiteParams.getAuthorizedOrigins() == null || registerSiteParams.getAuthorizedOrigins().isEmpty()) && defaultRp.getAuthorizedOrigins() != null && !defaultRp.getAuthorizedOrigins().isEmpty()) {
            registerSiteParams.setAuthorizedOrigins(defaultRp.getAuthorizedOrigins());
        }
        if (registerSiteParams.getAccessTokenLifetime() == null && defaultRp.getAccessTokenLifetime() != null) {
            registerSiteParams.setAccessTokenLifetime(defaultRp.getAccessTokenLifetime());
        }
        if (StringUtils.isBlank(registerSiteParams.getSoftwareId()) && StringUtils.isNotBlank(defaultRp.getSoftwareId())) {
            registerSiteParams.setSoftwareId(defaultRp.getSoftwareId());
        }
        if (StringUtils.isBlank(registerSiteParams.getSoftwareVersion()) && StringUtils.isNotBlank(defaultRp.getSoftwareVersion())) {
            registerSiteParams.setSoftwareVersion(defaultRp.getSoftwareVersion());
        }
        if (StringUtils.isBlank(registerSiteParams.getSoftwareStatement()) && StringUtils.isNotBlank(defaultRp.getSoftwareStatement())) {
            registerSiteParams.setSoftwareStatement(defaultRp.getSoftwareStatement());
        }
        if ((registerSiteParams.getCustomAttributes() == null || registerSiteParams.getCustomAttributes().isEmpty()) && defaultRp.getCustomAttributes() != null && !defaultRp.getCustomAttributes().isEmpty()) {
            registerSiteParams.setCustomAttributes(defaultRp.getCustomAttributes());
        }
        if (registerSiteParams.getAccessTokenAsJwt() == null) {
            registerSiteParams.setAccessTokenAsJwt(defaultRp.getAccessTokenAsJwt());
        }
        if (registerSiteParams.getRptAsJwt() == null) {
            registerSiteParams.setRptAsJwt(defaultRp.getRptAsJwt());
        }
        if (registerSiteParams.getFrontChannelLogoutSessionRequired() == null) {
            registerSiteParams.setFrontChannelLogoutSessionRequired(defaultRp.getFrontChannelLogoutSessionRequired());
        }
        if (registerSiteParams.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() == null) {
            registerSiteParams.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(defaultRp.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
        }
        if (registerSiteParams.getRequireAuthTime() == null) {
            registerSiteParams.setRequireAuthTime(defaultRp.getRequireAuthTime());
        }
    }

    private void persistRp(String str, RegisterSiteParams registerSiteParams) {
        try {
            RegisterRequest createRegisterClientRequest = createRegisterClientRequest(registerSiteParams, str);
            this.rp = createRp(createRegisterClientRequest);
            this.rp.setOxdId(str);
            this.rp.setApplicationType("web");
            this.rp.setOpHost(getDiscoveryService().getConnectDiscoveryResponse(registerSiteParams.getOpConfigurationEndpoint(), registerSiteParams.getOpHost(), registerSiteParams.getOpDiscoveryPath()).getIssuer());
            this.rp.setOpDiscoveryPath(registerSiteParams.getOpDiscoveryPath());
            this.rp.setOpConfigurationEndpoint(registerSiteParams.getOpConfigurationEndpoint());
            this.rp.setUiLocales(registerSiteParams.getUiLocales());
            this.rp.setSyncClientFromOp(registerSiteParams.getSyncClientFromOp());
            this.rp.setSyncClientPeriodInSeconds(Integer.valueOf(registerSiteParams.getSyncClientPeriodInSeconds()));
            if (!hasClient(registerSiteParams)) {
                RegisterResponse registerClient = registerClient(registerSiteParams, createRegisterClientRequest);
                this.rp.setClientId(registerClient.getClientId());
                this.rp.setClientSecret(registerClient.getClientSecret());
                this.rp.setClientRegistrationAccessToken(registerClient.getRegistrationAccessToken());
                this.rp.setClientRegistrationClientUri(registerClient.getRegistrationClientUri());
                this.rp.setClientIdIssuedAt(registerClient.getClientIdIssuedAt());
                this.rp.setClientSecretExpiresAt(registerClient.getClientSecretExpiresAt());
            }
            getRpService().create(this.rp);
