package io.jans.ca.plugin.adminui.service.auth;

import com.google.common.base.Strings;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import io.jans.as.client.TokenRequest;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.config.Constants;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtClaims;
import io.jans.as.model.token.TokenRequestParam;
import io.jans.ca.plugin.adminui.model.auth.TokenResponse;
import io.jans.ca.plugin.adminui.model.auth.UserInfoRequest;
import io.jans.ca.plugin.adminui.model.auth.UserInfoResponse;
import io.jans.ca.plugin.adminui.model.config.AUIConfiguration;
import io.jans.ca.plugin.adminui.model.exception.ApplicationException;
import io.jans.ca.plugin.adminui.service.config.AUIConfigurationService;
import io.jans.ca.plugin.adminui.utils.CommonUtils;
import io.jans.ca.plugin.adminui.utils.ErrorResponse;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;

@Singleton
/* loaded from: input_file:io/jans/ca/plugin/adminui/service/auth/OAuth2Service.class */
public class OAuth2Service {

    @Inject
    Logger log;

    @Inject
    AUIConfigurationService auiConfigurationService;

    public TokenResponse getAccessToken(String str) throws ApplicationException {
        try {
            this.log.debug("Getting access token with code");
            if (Strings.isNullOrEmpty(str)) {
                this.log.error(ErrorResponse.AUTHORIZATION_CODE_BLANK.getDescription());
                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.AUTHORIZATION_CODE_BLANK.getDescription());
            }
            AUIConfiguration aUIConfiguration = this.auiConfigurationService.getAUIConfiguration();
            TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
            tokenRequest.setCode(str);
            tokenRequest.setAuthUsername(aUIConfiguration.getAuthServerClientId());
            tokenRequest.setAuthPassword(aUIConfiguration.getAuthServerClientSecret());
            tokenRequest.setGrantType(GrantType.AUTHORIZATION_CODE);
            tokenRequest.setRedirectUri(aUIConfiguration.getAuthServerRedirectUrl());
            tokenRequest.setScope(aUIConfiguration.getAuthServerScope());
            io.jans.as.client.TokenResponse token = getToken(tokenRequest, aUIConfiguration.getAuthServerTokenEndpoint());
            TokenResponse tokenResponse = new TokenResponse();
            tokenResponse.setAccessToken(token.getAccessToken());
            tokenResponse.setIdToken(token.getIdToken());
            tokenResponse.setRefreshToken(token.getRefreshToken());
            return tokenResponse;
        } catch (ApplicationException e) {
            this.log.error(ErrorResponse.GET_ACCESS_TOKEN_ERROR.getDescription());
            throw e;
        } catch (Exception e2) {
            this.log.error(ErrorResponse.GET_ACCESS_TOKEN_ERROR.getDescription(), e2);
            throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.GET_ACCESS_TOKEN_ERROR.getDescription());
        }
    }

