package br.com.techne.cronos.paas.oidc.sdk.oauth2;

import br.com.techne.cronos.paas.oidc.sdk.i18n.Messages;
import br.com.techne.cronos.paas.util.Logger;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.RefreshTokenGrant;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.SerializeException;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.TokenRevocationRequest;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.AuthenticationResponseParser;
import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.OIDCAccessTokenResponse;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.UserInfoRequest;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.MissingFormatArgumentException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.minidev.json.JSONObject;

/* loaded from: input_file:br/com/techne/cronos/paas/oidc/sdk/oauth2/OAuth2Lib.class */
public class OAuth2Lib {
    public static final String OIDC_USER = "oidcUser";
    private static Logger logger = Logger.getLogger(OAuth2Lib.class);

    public static boolean isAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        Object attribute = httpServletRequest.getSession().getAttribute(OIDC_USER);
        if (attribute != null && (attribute instanceof OidcUser)) {
            z = isAuthenticated((OidcUser) attribute);
        }
        logger.debug(String.format("[isAuthenticated] : %s", Boolean.valueOf(z)));
        return z;
    }

    public static boolean isAuthenticated(OidcUser oidcUser) {
        boolean z = false;
        if (oidcUser != null && oidcUser.userId != null && oidcUser.accessToken != null) {
            JSONObject checkToken = checkToken(oidcUser.accessToken);
            logger.debug(String.format("[isAuthenticated] check_token: %s", checkToken.toJSONString()));
            z = oidcUser.userId.equals(checkToken.get("user_id"));
        }
        return z;
    }

    public static void signIn(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (isAuthenticated(httpServletRequest, httpServletResponse)) {
            return;
        }
        OidcUser oidcUser = new OidcUser();
        oidcUser.originalUrl = httpServletRequest.getRequestURL().toString();
        httpServletRequest.getSession().setAttribute(OIDC_USER, oidcUser);
        httpServletResponse.sendRedirect(composeAuthzRequestURL().toString());
    }

    public static URL composeAuthzRequestURL() {
        try {
            ResponseType responseType = new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE});
            Scope parse = Scope.parse(AuthConfig.SCOPE);
            ClientID clientID = new ClientID(AuthConfig.CLIENT_ID);
            URL url = new URL(AuthConfig.CALLBACK_URI);
            return new URL(new URL(AuthConfig.AUTHORIZATION_URI) + "?" + new AuthenticationRequest(url.toURI(), responseType, parse, clientID, url.toURI(), new State(), new Nonce()).toQueryString());
        } catch (Exception e) {
            throw new RuntimeException(Messages.get().ERROR_COULD_NOT_COMPOSE_OICD_URL, e);
        }
    }

    public static AuthenticationSuccessResponse parseAuthenticationRequest(HttpServletRequest httpServletRequest) {
        return parseAuthenticationRequest(httpServletRequest.getQueryString());
    }

    public static AuthenticationSuccessResponse parseAuthenticationRequest(String str) {
        if (str == null || str.trim().isEmpty()) {
            throw new RuntimeException(Messages.get().ERROR_MISSING_URL_QUERY_STRING);
        }
        try {
            AuthenticationErrorResponse parse = AuthenticationResponseParser.parse(new URL(AuthConfig.AUTHORIZATION_URI + "?" + str).toURI());
            if (parse instanceof AuthenticationErrorResponse) {
                throw new RuntimeException(Messages.format(Messages.get().ERROR_AUTHZ_RESPONSE, parse.getErrorObject()));
            }
            return (AuthenticationSuccessResponse) parse;
        } catch (Exception e) {
            throw new RuntimeException(Messages.get().ERROR_COULD_NOT_PARSE_OIDC_RESPONSE, e);
        }
    }

    public static TokenResponse getAccessToken(AuthorizationCode authorizationCode) {
        if (authorizationCode == null) {
            throw new RuntimeException(Messages.get().ERROR_MISSING_AUTH_CODE);
        }
        try {
            try {
                try {
                    TokenErrorResponse parse = OIDCTokenResponseParser.parse(new TokenRequest(new URL(AuthConfig.TOKEN_URI).toURI(), new ClientSecretBasic(new ClientID(AuthConfig.CLIENT_ID), new Secret(AuthConfig.CLIENT_SECRET)), new AuthorizationCodeGrant(authorizationCode, new URI(AuthConfig.CALLBACK_URI)), new Scope()).toHTTPRequest().send());
                    if (parse instanceof TokenErrorResponse) {
                        throw new RuntimeException(Messages.format(Messages.get().ERROR_TOKEN_RESPONSE, parse.getErrorObject()));
                    }
                    return parse;
                } catch (Exception e) {
                    throw new RuntimeException(Messages.get().ERROR_PARSE_TOKEN_RESPONSE, e);
                }
            } catch (IOException e2) {
                throw new RuntimeException(Messages.get().ERROR_COULD_NOT_GET_TOKEN, e2);
            }
        } catch (SerializeException | MalformedURLException | URISyntaxException e3) {
            throw new RuntimeException(Messages.get().ERROR_COULD_CREATE_TOKEN_REQUEST, e3);
        }
    }

