package org.iplass.mtp.impl.auth.oauth;

import java.util.ArrayList;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.iplass.mtp.auth.AuthContext;
import org.iplass.mtp.auth.oauth.definition.ClientPolicyDefinition;
import org.iplass.mtp.auth.oauth.definition.ClientType;
import org.iplass.mtp.auth.oauth.definition.GrantType;
import org.iplass.mtp.auth.oauth.definition.OAuthAuthorizationDefinition;
import org.iplass.mtp.auth.oauth.definition.ScopeDefinition;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.impl.auth.oauth.MetaClientPolicy;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthClient;
import org.iplass.mtp.impl.auth.oauth.MetaOIDCClaimScope;
import org.iplass.mtp.impl.auth.oauth.MetaSubjectIdentifierType;
import org.iplass.mtp.impl.auth.oauth.code.AuthorizationCode;
import org.iplass.mtp.impl.auth.oauth.code.AuthorizationRequest;
import org.iplass.mtp.impl.auth.oauth.idtoken.IdToken;
import org.iplass.mtp.impl.auth.oauth.token.AccessToken;
import org.iplass.mtp.impl.auth.oauth.token.RefreshToken;
import org.iplass.mtp.impl.auth.oauth.util.IdTokenConstants;
import org.iplass.mtp.impl.auth.oauth.util.OAuthConstants;
import org.iplass.mtp.impl.auth.oauth.util.OAuthUtil;
import org.iplass.mtp.impl.definition.DefinableMetaData;
import org.iplass.mtp.impl.metadata.BaseMetaDataRuntime;
import org.iplass.mtp.impl.metadata.BaseRootMetaData;
import org.iplass.mtp.impl.metadata.MetaDataConfig;
import org.iplass.mtp.impl.util.ObjectUtil;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.web.template.TemplateUtil;

/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/MetaOAuthAuthorization.class */
public class MetaOAuthAuthorization extends BaseRootMetaData implements DefinableMetaData<OAuthAuthorizationDefinition> {
    private static final long serialVersionUID = 3413613829144055452L;
    private static List<MetaScope> standardScopes = new ArrayList();
    private List<String> availableRoles;
    private List<MetaScope> scopes;
    private String consentTemplateName;
    private List<MetaClientPolicy> clientPolicies;
    private MetaSubjectIdentifierType subjectIdentifierType;
    private String issuerUri;

    /* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/MetaOAuthAuthorization$OAuthAuthorizationRuntime.class */
    public class OAuthAuthorizationRuntime extends BaseMetaDataRuntime {
        private OAuthAuthorizationService service;
        private OAuthClientService clientService;
        private EnumMap<ClientType, MetaClientPolicy.ClientPolicyRuntime> clientPolicyRuntimeMap;
        private MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime subjectIdentifierTypeRuntime;
        private Map<String, MetaScope> scopeMap;
        private Map<String, MetaOIDCClaimScope.OIDCClaimScopeRuntime> oidcClaimScopeMap;

        private OAuthAuthorizationRuntime() {
            this.service = (OAuthAuthorizationService) ServiceRegistry.getRegistry().getService(OAuthAuthorizationService.class);
            this.clientService = (OAuthClientService) ServiceRegistry.getRegistry().getService(OAuthClientService.class);
            try {
                boolean z = false;
                this.clientPolicyRuntimeMap = new EnumMap<>(ClientType.class);
                if (MetaOAuthAuthorization.this.clientPolicies != null) {
                    for (MetaClientPolicy metaClientPolicy : MetaOAuthAuthorization.this.clientPolicies) {
                        this.clientPolicyRuntimeMap.put((EnumMap<ClientType, MetaClientPolicy.ClientPolicyRuntime>) metaClientPolicy.getClientType(), (ClientType) metaClientPolicy.createRuntime(MetaOAuthAuthorization.this));
                        z = z || metaClientPolicy.isSupportOpenIDConnect();
                    }
                }
                if (MetaOAuthAuthorization.this.subjectIdentifierType == null && z) {
                    throw new NullPointerException("subjectIdentifierType must be specified for OpenID Connect");
                }
                if (MetaOAuthAuthorization.this.subjectIdentifierType != null) {
                    this.subjectIdentifierTypeRuntime = MetaOAuthAuthorization.this.subjectIdentifierType.createRuntime();
                }
                this.scopeMap = new HashMap();
                this.oidcClaimScopeMap = new HashMap();
                if (MetaOAuthAuthorization.this.scopes != null) {
                    for (MetaScope metaScope : MetaOAuthAuthorization.this.scopes) {
                        this.scopeMap.put(metaScope.getName(), metaScope);
                        if (metaScope instanceof MetaOIDCClaimScope) {
                            this.oidcClaimScopeMap.put(metaScope.getName(), ((MetaOIDCClaimScope) metaScope).createRuntime(MetaOAuthAuthorization.this.getName()));
                        }
                    }
                }
                for (MetaScope metaScope2 : MetaOAuthAuthorization.standardScopes) {
                    if (!this.scopeMap.containsKey(metaScope2.getName())) {
                        this.scopeMap.put(metaScope2.getName(), metaScope2);
                    }
                }
            } catch (RuntimeException e) {
                setIllegalStateException(e);
            }
        }

