package org.keycloak.testsuite.rest.resource;

import com.fasterxml.jackson.annotation.JsonProperty;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Stream;
import javax.crypto.spec.SecretKeySpec;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.PemUtils;
import org.keycloak.crypto.AsymmetricSignatureSignerContext;
import org.keycloak.crypto.JavaAlgorithm;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.KeyWrapper;
import org.keycloak.crypto.MacSignatureSignerContext;
import org.keycloak.crypto.ServerECDSASignatureSignerContext;
import org.keycloak.crypto.ServerEdDSASignatureSignerContext;
import org.keycloak.jose.jwk.JSONWebKeySet;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jwk.JWKBuilder;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.protocol.oidc.grants.ciba.channel.AuthenticationChannelRequest;
import org.keycloak.protocol.oidc.grants.ciba.endpoints.ClientNotificationEndpointRequest;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.clientpolicy.executor.IntentClientBindCheckExecutor;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.testsuite.federation.HardcodedClientStorageProviderFactory;
import org.keycloak.testsuite.rest.TestApplicationResourceProviderFactory;
import org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/rest/resource/TestingOIDCEndpointsApplicationResource.class */
public class TestingOIDCEndpointsApplicationResource {
    public static final String PRIVATE_KEY = "privateKey";
    public static final String PUBLIC_KEY = "publicKey";
    private final TestApplicationResourceProviderFactory.OIDCClientData clientData;
    private final ConcurrentMap<String, TestAuthenticationChannelRequest> authenticationChannelRequests;
    private final ConcurrentMap<String, ClientNotificationEndpointRequest> cibaClientNotifications;
    private final ConcurrentMap<String, String> intentClientBindings;
    private static final String ChannelRequestDummyKey = "channel_request_dummy_key";

    /* loaded from: input_file:org/keycloak/testsuite/rest/resource/TestingOIDCEndpointsApplicationResource$AuthorizationEndpointRequestObject.class */
    public static class AuthorizationEndpointRequestObject extends JsonWebToken {

        @JsonProperty(HardcodedClientStorageProviderFactory.CLIENT_ID)
        String clientId;

        @JsonProperty("response_type")
        String responseType;

        @JsonProperty("response_mode")
        String responseMode;

        @JsonProperty(HardcodedClientStorageProviderFactory.REDIRECT_URI)
        String redirectUriParam;

        @JsonProperty("state")
        String state;

        @JsonProperty("scope")
        String scope;

        @JsonProperty("login_hint")
        String loginHint;

        @JsonProperty("prompt")
        String prompt;

        @JsonProperty("nonce")
        String nonce;
        Integer max_age;

        @JsonProperty("ui_locales")
        String uiLocales;

        @JsonProperty("acr_values")
        String acr;

        @JsonProperty("display")
        String display;

        @JsonProperty("code_challenge")
        String codeChallenge;

        @JsonProperty("code_challenge_method")
        String codeChallengeMethod;

        @JsonProperty("kc_idp_hint")
        String idpHint;

        @JsonProperty("kc_action")
        String action;

        @JsonProperty("client_notification_token")
        String clientNotificationToken;

        @JsonProperty("login_hint_token")
        String loginHintToken;

        @JsonProperty("id_token_hint")
        String idTokenHint;

        @JsonProperty("user_code")
        String userCode;

