package org.apereo.cas.oidc.web.controllers.dynareg;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.oidc.OidcConfigurationContext;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.dynareg.OidcClientRegistrationRequest;
import org.apereo.cas.oidc.web.controllers.BaseOidcController;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/web/controllers/dynareg/OidcClientConfigurationEndpointController.class */
public class OidcClientConfigurationEndpointController extends BaseOidcController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcClientConfigurationEndpointController.class);

    public OidcClientConfigurationEndpointController(OidcConfigurationContext oidcConfigurationContext) {
        super(oidcConfigurationContext);
    }

    @GetMapping(value = {"/oidc/clientConfig", "/**/clientConfig"}, produces = {"application/json"})
    public ResponseEntity handleRequestInternal(@RequestParam(name = "client_id") String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!getConfigurationContext().getIssuerService().validateIssuer(new JEEContext(httpServletRequest, httpServletResponse), OidcConstants.CLIENT_CONFIGURATION_URL)) {
            return new ResponseEntity(OAuth20Utils.toJson(OAuth20Utils.getErrorResponseBody("invalid_request", "Invalid issuer")), HttpStatus.BAD_REQUEST);
        }
        OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(getConfigurationContext().getServicesManager(), str);
        if (!(registeredOAuthServiceByClientId instanceof OidcRegisteredService)) {
            return new ResponseEntity(HttpStatus.BAD_REQUEST);
        }
        return new ResponseEntity(OidcClientRegistrationUtils.getClientRegistrationResponse((OidcRegisteredService) registeredOAuthServiceByClientId, getConfigurationContext().getCasProperties().getServer().getPrefix()), HttpStatus.OK);
    }

    @PatchMapping(value = {"/oidc/clientConfig", "/**/clientConfig"}, produces = {"application/json"})
    public ResponseEntity handleUpdates(@RequestParam(name = "client_id") String str, @RequestBody(required = false) String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (!getConfigurationContext().getIssuerService().validateIssuer(new JEEContext(httpServletRequest, httpServletResponse), OidcConstants.CLIENT_CONFIGURATION_URL)) {
            return new ResponseEntity(OAuth20Utils.toJson(OAuth20Utils.getErrorResponseBody("invalid_request", "Invalid issuer")), HttpStatus.BAD_REQUEST);
        }
        OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) OAuth20Utils.getRegisteredOAuthServiceByClientId(getConfigurationContext().getServicesManager(), str);
        if (oidcRegisteredService == null) {
            return new ResponseEntity(HttpStatus.BAD_REQUEST);
        }
        if (StringUtils.isNotBlank(str2)) {
            OidcClientRegistrationRequest oidcClientRegistrationRequest = (OidcClientRegistrationRequest) getConfigurationContext().getClientRegistrationRequestSerializer().from(str2);
            LOGGER.debug("Received client registration request [{}]", oidcClientRegistrationRequest);
            oidcRegisteredService = new OidcClientRegistrationRequestTranslator(getConfigurationContext()).translate(oidcClientRegistrationRequest, Optional.of(oidcRegisteredService));
        }
        long seconds = Beans.newDuration(getConfigurationContext().getCasProperties().getAuthn().getOidc().getRegistration().getClientSecretExpiration()).toSeconds();
        if (seconds > 0 && getConfigurationContext().getClientSecretValidator().isClientSecretExpired(oidcRegisteredService)) {
            ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
            ZonedDateTime plusSeconds = now.plusSeconds(seconds);
            oidcRegisteredService.setClientSecretExpiration(plusSeconds.toEpochSecond());
            oidcRegisteredService.setClientSecret(getConfigurationContext().getClientSecretGenerator().getNewString());
            LOGGER.debug("Client secret shall expire at [{}] while now is [{}]", plusSeconds, now);
        }
        return new ResponseEntity(OidcClientRegistrationUtils.getClientRegistrationResponse(oidcRegisteredService, getConfigurationContext().getCasProperties().getServer().getPrefix()), HttpStatus.OK);
    }
}
