package org.smartplatforms.oauth2.mock;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.PlainObject;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.File;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.time.DateUtils;
import org.codehaus.jackson.map.ObjectMapper;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/hspc-reference-auth-server-webapp-1.6.2-classes.jar:org/smartplatforms/oauth2/mock/MockTokenEndpoint.class
 */
@Configuration
@Conditional({MockEnabledCondition.class})
@Controller
/* loaded from: input_file:WEB-INF/classes/org/smartplatforms/oauth2/mock/MockTokenEndpoint.class */
public class MockTokenEndpoint {
    private static Logger logger = LoggerFactory.getLogger(MockTokenEndpoint.class);

    @Value("${mock.endpoints.enabled}")
    private boolean mockEnabled;

    @RequestMapping(value = {"/mock/token"}, method = {RequestMethod.POST}, consumes = {"application/x-www-form-urlencoded"}, produces = {"application/json"})
    @ResponseBody
    public String authorize(@RequestParam Map<String, String> map) throws ParseException, JOSEException, IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        if (!this.mockEnabled) {
            throw new EndpointDisabledException();
        }
        String str = map.get(OAuth2Utils.GRANT_TYPE);
        String str2 = null;
        if (str.equalsIgnoreCase("authorization_code")) {
            str2 = map.get(HttpCodeView.CODE);
        } else if (str.equalsIgnoreCase(OAuth2AccessToken.REFRESH_TOKEN)) {
            str2 = map.get(OAuth2AccessToken.REFRESH_TOKEN);
        }
        if (str2 == null) {
            return null;
        }
        RSAKey rSAKey = (RSAKey) JWKSet.load(new File(getClass().getClassLoader().getResource("openid-connect-jwks/mock.only.keystore.jwks").getFile())).getKeys().get(0);
        RSASSAVerifier rSASSAVerifier = new RSASSAVerifier(rSAKey.toRSAPublicKey());
        SignedJWT parse = SignedJWT.parse(str2);
        parse.verify(rSASSAVerifier);
        ReadOnlyJWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
        String str3 = (String) jWTClaimsSet.getClaim("scope");
        String str4 = (String) jWTClaimsSet.getClaim("context");
        HashMap hashMap = new HashMap();
        hashMap.put("token_type", OAuth2AccessToken.BEARER_TYPE);
        hashMap.put(OAuth2AccessToken.EXPIRES_IN, "3600");
        hashMap.put("scope", str3);
        hashMap.put("client_id", map.get("client_id"));
        if (!str4.isEmpty()) {
            for (Map.Entry<String, Object> entry : PlainObject.parse(str4).getPayload().toJSONObject().entrySet()) {
                hashMap.put(entry.getKey(), (String) entry.getValue());
            }
        }
        RSASSASigner rSASSASigner = new RSASSASigner(rSAKey.toRSAPrivateKey());
        JWTClaimsSet jWTClaimsSet2 = new JWTClaimsSet();
        jWTClaimsSet2.setClaim("token_type", map.get("bearer"));
        jWTClaimsSet2.setClaim("client_id", map.get("client_id"));
        jWTClaimsSet2.setExpirationTime(new Date(new Date().getTime() + DateUtils.MILLIS_PER_HOUR));
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), jWTClaimsSet2);
        signedJWT.sign(rSASSASigner);
        hashMap.put(OAuth2AccessToken.ACCESS_TOKEN, signedJWT.serialize());
        if (str3.contains(SystemScopeService.OFFLINE_ACCESS)) {
            hashMap.put("'refresh_token'", parse.serialize());
        }
        return new ObjectMapper().writer().withDefaultPrettyPrinter().writeValueAsString(hashMap);
    }

    @ExceptionHandler({EndpointDisabledException.class})
    @ResponseBody
    @ResponseStatus(HttpStatus.NOT_FOUND)
    public void handleAuthorizationException(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        httpServletResponse.getWriter().write(exc.getMessage());
    }
}