        @JsonProperty("binding_message")
        String bindingMessage;
        Integer requested_expiry;

        public String getClientId() {
            return this.clientId;
        }

        public void setClientId(String str) {
            this.clientId = str;
        }

        public String getResponseType() {
            return this.responseType;
        }

        public void setResponseType(String str) {
            this.responseType = str;
        }

        public String getResponseMode() {
            return this.responseMode;
        }

        public void setResponseMode(String str) {
            this.responseMode = str;
        }

        public String getRedirectUriParam() {
            return this.redirectUriParam;
        }

        public void setRedirectUriParam(String str) {
            this.redirectUriParam = str;
        }

        public String getState() {
            return this.state;
        }

        public void setState(String str) {
            this.state = str;
        }

        public String getScope() {
            return this.scope;
        }

        public void setScope(String str) {
            this.scope = str;
        }

        public String getLoginHint() {
            return this.loginHint;
        }

        public void setLoginHint(String str) {
            this.loginHint = str;
        }

        public String getPrompt() {
            return this.prompt;
        }

        public void setPrompt(String str) {
            this.prompt = str;
        }

        public String getNonce() {
            return this.nonce;
        }

        public void setNonce(String str) {
            this.nonce = str;
        }

        public Integer getMax_age() {
            return this.max_age;
        }

        public void setMax_age(Integer num) {
            this.max_age = num;
        }

        public String getUiLocales() {
            return this.uiLocales;
        }

        public void setUiLocales(String str) {
            this.uiLocales = str;
        }

        public String getAcr() {
            return this.acr;
        }

        public void setAcr(String str) {
            this.acr = str;
        }

        public String getCodeChallenge() {
            return this.codeChallenge;
        }

        public void setCodeChallenge(String str) {
            this.codeChallenge = str;
        }

        public String getCodeChallengeMethod() {
            return this.codeChallengeMethod;
        }

        public void setCodeChallengeMethod(String str) {
            this.codeChallengeMethod = str;
        }

        public String getDisplay() {
            return this.display;
        }

        public void setDisplay(String str) {
            this.display = str;
        }

        public String getIdpHint() {
            return this.idpHint;
        }

        public void setIdpHint(String str) {
            this.idpHint = str;
        }

        public String getAction() {
            return this.action;
        }

        public void setAction(String str) {
            this.action = str;
        }

        public String getClientNotificationToken() {
            return this.clientNotificationToken;
        }

        public void setClientNotificationToken(String str) {
            this.clientNotificationToken = str;
        }

        public String getLoginHintToken() {
            return this.loginHintToken;
        }

        public void setLoginHintToken(String str) {
            this.loginHintToken = str;
        }

        public String getIdTokenHint() {
            return this.idTokenHint;
        }

        public void setIdTokenHint(String str) {
            this.idTokenHint = str;
        }

        public String getBindingMessage() {
            return this.bindingMessage;
        }

        public void setBindingMessage(String str) {
            this.bindingMessage = str;
        }

        public String getUserCode() {
            return this.userCode;
        }

        public void setUserCode(String str) {
            this.userCode = str;
        }

        public Integer getRequested_expiry() {
            return this.requested_expiry;
        }

        public void setRequested_expiry(Integer num) {
            this.requested_expiry = num;
        }
    }

    public TestingOIDCEndpointsApplicationResource(TestApplicationResourceProviderFactory.OIDCClientData oIDCClientData, ConcurrentMap<String, TestAuthenticationChannelRequest> concurrentMap, ConcurrentMap<String, ClientNotificationEndpointRequest> concurrentMap2, ConcurrentMap<String, String> concurrentMap3) {
        this.clientData = oIDCClientData;
        this.authenticationChannelRequests = concurrentMap;
        this.cibaClientNotifications = concurrentMap2;
        this.intentClientBindings = concurrentMap3;
    }

