package ca.ibodrov.mica.server.oidc;

import com.walmartlabs.ollie.config.Config;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Objects;
import java.util.UUID;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.apache.shiro.SecurityUtils;
import org.sonatype.siesta.Resource;

@Path("/api/mica/oidc")
/* loaded from: input_file:ca/ibodrov/mica/server/oidc/OidcResource.class */
public class OidcResource implements Resource {
    private final String clientId;
    private final String authorizationEndpoint;
    private final String userinfoEndpoint;
    private final String logoutEndpoint;
    private final OidcClient oidcClient;

    @Inject
    public OidcResource(@Config("mica.oidc.clientId") String str, @Config("mica.oidc.clientSecret") String str2, @Config("mica.oidc.authorizationEndpoint") String str3, @Config("mica.oidc.userinfoEndpoint") String str4, @Config("mica.oidc.logoutEndpoint") String str5, @Config("mica.oidc.tokenEndpoint") String str6) {
        this.clientId = (String) Objects.requireNonNull(str);
        this.authorizationEndpoint = (String) Objects.requireNonNull(str3);
        this.userinfoEndpoint = (String) Objects.requireNonNull(str4);
        this.logoutEndpoint = (String) Objects.requireNonNull(str5);
        try {
            this.oidcClient = new OidcClient(new URI((String) Objects.requireNonNull(str6)), new URI((String) Objects.requireNonNull(this.userinfoEndpoint)), (String) Objects.requireNonNull(str), (String) Objects.requireNonNull(str2));
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    @GET
    @Path("/login")
    public Response login(@Context HttpServletRequest httpServletRequest, @Context UriInfo uriInfo) {
        OidcUtils.clearSessionOidcUserInfo(httpServletRequest);
        return Response.temporaryRedirect(UriBuilder.fromUri(this.authorizationEndpoint).queryParam("client_id", new Object[]{this.clientId}).queryParam("redirect_uri", new Object[]{createRedirectUri(uriInfo)}).queryParam("response_type", new Object[]{"code"}).queryParam("scope", new Object[]{"openid email"}).queryParam("state", new Object[]{UUID.randomUUID().toString()}).build(new Object[0])).build();
    }

    @GET
    @Path("/logout")
    public Response logout(@Context HttpServletRequest httpServletRequest, @Context UriInfo uriInfo) {
        URI build = UriBuilder.fromUri(this.logoutEndpoint).queryParam("fromURI", new Object[]{createRedirectUri(uriInfo)}).build(new Object[0]);
        OidcUtils.clearSessionOidcUserInfo(httpServletRequest);
        SecurityUtils.getSubject().logout();
        return Response.temporaryRedirect(build).build();
    }

    @GET
    @Path("/callback")
    public Response callback(@Context HttpServletRequest httpServletRequest, @Context UriInfo uriInfo, @QueryParam("code") String str, @QueryParam("state") String str2) {
        OidcUtils.setSessionOidcUserInfo(httpServletRequest, this.oidcClient.fetchUserInfo(this.oidcClient.exchangeCodeForAccessToken(str, createRedirectUri(uriInfo)).accessToken().orElseThrow(() -> {
            return new WebApplicationException(Response.Status.UNAUTHORIZED);
        })));
        return Response.temporaryRedirect(URI.create("/mica/")).build();
    }

    private URI createRedirectUri(UriInfo uriInfo) {
        return UriBuilder.fromUri(uriInfo.getBaseUri()).path("/api/mica/oidc/callback").build(new Object[0]);
    }
}