        /* renamed from: getMetaData, reason: merged with bridge method [inline-methods] */
        public MetaOAuthAuthorization m41getMetaData() {
            return MetaOAuthAuthorization.this;
        }

        public MetaSubjectIdentifierType.SubjectIdentifierTypeRuntime getSubjectIdentifierType() {
            return this.subjectIdentifierTypeRuntime;
        }

        public void checkValidAuthorizationRequest(AuthorizationRequest authorizationRequest) {
            if (authorizationRequest.getClientId() == null) {
                throw new OAuthApplicationException("invalid_request", "client_id required.");
            }
            MetaOAuthClient.OAuthClientRuntime runtimeByName = this.clientService.getRuntimeByName(authorizationRequest.getClientId());
            if (runtimeByName == null) {
                throw new IllegalArgumentException("OAuthClient not found:" + authorizationRequest.getClientId());
            }
            if (!runtimeByName.m47getMetaData().getAuthorizationServerId().equals(MetaOAuthAuthorization.this.getId())) {
                throw new IllegalArgumentException("OAuthClient is not registered to AuthServer:" + authorizationRequest.getClientId());
            }
            if (runtimeByName.m47getMetaData().getGrantTypes() == null || !runtimeByName.m47getMetaData().getGrantTypes().contains(GrantType.AUTHORIZATION_CODE)) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_UNAUTHORIZED_CLIENT, "grant_type not allowed.");
            }
            if (authorizationRequest.getRedirectUri() == null) {
                throw new OAuthApplicationException("invalid_request", "redirect_uri required.");
            }
            if (authorizationRequest.getResponseTypes() == null || authorizationRequest.getResponseTypes().size() == 0) {
                throw new OAuthApplicationException("invalid_request", "response_type required.");
            }
            Iterator<String> it = authorizationRequest.getResponseTypes().iterator();
            while (it.hasNext()) {
                if (!"code".equals(it.next())) {
                    throw new OAuthApplicationException(OAuthConstants.ERROR_UNSUPPORTED_RESPONSE_TYPE, "invalid response_type.");
                }
            }
            if (authorizationRequest.getScopes() == null || authorizationRequest.getScopes().size() == 0) {
                throw new OAuthApplicationException("invalid_request", "scope required.");
            }
            if (!getClientPolicy(runtimeByName.m47getMetaData().getClientType()).scopeList().containsAll(authorizationRequest.getScopes())) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_INVALID_SCOPE, "invalid scope.");
            }
            if (this.service.isParamStateRequired() && authorizationRequest.getState() == null) {
                throw new OAuthApplicationException("invalid_request", "state required.");
            }
            if (this.service.isParamNonceRequired() && authorizationRequest.getNonce() == null) {
                throw new OAuthApplicationException("invalid_request", "nonce required.");
            }
            if (authorizationRequest.getResponseMode() != null && !OAuthConstants.RESPONSE_MODE_FORM_POST.equals(authorizationRequest.getResponseMode()) && !"query".equals(authorizationRequest.getResponseMode()) && !OAuthConstants.RESPONSE_MODE_FRAGMENT.equals(authorizationRequest.getResponseMode())) {
                throw new OAuthApplicationException("invalid_request", "invalid response_mode.");
            }
            if (authorizationRequest.getCodeChallenge() != null || authorizationRequest.getCodeChallengeMethod() != null) {
                if (authorizationRequest.getCodeChallenge() == null) {
                    throw new OAuthApplicationException("invalid_request", "code_challenge required.");
                }
                if (this.service.isForceS256ForCodeChallengeMethod()) {
                    if (!OAuthConstants.CODE_CHALLENGE_METHOD_S256.equals(authorizationRequest.getCodeChallengeMethod())) {
                        throw new OAuthApplicationException("invalid_request", "code_challenge_method only support S256.");
                    }
                } else if (authorizationRequest.getCodeChallengeMethod() != null && (!OAuthConstants.CODE_CHALLENGE_METHOD_S256.equals(authorizationRequest.getCodeChallengeMethod()) || !OAuthConstants.CODE_CHALLENGE_METHOD_PLAIN.equals(authorizationRequest.getCodeChallengeMethod()))) {
                    throw new OAuthApplicationException("invalid_request", "invalid code_challenge_method.");
                }
            } else if (this.service.isForcePKCE() && runtimeByName.m47getMetaData().getClientType() == ClientType.PUBLIC) {
                throw new OAuthApplicationException("invalid_request", "PKCE required for public clients.");
            }
            if (authorizationRequest.getPrompt() != null && authorizationRequest.getPrompt().size() > 0) {
                if (!authorizationRequest.getPrompt().contains(OAuthConstants.PROMPT_NONE)) {
                    if (authorizationRequest.getPrompt().size() > 2) {
                        throw new OAuthApplicationException("invalid_request", "invalid prompt.");
                    }
                    for (String str : authorizationRequest.getPrompt()) {
                        if (!str.equals(OAuthConstants.PROMPT_CONSENT) && !str.equals(OAuthConstants.PROMPT_LOGIN)) {
                            throw new OAuthApplicationException("invalid_request", "invalid prompt.");
                        }
                    }
                } else if (authorizationRequest.getPrompt().size() != 1) {
                    throw new OAuthApplicationException("invalid_request", "invalid prompt.");
                }
            }
            if (authorizationRequest.getMaxAge() != null && authorizationRequest.getMaxAge().longValue() < 0) {
                throw new OAuthApplicationException("invalid_request", "invalid max_age.");
            }
        }

