package org.apache.cxf.rs.security.oidc.rp.idp;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.oauth2.common.OAuthContext;
import org.apache.cxf.rs.security.oauth2.utils.OAuthContextUtils;
import org.apache.cxf.rs.security.oidc.common.UserInfo;

@Path("/userinfo")
/* loaded from: input_file:org/apache/cxf/rs/security/oidc/rp/idp/UserInfoService.class */
public class UserInfoService {
    private JwsSignatureProvider sigProvider;
    private JweEncryptionProvider encryptionProvider;
    private UserInfoProvider userInfoProvider;
    private String issuer;

    @Context
    private MessageContext mc;

    @GET
    @Produces({"application/json", "application/jwt"})
    public Response getUserInfo() {
        OAuthContext context = OAuthContextUtils.getContext(this.mc);
        UserInfo userInfo = this.userInfoProvider.getUserInfo(context.getClientId(), context.getSubject(), context.getPermissions());
        if (userInfo != null) {
            userInfo.setIssuer(this.issuer);
        }
        userInfo.setAudience(context.getClientId());
        Object obj = userInfo;
        JwsJwtCompactProducer jwsJwtCompactProducer = new JwsJwtCompactProducer(userInfo);
        JwsSignatureProvider initializedSigProvider = getInitializedSigProvider(new JoseHeaders());
        JweEncryptionProvider initializedEncryptionProvider = getInitializedEncryptionProvider();
        if (initializedSigProvider != null) {
            String signWith = jwsJwtCompactProducer.signWith(initializedSigProvider);
            if (initializedEncryptionProvider != null) {
                signWith = initializedEncryptionProvider.encrypt(StringUtils.toBytesUTF8(signWith), (JweHeaders) null);
            }
            obj = signWith;
        } else if (initializedEncryptionProvider != null) {
            obj = new JweJwtCompactProducer(userInfo).encryptWith(initializedEncryptionProvider);
        }
        return Response.ok(obj).build();
    }

    public void setSignatureProvider(JwsSignatureProvider jwsSignatureProvider) {
        this.sigProvider = jwsSignatureProvider;
    }

    protected JwsSignatureProvider getInitializedSigProvider(JoseHeaders joseHeaders) {
        if (this.sigProvider != null) {
            return this.sigProvider;
        }
        JwsSignatureProvider loadSignatureProvider = JwsUtils.loadSignatureProvider(false);
        joseHeaders.setAlgorithm(loadSignatureProvider.getAlgorithm());
        return loadSignatureProvider;
    }

    protected JweEncryptionProvider getInitializedEncryptionProvider() {
        return this.encryptionProvider != null ? this.encryptionProvider : JweUtils.loadEncryptionProvider(false);
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public UserInfoProvider getUserInfoProvider() {
        return this.userInfoProvider;
    }

    public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
        this.userInfoProvider = userInfoProvider;
    }
}