    public TokenResponse getApiProtectionToken(String str) throws ApplicationException {
        try {
            this.log.debug("Getting api-protection token");
            AUIConfiguration aUIConfiguration = this.auiConfigurationService.getAUIConfiguration();
            TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
            tokenRequest.setAuthUsername(aUIConfiguration.getTokenServerClientId());
            tokenRequest.setAuthPassword(aUIConfiguration.getTokenServerClientSecret());
            tokenRequest.setGrantType(GrantType.CLIENT_CREDENTIALS);
            tokenRequest.setRedirectUri(aUIConfiguration.getTokenServerRedirectUrl());
            if (Strings.isNullOrEmpty(str)) {
                this.log.warn(ErrorResponse.USER_INFO_JWT_BLANK.getDescription());
                tokenRequest.setScope(scopeAsString(Arrays.asList("openid")));
            }
            io.jans.as.client.TokenResponse token = getToken(tokenRequest, aUIConfiguration.getTokenServerTokenEndpoint(), str);
            Map<String, Object> claims = getClaims(Jwt.parse(token.getAccessToken()));
            TokenResponse tokenResponse = new TokenResponse();
            tokenResponse.setAccessToken(token.getAccessToken());
            tokenResponse.setIdToken(token.getIdToken());
            tokenResponse.setRefreshToken(token.getRefreshToken());
            if (claims.get("scope") instanceof List) {
                tokenResponse.setScopes((List) claims.get("scope"));
            }
            if (claims.get("iat") != null) {
                tokenResponse.setIat(Long.valueOf(claims.get("iat").toString()).longValue());
            }
            if (claims.get("exp") != null) {
                tokenResponse.setExp(Long.valueOf(claims.get("exp").toString()).longValue());
            }
            if (claims.get("iss") != null) {
                tokenResponse.setIssuer(claims.get("iss").toString());
            }
            return tokenResponse;
        } catch (Exception e) {
            this.log.error(ErrorResponse.GET_API_PROTECTION_TOKEN_ERROR.getDescription(), e);
            throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.GET_API_PROTECTION_TOKEN_ERROR.getDescription());
        }
    }

    public UserInfoResponse getUserInfo(UserInfoRequest userInfoRequest) throws ApplicationException {
        ApacheHttpClient43Engine apacheHttpClient43Engine = new ApacheHttpClient43Engine();
        try {
            try {
                try {
                    this.log.debug("Getting User-Info from auth-server: {}", userInfoRequest.getAccessToken());
                    AUIConfiguration aUIConfiguration = this.auiConfigurationService.getAUIConfiguration();
                    String accessToken = org.apache.logging.log4j.util.Strings.isNotBlank(userInfoRequest.getAccessToken()) ? userInfoRequest.getAccessToken() : null;
                    if (Strings.isNullOrEmpty(userInfoRequest.getCode()) && Strings.isNullOrEmpty(accessToken)) {
                        this.log.error(ErrorResponse.CODE_OR_TOKEN_REQUIRED.getDescription());
                        throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.CODE_OR_TOKEN_REQUIRED.getDescription());
                    }
                    if (org.apache.logging.log4j.util.Strings.isNotBlank(userInfoRequest.getCode()) && org.apache.logging.log4j.util.Strings.isBlank(accessToken)) {
                        accessToken = getAccessToken(userInfoRequest.getCode()).getAccessToken();
                    }
                    this.log.debug("Access Token : {}", accessToken);
                    MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
                    multivaluedHashMap.putSingle("access_token", accessToken);
                    Response post = ClientBuilder.newBuilder().httpEngine(apacheHttpClient43Engine).build().target(UriBuilder.fromPath(aUIConfiguration.getAuthServerUserInfoEndpoint())).request().header(Constants.AUTHORIZATION, "Bearer " + accessToken).post(Entity.form(multivaluedHashMap));
                    this.log.debug("User-Info response status code: {}", Integer.valueOf(post.getStatus()));
                    if (post.getStatus() != 200) {
                    }
                    String str = (String) post.readEntity(String.class);
                    this.log.debug("User-Info response entity: {}", str);
                    Jwt parse = Jwt.parse(str);
                    this.log.debug("User-Info response jwtUserInfo: {}", parse);
                    UserInfoResponse userInfoResponse = new UserInfoResponse();
                    userInfoResponse.setClaims(getClaims(parse));
                    userInfoResponse.setJwtUserInfo(str);
                    this.log.debug("User-Info response userInfoResponse: {}", userInfoResponse);
                    if (apacheHttpClient43Engine != null) {
                        apacheHttpClient43Engine.close();
                    }
                    return userInfoResponse;
                } catch (Exception e) {
                    this.log.error(ErrorResponse.GET_USER_INFO_ERROR.getDescription(), e);
                    throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.GET_USER_INFO_ERROR.getDescription());
                }
            } catch (ApplicationException e2) {
                this.log.error(ErrorResponse.GET_USER_INFO_ERROR.getDescription());
                throw e2;
            }
        } finally {
            if (apacheHttpClient43Engine != null) {
                apacheHttpClient43Engine.close();
            }
        }
    }