    @Produces({"application/json"})
    @NoCache
    @GET
    @Path("/generate-keys")
    public Map<String, String> generateKeys(@QueryParam("jwaAlgorithm") String str, @QueryParam("crv") String str2, @QueryParam("advertiseJWKAlgorithm") Boolean bool, @QueryParam("keepExistingKeys") Boolean bool2, @QueryParam("kid") String str3) {
        String str4;
        KeyPair generateRsaKeyPair;
        try {
            KeyUse keyUse = KeyUse.SIG;
            if (str == null) {
                str = "RS256";
            }
            String str5 = str;
            boolean z = -1;
            switch (str5.hashCode()) {
                case -1868738169:
                    if (str5.equals("RSA1_5")) {
                        z = 10;
                        break;
                    }
                    break;
                case -890830960:
                    if (str5.equals("RSA-OAEP-256")) {
                        z = 12;
                        break;
                    }
                    break;
                case -565207670:
                    if (str5.equals("RSA-OAEP")) {
                        z = 11;
                        break;
                    }
                    break;
                case 66245349:
                    if (str5.equals("ES256")) {
                        z = 6;
                        break;
                    }
                    break;
                case 66246401:
                    if (str5.equals("ES384")) {
                        z = 7;
                        break;
                    }
                    break;
                case 66248104:
                    if (str5.equals("ES512")) {
                        z = 8;
                        break;
                    }
                    break;
                case 66770035:
                    if (str5.equals("EdDSA")) {
                        z = 9;
                        break;
                    }
                    break;
                case 76404080:
                    if (str5.equals("PS256")) {
                        z = 3;
                        break;
                    }
                    break;
                case 76405132:
                    if (str5.equals("PS384")) {
                        z = 4;
                        break;
                    }
                    break;
                case 76406835:
                    if (str5.equals("PS512")) {
                        z = 5;
                        break;
                    }
                    break;
                case 78251122:
                    if (str5.equals("RS256")) {
                        z = false;
                        break;
                    }
                    break;
                case 78252174:
                    if (str5.equals("RS384")) {
                        z = true;
                        break;
                    }
                    break;
                case 78253877:
                    if (str5.equals("RS512")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case true:
                case true:
                case true:
                case true:
                case true:
                    str4 = "RSA";
                    generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
                    break;
                case true:
                    str4 = "EC";
                    generateRsaKeyPair = generateEcdsaKey("secp256r1");
                    break;
                case true:
                    str4 = "EC";
                    generateRsaKeyPair = generateEcdsaKey("secp384r1");
                    break;
                case true:
                    str4 = "EC";
                    generateRsaKeyPair = generateEcdsaKey("secp521r1");
                    break;
                case true:
                    if (str2 == null) {
                        str2 = "Ed25519";
                    }
                    str4 = "OKP";
                    generateRsaKeyPair = generateEddsaKey(str2);
                    break;
                case true:
                case true:
                case true:
                    str4 = "RSA";
                    keyUse = KeyUse.ENC;
                    generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
                    break;
                default:
                    throw new RuntimeException("Unsupported signature algorithm");
            }
            TestApplicationResourceProviderFactory.OIDCKeyData oIDCKeyData = new TestApplicationResourceProviderFactory.OIDCKeyData();
            oIDCKeyData.setKid(str3);
            oIDCKeyData.setKeyPair(generateRsaKeyPair);
            oIDCKeyData.setKeyType(str4);
            oIDCKeyData.setCurve(str2);
            if (bool == null || Boolean.TRUE.equals(bool)) {
                oIDCKeyData.setKeyAlgorithm(str);
            } else {
                oIDCKeyData.setKeyAlgorithm(null);
            }
            oIDCKeyData.setKeyUse(keyUse);
            this.clientData.addKey(oIDCKeyData, bool2 != null && bool2.booleanValue());
            return getKeysAsPem();
        } catch (Exception e) {
            throw new BadRequestException("Error generating signing keypair", e);
        }
    }

    private KeyPair generateEcdsaKey(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec(str), SecureRandom.getInstance("SHA1PRNG"));
        return keyPairGenerator.generateKeyPair();
    }

    private KeyPair generateEddsaKey(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        return KeyPairGenerator.getInstance(str).generateKeyPair();
    }