        public MetaClientPolicy.ClientPolicyRuntime getClientPolicy(ClientType clientType) {
            return this.clientPolicyRuntimeMap.get(clientType);
        }

        public List<MetaScope> getScopeByName(List<String> list) {
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                MetaScope metaScope = this.scopeMap.get(it.next());
                if (metaScope != null) {
                    arrayList.add(metaScope);
                }
            }
            return arrayList;
        }

        public MetaScope getScope(String str) {
            return this.scopeMap.get(str);
        }

        public MetaOIDCClaimScope.OIDCClaimScopeRuntime getOIDCClaimScope(String str) {
            return this.oidcClaimScopeMap.get(str);
        }

        public boolean isNeedConsent(RequestContext requestContext, AuthorizationRequest authorizationRequest) {
            MetaOAuthClient.OAuthClientRuntime runtimeByName = this.clientService.getRuntimeByName(authorizationRequest.getClientId());
            MetaClientPolicy.ClientPolicyRuntime clientPolicyRuntime = this.clientPolicyRuntimeMap.get(runtimeByName.m47getMetaData().getClientType());
            return clientPolicyRuntime.consentType().needConsent(requestContext, authorizationRequest.getScopes(), this.service.getAccessTokenStore().getAccessTokenByUserOid(runtimeByName, AuthContext.getCurrentContext().getUser().getOid()));
        }

        public AuthorizationCode generateCode(AuthorizationRequest authorizationRequest) {
            AuthContext currentContext = AuthContext.getCurrentContext();
            authorizationRequest.setUser(currentContext.getUser());
            authorizationRequest.setAuthTime(currentContext.getAuthTime());
            return this.service.getAuthorizationCodeStore().newAuthorizationCode(authorizationRequest);
        }

