package org.ametys.plugins.extrausermgt.authentication.oidc;

import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:org/ametys/plugins/extrausermgt/authentication/oidc/AutoDiscoveringOIDCCredentialProvider.class */
public class AutoDiscoveringOIDCCredentialProvider extends AbstractOIDCCredentialProvider {
    private OIDCProviderMetadata _getProviderMetadata(URI uri) throws Exception {
        InputStream openStream = uri.resolve("/.well-known/openid-configuration").toURL().openStream();
        try {
            OIDCProviderMetadata parse = OIDCProviderMetadata.parse(IOUtils.toString(openStream, StandardCharsets.UTF_8));
            if (openStream != null) {
                openStream.close();
            }
            return parse;
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // org.ametys.plugins.extrausermgt.authentication.oidc.AbstractOIDCCredentialProvider
    protected void initUrisScope() throws AccessDeniedException {
        try {
            OIDCProviderMetadata _getProviderMetadata = _getProviderMetadata(URI.create((String) getParameterValues().get("authentication.oidc.issuerURI")));
            this._authUri = _getProviderMetadata.getAuthorizationEndpointURI();
            this._tokenEndpointUri = _getProviderMetadata.getTokenEndpointURI();
            this._iss = _getProviderMetadata.getIssuer();
            this._jwkSetURL = _getProviderMetadata.getJWKSetURI().toURL();
            this._userInfoEndpoint = _getProviderMetadata.getUserInfoEndpointURI();
            this._scope = _getProviderMetadata.getScopes();
        } catch (Exception e) {
            getLogger().error("Encountered a problem while retrieving provider metadata", e);
            throw new AccessDeniedException("Encountered a problem while retrieving provider metadata");
        }
    }
}
