package pl.edu.icm.unity.oauth.as.token;

import java.util.Collections;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.engine.api.AttributesManagement;
import pl.edu.icm.unity.engine.api.EndpointManagement;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticationProcessor;
import pl.edu.icm.unity.engine.api.endpoint.EndpointFactory;
import pl.edu.icm.unity.engine.api.endpoint.EndpointInstance;
import pl.edu.icm.unity.engine.api.idp.IdPEngine;
import pl.edu.icm.unity.engine.api.server.AdvertisedAddressProvider;
import pl.edu.icm.unity.engine.api.server.NetworkServer;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.OAuthEndpointsCoordinator;
import pl.edu.icm.unity.oauth.as.OAuthRequestValidator;
import pl.edu.icm.unity.oauth.as.OAuthTokenRepository;
import pl.edu.icm.unity.oauth.as.token.exception.OAuthExceptionMapper;
import pl.edu.icm.unity.rest.RESTEndpoint;
import pl.edu.icm.unity.rest.authn.ext.HttpBasicRetrievalBase;
import pl.edu.icm.unity.store.api.tx.TransactionalRunner;
import pl.edu.icm.unity.types.endpoint.EndpointTypeDescription;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/OAuthTokenEndpoint.class */
public class OAuthTokenEndpoint extends RESTEndpoint {
    public static final String NAME = "OAuth2Token";
    public static final String PATH = "";
    public static final EndpointTypeDescription TYPE = new EndpointTypeDescription(NAME, "A RESTful endpoint exposing OAuth and OIDC related, client-focused endpoints.", "jaxrs2", Collections.singletonMap(PATH, "The OAuth base path"), getEndpointFeatures());
    public static final String TOKEN_PATH = "/token";
    public static final String USER_INFO_PATH = "/userinfo";
    public static final String JWK_PATH = "/jwk";
    public static final String TOKEN_INFO_PATH = "/tokeninfo";
    public static final String TOKEN_INTROSPECTION_PATH = "/introspect";
    public static final String TOKEN_REVOCATION_PATH = "/revoke";
    private TokensManagement tokensManagement;
    private PKIManagement pkiManagement;
    private OAuthASProperties config;
    private OAuthEndpointsCoordinator coordinator;
    private TransactionalRunner tx;
    private IdPEngine insecureIdPEngine;
    private final ApplicationEventPublisher eventPublisher;
    private AttributesManagement attributesMan;
    private EntityManagement identitiesMan;
    private OAuthTokenRepository oauthTokenRepository;
    private final EndpointManagement endpointMan;

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/OAuthTokenEndpoint$Factory.class */
    public static class Factory implements EndpointFactory {

        @Autowired
        private ObjectFactory<OAuthTokenEndpoint> factory;

        public EndpointTypeDescription getDescription() {
            return OAuthTokenEndpoint.TYPE;
        }

        public EndpointInstance newInstance() {
            return (EndpointInstance) this.factory.getObject();
        }
    }

    @ApplicationPath("/")
    /* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/OAuthTokenEndpoint$OAuthTokenJAXRSApp.class */
    public class OAuthTokenJAXRSApp extends Application {
        public OAuthTokenJAXRSApp() {
        }

        public Set<Object> getSingletons() {
            HashSet hashSet = new HashSet();
            hashSet.add(new AccessTokenResource(OAuthTokenEndpoint.this.tokensManagement, OAuthTokenEndpoint.this.oauthTokenRepository, OAuthTokenEndpoint.this.config, new OAuthRequestValidator(OAuthTokenEndpoint.this.config, OAuthTokenEndpoint.this.identitiesMan, OAuthTokenEndpoint.this.attributesMan), OAuthTokenEndpoint.this.insecureIdPEngine, OAuthTokenEndpoint.this.identitiesMan, OAuthTokenEndpoint.this.tx, OAuthTokenEndpoint.this.eventPublisher, OAuthTokenEndpoint.this.msg, OAuthTokenEndpoint.this.endpointMan, OAuthTokenEndpoint.this.description));
            hashSet.add(new DiscoveryResource(OAuthTokenEndpoint.this.config, OAuthTokenEndpoint.this.coordinator));
            hashSet.add(new KeysResource(OAuthTokenEndpoint.this.config));
            hashSet.add(new TokenInfoResource(OAuthTokenEndpoint.this.oauthTokenRepository));
            hashSet.add(new TokenIntrospectionResource(OAuthTokenEndpoint.this.tokensManagement, OAuthTokenEndpoint.this.oauthTokenRepository));
            hashSet.add(new UserInfoResource(OAuthTokenEndpoint.this.oauthTokenRepository));
            hashSet.add(new RevocationResource(OAuthTokenEndpoint.this.tokensManagement, OAuthTokenEndpoint.this.oauthTokenRepository, OAuthTokenEndpoint.this.sessionMan, OAuthTokenEndpoint.this.getEndpointDescription().getRealm(), OAuthTokenEndpoint.this.config.getBooleanValue(OAuthASProperties.ALLOW_UNAUTHENTICATED_REVOCATION).booleanValue()));
            OAuthExceptionMapper.installExceptionHandlers(hashSet);
            return hashSet;
        }
    }

    @Autowired
    public OAuthTokenEndpoint(MessageSource messageSource, SessionManagement sessionManagement, NetworkServer networkServer, TokensManagement tokensManagement, PKIManagement pKIManagement, OAuthEndpointsCoordinator oAuthEndpointsCoordinator, AuthenticationProcessor authenticationProcessor, EntityManagement entityManagement, @Qualifier("insecure") AttributesManagement attributesManagement, TransactionalRunner transactionalRunner, @Qualifier("insecure") IdPEngine idPEngine, OAuthTokenRepository oAuthTokenRepository, AdvertisedAddressProvider advertisedAddressProvider, ApplicationEventPublisher applicationEventPublisher, @Qualifier("insecure") EndpointManagement endpointManagement) {
        super(messageSource, sessionManagement, authenticationProcessor, networkServer, advertisedAddressProvider, PATH, entityManagement);
        this.tokensManagement = tokensManagement;
        this.pkiManagement = pKIManagement;
        this.coordinator = oAuthEndpointsCoordinator;
        this.identitiesMan = entityManagement;
        this.attributesMan = attributesManagement;
        this.tx = transactionalRunner;
        this.insecureIdPEngine = idPEngine;
        this.oauthTokenRepository = oAuthTokenRepository;
        this.eventPublisher = applicationEventPublisher;
        this.endpointMan = endpointManagement;
    }

    protected void setSerializedConfiguration(String str) {
        super.setSerializedConfiguration(str);
        this.config = new OAuthASProperties(this.properties, this.pkiManagement, getServletUrl(PATH));
        this.coordinator.registerTokenEndpoint(this.config.getValue(OAuthASProperties.ISSUER_URI), getServletUrl(PATH));
        addNotProtectedPaths(new String[]{JWK_PATH, "/.well-known/openid-configuration", TOKEN_INFO_PATH, USER_INFO_PATH});
        addOptionallyAuthenticatedPaths(new String[]{TOKEN_REVOCATION_PATH, TOKEN_PATH});
    }

    protected Application getApplication() {
        return new OAuthTokenJAXRSApp();
    }

    private static Properties getEndpointFeatures() {
        Properties properties = new Properties();
        properties.setProperty(HttpBasicRetrievalBase.FEATURE_HTTP_BASIC_URLENCODED, "true");
        return properties;
    }
}
