package org.apereo.cas.oidc.profile;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.configuration.model.support.oauth.OAuthProperties;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.views.OAuth20DefaultUserProfileViewRenderer;
import org.apereo.cas.ticket.OAuth20TokenSigningAndEncryptionService;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseEntity;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/profile/OidcUserProfileViewRenderer.class */
public class OidcUserProfileViewRenderer extends OAuth20DefaultUserProfileViewRenderer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcUserProfileViewRenderer.class);
    private final OAuth20TokenSigningAndEncryptionService signingAndEncryptionService;

    public OidcUserProfileViewRenderer(OAuthProperties oAuthProperties, ServicesManager servicesManager, OAuth20TokenSigningAndEncryptionService oAuth20TokenSigningAndEncryptionService) {
        super(servicesManager, oAuthProperties);
        this.signingAndEncryptionService = oAuth20TokenSigningAndEncryptionService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.support.oauth.web.views.OAuth20DefaultUserProfileViewRenderer
    public ResponseEntity renderProfileForModel(Map<String, Object> map, OAuth20AccessToken oAuth20AccessToken, HttpServletResponse httpServletResponse) {
        OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, oAuth20AccessToken.getClientId());
        return !(registeredOAuthServiceByClientId instanceof OidcRegisteredService) ? super.renderProfileForModel(map, oAuth20AccessToken, httpServletResponse) : (ResponseEntity) FunctionUtils.doAndHandle(() -> {
            OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) registeredOAuthServiceByClientId;
            return (this.signingAndEncryptionService.shouldSignToken(oidcRegisteredService) || this.signingAndEncryptionService.shouldEncryptToken(oidcRegisteredService)) ? signAndEncryptUserProfileClaims(map, httpServletResponse, oidcRegisteredService) : buildPlainUserProfileClaims(map, httpServletResponse, oidcRegisteredService);
        }, th -> {
            return ResponseEntity.badRequest().body("Unable to produce user profile claims");
        }).get();
    }

    protected ResponseEntity<String> buildPlainUserProfileClaims(Map<String, Object> map, HttpServletResponse httpServletResponse, OidcRegisteredService oidcRegisteredService) {
        httpServletResponse.setContentType("application/json");
        return buildResponseEntity(convertUserProfileIntoClaims(map).toJson(), httpServletResponse, oidcRegisteredService);
    }

    private JwtClaims convertUserProfileIntoClaims(Map<String, Object> map) {
        JwtClaims jwtClaims = new JwtClaims();
        map.entrySet().stream().filter(entry -> {
            return !((String) entry.getKey()).startsWith(CentralAuthenticationService.NAMESPACE);
        }).forEach(entry2 -> {
            if (!"attributes".equals(entry2.getKey())) {
                jwtClaims.setClaim((String) entry2.getKey(), determineAttributeValue((String) entry2.getKey(), entry2.getValue()));
                return;
            }
            Map map2 = (Map) entry2.getValue();
            HashMap hashMap = new HashMap();
            map2.forEach((str, obj) -> {
                hashMap.put(str, determineAttributeValue(str, obj));
            });
            jwtClaims.setClaim((String) entry2.getKey(), hashMap);
        });
        return jwtClaims;
    }

    protected ResponseEntity<String> signAndEncryptUserProfileClaims(Map<String, Object> map, HttpServletResponse httpServletResponse, OidcRegisteredService oidcRegisteredService) {
        JwtClaims convertUserProfileIntoClaims = convertUserProfileIntoClaims(map);
        convertUserProfileIntoClaims.setAudience(oidcRegisteredService.getClientId());
        convertUserProfileIntoClaims.setIssuedAt(NumericDate.now());
        convertUserProfileIntoClaims.setJwtId(UUID.randomUUID().toString());
        convertUserProfileIntoClaims.setIssuer(this.signingAndEncryptionService.resolveIssuer(Optional.of(oidcRegisteredService)));
        LOGGER.debug("Collected user profile claims, before cipher operations, are [{}]", convertUserProfileIntoClaims);
        String encode = this.signingAndEncryptionService.encode(oidcRegisteredService, convertUserProfileIntoClaims);
        LOGGER.debug("Finalized user profile is [{}]", encode);
        httpServletResponse.setContentType(OidcConstants.CONTENT_TYPE_JWT);
        return buildResponseEntity(encode, httpServletResponse, oidcRegisteredService);
    }

    private static ResponseEntity<String> buildResponseEntity(String str, HttpServletResponse httpServletResponse, OidcRegisteredService oidcRegisteredService) {
        LoggingUtils.protocolMessage("OpenID Connect User Profile Response", Map.of("Client ID", oidcRegisteredService.getClientId(), "Service", oidcRegisteredService.getName(), "Content Type", httpServletResponse.getContentType()), str);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.put("Content-Type", CollectionUtils.wrapList(httpServletResponse.getContentType()));
        return ResponseEntity.ok().headers(httpHeaders).body(str);
    }

    protected Object determineAttributeValue(String str, Object obj) {
        ArrayList arrayList = (ArrayList) CollectionUtils.toCollection(obj, ArrayList.class);
        return arrayList.size() == 1 ? arrayList.iterator().next() : arrayList;
    }
}