        } catch (HttpException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error("Failed to persist site configuration, params: " + registerSiteParams, (Throwable) e2);
            throw new RuntimeException(e2);
        }
    }

    private boolean hasClient(RegisterSiteParams registerSiteParams) {
        return (Strings.isNullOrEmpty(registerSiteParams.getClientId()) || Strings.isNullOrEmpty(registerSiteParams.getClientSecret())) ? false : true;
    }

    private RegisterResponse registerClient(RegisterSiteParams registerSiteParams, RegisterRequest registerRequest) {
        String opHost = Strings.isNullOrEmpty(registerSiteParams.getOpConfigurationEndpoint()) ? registerSiteParams.getOpHost() : registerSiteParams.getOpConfigurationEndpoint();
        Preconditions.checkState(!Strings.isNullOrEmpty(opHost), "Both op_configuration_endpoint and op_host contains blank value. Please specify valid OP public address.");
        String registrationEndpoint = getDiscoveryService().getConnectDiscoveryResponse(registerSiteParams.getOpConfigurationEndpoint(), registerSiteParams.getOpHost(), registerSiteParams.getOpDiscoveryPath()).getRegistrationEndpoint();
        if (Strings.isNullOrEmpty(registrationEndpoint)) {
            LOG.error("This OP (" + opHost + ") does not provide registration_endpoint. It means that oxd is not able dynamically register client. Therefore it is required to obtain/register client manually on OP site and provide client_id and client_secret to oxd register_site command.");
            throw new HttpException(ErrorResponseCode.NO_REGISTRATION_ENDPOINT);
        }
        RegisterClient createRegisterClient = getOpClientFactory().createRegisterClient(registrationEndpoint);
        createRegisterClient.setRequest(registerRequest);
        createRegisterClient.setExecutor(getHttpService().getClientExecutor());
        RegisterResponse exec = createRegisterClient.exec();
        if (exec == null) {
            LOG.error("RegisterClient response is null.");
        } else {
            if (!Strings.isNullOrEmpty(exec.getClientId()) && !Strings.isNullOrEmpty(exec.getClientSecret())) {
                LOG.trace("Registered client for site - client_id: " + exec.getClientId() + ", claims: " + exec.getClaims() + ", registration_client_uri:" + exec.getRegistrationClientUri());
                return exec;
            }
            LOG.error("ClientId: " + exec.getClientId() + ", clientSecret: " + exec.getClientSecret());
            if (Strings.isNullOrEmpty(exec.getClientId())) {
                LOG.error("`client_id` is not returned from OP host. Please check OP log file for error (oxauth.log).");
                throw new HttpException(ErrorResponseCode.NO_CLIENT_ID_RETURNED);
            }
            if (Strings.isNullOrEmpty(exec.getClientSecret())) {
                LOG.error("`client_secret` is not returned from OP host. Please check: 1) OP log file for error (oxauth.log) 2) whether `returnClientSecretOnRead` configuration property is set to true on OP host.");
                throw new HttpException(ErrorResponseCode.NO_CLIENT_SECRET_RETURNED);
            }
        }
        if (exec != null && !Strings.isNullOrEmpty(exec.getErrorDescription())) {
            LOG.error(exec.getErrorDescription());
        }
        throw new RuntimeException("Failed to register client for site. Details: " + (exec != null ? exec.getEntity() : "response is null"));
    }

    private RegisterRequest createRegisterClientRequest(RegisterSiteParams registerSiteParams, String str) {
        AuthenticationMethod fromString;
        String str2 = "oxd client for rp: " + str;
        if (!Strings.isNullOrEmpty(registerSiteParams.getClientName())) {
            str2 = registerSiteParams.getClientName();
        }
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, str2, registerSiteParams.getRedirectUris());
        registerRequest.setResponseTypes_(registerSiteParams.getResponseTypes());
        registerRequest.setJwksUri(registerSiteParams.getClientJwksUri());
        registerRequest.setClaimsRedirectUris(registerSiteParams.getClaimsRedirectUri() != null ? registerSiteParams.getClaimsRedirectUri() : new ArrayList<>());
        registerRequest.setPostLogoutRedirectUris(registerSiteParams.getPostLogoutRedirectUris() != null ? registerSiteParams.getPostLogoutRedirectUris() : Lists.newArrayList());
