package org.forgerock.openam.oauth2.rest;

import com.google.inject.Key;
import com.google.inject.name.Names;
import javax.inject.Inject;
import javax.inject.Provider;
import org.forgerock.guice.core.InjectorHolder;
import org.forgerock.oauth2.core.OAuth2RequestFactory;
import org.forgerock.oauth2.restlet.AccessTokenFlowFinder;
import org.forgerock.oauth2.restlet.AuthorizeEndpointFilter;
import org.forgerock.oauth2.restlet.AuthorizeResource;
import org.forgerock.oauth2.restlet.DeviceCodeResource;
import org.forgerock.oauth2.restlet.DeviceCodeVerificationResource;
import org.forgerock.oauth2.restlet.TokenEndpointFilter;
import org.forgerock.oauth2.restlet.TokenIntrospectionResource;
import org.forgerock.oauth2.restlet.ValidationServerResource;
import org.forgerock.openam.audit.AuditEventFactory;
import org.forgerock.openam.audit.AuditEventPublisher;
import org.forgerock.openam.oauth2.OAuth2Constants;
import org.forgerock.openam.rest.RealmRoutingFactory;
import org.forgerock.openam.rest.audit.OAuth2AccessAuditFilter;
import org.forgerock.openam.rest.audit.RestletBodyAuditor;
import org.forgerock.openam.rest.representations.JacksonRepresentationFactory;
import org.forgerock.openam.rest.service.RestletRealmRouter;
import org.forgerock.openam.rest.service.RestletUtils;
import org.forgerock.openidconnect.restlet.ConnectClientRegistration;
import org.forgerock.openidconnect.restlet.EndSession;
import org.forgerock.openidconnect.restlet.IdTokenInfo;
import org.forgerock.openidconnect.restlet.OpenIDConnectCheckSessionEndpoint;
import org.forgerock.openidconnect.restlet.OpenIDConnectConfiguration;
import org.forgerock.openidconnect.restlet.OpenIDConnectJWKEndpoint;
import org.forgerock.openidconnect.restlet.UserInfo;
import org.restlet.Restlet;
import org.restlet.routing.Filter;
import org.restlet.routing.Router;

/* loaded from: input_file:org/forgerock/openam/oauth2/rest/OAuth2RouterProvider.class */
public class OAuth2RouterProvider implements Provider<Router> {
    private final AuditEventPublisher eventPublisher;
    private final AuditEventFactory eventFactory;
    private final OAuth2RequestFactory requestFactory;
    private final JacksonRepresentationFactory jacksonRepresentationFactory;