    public io.jans.as.client.TokenResponse getToken(TokenRequest tokenRequest, String str) {
        return getToken(tokenRequest, str, null);
    }

    public io.jans.as.client.TokenResponse getToken(TokenRequest tokenRequest, String str, String str2) {
        ApacheHttpClient43Engine apacheHttpClient43Engine = new ApacheHttpClient43Engine();
        try {
            try {
                apacheHttpClient43Engine.setFollowRedirects(false);
                MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
                if (!Strings.isNullOrEmpty(tokenRequest.getCode())) {
                    multivaluedHashMap.putSingle("code", tokenRequest.getCode());
                }
                if (!Strings.isNullOrEmpty(tokenRequest.getScope())) {
                    multivaluedHashMap.putSingle("scope", tokenRequest.getScope());
                }
                if (!Strings.isNullOrEmpty(str2)) {
                    multivaluedHashMap.putSingle("ujwt", str2);
                }
                multivaluedHashMap.putSingle(TokenRequestParam.GRANT_TYPE, tokenRequest.getGrantType().getValue());
                multivaluedHashMap.putSingle("redirect_uri", tokenRequest.getRedirectUri());
                multivaluedHashMap.putSingle("client_id", tokenRequest.getAuthUsername());
                Response post = ClientBuilder.newBuilder().httpEngine(apacheHttpClient43Engine).build().target(UriBuilder.fromPath(str)).request().header(Constants.AUTHORIZATION, "Basic " + tokenRequest.getEncodedCredentials()).post(Entity.form(multivaluedHashMap));
                this.log.debug("Get Access Token status code: {}", Integer.valueOf(post.getStatus()));
                if (post.getStatus() != 200) {
                    apacheHttpClient43Engine.close();
                    return null;
                }
                String str3 = (String) post.readEntity(String.class);
                io.jans.as.client.TokenResponse tokenResponse = new io.jans.as.client.TokenResponse();
                tokenResponse.setEntity(str3);
                tokenResponse.injectDataFromJson(str3);
                apacheHttpClient43Engine.close();
                return tokenResponse;
            } catch (Exception e) {
                this.log.error("Problems processing token call");
                throw e;
            }
        } catch (Throwable th) {
            apacheHttpClient43Engine.close();
            throw th;
        }
    }

    private Map<String, Object> getClaims(Jwt jwt) {
        HashMap newHashMap = Maps.newHashMap();
        if (jwt == null) {
            return newHashMap;
        }
        JwtClaims claims = jwt.getClaims();
        claims.keys().forEach(str -> {
            if (claims.getClaim(str) instanceof String) {
                newHashMap.put(str, claims.getClaim(str).toString());
            }
            if (claims.getClaim(str) instanceof Integer) {
                newHashMap.put(str, Integer.valueOf(claims.getClaim(str).toString()));
            }
            if (claims.getClaim(str) instanceof Long) {
                newHashMap.put(str, Long.valueOf(claims.getClaim(str).toString()));
            }
            if (claims.getClaim(str) instanceof Boolean) {
                newHashMap.put(str, Boolean.valueOf(claims.getClaim(str).toString()));
            } else if (claims.getClaim(str) instanceof JSONArray) {
                newHashMap.put(str, claims.getClaimAsStringList(str));
            } else if (claims.getClaim(str) instanceof JSONObject) {
                newHashMap.put(str, claims.getClaim(str));
            }
        });
        return newHashMap;
    }

    private static String scopeAsString(List<String> list) throws UnsupportedEncodingException {
        HashSet newHashSet = Sets.newHashSet();
        newHashSet.addAll(list);
        return CommonUtils.joinAndUrlEncode(newHashSet);
    }
}
