package io.vertx.ext.auth.oauth2.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.impl.logging.Logger;
import io.vertx.core.impl.logging.LoggerFactory;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.oauth2.AccessToken;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.OAuth2RBAC;
import io.vertx.ext.jwt.JWK;
import io.vertx.ext.jwt.JWT;
import java.util.Iterator;

/* loaded from: input_file:io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.class */
public class OAuth2AuthProviderImpl implements OAuth2Auth {
    private static final Logger LOG = LoggerFactory.getLogger(OAuth2AuthProviderImpl.class);
    private final OAuth2ClientOptions config;
    private final OAuth2API api;
    private JWT jwt = new JWT();

    public OAuth2AuthProviderImpl(OAuth2API oAuth2API, OAuth2ClientOptions oAuth2ClientOptions) {
        this.api = oAuth2API;
        this.config = oAuth2ClientOptions;
        this.config.replaceVariables(true);
        this.config.validate();
        if (oAuth2ClientOptions.getPubSecKeys() != null) {
            Iterator<PubSecKeyOptions> it = oAuth2ClientOptions.getPubSecKeys().iterator();
            while (it.hasNext()) {
                this.jwt.addJWK(JWK.from(it.next()));
            }
        }
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2Auth jWKSet(Handler<AsyncResult<Void>> handler) {
        this.api.jwkSet(asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            JWT jwt = new JWT();
            Iterator it = ((JsonArray) asyncResult.result()).iterator();
            while (it.hasNext()) {
                try {
                    jwt.addJWK(new JWK((JsonObject) it.next()));
                } catch (RuntimeException e) {
                    LOG.warn("Skipped unsupported JWK: " + e.getMessage());
                }
            }
            this.jwt = jwt;
            handler.handle(Future.succeededFuture());
        });
        return this;
    }

