package org.apereo.portal.rest.oauth;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apereo.portal.security.IPerson;
import org.apereo.portal.security.IPersonManager;
import org.apereo.portal.security.oauth.IdTokenFactory;
import org.apereo.portal.services.PersonService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:org/apereo/portal/rest/oauth/OidcUserInfoController.class */
public class OidcUserInfoController {
    public static final String USERINFO_ENDPOINT_URI = "/v5-1/userinfo";
    public static final String USERINFO_CONTENT_TYPE = "application/jwt";
    public static final String TOKEN_ENDPOINT_URI = "/v5-5/oauth/token";

    @Autowired
    private IPersonManager personManager;

    @Autowired
    private IdTokenFactory idTokenFactory;

    @Autowired
    private PersonService personService;

    @Value("${org.apereo.portal.security.oauth.IdTokenFactory.timeoutSeconds:300}")
    private long timeoutSeconds;

    @Autowired(required = false)
    private List<OAuthClient> clientList = Collections.emptyList();
    private Map<String, OAuthClient> clientMap = Collections.emptyMap();
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @PostConstruct
    public void init() {
        this.clientMap = Collections.unmodifiableMap((Map) this.clientList.stream().collect(Collectors.toMap((v0) -> {
            return v0.getClientId();
        }, Function.identity())));
    }

    @RequestMapping(value = {USERINFO_ENDPOINT_URI}, produces = {USERINFO_CONTENT_TYPE}, method = {RequestMethod.GET, RequestMethod.POST})
    public String userInfo(HttpServletRequest httpServletRequest, @RequestParam(value = "claims", required = false) String str, @RequestParam(value = "groups", required = false) String str2) {
        return createToken(this.personManager.getPerson(httpServletRequest), str, str2);
    }

    @PostMapping(value = {TOKEN_ENDPOINT_URI}, produces = {"application/json"})
    public ResponseEntity oauthToken(@RequestParam("client_id") String str, @RequestParam("client_secret") String str2, @RequestParam(value = "grant_type", required = false, defaultValue = "client_credentials") String str3, @RequestParam(value = "scope", required = false, defaultValue = "/all") String str4, @RequestParam(value = "claims", required = false) String str5, @RequestParam(value = "groups", required = false) String str6) {
        this.logger.debug("Processing request for OAuth access token;  client_id='{}', client_secret='{}', grant_type='{}', scope='{}', claims='{}', groups='{}'", new Object[]{str, StringUtils.repeat("*", str2.length()), str3, str4, str5, str6});
        OAuthClient oAuthClient = this.clientMap.get(str);
        if (oAuthClient == null) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN).body(Collections.singletonMap("message", "client_id not found"));
        }
        this.logger.debug("Selected known OAuthClient with client_id='{}' for access token request", oAuthClient.getClientId());
        if (!oAuthClient.getClientSecret().equals(str2)) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN).body(Collections.singletonMap("message", "authentication failed"));
        }
        IPerson person = this.personService.getPerson(oAuthClient.getPortalUserAccount());
        if (person == null) {
            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(Collections.singletonMap("message", "portal user account not found: " + oAuthClient.getPortalUserAccount()));
        }
        this.logger.debug("Selected portal Person with username='{}' for client_id='{}'", person.getUserName(), oAuthClient.getClientId());
        String createToken = createToken(person, str5, str6);
        HashMap hashMap = new HashMap();
        hashMap.put("access_token", createToken);
        hashMap.put("token_type", "bearer");
        hashMap.put("expires_in", Long.valueOf(this.timeoutSeconds > 2 ? this.timeoutSeconds - 2 : this.timeoutSeconds));
        hashMap.put("scope", str4);
        this.logger.debug("Produced the following access token for client_id='{}':  {}", oAuthClient.getClientId(), hashMap);
        return ResponseEntity.ok(hashMap);
    }

    private String createToken(IPerson iPerson, String str, String str2) {
        HashSet hashSet = null;
        if (str != null) {
            hashSet = new HashSet(Arrays.asList(str.split("[,]")));
        }
        HashSet hashSet2 = null;
        if (str2 != null) {
            hashSet2 = new HashSet(Arrays.asList(str2.split("[,]")));
        }
        return this.idTokenFactory.createUserInfo(iPerson.getUserName(), hashSet, hashSet2);
    }
}
