package io.jans.as.server.service;

import com.google.common.collect.Lists;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.common.Prompt;
import io.jans.as.model.common.ResponseMode;
import io.jans.as.model.common.ScopeType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.util.StringUtils;
import io.jans.as.model.util.Util;
import io.jans.as.persistence.model.Scope;
import io.jans.as.persistence.model.ScopeAttributes;
import io.jans.as.server.ciba.CIBAConfigurationService;
import io.jans.as.server.service.external.ExternalAuthenticationService;
import io.jans.as.server.service.external.ExternalAuthzDetailTypeService;
import io.jans.as.server.service.external.ExternalDynamicScopeService;
import io.jans.as.server.servlet.OpenIdConfiguration;
import io.jans.model.JansAttribute;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/service/DiscoveryService.class */
public class DiscoveryService {

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private ExternalAuthzDetailTypeService externalAuthzDetailTypeService;

    @Inject
    private CIBAConfigurationService cibaConfigurationService;

    @Inject
    private LocalResponseCache localResponseCache;

    @Inject
    private ExternalAuthenticationService externalAuthenticationService;

    @Inject
    private ExternalDynamicScopeService externalDynamicScopeService;

    @Inject
    private ScopeService scopeService;

    @Inject
    private io.jans.as.common.service.AttributeService attributeService;