        public String consentTemplateName() {
            return MetaOAuthAuthorization.this.consentTemplateName != null ? MetaOAuthAuthorization.this.consentTemplateName : this.service.getDefaultConsentTemplateName();
        }

        public boolean hasAvailableRole() {
            if (MetaOAuthAuthorization.this.availableRoles == null) {
                return false;
            }
            AuthContext currentContext = AuthContext.getCurrentContext();
            for (String str : MetaOAuthAuthorization.this.availableRoles) {
                if ("*".equals(str) || currentContext.userInRole(str)) {
                    return true;
                }
            }
            return false;
        }

        public OAuthTokens exchangeCodeToToken(String str, String str2, String str3, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime) {
            if (!MetaOAuthAuthorization.this.getId().equals(oAuthClientRuntime.m47getMetaData().getAuthorizationServerId())) {
                throw new OAuthRuntimeException("client's authServer is unmatch");
            }
            AuthorizationCode andRemoveAuthorizationCode = this.service.getAuthorizationCodeStore().getAndRemoveAuthorizationCode(str);
            if (andRemoveAuthorizationCode == null || !andRemoveAuthorizationCode.getRequest().getClientId().equals(oAuthClientRuntime.m47getMetaData().getName()) || !andRemoveAuthorizationCode.getRequest().getRedirectUri().equals(str2) || andRemoveAuthorizationCode.getExpires() < System.currentTimeMillis()) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_INVALID_GRANT, "invalid code/redirect_uri/client_id/code_verifier.");
            }
            if (andRemoveAuthorizationCode.getRequest().getCodeChallenge() != null) {
                if (!andRemoveAuthorizationCode.getRequest().getCodeChallenge().equals(OAuthUtil.calcCodeChallenge(andRemoveAuthorizationCode.getRequest().getCodeChallengeMethod(), str3))) {
                    throw new OAuthApplicationException(OAuthConstants.ERROR_INVALID_GRANT, "invalid code/redirect_uri/client_id/code_verifier.");
                }
            } else if (str3 != null) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_INVALID_GRANT, "invalid code/redirect_uri/client_id/code_verifier.");
            }
            AccessToken createAccessToken = this.service.getAccessTokenStore().createAccessToken(oAuthClientRuntime, andRemoveAuthorizationCode.getRequest().getUser().getOid(), andRemoveAuthorizationCode.getRequest().getScopes());
            IdToken idToken = null;
            if (andRemoveAuthorizationCode.getRequest().getScopes().contains(OAuthConstants.SCOPE_OPENID)) {
                idToken = new IdToken(andRemoveAuthorizationCode, createAccessToken, this, oAuthClientRuntime, this.service);
            }
            return new OAuthTokens(createAccessToken, idToken);
        }

        public AccessToken refreshToken(String str, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime) {
            if (!MetaOAuthAuthorization.this.getId().equals(oAuthClientRuntime.m47getMetaData().getAuthorizationServerId())) {
                throw new OAuthRuntimeException("client's authServer is unmatch");
            }
            if (oAuthClientRuntime.m47getMetaData().getGrantTypes() == null || !oAuthClientRuntime.m47getMetaData().getGrantTypes().contains(GrantType.REFRESH_TOKEN)) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_UNAUTHORIZED_CLIENT, "grant_type not allowed.");
            }
            if (!this.clientPolicyRuntimeMap.get(oAuthClientRuntime.m47getMetaData().getClientType()).getMetaData().isSupportRefreshToken()) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_UNAUTHORIZED_CLIENT, "grant_type not allowed.");
            }
            RefreshToken refreshToken = this.service.getAccessTokenStore().getRefreshToken(str);
            if (refreshToken == null) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_INVALID_GRANT, "invalid refresh_token.");
            }
            if (refreshToken.getExpiresIn() <= 0) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_INVALID_GRANT, "invalid refresh_token.");
            }
            if (!refreshToken.getClientId().equals(oAuthClientRuntime.m47getMetaData().getName())) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_INVALID_GRANT, "invalid refresh_token.");
            }
            AccessToken createAccessToken = this.service.getAccessTokenStore().createAccessToken(oAuthClientRuntime, refreshToken);
            if (createAccessToken == null) {
                throw new OAuthApplicationException(OAuthConstants.ERROR_INVALID_GRANT, "invalid refresh_token.");
            }
            return createAccessToken;
        }