    @Produces({"application/json"})
    @GET
    @Path("/get-keys-as-pem")
    public Map<String, String> getKeysAsPem() {
        TestApplicationResourceProviderFactory.OIDCKeyData firstKey = this.clientData.getFirstKey();
        String encodeKey = PemUtils.encodeKey(firstKey.getSigningKeyPair().getPrivate());
        String encodeKey2 = PemUtils.encodeKey(firstKey.getSigningKeyPair().getPublic());
        HashMap hashMap = new HashMap();
        hashMap.put(PRIVATE_KEY, encodeKey);
        hashMap.put(PUBLIC_KEY, encodeKey2);
        return hashMap;
    }

    @Produces({"application/json"})
    @GET
    @Path("/get-keys-as-base64")
    public Map<String, String> getKeysAsBase64() {
        TestApplicationResourceProviderFactory.OIDCKeyData firstKey = this.clientData.getFirstKey();
        String encodeBytes = Base64.encodeBytes(firstKey.getSigningKeyPair().getPrivate().getEncoded());
        String encodeBytes2 = Base64.encodeBytes(firstKey.getSigningKeyPair().getPublic().getEncoded());
        HashMap hashMap = new HashMap();
        hashMap.put(PRIVATE_KEY, encodeBytes);
        hashMap.put(PUBLIC_KEY, encodeBytes2);
        return hashMap;
    }

    @Produces({"application/json"})
    @NoCache
    @GET
    @Path("/get-jwks")
    public JSONWebKeySet getJwks() {
        Stream<R> map = this.clientData.getKeys().stream().map(oIDCKeyData -> {
            KeyPair keyPair = oIDCKeyData.getKeyPair();
            String keyAlgorithm = oIDCKeyData.getKeyAlgorithm();
            String keyType = oIDCKeyData.getKeyType();
            KeyUse keyUse = oIDCKeyData.getKeyUse();
            JWKBuilder kid = JWKBuilder.create().algorithm(keyAlgorithm).kid(oIDCKeyData.getKid());
            if ("RSA".equals(keyType)) {
                return kid.rsa(keyPair.getPublic(), keyUse);
            }
            if ("EC".equals(keyType)) {
                return kid.ec(keyPair.getPublic());
            }
            if ("OKP".equals(keyType)) {
                return kid.okp(keyPair.getPublic());
            }
            throw new IllegalArgumentException("Unknown keyType: " + keyType);
        });
        JSONWebKeySet jSONWebKeySet = new JSONWebKeySet();
        jSONWebKeySet.setKeys((JWK[]) map.toArray(i -> {
            return new JWK[i];
        }));
        return jSONWebKeySet;
    }

    @Produces({"application/jwt"})
    @NoCache
    @GET
    @Path("/set-oidc-request")
    public void setOIDCRequest(@QueryParam("realmName") String str, @QueryParam("clientId") String str2, @QueryParam("redirectUri") String str3, @QueryParam("maxAge") String str4, @QueryParam("state") String str5, @QueryParam("jwaAlgorithm") String str6) {
        HashMap hashMap = new HashMap();
        hashMap.put(HardcodedClientStorageProviderFactory.CLIENT_ID, str2);
        hashMap.put("response_type", "code");
        hashMap.put(HardcodedClientStorageProviderFactory.REDIRECT_URI, str3);
        if (str5 != null) {
            hashMap.put("state", str5);
        }
        if (str4 != null) {
            hashMap.put("max_age", Integer.valueOf(Integer.parseInt(str4)));
        }
        setOidcRequest(hashMap, str6);
    }

    @Produces({"application/jwt"})
    @NoCache
    @GET
    @Path("/register-oidc-request")
    public void registerOIDCRequest(@QueryParam("requestObject") String str, @QueryParam("jwaAlgorithm") String str2) {
        setOidcRequest(deserializeOidcRequest(str), str2);
    }