    public JSONObject process() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("issuer", this.appConfiguration.getIssuer());
        jSONObject.put("authorization_endpoint", this.appConfiguration.getAuthorizationEndpoint());
        jSONObject.put("authorization_challenge_endpoint", this.appConfiguration.getAuthorizationChallengeEndpoint());
        jSONObject.put("token_endpoint", this.appConfiguration.getTokenEndpoint());
        jSONObject.put("jwks_uri", this.appConfiguration.getJwksUri());
        jSONObject.put("archived_jwks_uri", this.appConfiguration.getArchivedJwksUri());
        jSONObject.put("check_session_iframe", this.appConfiguration.getCheckSessionIFrame());
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.STATUS_LIST)) {
            jSONObject.put("status_list_endpoint", getTokenStatusListEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.REVOKE_TOKEN)) {
            jSONObject.put("revocation_endpoint", this.appConfiguration.getTokenRevocationEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.REVOKE_SESSION)) {
            jSONObject.put("session_revocation_endpoint", endpointUrl("/revoke_session"));
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.GLOBAL_TOKEN_REVOCATION)) {
            jSONObject.put("global_token_revocation_endpoint", endpointUrl("/global-token-revocation"));
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.USERINFO)) {
            jSONObject.put("userinfo_endpoint", this.appConfiguration.getUserInfoEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.CLIENTINFO)) {
            jSONObject.put("clientinfo_endpoint", this.appConfiguration.getClientInfoEndpoint());
        }
        boolean isFeatureEnabled = this.appConfiguration.isFeatureEnabled(FeatureFlagType.END_SESSION);
        if (isFeatureEnabled) {
            jSONObject.put("end_session_endpoint", this.appConfiguration.getEndSessionEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.REGISTRATION)) {
            jSONObject.put("registration_endpoint", this.appConfiguration.getRegistrationEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.ID_GENERATION)) {
            jSONObject.put("id_generation_endpoint", this.appConfiguration.getIdGenerationEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.INTROSPECTION)) {
            jSONObject.put("introspection_endpoint", this.appConfiguration.getIntrospectionEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.DEVICE_AUTHZ)) {
            jSONObject.put("device_authorization_endpoint", this.appConfiguration.getDeviceAuthzEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.PAR)) {
            jSONObject.put("pushed_authorization_request_endpoint", this.appConfiguration.getParEndpoint());
            jSONObject.put("require_pushed_authorization_requests", this.appConfiguration.getRequirePar());
        }
        JSONArray jSONArray = new JSONArray();
        Iterator it = this.appConfiguration.getResponseTypesSupported().iterator();
        while (it.hasNext()) {
            jSONArray.put(StringUtils.implode((Set) it.next(), " "));
        }
        if (jSONArray.length() > 0) {
            jSONObject.put("response_types_supported", jSONArray);
        }
        JSONArray jSONArray2 = new JSONArray();
        jSONArray2.putAll((Collection) Arrays.stream(Prompt.values()).map((v0) -> {
            return v0.getParamName();
        }).collect(Collectors.toList()));
        jSONObject.put("prompt_values_supported", jSONArray2);
        ArrayList arrayList = new ArrayList();
        if (this.appConfiguration.getResponseModesSupported() != null) {
            Iterator it2 = this.appConfiguration.getResponseModesSupported().iterator();
            while (it2.hasNext()) {
                arrayList.add(((ResponseMode) it2.next()).getValue());
            }
        }
        if (!arrayList.isEmpty()) {
            Util.putArray(jSONObject, arrayList, "response_modes_supported");
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it3 = this.appConfiguration.getGrantTypesSupported().iterator();
        while (it3.hasNext()) {
            arrayList2.add(((GrantType) it3.next()).getValue());
        }
        if (!arrayList2.isEmpty()) {
            Util.putArray(jSONObject, arrayList2, "grant_types_supported");
        }
        jSONObject.put("auth_level_mapping", createAuthLevelMapping());
        Util.putArray(jSONObject, getAcrValuesList(), "acr_values_supported");
        Util.putArray(jSONObject, Lists.newArrayList(this.externalAuthzDetailTypeService.getSupportedAuthzDetailsTypes()), "authorization_details_types_supported");
        Util.putArray(jSONObject, this.appConfiguration.getSubjectTypesSupported(), "subject_types_supported");
