package io.jans.kc.oidc.impl;

import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.GeneralException;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.UserInfoRequest;
import com.nimbusds.openid.connect.sdk.UserInfoResponse;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import io.jans.kc.oidc.OIDCAccessToken;
import io.jans.kc.oidc.OIDCAuthRequest;
import io.jans.kc.oidc.OIDCMetaCache;
import io.jans.kc.oidc.OIDCMetaCacheKeys;
import io.jans.kc.oidc.OIDCMetaError;
import io.jans.kc.oidc.OIDCService;
import io.jans.kc.oidc.OIDCTokenRequest;
import io.jans.kc.oidc.OIDCTokenRequestError;
import io.jans.kc.oidc.OIDCTokenResponse;
import io.jans.kc.oidc.OIDCUserInfoRequestError;
import io.jans.kc.oidc.OIDCUserInfoResponse;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:io/jans/kc/oidc/impl/NimbusOIDCService.class */
public class NimbusOIDCService implements OIDCService {
    private OIDCMetaCache metaCache;

    public NimbusOIDCService(OIDCMetaCache oIDCMetaCache) {
        this.metaCache = oIDCMetaCache;
    }

    @Override // io.jans.kc.oidc.OIDCService
    public URI getAuthorizationEndpoint(String str) throws OIDCMetaError {
        URI authorizationEndpointFromCache = getAuthorizationEndpointFromCache(str);
        return authorizationEndpointFromCache == null ? getAuthorizationEndpointFromServer(str) : authorizationEndpointFromCache;
    }

    @Override // io.jans.kc.oidc.OIDCService
    public URI getTokenEndpoint(String str) throws OIDCMetaError {
        URI tokenEndpointFromCache = getTokenEndpointFromCache(str);
        return tokenEndpointFromCache == null ? getTokenEndpointFromServer(str) : tokenEndpointFromCache;
    }

    @Override // io.jans.kc.oidc.OIDCService
    public URI getUserInfoEndpoint(String str) throws OIDCMetaError {
        URI userInfoEndpointFromCache = getUserInfoEndpointFromCache(str);
        return userInfoEndpointFromCache == null ? getUserInfoEndpointFromServer(str) : userInfoEndpointFromCache;
    }

    @Override // io.jans.kc.oidc.OIDCService
    public URI createAuthorizationUrl(String str, OIDCAuthRequest oIDCAuthRequest) throws OIDCMetaError {
        try {
            return new AuthenticationRequest.Builder(extractResponseType(oIDCAuthRequest.getResponseTypes()), extractScope(oIDCAuthRequest.getScopes()), new ClientID(oIDCAuthRequest.getClientId()), new URI(oIDCAuthRequest.getRedirectUri())).endpointURI(getAuthorizationEndpoint(str)).state(new State(oIDCAuthRequest.getState())).nonce(new Nonce(oIDCAuthRequest.getNonce())).build().toURI();
        } catch (URISyntaxException e) {
            throw new OIDCMetaError("Error building the authentication url", e);
        }
    }

    @Override // io.jans.kc.oidc.OIDCService
    public OIDCTokenResponse requestTokens(String str, OIDCTokenRequest oIDCTokenRequest) throws OIDCTokenRequestError {
        try {
            AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant(new AuthorizationCode(oIDCTokenRequest.getCode()), oIDCTokenRequest.getRedirectUri());
            return new NimbusOIDCTokenResponse(TokenResponse.parse(new TokenRequest(getTokenEndpoint(str), new ClientSecretBasic(new ClientID(oIDCTokenRequest.getClientId()), new Secret(oIDCTokenRequest.getClientSecret())), authorizationCodeGrant).toHTTPRequest().send()));
        } catch (ParseException e) {
            throw new OIDCTokenRequestError("Error parsing token response", e);
        } catch (OIDCMetaError e2) {
            throw new OIDCTokenRequestError("Error retrieving token endpoint from server", e2);
        } catch (IOException e3) {
            throw new OIDCTokenRequestError("I/O error while retrieving token data", e3);
        }
    }

    @Override // io.jans.kc.oidc.OIDCService
    public OIDCUserInfoResponse requestUserInfo(String str, OIDCAccessToken oIDCAccessToken) throws OIDCUserInfoRequestError {
        if (!(oIDCAccessToken instanceof NimbusOIDCAccessToken)) {
            throw new OIDCUserInfoRequestError("The specified access token is not supported by the Nimbus Backend");
        }
        try {
            return new NimbusOIDCUserInfoResponse(UserInfoResponse.parse(new UserInfoRequest(getUserInfoEndpoint(str), ((NimbusOIDCAccessToken) oIDCAccessToken).asBearerToken()).toHTTPRequest().send()));
        } catch (OIDCMetaError e) {
            throw new OIDCUserInfoRequestError("Metadata fetch error trying to obtain user info", e);
        } catch (ParseException e2) {
            throw new OIDCUserInfoRequestError("Parse error trying to obtain user info", e2);
        } catch (IOException e3) {
            throw new OIDCUserInfoRequestError("I/O error trying to obtain user info", e3);
        }
    }

    private ResponseType extractResponseType(List<String> list) {
        ResponseType responseType = new ResponseType();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            responseType.add(new ResponseType.Value(it.next()));
        }
        return responseType;
    }

    private Scope extractScope(List<String> list) {
        Scope scope = new Scope();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            scope.add(it.next());
        }
        return scope;
    }

    private URI getAuthorizationEndpointFromCache(String str) {
        return (URI) this.metaCache.get(str, OIDCMetaCacheKeys.AUTHORIZATION_URL);
    }

    private URI getAuthorizationEndpointFromServer(String str) throws OIDCMetaError {
        cacheMetadataFromServer(str, obtainMetadataFromServer(str));
        return getAuthorizationEndpointFromCache(str);
    }

    private URI getTokenEndpointFromCache(String str) {
        return (URI) this.metaCache.get(str, OIDCMetaCacheKeys.TOKEN_URL);
    }

    private URI getTokenEndpointFromServer(String str) throws OIDCMetaError {
        cacheMetadataFromServer(str, obtainMetadataFromServer(str));
        return getTokenEndpointFromCache(str);
    }

    private URI getUserInfoEndpointFromServer(String str) throws OIDCMetaError {
        cacheMetadataFromServer(str, obtainMetadataFromServer(str));
        return getUserInfoEndpointFromCache(str);
    }

    private URI getUserInfoEndpointFromCache(String str) throws OIDCMetaError {
        return (URI) this.metaCache.get(str, OIDCMetaCacheKeys.USERINFO_URL);
    }

    private OIDCProviderMetadata obtainMetadataFromServer(String str) throws OIDCMetaError {
        try {
            return OIDCProviderMetadata.resolve(new Issuer(str));
        } catch (GeneralException | IOException e) {
            throw new OIDCMetaError("Could not obtain metadata from server", e);
        }
    }

    private void cacheMetadataFromServer(String str, OIDCProviderMetadata oIDCProviderMetadata) {
        this.metaCache.put(str, OIDCMetaCacheKeys.AUTHORIZATION_URL, oIDCProviderMetadata.getAuthorizationEndpointURI());
        this.metaCache.put(str, OIDCMetaCacheKeys.TOKEN_URL, oIDCProviderMetadata.getTokenEndpointURI());
        this.metaCache.put(str, OIDCMetaCacheKeys.USERINFO_URL, oIDCProviderMetadata.getUserInfoEndpointURI());
    }
}
