package pl.edu.icm.unity.oauth.as.token;

import com.google.common.collect.Lists;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.ResponseMode;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod;
import com.nimbusds.openid.connect.sdk.OIDCResponseTypeValue;
import com.nimbusds.openid.connect.sdk.SubjectType;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.OAuthEndpointsCoordinator;

@Produces({"application/json"})
@Path("/.well-known")
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/DiscoveryResource.class */
public class DiscoveryResource extends BaseOAuthResource {
    private OAuthASProperties config;
    private OAuthEndpointsCoordinator coordinator;

    public DiscoveryResource(OAuthASProperties oAuthASProperties, OAuthEndpointsCoordinator oAuthEndpointsCoordinator) {
        this.config = oAuthASProperties;
        this.coordinator = oAuthEndpointsCoordinator;
    }

    @GET
    @Path("/openid-configuration")
    public Response getMetadata() {
        String value = this.config.getValue(OAuthASProperties.ISSUER_URI);
        ArrayList newArrayList = Lists.newArrayList(new SubjectType[]{SubjectType.PUBLIC});
        String baseAddress = this.config.getBaseAddress();
        try {
            URI uri = new URI(baseAddress + "/jwk");
            URI uri2 = new URI(baseAddress + "/token");
            URI uri3 = new URI(baseAddress + "/userinfo");
            URI uri4 = new URI(this.coordinator.getAuthzEndpoint(value));
            OIDCProviderMetadata oIDCProviderMetadata = new OIDCProviderMetadata(new Issuer(value), newArrayList, uri);
            oIDCProviderMetadata.setAuthorizationEndpointURI(uri4);
            oIDCProviderMetadata.setTokenEndpointURI(uri2);
            oIDCProviderMetadata.setUserInfoEndpointURI(uri3);
            oIDCProviderMetadata.setIntrospectionEndpointURI(new URI(baseAddress + "/introspect"));
            oIDCProviderMetadata.setRevocationEndpointURI(new URI(baseAddress + "/revoke"));
            oIDCProviderMetadata.setCodeChallengeMethods(Lists.newArrayList(new CodeChallengeMethod[]{CodeChallengeMethod.PLAIN, CodeChallengeMethod.S256}));
            Set structuredListKeys = this.config.getStructuredListKeys(OAuthASProperties.SCOPES);
            HashSet hashSet = new HashSet();
            Iterator it = structuredListKeys.iterator();
            while (it.hasNext()) {
                hashSet.add(this.config.getValue(((String) it.next()) + "name"));
            }
            oIDCProviderMetadata.setScopes(new Scope((String[]) hashSet.toArray(new String[hashSet.size()])));
            oIDCProviderMetadata.setResponseTypes(Lists.newArrayList(new ResponseType[]{new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE}), new ResponseType(new ResponseType.Value[]{ResponseType.Value.TOKEN}), new ResponseType(new ResponseType.Value[]{OIDCResponseTypeValue.ID_TOKEN}), new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE, OIDCResponseTypeValue.ID_TOKEN}), new ResponseType(new ResponseType.Value[]{ResponseType.Value.TOKEN, OIDCResponseTypeValue.ID_TOKEN}), new ResponseType(new ResponseType.Value[]{ResponseType.Value.TOKEN, ResponseType.Value.CODE}), new ResponseType(new ResponseType.Value[]{ResponseType.Value.TOKEN, ResponseType.Value.CODE, OIDCResponseTypeValue.ID_TOKEN})}));
            oIDCProviderMetadata.setResponseModes(Lists.newArrayList(new ResponseMode[]{ResponseMode.QUERY, ResponseMode.FRAGMENT}));
            oIDCProviderMetadata.setGrantTypes(Lists.newArrayList(new GrantType[]{GrantType.AUTHORIZATION_CODE, GrantType.IMPLICIT}));
            oIDCProviderMetadata.setIDTokenJWSAlgs(Lists.newArrayList(new JWSAlgorithm[]{JWSAlgorithm.RS256, JWSAlgorithm.ES256}));
            return toResponse(Response.ok(oIDCProviderMetadata.toJSONObject().toJSONString()));
        } catch (URISyntaxException e) {
            throw new InternalException("Can't encode URI", e);
        }
    }
}