        Util.putArray(jSONObject, this.appConfiguration.getAuthorizationSigningAlgValuesSupported(), "authorization_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getAuthorizationEncryptionAlgValuesSupported(), "authorization_encryption_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getAuthorizationEncryptionEncValuesSupported(), "authorization_encryption_enc_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getUserInfoSigningAlgValuesSupported(), "userinfo_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getUserInfoEncryptionAlgValuesSupported(), "userinfo_encryption_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getUserInfoEncryptionEncValuesSupported(), "userinfo_encryption_enc_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getIntrospectionSigningAlgValuesSupported(), "introspection_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getIntrospectionEncryptionAlgValuesSupported(), "introspection_encryption_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getIntrospectionEncryptionEncValuesSupported(), "introspection_encryption_enc_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getTxTokenSigningAlgValuesSupported(), "tx_token_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getTxTokenEncryptionAlgValuesSupported(), "tx_token_encryption_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getTxTokenEncryptionEncValuesSupported(), "tx_token_encryption_enc_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getIdTokenSigningAlgValuesSupported(), "id_token_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getIdTokenEncryptionAlgValuesSupported(), "id_token_encryption_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getIdTokenEncryptionEncValuesSupported(), "id_token_encryption_enc_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getAccessTokenSigningAlgValuesSupported(), "access_token_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getRequestObjectSigningAlgValuesSupported(), "request_object_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getRequestObjectEncryptionAlgValuesSupported(), "request_object_encryption_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getRequestObjectEncryptionEncValuesSupported(), "request_object_encryption_enc_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getTokenEndpointAuthMethodsSupported(), "token_endpoint_auth_methods_supported");
        Util.putArray(jSONObject, this.appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported(), "token_endpoint_auth_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getDpopSigningAlgValuesSupported(), "dpop_signing_alg_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getDisplayValuesSupported(), "display_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getClaimTypesSupported(), "claim_types_supported");
        jSONObject.put("service_documentation", this.appConfiguration.getServiceDocumentation());
        Util.putArray(jSONObject, this.appConfiguration.getIdTokenTokenBindingCnfValuesSupported(), "id_token_token_binding_cnf_values_supported");
        Util.putArray(jSONObject, this.appConfiguration.getClaimsLocalesSupported(), "claims_locales_supported");
        Util.putArray(jSONObject, this.appConfiguration.getUiLocalesSupported(), "ui_locales_supported");
        JSONArray jSONArray3 = new JSONArray();
        JSONArray jSONArray4 = new JSONArray();
        JSONArray createScopeToClaimsMapping = createScopeToClaimsMapping(jSONArray3, jSONArray4);
        if (jSONArray3.length() > 0) {
            jSONObject.put("scopes_supported", jSONArray3);
        }
        if (jSONArray4.length() > 0) {
            jSONObject.put("claims_supported", jSONArray4);
        }
        jSONObject.put("scope_to_claims_mapping", createScopeToClaimsMapping);
        jSONObject.put("claims_parameter_supported", this.appConfiguration.getClaimsParameterSupported());
        jSONObject.put("request_parameter_supported", this.appConfiguration.getRequestParameterSupported());
        jSONObject.put("request_uri_parameter_supported", this.appConfiguration.getRequestUriParameterSupported());
        jSONObject.put("require_request_uri_registration", this.appConfiguration.getRequireRequestUriRegistration());
        jSONObject.put("op_policy_uri", this.appConfiguration.getOpPolicyUri());
        jSONObject.put("op_tos_uri", this.appConfiguration.getOpTosUri());
        jSONObject.put("tls_client_certificate_bound_access_tokens", Boolean.TRUE);
        jSONObject.put("backchannel_logout_supported", isFeatureEnabled);
        jSONObject.put("backchannel_logout_session_supported", isFeatureEnabled);
        jSONObject.put("frontchannel_logout_supported", isFeatureEnabled);
        jSONObject.put("frontchannel_logout_session_supported", isFeatureEnabled);
        jSONObject.put("frontchannel_logout_session_supported", this.appConfiguration.getFrontChannelLogoutSessionSupported().booleanValue() && isFeatureEnabled);
        addMtlsAliases(jSONObject);
        this.cibaConfigurationService.processConfiguration(jSONObject);
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.SSA) && this.appConfiguration.getSsaConfiguration() != null) {
            jSONObject.put("ssa_endpoint", this.appConfiguration.getSsaConfiguration().getSsaEndpoint());
        }
        Map acrMappings = this.appConfiguration.getAcrMappings();
        if (acrMappings != null && !acrMappings.isEmpty()) {
            jSONObject.put("acr_mappings", acrMappings);
        }
        OpenIdConfiguration.filterOutKeys(jSONObject, this.appConfiguration);
        this.localResponseCache.putDiscoveryResponse(jSONObject);
        return jSONObject;
    }