    @Inject
    public OAuth2RouterProvider(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory, OAuth2RequestFactory oAuth2RequestFactory, JacksonRepresentationFactory jacksonRepresentationFactory) {
        this.eventPublisher = auditEventPublisher;
        this.eventFactory = auditEventFactory;
        this.requestFactory = oAuth2RequestFactory;
        this.jacksonRepresentationFactory = jacksonRepresentationFactory;
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public Router m33get() {
        RestletRealmRouter restletRealmRouter = new RestletRealmRouter();
        restletRealmRouter.attach("/realms/{realmId}", new RealmRoutingFactory().createRouter(restletRealmRouter));
        restletRealmRouter.attach("/authorize", auditWithOAuthFilter(new AuthorizeEndpointFilter(RestletUtils.wrap(AuthorizeResource.class), this.jacksonRepresentationFactory)));
        restletRealmRouter.attach("/access_token", auditWithOAuthFilter(new TokenEndpointFilter(new AccessTokenFlowFinder(), this.jacksonRepresentationFactory), RestletBodyAuditor.formAuditor(new String[]{"response_type", "grant_type", "client_id", "username", "scope", "redirect_uri"}), RestletBodyAuditor.jacksonAuditor(new String[]{"scope", "token_type"})));
        restletRealmRouter.attach("/tokeninfo", auditWithOAuthFilter(RestletUtils.wrap(ValidationServerResource.class), RestletBodyAuditor.noBodyAuditor(), RestletBodyAuditor.jacksonAuditor(new String[]{"scope", "token_type"})));
        restletRealmRouter.attach("/introspect", auditWithOAuthFilter(RestletUtils.wrap(TokenIntrospectionResource.class), RestletBodyAuditor.formAuditor(new String[]{"token_type_hint"}), RestletBodyAuditor.jsonAuditor(new String[]{"scope", "token_type", "client_id", "username", "active"})));
        restletRealmRouter.attach("/connect/register", auditWithOAuthFilter(RestletUtils.wrap(ConnectClientRegistration.class), RestletBodyAuditor.jsonAuditor(new String[]{OAuth2Constants.ShortClientAttributeNames.CLIENT_NAME.getType(), OAuth2Constants.ShortClientAttributeNames.APPLICATION_TYPE.getType(), OAuth2Constants.ShortClientAttributeNames.REDIRECT_URIS.getType()}), RestletBodyAuditor.jacksonAuditor(new String[]{"client_id", OAuth2Constants.ShortClientAttributeNames.CLIENT_NAME.getType(), OAuth2Constants.ShortClientAttributeNames.APPLICATION_TYPE.getType(), OAuth2Constants.ShortClientAttributeNames.REDIRECT_URIS.getType()})));
        restletRealmRouter.attach("/userinfo", auditWithOAuthFilter(RestletUtils.wrap(UserInfo.class)));
        restletRealmRouter.attach("/idtokeninfo", auditWithOAuthFilter(RestletUtils.wrap(IdTokenInfo.class)));
        restletRealmRouter.attach("/connect/checkSession", auditWithOAuthFilter(RestletUtils.wrap(OpenIDConnectCheckSessionEndpoint.class)));
        restletRealmRouter.attach("/connect/endSession", auditWithOAuthFilter(RestletUtils.wrap(EndSession.class)));
        restletRealmRouter.attach("/connect/jwk_uri", auditWithOAuthFilter(RestletUtils.wrap(OpenIDConnectJWKEndpoint.class)));
        Filter auditWithOAuthFilter = auditWithOAuthFilter(getRestlet("resource-set-reg-endpoint"), RestletBodyAuditor.jsonAuditor(new String[]{"name", "scopes"}), RestletBodyAuditor.jacksonAuditor(new String[]{"_id"}));
        restletRealmRouter.attach("/resource_set/{rsid}", auditWithOAuthFilter);
        restletRealmRouter.attach("/resource_set", auditWithOAuthFilter);
        restletRealmRouter.attach("/resource_set/", auditWithOAuthFilter);
        restletRealmRouter.attach("/.well-known/openid-configuration", auditWithOAuthFilter(RestletUtils.wrap(OpenIDConnectConfiguration.class)));
        restletRealmRouter.attach("/device/user", auditWithOAuthFilter(RestletUtils.wrap(DeviceCodeVerificationResource.class)));
        restletRealmRouter.attach("/device/code", auditWithOAuthFilter(RestletUtils.wrap(DeviceCodeResource.class), RestletBodyAuditor.formAuditor(new String[]{"response_type", "grant_type", "client_id", "scope"}), RestletBodyAuditor.noBodyAuditor()));
        restletRealmRouter.attach("/token/revoke", auditWithOAuthFilter(RestletUtils.wrap(TokenRevocationResource.class)));
        return restletRealmRouter;
    }

    private Restlet getRestlet(String str) {
        return (Restlet) InjectorHolder.getInstance(Key.get(Restlet.class, Names.named(str)));
    }

    private Filter auditWithOAuthFilter(Restlet restlet) {
        return new OAuth2AccessAuditFilter(restlet, this.eventPublisher, this.eventFactory, this.requestFactory, RestletBodyAuditor.noBodyAuditor(), RestletBodyAuditor.noBodyAuditor());
    }

    private Filter auditWithOAuthFilter(Restlet restlet, RestletBodyAuditor<?> restletBodyAuditor, RestletBodyAuditor<?> restletBodyAuditor2) {
        return new OAuth2AccessAuditFilter(restlet, this.eventPublisher, this.eventFactory, this.requestFactory, restletBodyAuditor, restletBodyAuditor2);
    }
}
