package org.apereo.cas.oidc.web.controllers.jwks;

import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.profile.OAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.web.endpoints.BaseOAuth20Controller;
import org.apereo.cas.ticket.accesstoken.AccessTokenFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.jooq.lambda.Unchecked;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;

/* loaded from: input_file:org/apereo/cas/oidc/web/controllers/jwks/OidcJwksEndpointController.class */
public class OidcJwksEndpointController extends BaseOAuth20Controller {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcJwksEndpointController.class);

    @NonNull
    private final Resource jwksFile;

    @Autowired
    private ResourceLoader resourceLoader;

    public OidcJwksEndpointController(ServicesManager servicesManager, TicketRegistry ticketRegistry, AccessTokenFactory accessTokenFactory, PrincipalFactory principalFactory, ServiceFactory<WebApplicationService> serviceFactory, OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, CasConfigurationProperties casConfigurationProperties, CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator) {
        super(servicesManager, ticketRegistry, accessTokenFactory, principalFactory, serviceFactory, oAuth20ProfileScopeToAttributesFilter, casConfigurationProperties, cookieRetrievingCookieGenerator);
        this.jwksFile = casConfigurationProperties.getAuthn().getOidc().getJwksFile();
    }

    @GetMapping(value = {"/oidc/jwks"}, produces = {"application/json"})
    public ResponseEntity<String> handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Model model) {
        try {
            JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(IOUtils.toString(this.jwksFile.getInputStream(), StandardCharsets.UTF_8));
            this.servicesManager.getAllServices().stream().filter(registeredService -> {
                return (registeredService instanceof OidcRegisteredService) && StringUtils.isNotBlank(((OidcRegisteredService) registeredService).getJwks());
            }).forEach(Unchecked.consumer(registeredService2 -> {
                List jsonWebKeys = new JsonWebKeySet(IOUtils.toString(this.resourceLoader.getResource(((OidcRegisteredService) registeredService2).getJwks()).getInputStream(), StandardCharsets.UTF_8)).getJsonWebKeys();
                Objects.requireNonNull(jsonWebKeySet);
                jsonWebKeys.forEach(jsonWebKeySet::addJsonWebKey);
            }));
            String json = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);
            httpServletResponse.setContentType("application/json");
            return new ResponseEntity<>(json, HttpStatus.OK);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            return new ResponseEntity<>(e.getMessage(), HttpStatus.BAD_REQUEST);
        }
    }
}