        registerRequest.setContacts(registerSiteParams.getContacts());
        registerRequest.setScope(registerSiteParams.getScope());
        registerRequest.setDefaultAcrValues(registerSiteParams.getAcrValues());
        if (StringUtils.isNotBlank(registerSiteParams.getClientTokenEndpointAuthSigningAlg())) {
            SignatureAlgorithm fromString2 = SignatureAlgorithm.fromString(registerSiteParams.getClientTokenEndpointAuthSigningAlg());
            if (fromString2 == null) {
                LOG.error("Received invalid algorithm in `client_token_endpoint_auth_signing_alg` property. Value: " + registerSiteParams.getClientTokenEndpointAuthSigningAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            registerRequest.setTokenEndpointAuthSigningAlg(fromString2);
        }
        if (StringUtils.isNotBlank(str)) {
            registerRequest.addCustomAttribute("oxd_id", str);
        }
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<String> it = registerSiteParams.getGrantTypes().iterator();
        while (it.hasNext()) {
            newArrayList.add(GrantType.fromString(it.next()));
        }
        registerRequest.setGrantTypes(newArrayList);
        if (registerSiteParams.getClientFrontchannelLogoutUris() != null) {
            registerRequest.setFrontChannelLogoutUris(Lists.newArrayList(registerSiteParams.getClientFrontchannelLogoutUris()));
        }
        if (StringUtils.isNotBlank(registerSiteParams.getClientTokenEndpointAuthMethod()) && (fromString = AuthenticationMethod.fromString(registerSiteParams.getClientTokenEndpointAuthMethod())) != null) {
            registerRequest.setTokenEndpointAuthMethod(fromString);
        }
        if (registerSiteParams.getClientRequestUris() != null && !registerSiteParams.getClientRequestUris().isEmpty()) {
            registerRequest.setRequestUris(registerSiteParams.getClientRequestUris());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getClientSectorIdentifierUri())) {
            registerRequest.setSectorIdentifierUri(registerSiteParams.getClientSectorIdentifierUri());
        }
        registerRequest.setAccessTokenAsJwt(registerSiteParams.getAccessTokenAsJwt());
        registerRequest.setAccessTokenSigningAlg(SignatureAlgorithm.fromString(registerSiteParams.getAccessTokenSigningAlg()));
        registerRequest.setRptAsJwt(registerSiteParams.getRptAsJwt());
        if (!Strings.isNullOrEmpty(registerSiteParams.getLogoUri())) {
            registerRequest.setLogoUri(registerSiteParams.getLogoUri());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getClientUri())) {
            registerRequest.setClientUri(registerSiteParams.getClientUri());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getPolicyUri())) {
            registerRequest.setPolicyUri(registerSiteParams.getPolicyUri());
        }
        if (registerSiteParams.getFrontChannelLogoutSessionRequired() != null) {
            registerRequest.setFrontChannelLogoutSessionRequired(registerSiteParams.getFrontChannelLogoutSessionRequired());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getTosUri())) {
            registerRequest.setTosUri(registerSiteParams.getTosUri());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getJwks())) {
            registerRequest.setJwks(registerSiteParams.getJwks());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getIdTokenBindingCnf())) {
            registerRequest.setIdTokenTokenBindingCnf(registerSiteParams.getIdTokenBindingCnf());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getTlsClientAuthSubjectDn())) {
            registerRequest.setTlsClientAuthSubjectDn(registerSiteParams.getTlsClientAuthSubjectDn());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getSubjectType())) {
            SubjectType fromString3 = SubjectType.fromString(registerSiteParams.getSubjectType());
            if (fromString3 == null) {
                LOG.error("Received invalid values in `subject_type` property. Value: " + registerSiteParams.getSubjectType());
                throw new HttpException(ErrorResponseCode.INVALID_SUBJECT_TYPE);
            }
            registerRequest.setSubjectType(fromString3);
