package org.mitre.openid.connect.view;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.io.StringWriter;
import java.text.ParseException;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.ClientKeyCacheService;
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Component;

@Component(UserInfoJWTView.VIEWNAME)
/* loaded from: input_file:lib/openid.war:WEB-INF/lib/openid-connect-server-1.3.2.jar:org/mitre/openid/connect/view/UserInfoJWTView.class */
public class UserInfoJWTView extends UserInfoView {
    public static final String CLIENT = "client";
    public static final String VIEWNAME = "userInfoJwtView";
    public static final String JOSE_MEDIA_TYPE_VALUE = "application/jwt";

    @Autowired
    private JWTSigningAndValidationService jwtService;

    @Autowired
    private ConfigurationPropertiesBean config;

    @Autowired
    private ClientKeyCacheService encrypters;

    @Autowired
    private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) UserInfoJWTView.class);
    public static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt");

    @Override // org.mitre.openid.connect.view.UserInfoView
    protected void writeOut(JsonObject jsonObject, Map<String, Object> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            ClientDetailsEntity clientDetailsEntity = (ClientDetailsEntity) map.get("client");
            StringWriter stringWriter = new StringWriter();
            this.gson.toJson((JsonElement) jsonObject, (Appendable) stringWriter);
            httpServletResponse.setContentType(JOSE_MEDIA_TYPE_VALUE);
            JWTClaimsSet build = new JWTClaimsSet.Builder(JWTClaimsSet.parse(stringWriter.toString())).audience(Lists.newArrayList(clientDetailsEntity.getClientId())).issuer(this.config.getIssuer()).issueTime(new Date()).jwtID(UUID.randomUUID().toString()).build();
            if (clientDetailsEntity.getUserInfoEncryptedResponseAlg() == null || clientDetailsEntity.getUserInfoEncryptedResponseAlg().equals(Algorithm.NONE) || clientDetailsEntity.getUserInfoEncryptedResponseEnc() == null || clientDetailsEntity.getUserInfoEncryptedResponseEnc().equals(Algorithm.NONE) || (Strings.isNullOrEmpty(clientDetailsEntity.getJwksUri()) && clientDetailsEntity.getJwks() == null)) {
                JWSAlgorithm defaultSigningAlgorithm = this.jwtService.getDefaultSigningAlgorithm();
                if (clientDetailsEntity.getUserInfoSignedResponseAlg() != null) {
                    defaultSigningAlgorithm = clientDetailsEntity.getUserInfoSignedResponseAlg();
                }
                SignedJWT signedJWT = new SignedJWT(new JWSHeader(defaultSigningAlgorithm, null, null, null, null, null, null, null, null, null, this.jwtService.getDefaultSignerKeyId(), null, null), build);
                if (defaultSigningAlgorithm.equals(JWSAlgorithm.HS256) || defaultSigningAlgorithm.equals(JWSAlgorithm.HS384) || defaultSigningAlgorithm.equals(JWSAlgorithm.HS512)) {
                    this.symmetricCacheService.getSymmetricValidtor(clientDetailsEntity).signJwt(signedJWT);
                } else {
                    this.jwtService.signJwt(signedJWT);
                }
                httpServletResponse.getWriter().write(signedJWT.serialize());
            } else {
                JWTEncryptionAndDecryptionService encrypter = this.encrypters.getEncrypter(clientDetailsEntity);
                if (encrypter != null) {
                    EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(clientDetailsEntity.getUserInfoEncryptedResponseAlg(), clientDetailsEntity.getUserInfoEncryptedResponseEnc()), build);
                    encrypter.encryptJwt(encryptedJWT);
                    httpServletResponse.getWriter().write(encryptedJWT.serialize());
                } else {
                    logger.error("Couldn't find encrypter for client: " + clientDetailsEntity.getClientId());
                }
            }
        } catch (IOException e) {
            logger.error("IO Exception in UserInfoJwtView", (Throwable) e);
        } catch (ParseException e2) {
            e2.printStackTrace();
        }
    }
}
