package org.mitre.openid.connect.view;

import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.ScopeClaimTranslationService;
import org.mitre.openid.connect.web.UserInfoEndpoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.web.servlet.view.AbstractView;

@Component(UserInfoView.VIEWNAME)
/* loaded from: input_file:WEB-INF/lib/openid-connect-server-1.3.4.jar:org/mitre/openid/connect/view/UserInfoView.class */
public class UserInfoView extends AbstractView {
    public static final String REQUESTED_CLAIMS = "requestedClaims";
    public static final String AUTHORIZED_CLAIMS = "authorizedClaims";
    public static final String SCOPE = "scope";
    public static final String USER_INFO = "userInfo";
    public static final String VIEWNAME = "userInfoView";
    private static JsonParser jsonParser = new JsonParser();
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) UserInfoView.class);

    @Autowired
    private ScopeClaimTranslationService translator;
    protected Gson gson = new GsonBuilder().setExclusionStrategies(new ExclusionStrategy() { // from class: org.mitre.openid.connect.view.UserInfoView.1
        @Override // com.google.gson.ExclusionStrategy
        public boolean shouldSkipField(FieldAttributes fieldAttributes) {
            return false;
        }

        @Override // com.google.gson.ExclusionStrategy
        public boolean shouldSkipClass(Class<?> cls) {
            return cls.equals(BeanPropertyBindingResult.class);
        }
    }).create();

    @Override // org.springframework.web.servlet.view.AbstractView
    protected void renderMergedOutputModel(Map<String, Object> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        UserInfo userInfo = (UserInfo) map.get(USER_INFO);
        Set<String> set = (Set) map.get("scope");
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");
        JsonObject jsonObject = null;
        JsonObject jsonObject2 = null;
        if (map.get(AUTHORIZED_CLAIMS) != null) {
            jsonObject = jsonParser.parse((String) map.get(AUTHORIZED_CLAIMS)).getAsJsonObject();
        }
        if (map.get(REQUESTED_CLAIMS) != null) {
            jsonObject2 = jsonParser.parse((String) map.get(REQUESTED_CLAIMS)).getAsJsonObject();
        }
        writeOut(toJsonFromRequestObj(userInfo, set, jsonObject, jsonObject2), map, httpServletRequest, httpServletResponse);
    }

    protected void writeOut(JsonObject jsonObject, Map<String, Object> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            this.gson.toJson((JsonElement) jsonObject, (Appendable) httpServletResponse.getWriter());
        } catch (IOException e) {
            logger.error("IOException in UserInfoView.java: ", (Throwable) e);
        }
    }

    private JsonObject toJsonFromRequestObj(UserInfo userInfo, Set<String> set, JsonObject jsonObject, JsonObject jsonObject2) {
        JsonObject json = userInfo.toJson();
        Set<String> claimsForScopeSet = this.translator.getClaimsForScopeSet(set);
        Set<String> extractUserInfoClaimsIntoSet = extractUserInfoClaimsIntoSet(jsonObject);
        Set<String> extractUserInfoClaimsIntoSet2 = extractUserInfoClaimsIntoSet(jsonObject2);
        JsonObject jsonObject3 = new JsonObject();
        for (Map.Entry<String, JsonElement> entry : json.entrySet()) {
            if (claimsForScopeSet.contains(entry.getKey()) || extractUserInfoClaimsIntoSet.contains(entry.getKey())) {
                if (extractUserInfoClaimsIntoSet2.isEmpty() || extractUserInfoClaimsIntoSet2.contains(entry.getKey())) {
                    jsonObject3.add(entry.getKey(), entry.getValue());
                }
            }
        }
        return jsonObject3;
    }

    private Set<String> extractUserInfoClaimsIntoSet(JsonObject jsonObject) {
        JsonObject asJsonObject;
        HashSet hashSet = new HashSet();
        if (jsonObject != null && (asJsonObject = jsonObject.getAsJsonObject(UserInfoEndpoint.URL)) != null) {
            Iterator<Map.Entry<String, JsonElement>> it = asJsonObject.entrySet().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getKey());
            }
        }
        return hashSet;
    }
}