    public static SignedJWT getSignedToken(TokenResponse tokenResponse) {
        return ((OIDCAccessTokenResponse) tokenResponse).getIDToken();
    }

    public static SignedJWT getSignedToken(AuthorizationCode authorizationCode) {
        return getSignedToken(getAccessToken(authorizationCode));
    }

    public static JSONObject getTokenKey(BearerAccessToken bearerAccessToken) {
        ClientID clientID = new ClientID(AuthConfig.CLIENT_ID);
        Secret secret = new Secret(AuthConfig.CLIENT_SECRET);
        try {
            HTTPRequest hTTPRequest = new UserInfoRequest(new URL(AuthConfig.TOKEN_KEY_URI).toURI(), bearerAccessToken).toHTTPRequest();
            new ClientSecretBasic(clientID, secret).applyTo(hTTPRequest);
            return hTTPRequest.send().getContentAsJSONObject();
        } catch (Exception e) {
            throw new RuntimeException(Messages.get().ERROR_COULD_NOT_GET_TOKEN_KEY, e);
        }
    }

    public static JSONObject checkToken(BearerAccessToken bearerAccessToken) {
        try {
            return new TokenRevocationRequest(new URL(AuthConfig.CHECK_TOKEN_URI).toURI(), new ClientSecretBasic(new ClientID(AuthConfig.CLIENT_ID), new Secret(AuthConfig.CLIENT_SECRET)), bearerAccessToken).toHTTPRequest().send().getContentAsJSONObject();
        } catch (Exception e) {
            throw new RuntimeException(Messages.get().ERROR_COULD_NOT_GET_TOKEN_KEY, e);
        }
    }

    public static JSONObject getUserInfo(BearerAccessToken bearerAccessToken) {
        new JSONObject();
        try {
            return new UserInfoRequest(new URL(AuthConfig.USER_INFO_URI).toURI(), bearerAccessToken).toHTTPRequest().send().getContentAsJSONObject();
        } catch (Exception e) {
            throw new RuntimeException(Messages.get().ERROR_COULD_NOT_GET_USERINFO, e);
        }
    }

    public static boolean verifySignedToken(SignedJWT signedJWT, JSONObject jSONObject) {
        boolean z = false;
        if (signedJWT != null) {
            String str = AuthConfig.ALGORITHM_CERTIFICATE;
            boolean z2 = -1;
            switch (str.hashCode()) {
                case 81440:
                    if (str.equals("RSA")) {
                        z2 = false;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case false:
                    try {
                        try {
                            z = signedJWT.verify(new RSASSAVerifier(RSAKey.parse(jSONObject.toJSONString()).toRSAPublicKey()));
                            break;
                        } catch (Exception e) {
                            throw new RuntimeException(Messages.get().ERROR_COULD_NOT_PROCESS_ID_TOKEN, e);
                        }
                    } catch (Exception e2) {
                        throw new RuntimeException(Messages.get().ERROR_COULD_NOT_PROCESS_ID_TOKEN, e2);
                    }
                default:
                    String obj = jSONObject.get("value").toString();
                    byte[] bArr = new byte[512];
                    for (int i = 0; i < obj.length(); i++) {
                        bArr[i] = (byte) obj.charAt(i);
                    }
                    try {
                        z = signedJWT.verify(new MACVerifier(bArr));
                        break;
                    } catch (Exception e3) {
                        throw new RuntimeException(Messages.get().ERROR_COULD_NOT_PROCESS_ID_TOKEN, e3);
                    }
            }
        }
        return z;
    }

    public static boolean checkIfWebServletAnnotationExists(Object obj) {
        if (obj.getClass().isAnnotationPresent(WebServlet.class)) {
            throw new MissingFormatArgumentException("You must note the class with @WebServlet");
        }
        return true;
    }

    public static AccessToken refreshToken(String str) {
        try {
            TokenErrorResponse parse = TokenResponse.parse(new TokenRequest(new URI(AuthConfig.TOKEN_URI), new ClientSecretBasic(new ClientID(AuthConfig.CLIENT_ID), new Secret(AuthConfig.CLIENT_SECRET)), new RefreshTokenGrant(new RefreshToken(str))).toHTTPRequest().send());
            if (parse.indicatesSuccess()) {
                return ((AccessTokenResponse) parse).getAccessToken();
            }
            throw new RuntimeException(Messages.format(Messages.get().ERROR_TOKEN_RESPONSE, parse.getErrorObject()));
        } catch (Exception e) {
            throw new RuntimeException(Messages.get().ERROR_PARSE_TOKEN_RESPONSE, e);
        }
    }
}
