package com.cx.restclient.ast;

import com.cx.restclient.configuration.CxScanConfig;
import com.cx.restclient.exception.CxClientException;
import com.cx.restclient.httpClient.CxHttpClient;
import com.cx.restclient.httpClient.utils.ContentType;
import com.cx.restclient.osa.dto.ClientType;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cx/restclient/ast/ClientTypeResolver.class */
public class ClientTypeResolver {
    private static final String WELL_KNOWN_CONFIG_PATH = "identity/.well-known/openid-configuration";
    private static final String SCOPES_JSON_PROP = "scopes_supported";
    private CxHttpClient httpClient;
    private CxScanConfig config;
    private static final Logger log = LoggerFactory.getLogger(ClientTypeResolver.class);
    private static final Set<String> scopesForCloudAuth = new HashSet(Arrays.asList("sca_api", "offline_access"));
    private static final Set<String> scopesForOnPremAuth = new HashSet(Arrays.asList("sast_rest_api", "cxarm_api"));
    private static final ObjectMapper objectMapper = new ObjectMapper();

    public ClientTypeResolver(CxScanConfig cxScanConfig) {
        this.config = cxScanConfig;
    }

    public ClientType determineClientType(String str) {
        Set<String> scopesForAuth = getScopesForAuth(getSupportedScopes(getConfigResponse(str)));
        return ClientType.builder().clientId(ClientType.RESOURCE_OWNER.getClientId()).scopes(String.join(" ", scopesForAuth)).clientSecret(scopesForAuth.equals(scopesForOnPremAuth) ? ClientType.RESOURCE_OWNER.getClientSecret() : "").build();
    }

    private Set<String> getScopesForAuth(Set<String> set) {
        Set<String> set2;
        if (set.containsAll(scopesForCloudAuth)) {
            set2 = scopesForCloudAuth;
        } else {
            if (!set.containsAll(scopesForOnPremAuth)) {
                throw new CxClientException(String.format("Access control server doesn't support the necessary scopes (either %s or %s). It only supports the following scopes: %s.", scopesForCloudAuth, scopesForOnPremAuth, set));
            }
            set2 = scopesForOnPremAuth;
        }
        log.debug(String.format("Using scopes: %s", set2));
        return set2;
    }

    private JsonNode getConfigResponse(String str) {
        try {
            return objectMapper.readTree((String) getHttpClient(str).getRequest(WELL_KNOWN_CONFIG_PATH, ContentType.CONTENT_TYPE_APPLICATION_JSON_V1, String.class, 200, "Get openId configuration", false));
        } catch (Exception e) {
            log.error(e.getMessage());
            throw new CxClientException("Error getting OpenID config response.", e);
        }
    }

    private CxHttpClient getHttpClient(String str) {
        if (this.httpClient == null) {
            this.httpClient = new CxHttpClient(StringUtils.appendIfMissing(str, "/", new CharSequence[0]), this.config.getCxOrigin(), this.config.getCxOriginUrl(), this.config.isDisableCertificateValidation(), this.config.isUseSSOLogin(), this.config.getRefreshToken(), this.config.isProxy().booleanValue(), this.config.getProxyConfig(), log, this.config.getNTLM());
        }
        return this.httpClient;
    }

    private static Set<String> getSupportedScopes(JsonNode jsonNode) {
        Set set = null;
        if (jsonNode != null) {
            set = (Set) objectMapper.convertValue(jsonNode.get(SCOPES_JSON_PROP), new TypeReference<Set<String>>() { // from class: com.cx.restclient.ast.ClientTypeResolver.1
            });
        }
        return (Set) Optional.ofNullable(set).orElse(new HashSet());
    }
}