        }
        if (registerSiteParams.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() != null) {
            registerRequest.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(registerSiteParams.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getIdTokenSignedResponseAlg())) {
            SignatureAlgorithm fromString4 = SignatureAlgorithm.fromString(registerSiteParams.getIdTokenSignedResponseAlg());
            if (fromString4 == null) {
                LOG.error("Received invalid algorithm in `id_token_signed_response_alg` property. Value: " + registerSiteParams.getIdTokenSignedResponseAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            if (fromString4 == SignatureAlgorithm.NONE && !getConfigurationService().getConfiguration().getAcceptIdTokenWithoutSignature().booleanValue()) {
                LOG.error("`ID_TOKEN` without signature is not allowed. To allow `ID_TOKEN` without signature set `accept_id_token_without_signature` field to 'true' in oxd-server.yml.");
                throw new HttpException(ErrorResponseCode.ID_TOKEN_WITHOUT_SIGNATURE_NOT_ALLOWED);
            }
            registerRequest.setIdTokenSignedResponseAlg(fromString4);
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getIdTokenEncryptedResponseAlg())) {
            KeyEncryptionAlgorithm fromName = KeyEncryptionAlgorithm.fromName(registerSiteParams.getIdTokenEncryptedResponseAlg());
            if (fromName == null) {
                LOG.error("Received invalid algorithm in `id_token_encrypted_response_alg` property. Value: " + registerSiteParams.getIdTokenEncryptedResponseAlg());
                throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
            }
            registerRequest.setIdTokenEncryptedResponseAlg(fromName);
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getIdTokenEncryptedResponseEnc())) {
            BlockEncryptionAlgorithm fromName2 = BlockEncryptionAlgorithm.fromName(registerSiteParams.getIdTokenEncryptedResponseEnc());
            if (fromName2 == null) {
                LOG.error("Received invalid algorithm in `id_token_encrypted_response_enc` property. Value: " + registerSiteParams.getIdTokenEncryptedResponseEnc());
                throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
            }
            registerRequest.setIdTokenEncryptedResponseEnc(fromName2);
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getUserInfoSignedResponseAlg())) {
            SignatureAlgorithm fromString5 = SignatureAlgorithm.fromString(registerSiteParams.getUserInfoSignedResponseAlg());
            if (fromString5 == null) {
                LOG.error("Received invalid algorithm in `user_info_signed_response_alg` property. Value: " + registerSiteParams.getUserInfoSignedResponseAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            registerRequest.setUserInfoSignedResponseAlg(fromString5);
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getUserInfoEncryptedResponseAlg())) {
            KeyEncryptionAlgorithm fromName3 = KeyEncryptionAlgorithm.fromName(registerSiteParams.getUserInfoEncryptedResponseAlg());
            if (fromName3 == null) {
                LOG.error("Received invalid algorithm in `user_info_encrypted_response_alg` property. Value: " + registerSiteParams.getUserInfoEncryptedResponseAlg());
                throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
            }
            registerRequest.setUserInfoEncryptedResponseAlg(fromName3);
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getUserInfoEncryptedResponseEnc())) {
            BlockEncryptionAlgorithm fromName4 = BlockEncryptionAlgorithm.fromName(registerSiteParams.getUserInfoEncryptedResponseEnc());
            if (fromName4 == null) {
                LOG.error("Received invalid algorithm in `user_info_encrypted_response_enc` property. Value: " + registerSiteParams.getUserInfoEncryptedResponseEnc());
                throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
            }
            registerRequest.setUserInfoEncryptedResponseEnc(fromName4);
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getRequestObjectSigningAlg())) {
            SignatureAlgorithm fromString6 = SignatureAlgorithm.fromString(registerSiteParams.getRequestObjectSigningAlg());