        public void revoke(String str, String str2, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime) {
            if (!MetaOAuthAuthorization.this.getId().equals(oAuthClientRuntime.m47getMetaData().getAuthorizationServerId())) {
                throw new OAuthRuntimeException("client's authServer is unmatch");
            }
            this.service.getAccessTokenStore().revokeToken(oAuthClientRuntime, str, str2);
        }

        public String issuerId(RequestContext requestContext) {
            if (MetaOAuthAuthorization.this.issuerUri != null) {
                return MetaOAuthAuthorization.this.issuerUri;
            }
            HttpServletRequest httpServletRequest = (HttpServletRequest) requestContext.getAttribute("servletRequest");
            StringBuilder sb = new StringBuilder();
            if (httpServletRequest.isSecure()) {
                sb.append("https://");
            } else {
                sb.append("http://");
            }
            sb.append(httpServletRequest.getServerName());
            int serverPort = httpServletRequest.getServerPort();
            if ((httpServletRequest.isSecure() && serverPort != 443) || (!httpServletRequest.isSecure() && serverPort != 80)) {
                sb.append(':').append(serverPort);
            }
            sb.append(TemplateUtil.getTenantContextPath());
            sb.append("/oauth");
            if (!"DEFAULT".equals(MetaOAuthAuthorization.this.getName())) {
                sb.append("/");
                sb.append(MetaOAuthAuthorization.this.getName());
            }
            return sb.toString();
        }

        public Map<String, Object> userInfo(AccessToken accessToken, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime) {
            if (!MetaOAuthAuthorization.this.getId().equals(oAuthClientRuntime.m47getMetaData().getAuthorizationServerId())) {
                throw new OAuthRuntimeException("client's authServer is unmatch");
            }
            HashMap hashMap = new HashMap();
            Iterator<String> it = accessToken.getGrantedScopes().iterator();
            while (it.hasNext()) {
                MetaOIDCClaimScope.OIDCClaimScopeRuntime oIDCClaimScope = getOIDCClaimScope(it.next());
                if (oIDCClaimScope != null) {
                    oIDCClaimScope.map(accessToken.getUser(), hashMap);
                }
            }
            hashMap.put(IdTokenConstants.CLAIM_SUB, getSubjectIdentifierType().subjectId(accessToken.getUser(), oAuthClientRuntime));
            return hashMap;
        }
    }

    public String getIssuerUri() {
        return this.issuerUri;
    }

    public void setIssuerUri(String str) {
        this.issuerUri = str;
    }

    public MetaSubjectIdentifierType getSubjectIdentifierType() {
        return this.subjectIdentifierType;
    }

    public void setSubjectIdentifierType(MetaSubjectIdentifierType metaSubjectIdentifierType) {
        this.subjectIdentifierType = metaSubjectIdentifierType;
    }

    public List<MetaClientPolicy> getClientPolicies() {
        return this.clientPolicies;
    }

    public void setClientPolicies(List<MetaClientPolicy> list) {
        this.clientPolicies = list;
    }

    public List<String> getAvailableRoles() {
        return this.availableRoles;
    }

    public void setAvailableRoles(List<String> list) {
        this.availableRoles = list;
    }

    public String getConsentTemplateName() {
        return this.consentTemplateName;
    }

    public void setConsentTemplateName(String str) {
        this.consentTemplateName = str;
    }

    public List<MetaScope> getScopes() {
        return this.scopes;
    }

    public void setScopes(List<MetaScope> list) {
        this.scopes = list;
    }

    /* renamed from: createRuntime, reason: merged with bridge method [inline-methods] */
    public OAuthAuthorizationRuntime m38createRuntime(MetaDataConfig metaDataConfig) {
        return new OAuthAuthorizationRuntime();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: copy, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public MetaOAuthAuthorization m39copy() {
        return (MetaOAuthAuthorization) ObjectUtil.deepCopy(this);
    }

