package io.okdp.spark.authc.provider;

import com.google.common.annotations.VisibleForTesting;
import io.okdp.spark.authc.config.Constants;
import io.okdp.spark.authc.config.HttpSecurityConfig;
import io.okdp.spark.authc.exception.AuthenticationException;
import io.okdp.spark.authc.model.AccessToken;
import io.okdp.spark.authc.utils.JsonUtils;
import io.okdp.spark.authc.utils.PreconditionsUtils;
import io.okdp_shaded.apache.hc.client5.http.ClientProtocolException;
import io.okdp_shaded.apache.hc.client5.http.fluent.Form;
import io.okdp_shaded.apache.hc.client5.http.fluent.Request;
import io.okdp_shaded.apache.hc.core5.http.HttpEntity;
import io.okdp_shaded.apache.hc.core5.util.Timeout;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:io/okdp/spark/authc/provider/OidcAuthProvider.class */
public class OidcAuthProvider implements Constants, AuthProvider {

    @NonNull
    private HttpSecurityConfig httpSecurityConfig;

    @Override // io.okdp.spark.authc.provider.AuthProvider
    public void redirectUserToAuthorizationEndpoint(ServletResponse servletResponse) throws AuthenticationException {
        try {
            ((HttpServletResponse) servletResponse).sendRedirect(String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&scope=%s", this.httpSecurityConfig.oidcConfig().wellKnownConfiguration().authorizationEndpoint(), this.httpSecurityConfig.oidcConfig().clientId(), this.httpSecurityConfig.oidcConfig().redirectUri(), this.httpSecurityConfig.oidcConfig().responseType(), this.httpSecurityConfig.oidcConfig().scope()));
        } catch (IOException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    @Override // io.okdp.spark.authc.provider.AuthProvider
    public AccessToken requestAccessToken(String str) throws AuthenticationException {
        PreconditionsUtils.checkNotNull(str, "code");
        return (AccessToken) JsonUtils.loadJsonFromString(doExecute(Request.post(this.httpSecurityConfig.oidcConfig().wellKnownConfiguration().tokenEndpoint()).addHeader("cache-control", "no-cache").addHeader("content-type", "application/x-www-form-urlencoded").bodyForm(Form.form().add("client_id", this.httpSecurityConfig.oidcConfig().clientId()).add("client_secret", this.httpSecurityConfig.oidcConfig().clientSecret()).add("grant_type", "authorization_code").add("code", str).add("redirect_uri", this.httpSecurityConfig.oidcConfig().redirectUri()).build()).responseTimeout(Timeout.ofSeconds(30L)).connectTimeout(Timeout.ofSeconds(30L))), AccessToken.class);
    }

    @Override // io.okdp.spark.authc.provider.AuthProvider
    public AccessToken refreshToken(String str) throws AuthenticationException {
        PreconditionsUtils.checkNotNull(str, "refresh_token");
        return (AccessToken) JsonUtils.loadJsonFromString(doExecute(Request.post(this.httpSecurityConfig.oidcConfig().wellKnownConfiguration().tokenEndpoint()).addHeader("cache-control", "no-cache").addHeader("content-type", "application/x-www-form-urlencoded").bodyForm(Form.form().add("client_id", this.httpSecurityConfig.oidcConfig().clientId()).add("client_secret", this.httpSecurityConfig.oidcConfig().clientSecret()).add("grant_type", "refresh_token").add("refresh_token", str).build()).responseTimeout(Timeout.ofSeconds(30L)).connectTimeout(Timeout.ofSeconds(30L))), AccessToken.class);
    }

    @Override // io.okdp.spark.authc.provider.AuthProvider
    public boolean isAuthorized(ServletRequest servletRequest) {
        return this.httpSecurityConfig.patterns().stream().anyMatch(pattern -> {
            return pattern.matcher(((HttpServletRequest) servletRequest).getRequestURI()).matches();
        });
    }

    @VisibleForTesting
    public String doExecute(Request request) throws AuthenticationException {
        try {
            return (String) request.execute().handleResponse(classicHttpResponse -> {
                int code = classicHttpResponse.getCode();
                HttpEntity httpEntity = (HttpEntity) Optional.ofNullable(classicHttpResponse.getEntity()).orElseThrow(() -> {
                    return new ClientProtocolException(String.format("%s %s - The response does not contain content", Integer.valueOf(code), classicHttpResponse.getReasonPhrase()));
                });
                try {
                    String iOUtils = IOUtils.toString(httpEntity.getContent(), StandardCharsets.UTF_8);
                    if (httpEntity != null) {
                        httpEntity.close();
                    }
                    if (code != 200) {
                        throw new AuthenticationException(code, String.format("%s %s - Unable to retrieve an access token (%s)", Integer.valueOf(code), classicHttpResponse.getReasonPhrase(), iOUtils));
                    }
                    return iOUtils;
                } catch (Throwable th) {
                    if (httpEntity != null) {
                        try {
                            httpEntity.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            });
        } catch (IOException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    @Generated
    public OidcAuthProvider(@NonNull HttpSecurityConfig httpSecurityConfig) {
        if (httpSecurityConfig == null) {
            throw new NullPointerException("httpSecurityConfig is marked non-null but is null");
        }
        this.httpSecurityConfig = httpSecurityConfig;
    }

    @Generated
    public OidcAuthProvider() {
    }

    @Override // io.okdp.spark.authc.provider.AuthProvider
    @NonNull
    @Generated
    public HttpSecurityConfig httpSecurityConfig() {
        return this.httpSecurityConfig;
    }
}