    @Produces({"application/jwt"})
    @NoCache
    @GET
    @Path("/register-oidc-request-symmetric-sig")
    public void registerOIDCRequestSymmetricSig(@QueryParam("requestObject") String str, @QueryParam("jwaAlgorithm") String str2, @QueryParam("clientSecret") String str3) {
        setOidcRequest(deserializeOidcRequest(str), str2, str3);
    }

    private AuthorizationEndpointRequestObject deserializeOidcRequest(String str) {
        try {
            return (AuthorizationEndpointRequestObject) JsonSerialization.readValue(Base64Url.decode(str), AuthorizationEndpointRequestObject.class);
        } catch (IOException e) {
            throw new BadRequestException("deserialize request object failed : " + e.getMessage());
        }
    }

    private void setOidcRequest(Object obj, String str) {
        ServerECDSASignatureSignerContext asymmetricSignatureSignerContext;
        if (!isSupportedAlgorithm(str)) {
            throw new BadRequestException("Unknown argument: " + str);
        }
        if ("none".equals(str)) {
            this.clientData.setOidcRequest(new JWSBuilder().jsonContent(obj).none());
            return;
        }
        if (this.clientData.getFirstKey() == null) {
            throw new BadRequestException("signing key not set");
        }
        TestApplicationResourceProviderFactory.OIDCKeyData firstKey = this.clientData.getFirstKey();
        PrivateKey privateKey = firstKey.getSigningKeyPair().getPrivate();
        String kid = firstKey.getKid() != null ? firstKey.getKid() : KeyUtils.createKeyId(firstKey.getSigningKeyPair().getPublic());
        KeyWrapper keyWrapper = new KeyWrapper();
        keyWrapper.setAlgorithm(firstKey.getSigningKeyAlgorithm());
        keyWrapper.setKid(kid);
        keyWrapper.setPrivateKey(privateKey);
        String signingKeyAlgorithm = firstKey.getSigningKeyAlgorithm();
        boolean z = -1;
        switch (signingKeyAlgorithm.hashCode()) {
            case 66245349:
                if (signingKeyAlgorithm.equals("ES256")) {
                    z = false;
                    break;
                }
                break;
            case 66246401:
                if (signingKeyAlgorithm.equals("ES384")) {
                    z = true;
                    break;
                }
                break;
            case 66248104:
                if (signingKeyAlgorithm.equals("ES512")) {
                    z = 2;
                    break;
                }
                break;
            case 66770035:
                if (signingKeyAlgorithm.equals("EdDSA")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                asymmetricSignatureSignerContext = new ServerECDSASignatureSignerContext(keyWrapper);
                break;
            case true:
                keyWrapper.setCurve(firstKey.getCurve());
                asymmetricSignatureSignerContext = new ServerEdDSASignatureSignerContext(keyWrapper);
                break;
            default:
                asymmetricSignatureSignerContext = new AsymmetricSignatureSignerContext(keyWrapper);
                break;
        }
        this.clientData.setOidcRequest(new JWSBuilder().kid(kid).jsonContent(obj).sign(asymmetricSignatureSignerContext));
    }

    private void setOidcRequest(Object obj, String str, String str2) {
        if (!isSupportedAlgorithm(str)) {
            throw new BadRequestException("Unknown argument: " + str);
        }
        if ("none".equals(str)) {
            this.clientData.setOidcRequest(new JWSBuilder().jsonContent(obj).none());
            return;
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 69015912:
                if (str.equals("HS256")) {
                    z = false;
                    break;
                }
                break;
            case 69016964:
                if (str.equals("HS384")) {
                    z = true;
                    break;
                }
                break;
            case 69018667:
                if (str.equals("HS512")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                KeyWrapper keyWrapper = new KeyWrapper();
                SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), JavaAlgorithm.getJavaAlgorithm(str));
                keyWrapper.setSecretKey(secretKeySpec);
                String createKeyId = KeyUtils.createKeyId(secretKeySpec);
                keyWrapper.setKid(createKeyId);
                keyWrapper.setAlgorithm(str);
                keyWrapper.setUse(KeyUse.SIG);
                keyWrapper.setType("OCT");
                this.clientData.setOidcRequest(new JWSBuilder().kid(createKeyId).jsonContent(obj).sign(new MacSignatureSignerContext(keyWrapper)));
                return;
            default:
                throw new BadRequestException("Unknown jwaAlgorithm: " + str);
        }
    }

