package org.apache.cxf.rs.security.oidc.idp;

import java.util.Collections;
import java.util.List;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthContext;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServerJoseJwtProducer;
import org.apache.cxf.rs.security.oauth2.utils.OAuthContextUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;

@Path("/userinfo")
/* loaded from: input_file:org/apache/cxf/rs/security/oidc/idp/UserInfoService.class */
public class UserInfoService extends OAuthServerJoseJwtProducer {
    private UserInfoProvider userInfoProvider;
    private OAuthDataProvider oauthDataProvider;
    private List<String> additionalClaims = Collections.emptyList();
    private boolean convertClearUserInfoToString;

    @Context
    private MessageContext mc;

    @GET
    @Produces({"application/json", "application/jwt"})
    public Response getUserInfo() {
        Object processJwt;
        OAuthContext context = OAuthContextUtils.getContext(this.mc);
        UserInfo userInfo = null;
        if (this.userInfoProvider != null) {
            userInfo = this.userInfoProvider.getUserInfo(context.getClientId(), context.getSubject(), OAuthUtils.convertPermissionsToScopeList(context.getPermissions()));
        } else if (context.getSubject() instanceof OidcUserSubject) {
            OidcUserSubject oidcUserSubject = (OidcUserSubject) context.getSubject();
            userInfo = oidcUserSubject.getUserInfo();
            if (userInfo == null) {
                userInfo = createFromIdToken(oidcUserSubject.getIdToken());
            }
        }
        if (userInfo == null) {
            return Response.serverError().build();
        }
        if (super.isJwsRequired() || super.isJweRequired()) {
            Client client = null;
            if (this.oauthDataProvider != null) {
                client = this.oauthDataProvider.getClient(context.getClientId());
            }
            processJwt = super.processJwt(new JwtToken(userInfo), client);
        } else {
            processJwt = convertUserInfoToResponseEntity(userInfo);
        }
        return Response.ok(processJwt).build();
    }

    protected Object convertUserInfoToResponseEntity(UserInfo userInfo) {
        return this.convertClearUserInfoToString ? JwtUtils.claimsToJson(userInfo) : userInfo;
    }

    protected UserInfo createFromIdToken(IdToken idToken) {
        UserInfo userInfo = new UserInfo();
        userInfo.setSubject(idToken.getSubject());
        if (super.isJwsRequired()) {
            userInfo.setIssuer(idToken.getIssuer());
            userInfo.setAudience(idToken.getAudience());
        }
        if (idToken.getPreferredUserName() != null) {
            userInfo.setPreferredUserName(idToken.getPreferredUserName());
        }
        if (idToken.getName() != null) {
            userInfo.setName(idToken.getName());
        }
        if (idToken.getGivenName() != null) {
            userInfo.setGivenName(idToken.getGivenName());
        }
        if (idToken.getFamilyName() != null) {
            userInfo.setFamilyName(idToken.getFamilyName());
        }
        if (idToken.getEmail() != null) {
            userInfo.setEmail(idToken.getEmail());
        }
        if (idToken.getNickName() != null) {
            userInfo.setNickName(idToken.getNickName());
        }
        if (this.additionalClaims != null && !this.additionalClaims.isEmpty()) {
            for (String str : this.additionalClaims) {
                if (idToken.containsProperty(str)) {
                    userInfo.setClaim(str, idToken.getClaim(str));
                }
            }
        }
        return userInfo;
    }

    public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
        this.userInfoProvider = userInfoProvider;
    }

    public void setOauthDataProvider(OAuthDataProvider oAuthDataProvider) {
        this.oauthDataProvider = oAuthDataProvider;
    }

    public void setAdditionalClaims(List<String> list) {
        this.additionalClaims = list;
    }

    public void setConvertClearUserInfoToString(boolean z) {
        this.convertClearUserInfoToString = z;
    }
}
