package org.apereo.cas.oidc.web.controllers.dynareg;

import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.oidc.OidcConfigurationContext;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.dynareg.OidcClientRegistrationRequest;
import org.apereo.cas.oidc.dynareg.OidcClientRegistrationResponse;
import org.apereo.cas.oidc.web.controllers.BaseOidcController;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessTokenFactory;
import org.apereo.cas.util.LoggingUtils;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/web/controllers/dynareg/OidcDynamicClientRegistrationEndpointController.class */
public class OidcDynamicClientRegistrationEndpointController extends BaseOidcController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcDynamicClientRegistrationEndpointController.class);

    public OidcDynamicClientRegistrationEndpointController(OidcConfigurationContext oidcConfigurationContext) {
        super(oidcConfigurationContext);
    }

    /* JADX WARN: Type inference failed for: r0v33, types: [org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder$OAuth20JwtAccessTokenEncoderBuilder] */
    @PostMapping(value = {"/oidc/register", "/**/register"}, consumes = {"application/json"}, produces = {"application/json"})
    public ResponseEntity handleRequestInternal(@RequestBody String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!getConfigurationContext().getIssuerService().validateIssuer(new JEEContext(httpServletRequest, httpServletResponse), "register")) {
            return new ResponseEntity(OAuth20Utils.toJson(OAuth20Utils.getErrorResponseBody("invalid_request", "Invalid issuer")), HttpStatus.BAD_REQUEST);
        }
        try {
            OidcClientRegistrationRequest oidcClientRegistrationRequest = (OidcClientRegistrationRequest) getConfigurationContext().getClientRegistrationRequestSerializer().from(str);
            LOGGER.debug("Received client registration request [{}]", oidcClientRegistrationRequest);
            OidcRegisteredService translate = new OidcClientRegistrationRequestTranslator(getConfigurationContext()).translate(oidcClientRegistrationRequest, Optional.empty());
            OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) getConfigurationContext().getServicesManager().save(translate);
            OidcClientRegistrationResponse clientRegistrationResponse = OidcClientRegistrationUtils.getClientRegistrationResponse(oidcRegisteredService, getConfigurationContext().getCasProperties().getServer().getPrefix());
            OAuth20AccessToken generateRegistrationAccessToken = generateRegistrationAccessToken(httpServletRequest, httpServletResponse, oidcRegisteredService, oidcClientRegistrationRequest);
            clientRegistrationResponse.setRegistrationAccessToken(OAuth20JwtAccessTokenEncoder.builder().accessToken(generateRegistrationAccessToken).registeredService(oidcRegisteredService).service(generateRegistrationAccessToken.getService()).accessTokenJwtBuilder(getConfigurationContext().getAccessTokenJwtBuilder()).casProperties(getConfigurationContext().getCasProperties()).build().encode(generateRegistrationAccessToken.getId()));
            translate.setDynamicallyRegistered(true);
            return new ResponseEntity(clientRegistrationResponse, HttpStatus.CREATED);
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            HashMap hashMap = new HashMap();
            hashMap.put("error", "invalid_client_metadata");
            hashMap.put("error_description", StringUtils.defaultString(e.getMessage(), "None"));
            return new ResponseEntity(hashMap, HttpStatus.BAD_REQUEST);
        }
    }

    protected OAuth20AccessToken generateRegistrationAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OidcRegisteredService oidcRegisteredService, OidcClientRegistrationRequest oidcClientRegistrationRequest) throws Exception {
        Authentication build = DefaultAuthenticationBuilder.newInstance().setPrincipal(PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(oidcRegisteredService.getClientId())).build();
        OAuth20AccessToken create = ((OAuth20AccessTokenFactory) getConfigurationContext().getTicketFactory().get(OAuth20AccessToken.class)).create(getConfigurationContext().getWebApplicationServiceServiceFactory().createService(OidcClientRegistrationUtils.getClientConfigurationUri(oidcRegisteredService, getConfigurationContext().getCasProperties().getServer().getPrefix())), build, List.of(OidcConstants.CLIENT_CONFIGURATION_SCOPE), oidcRegisteredService.getClientId(), OAuth20ResponseTypes.NONE, OAuth20GrantTypes.NONE);
        getConfigurationContext().getTicketRegistry().addTicket(create);
        return create;
    }
}