            if (fromString6 == null) {
                LOG.error("Received invalid algorithm in `request_object_signing_alg` property. Value: " + registerSiteParams.getRequestObjectSigningAlg());
                throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
            }
            registerRequest.setRequestObjectSigningAlg(fromString6);
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getRequestObjectEncryptionAlg())) {
            KeyEncryptionAlgorithm fromName5 = KeyEncryptionAlgorithm.fromName(registerSiteParams.getRequestObjectEncryptionAlg());
            if (fromName5 == null) {
                LOG.error("Received invalid algorithm in `request_object_encryption_alg` property. Value: " + registerSiteParams.getRequestObjectEncryptionAlg());
                throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
            }
            registerRequest.setRequestObjectEncryptionAlg(fromName5);
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getRequestObjectEncryptionEnc())) {
            BlockEncryptionAlgorithm fromName6 = BlockEncryptionAlgorithm.fromName(registerSiteParams.getRequestObjectEncryptionEnc());
            if (fromName6 == null) {
                LOG.error("Received invalid algorithm in `request_object_encryption_enc` property. Value: " + registerSiteParams.getRequestObjectEncryptionEnc());
                throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
            }
            registerRequest.setRequestObjectEncryptionEnc(fromName6);
        }
        if (registerSiteParams.getDefaultMaxAge() != null && NumberUtils.isNumber(registerSiteParams.getDefaultMaxAge().toString())) {
            registerRequest.setDefaultMaxAge(registerSiteParams.getDefaultMaxAge());
        }
        if (registerSiteParams.getRequireAuthTime() != null) {
            registerRequest.setRequireAuthTime(registerSiteParams.getRequireAuthTime());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getInitiateLoginUri())) {
            registerRequest.setInitiateLoginUri(registerSiteParams.getInitiateLoginUri());
        }
        if (registerSiteParams.getAuthorizedOrigins() != null && !registerSiteParams.getAuthorizedOrigins().isEmpty()) {
            registerRequest.setAuthorizedOrigins(registerSiteParams.getAuthorizedOrigins());
        }
        if (registerSiteParams.getAccessTokenLifetime() != null && NumberUtils.isNumber(registerSiteParams.getAccessTokenLifetime().toString())) {
            registerRequest.setAccessTokenLifetime(registerSiteParams.getAccessTokenLifetime());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getSoftwareId())) {
            registerRequest.setSoftwareId(registerSiteParams.getSoftwareId());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getSoftwareVersion())) {
            registerRequest.setSoftwareVersion(registerSiteParams.getSoftwareVersion());
        }
        if (!Strings.isNullOrEmpty(registerSiteParams.getSoftwareStatement())) {
            registerRequest.setSoftwareStatement(registerSiteParams.getSoftwareStatement());
        }
        if (registerSiteParams.getAllowSpontaneousScopes() != null) {
            registerRequest.setAllowSpontaneousScopes(registerSiteParams.getAllowSpontaneousScopes());
        }
        if (CollectionUtils.isNotEmpty(registerSiteParams.getSpontaneousScopes())) {
            registerRequest.setSpontaneousScopes(registerSiteParams.getSpontaneousScopes());
        }
        if (registerSiteParams.getCustomAttributes() != null && !registerSiteParams.getCustomAttributes().isEmpty()) {
            registerSiteParams.getCustomAttributes().entrySet().removeIf(entry -> {
                return ((String) entry.getKey()).contains("oxAuthTrustedClient");
            });
            registerSiteParams.getCustomAttributes().entrySet().stream().forEach(entry2 -> {
                registerRequest.addCustomAttribute((String) entry2.getKey(), (String) entry2.getValue());
            });
        }
        return registerRequest;
    }

    private Rp createRp(RegisterRequest registerRequest) {
        Rp rp = new Rp();
        RegisterRequestMapper.fillRp(rp, registerRequest);
        return rp;
    }
}