    public String endpointUrl(String str) {
        return endpointUrl(this.appConfiguration.getEndSessionEndpoint(), str);
    }

    public static String endpointUrl(String str, String str2) {
        return org.apache.commons.lang.StringUtils.replace(str, "/end_session", str2);
    }

    public String getTokenStatusListEndpoint() {
        return endpointUrl("/status_list");
    }

    @Deprecated
    private JSONObject createAuthLevelMapping() {
        JSONObject jSONObject = new JSONObject();
        try {
            for (Map.Entry<Integer, Set<String>> entry : this.externalAuthenticationService.levelToAcrMapping().entrySet()) {
                jSONObject.put(entry.getKey().toString(), (Collection) entry.getValue());
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
        return jSONObject;
    }

    public List<String> getAcrValuesList() {
        return getAcrValuesList(this.externalAuthenticationService.getAcrValuesList());
    }

    public static List<String> getAcrValuesList(List<String> list) {
        if (!list.contains("simple_password_auth")) {
            list.add("simple_password_auth");
        }
        return list;
    }

    private boolean canShowInConfigEndpoint(ScopeAttributes scopeAttributes) {
        return scopeAttributes.isShowInConfigurationEndpoint();
    }

    private void addMtlsAliases(JSONObject jSONObject) {
        JSONObject jSONObject2 = new JSONObject();
        if (org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsAuthorizationEndpoint())) {
            jSONObject2.put("authorization_endpoint", this.appConfiguration.getMtlsAuthorizationEndpoint());
        }
        if (org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsAuthorizationChallengeEndpoint())) {
            jSONObject2.put("authorization_challenge_endpoint", this.appConfiguration.getMtlsAuthorizationChallengeEndpoint());
        }
        if (org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsTokenEndpoint())) {
            jSONObject2.put("token_endpoint", this.appConfiguration.getMtlsTokenEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.STATUS_LIST) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsEndSessionEndpoint())) {
            jSONObject2.put("status_list_endpoint", endpointUrl(this.appConfiguration.getMtlsEndSessionEndpoint(), "/status_list"));
        }
        if (org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsJwksUri())) {
            jSONObject2.put("jwks_uri", this.appConfiguration.getMtlsJwksUri());
        }
        if (org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsCheckSessionIFrame())) {
            jSONObject2.put("check_session_iframe", this.appConfiguration.getMtlsCheckSessionIFrame());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.REVOKE_TOKEN) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsTokenRevocationEndpoint())) {
            jSONObject2.put("revocation_endpoint", this.appConfiguration.getMtlsTokenRevocationEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.REVOKE_SESSION) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsEndSessionEndpoint())) {
            jSONObject2.put("session_revocation_endpoint", endpointUrl(this.appConfiguration.getMtlsEndSessionEndpoint(), "/revoke_session"));
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.GLOBAL_TOKEN_REVOCATION) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsEndSessionEndpoint())) {
            jSONObject2.put("global_token_revocation_endpoint", endpointUrl(this.appConfiguration.getMtlsEndSessionEndpoint(), "/global-token-revocation"));
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.USERINFO) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsUserInfoEndpoint())) {
            jSONObject2.put("userinfo_endpoint", this.appConfiguration.getMtlsUserInfoEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.CLIENTINFO) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsClientInfoEndpoint())) {
            jSONObject2.put("clientinfo_endpoint", this.appConfiguration.getMtlsClientInfoEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.END_SESSION) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsEndSessionEndpoint())) {
            jSONObject2.put("end_session_endpoint", this.appConfiguration.getMtlsEndSessionEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.REGISTRATION) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsRegistrationEndpoint())) {
            jSONObject2.put("registration_endpoint", this.appConfiguration.getMtlsRegistrationEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.ID_GENERATION) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsIdGenerationEndpoint())) {
            jSONObject2.put("id_generation_endpoint", this.appConfiguration.getMtlsIdGenerationEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.INTROSPECTION) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsIntrospectionEndpoint())) {
            jSONObject2.put("introspection_endpoint", this.appConfiguration.getMtlsIntrospectionEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.DEVICE_AUTHZ) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsDeviceAuthzEndpoint())) {
            jSONObject2.put("device_authorization_endpoint", this.appConfiguration.getMtlsDeviceAuthzEndpoint());
        }
        if (this.appConfiguration.isFeatureEnabled(FeatureFlagType.PAR) && org.apache.commons.lang.StringUtils.isNotBlank(this.appConfiguration.getMtlsParEndpoint())) {
            jSONObject2.put("pushed_authorization_request_endpoint", this.appConfiguration.getMtlsParEndpoint());
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("MTLS aliases: {}", jSONObject2);
        }
        if (jSONObject2.isEmpty()) {
            return;
        }
        jSONObject.put("mtls_endpoint_aliases", jSONObject2);
    }

    @Deprecated
    private JSONArray createScopeToClaimsMapping(JSONArray jSONArray, JSONArray jSONArray2) {
        JSONArray jSONArray3 = new JSONArray();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        try {
            for (Scope scope : this.scopeService.getAllScopesList()) {
                if (scope.getScopeType() != ScopeType.SPONTANEOUS || !scope.isDeletable().booleanValue()) {
                    if (canShowInConfigEndpoint(scope.getAttributes())) {
                        JSONArray jSONArray4 = new JSONArray();
                        JSONObject jSONObject = new JSONObject();
                        jSONObject.put(scope.getId(), jSONArray4);
                        hashSet.add(scope.getId());
                        jSONArray3.put(jSONObject);
                        if (ScopeType.DYNAMIC.equals(scope.getScopeType())) {
                            for (String str : this.externalDynamicScopeService.executeExternalGetSupportedClaimsMethods(Arrays.asList(scope))) {
                                if (org.apache.commons.lang.StringUtils.isNotBlank(str)) {
                                    jSONArray4.put(str);
                                    hashSet2.add(str);
                                }
                            }
                        } else {
                            List claims = scope.getClaims();
                            if (claims != null && !claims.isEmpty()) {
                                Iterator it = claims.iterator();
                                while (it.hasNext()) {
                                    JansAttribute attributeByDn = this.attributeService.getAttributeByDn((String) it.next());
                                    String claimName = attributeByDn.getClaimName();
                                    if (org.apache.commons.lang.StringUtils.isNotBlank(claimName) && !Boolean.TRUE.equals(attributeByDn.getJansHideOnDiscovery())) {
                                        jSONArray4.put(claimName);
                                        hashSet2.add(claimName);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                jSONArray.put((String) it2.next());
            }
            Iterator it3 = hashSet2.iterator();
            while (it3.hasNext()) {
                jSONArray2.put((String) it3.next());
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
        return jSONArray3;
    }
}