    private boolean isSupportedAlgorithm(String str) {
        if (str == null) {
            return false;
        }
        boolean z = false;
        boolean z2 = -1;
        switch (str.hashCode()) {
            case -1868738169:
                if (str.equals("RSA1_5")) {
                    z2 = 14;
                    break;
                }
                break;
            case -890830960:
                if (str.equals("RSA-OAEP-256")) {
                    z2 = 16;
                    break;
                }
                break;
            case -565207670:
                if (str.equals("RSA-OAEP")) {
                    z2 = 15;
                    break;
                }
                break;
            case 3387192:
                if (str.equals("none")) {
                    z2 = false;
                    break;
                }
                break;
            case 66245349:
                if (str.equals("ES256")) {
                    z2 = 7;
                    break;
                }
                break;
            case 66246401:
                if (str.equals("ES384")) {
                    z2 = 8;
                    break;
                }
                break;
            case 66248104:
                if (str.equals("ES512")) {
                    z2 = 9;
                    break;
                }
                break;
            case 66770035:
                if (str.equals("EdDSA")) {
                    z2 = 10;
                    break;
                }
                break;
            case 69015912:
                if (str.equals("HS256")) {
                    z2 = 11;
                    break;
                }
                break;
            case 69016964:
                if (str.equals("HS384")) {
                    z2 = 12;
                    break;
                }
                break;
            case 69018667:
                if (str.equals("HS512")) {
                    z2 = 13;
                    break;
                }
                break;
            case 76404080:
                if (str.equals("PS256")) {
                    z2 = 4;
                    break;
                }
                break;
            case 76405132:
                if (str.equals("PS384")) {
                    z2 = 5;
                    break;
                }
                break;
            case 76406835:
                if (str.equals("PS512")) {
                    z2 = 6;
                    break;
                }
                break;
            case 78251122:
                if (str.equals("RS256")) {
                    z2 = true;
                    break;
                }
                break;
            case 78252174:
                if (str.equals("RS384")) {
                    z2 = 2;
                    break;
                }
                break;
            case 78253877:
                if (str.equals("RS512")) {
                    z2 = 3;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
                z = true;
                break;
        }
        return z;
    }

    @Produces({"application/jwt"})
    @NoCache
    @GET
    @Path("/get-oidc-request")
    public String getOIDCRequest() {
        return this.clientData.getOidcRequest();
    }

    @Produces({"application/json"})
    @GET
    @Path("/set-sector-identifier-redirect-uris")
    public void setSectorIdentifierRedirectUris(@QueryParam("redirectUris") List<String> list) {
        this.clientData.setSectorIdentifierRedirectUris(new ArrayList());
        this.clientData.getSectorIdentifierRedirectUris().addAll(list);
    }

    @Produces({"application/json"})
    @GET
    @Path("/get-sector-identifier-redirect-uris")
    public List<String> getSectorIdentifierRedirectUris() {
        return this.clientData.getSectorIdentifierRedirectUris();
    }