    public void applyConfig(OAuthAuthorizationDefinition oAuthAuthorizationDefinition) {
        this.name = oAuthAuthorizationDefinition.getName();
        this.description = oAuthAuthorizationDefinition.getDescription();
        this.displayName = oAuthAuthorizationDefinition.getDisplayName();
        if (oAuthAuthorizationDefinition.getAvailableRoles() != null) {
            this.availableRoles = new ArrayList(oAuthAuthorizationDefinition.getAvailableRoles());
        } else {
            this.availableRoles = null;
        }
        if (oAuthAuthorizationDefinition.getScopes() != null) {
            this.scopes = new ArrayList();
            for (ScopeDefinition scopeDefinition : oAuthAuthorizationDefinition.getScopes()) {
                MetaScope createInstance = MetaScope.createInstance(scopeDefinition);
                createInstance.applyConfig(scopeDefinition);
                this.scopes.add(createInstance);
            }
        } else {
            this.scopes = null;
        }
        this.consentTemplateName = oAuthAuthorizationDefinition.getConsentTemplateName();
        if (oAuthAuthorizationDefinition.getClientPolicies() != null) {
            this.clientPolicies = new ArrayList();
            for (ClientPolicyDefinition clientPolicyDefinition : oAuthAuthorizationDefinition.getClientPolicies()) {
                MetaClientPolicy metaClientPolicy = new MetaClientPolicy();
                metaClientPolicy.applyConfig(clientPolicyDefinition);
                this.clientPolicies.add(metaClientPolicy);
            }
        } else {
            this.clientPolicies = null;
        }
        if (oAuthAuthorizationDefinition.getSubjectIdentifierType() != null) {
            this.subjectIdentifierType = MetaSubjectIdentifierType.createInstance(oAuthAuthorizationDefinition.getSubjectIdentifierType());
            this.subjectIdentifierType.applyConfig(oAuthAuthorizationDefinition.getSubjectIdentifierType());
        } else {
            this.subjectIdentifierType = null;
        }
        this.issuerUri = oAuthAuthorizationDefinition.getIssuerUri();
    }

    /* renamed from: currentConfig, reason: merged with bridge method [inline-methods] */
    public OAuthAuthorizationDefinition m40currentConfig() {
        OAuthAuthorizationDefinition oAuthAuthorizationDefinition = new OAuthAuthorizationDefinition();
        oAuthAuthorizationDefinition.setName(this.name);
        oAuthAuthorizationDefinition.setDescription(this.description);
        oAuthAuthorizationDefinition.setDisplayName(this.displayName);
        if (this.availableRoles != null) {
            oAuthAuthorizationDefinition.setAvailableRoles(new ArrayList(this.availableRoles));
        }
        if (this.scopes != null) {
            ArrayList arrayList = new ArrayList();
            Iterator<MetaScope> it = this.scopes.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().currentConfig());
            }
            oAuthAuthorizationDefinition.setScopes(arrayList);
        }
        oAuthAuthorizationDefinition.setConsentTemplateName(this.consentTemplateName);
        if (this.clientPolicies != null) {
            ArrayList arrayList2 = new ArrayList();
            Iterator<MetaClientPolicy> it2 = this.clientPolicies.iterator();
            while (it2.hasNext()) {
                arrayList2.add(it2.next().currentConfig());
            }
            oAuthAuthorizationDefinition.setClientPolicies(arrayList2);
        }
        if (this.subjectIdentifierType != null) {
            oAuthAuthorizationDefinition.setSubjectIdentifierType(this.subjectIdentifierType.currentConfig());
        }
        oAuthAuthorizationDefinition.setIssuerUri(this.issuerUri);
        return oAuthAuthorizationDefinition;
    }

    static {
        standardScopes.add(new MetaScope(OAuthConstants.SCOPE_OFFLINE_ACCESS, "Offline Access", "Application requres offline access to your resources."));
        standardScopes.add(new MetaScope(OAuthConstants.SCOPE_OPENID, "OpenID", "Application requires your public identifier(OpenID)."));
    }
}