    @Produces({"application/json"})
    @NoCache
    @POST
    @Path("/request-authentication-channel")
    @Consumes({"application/json"})
    public Response requestAuthenticationChannel(@Context HttpHeaders httpHeaders, AuthenticationChannelRequest authenticationChannelRequest) {
        String extractAuthorizationHeaderToken = AppAuthManager.extractAuthorizationHeaderToken(httpHeaders);
        try {
            if (((AccessToken) new JWSInput(extractAuthorizationHeaderToken).readJsonContent(AccessToken.class)).getId() == null) {
                throw new BadRequestException("missing parameter : authentication_channel_id");
            }
            if (authenticationChannelRequest.getLoginHint() == null) {
                throw new BadRequestException("missing parameter : login_hint");
            }
            if (authenticationChannelRequest.getConsentRequired() == null) {
                throw new BadRequestException("missing parameter : is_consent_required");
            }
            if (authenticationChannelRequest.getScope() == null) {
                throw new BadRequestException("missing parameter : scope");
            }
            String bindingMessage = authenticationChannelRequest.getBindingMessage();
            if (bindingMessage != null && bindingMessage.equals("GODOWN")) {
                throw new BadRequestException("intentional error : GODOWN");
            }
            if (bindingMessage == null) {
                bindingMessage = ChannelRequestDummyKey;
            }
            this.authenticationChannelRequests.put(bindingMessage, new TestAuthenticationChannelRequest(authenticationChannelRequest, extractAuthorizationHeaderToken));
            return Response.status(Response.Status.CREATED).build();
        } catch (JWSInputException e) {
            throw new RuntimeException("Failed to parse bearer token", e);
        }
    }

    @Produces({"application/json"})
    @NoCache
    @GET
    @Path("/get-authentication-channel")
    public TestAuthenticationChannelRequest getAuthenticationChannel(@QueryParam("bindingMessage") String str) {
        if (str == null) {
            str = ChannelRequestDummyKey;
        }
        return this.authenticationChannelRequests.get(str);
    }

    @Produces({"application/json"})
    @NoCache
    @POST
    @Path("/push-ciba-client-notification")
    @Consumes({"application/json"})
    public Response cibaClientNotificationEndpoint(@Context HttpHeaders httpHeaders, ClientNotificationEndpointRequest clientNotificationEndpointRequest) {
        String extractAuthorizationHeaderToken = AppAuthManager.extractAuthorizationHeaderToken(httpHeaders);
        if (this.cibaClientNotifications.putIfAbsent(extractAuthorizationHeaderToken, clientNotificationEndpointRequest) != null) {
            throw new ErrorResponseException("invalid_request", "There is already entry for clientNotification " + extractAuthorizationHeaderToken + ". Make sure to cleanup after previous tests.", Response.Status.BAD_REQUEST);
        }
        return Response.noContent().build();
    }

    @Produces({"application/json"})
    @NoCache
    @GET
    @Path("/get-pushed-ciba-client-notification")
    public ClientNotificationEndpointRequest getPushedCibaClientNotification(@QueryParam("clientNotificationToken") String str) {
        ClientNotificationEndpointRequest remove = this.cibaClientNotifications.remove(str);
        if (remove == null) {
            remove = new ClientNotificationEndpointRequest();
        }
        return remove;
    }

    @Produces({"application/json"})
    @NoCache
    @GET
    @Path("/bind-intent-with-client")
    public Response bindIntentWithClient(@QueryParam("intentId") String str, @QueryParam("clientId") String str2) {
        this.intentClientBindings.put(str, str2);
        return Response.noContent().build();
    }

    @Produces({"application/json"})
    @NoCache
    @POST
    @Path("/check-intent-client-bound")
    @Consumes({"application/json"})
    public IntentClientBindCheckExecutor.IntentBindCheckResponse checkIntentClientBound(IntentClientBindCheckExecutor.IntentBindCheckRequest intentBindCheckRequest) {
        IntentClientBindCheckExecutor.IntentBindCheckResponse intentBindCheckResponse = new IntentClientBindCheckExecutor.IntentBindCheckResponse();
        intentBindCheckResponse.setIsBound(Boolean.FALSE);
        if (this.intentClientBindings.containsKey(intentBindCheckRequest.getIntentId()) && this.intentClientBindings.get(intentBindCheckRequest.getIntentId()).equals(intentBindCheckRequest.getClientId())) {
            intentBindCheckResponse.setIsBound(Boolean.TRUE);
        }
        return intentBindCheckResponse;
    }
}