    public OAuth2ClientOptions getConfig() {
        return this.config;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:23:0x00a9. Please report as an issue. */
    public void authenticate(JsonObject jsonObject, Handler<AsyncResult<User>> handler) {
        if (jsonObject.containsKey("token_type") && "Bearer".equalsIgnoreCase(jsonObject.getString("token_type")) && jsonObject.containsKey("access_token") && jsonObject.getString("access_token") != null) {
            AccessToken createAccessToken = createAccessToken(jsonObject);
            if (!createAccessToken.principal().containsKey("accessToken") || this.jwt.isUnsecure()) {
                this.api.tokenIntrospection("access_token", createAccessToken.principal().getString("access_token"), asyncResult -> {
                    if (asyncResult.failed()) {
                        handler.handle(Future.failedFuture(asyncResult.cause()));
                        return;
                    }
                    JsonObject jsonObject2 = (JsonObject) asyncResult.result();
                    if (jsonObject2.containsKey("active") && !jsonObject2.getBoolean("active", false).booleanValue()) {
                        handler.handle(Future.failedFuture("Inactive Token"));
                        return;
                    }
                    if (jsonObject2.containsKey("client_id") && !this.config.getClientID().equals(jsonObject2.getString("client_id"))) {
                        handler.handle(Future.failedFuture("Wrong client_id"));
                        return;
                    }
                    if (jsonObject2.containsKey("token_type") && !"Bearer".equalsIgnoreCase(jsonObject2.getString("token_type"))) {
                        handler.handle(Future.failedFuture("Wrong token_type"));
                        return;
                    }
                    AccessToken createAccessToken2 = createAccessToken(jsonObject2);
                    if (createAccessToken2.expired(this.config.getJWTOptions().getLeeway())) {
                        handler.handle(Future.failedFuture("Used is expired."));
                    } else {
                        handler.handle(Future.succeededFuture(createAccessToken2));
                    }
                });
                return;
            } else if (createAccessToken.expired(this.config.getJWTOptions().getLeeway())) {
                handler.handle(Future.failedFuture("Expired Token"));
                return;
            } else {
                handler.handle(Future.succeededFuture(createAccessToken));
                return;
            }
        }
        JsonObject jsonObject2 = new JsonObject();
        switch (this.config.getFlow()) {
            case PASSWORD:
                if (!jsonObject.containsKey("username") || !jsonObject.containsKey("password")) {
                    handler.handle(Future.failedFuture("PASSWORD flow requires {username, password}"));
                    return;
                } else {
                    jsonObject2.put("username", jsonObject.getString("username")).put("password", jsonObject.getString("password"));
                    this.api.token(this.config.getFlow().getGrantType(), jsonObject2, asyncResult2 -> {
                        if (asyncResult2.failed()) {
                            handler.handle(Future.failedFuture(asyncResult2.cause()));
                            return;
                        }
                        AccessToken createAccessToken2 = createAccessToken((JsonObject) asyncResult2.result());
                        if (createAccessToken2.expired(this.config.getJWTOptions().getLeeway())) {
                            handler.handle(Future.failedFuture("Used is expired."));
                        } else {
                            handler.handle(Future.succeededFuture(createAccessToken2));
                        }
                    });
                    return;
                }
            case AUTH_CODE:
                if (!jsonObject.containsKey("code") || !jsonObject.containsKey("redirect_uri")) {
                    handler.handle(Future.failedFuture("AUTH_CODE flow requires {code, redirect_uri}"));
                    return;
                } else {
                    jsonObject2.mergeIn(jsonObject);
                    this.api.token(this.config.getFlow().getGrantType(), jsonObject2, asyncResult22 -> {
                        if (asyncResult22.failed()) {
                            handler.handle(Future.failedFuture(asyncResult22.cause()));
                            return;
                        }
                        AccessToken createAccessToken2 = createAccessToken((JsonObject) asyncResult22.result());
                        if (createAccessToken2.expired(this.config.getJWTOptions().getLeeway())) {
                            handler.handle(Future.failedFuture("Used is expired."));
                        } else {
                            handler.handle(Future.succeededFuture(createAccessToken2));
                        }
                    });
                    return;
                }
            case CLIENT:
                jsonObject2.mergeIn(jsonObject);
                this.api.token(this.config.getFlow().getGrantType(), jsonObject2, asyncResult222 -> {
                    if (asyncResult222.failed()) {
                        handler.handle(Future.failedFuture(asyncResult222.cause()));
                        return;
                    }
                    AccessToken createAccessToken2 = createAccessToken((JsonObject) asyncResult222.result());
                    if (createAccessToken2.expired(this.config.getJWTOptions().getLeeway())) {
                        handler.handle(Future.failedFuture("Used is expired."));
                    } else {
                        handler.handle(Future.succeededFuture(createAccessToken2));
                    }
                });
                return;
            case AUTH_JWT:
                jsonObject2.mergeIn(jsonObject);
                jsonObject2.put("assertion", this.jwt.sign(jsonObject, this.config.getJWTOptions()));
                this.api.token(this.config.getFlow().getGrantType(), jsonObject2, asyncResult2222 -> {
                    if (asyncResult2222.failed()) {
                        handler.handle(Future.failedFuture(asyncResult2222.cause()));
                        return;
                    }
                    AccessToken createAccessToken2 = createAccessToken((JsonObject) asyncResult2222.result());
                    if (createAccessToken2.expired(this.config.getJWTOptions().getLeeway())) {
                        handler.handle(Future.failedFuture("Used is expired."));
                    } else {
                        handler.handle(Future.succeededFuture(createAccessToken2));
                    }
                });
                return;
            default:
                handler.handle(Future.failedFuture("Current flow does not allow acquiring a token by the replay party"));
                return;
        }
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public String authorizeURL(JsonObject jsonObject) {
        return this.api.authorizeURL(jsonObject);
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2Auth refresh(User user, Handler<AsyncResult<User>> handler) {
        this.api.token("refresh_token", new JsonObject().put("refresh_token", user.principal().getString("refresh_token")), asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            User createUser = createUser((JsonObject) asyncResult.result());
            if (createUser.expired(this.config.getJWTOptions().getLeeway())) {
                handler.handle(Future.failedFuture("Used is expired."));
            } else {
                handler.handle(Future.succeededFuture(createUser));
            }
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2Auth revoke(User user, String str, Handler<AsyncResult<Void>> handler) {
        this.api.tokenRevocation(str, user.principal().getString(str), handler);
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2Auth userInfo(User user, Handler<AsyncResult<JsonObject>> handler) {
        this.api.userInfo(user.principal().getString("access_token"), handler);
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public String endSessionURL(User user, JsonObject jsonObject) {
        return this.api.endSessionURL(user.principal().getString("id_token"), jsonObject);
    }

    OAuth2API api() {
        return this.api;
    }

    private User createUser(JsonObject jsonObject) {
        Long valueOf;
        Long l;
        User create = User.create(jsonObject);
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (jsonObject.containsKey("expires_in")) {
            try {
                valueOf = jsonObject.getLong("expires_in");
            } catch (ClassCastException e) {
                valueOf = Long.valueOf(jsonObject.getString("expires_in"));
            }
            create.attributes().put("iat", Long.valueOf(currentTimeMillis)).put("exp", Long.valueOf(currentTimeMillis + valueOf.longValue()));
        }
        if (jsonObject.getString("access_token") != null) {
            try {
                create.principal().put("accessToken", this.jwt.decode(jsonObject.getString("access_token")));
                if (!create.attributes().containsKey("exp") && (l = create.principal().getJsonObject("accessToken").getLong("exp")) != null) {
                    create.attributes().put("exp", l);
                }
                create.attributes().put("rootClaim", "accessToken");
            } catch (IllegalStateException e2) {
                LOG.debug("Cannot decode access token:", e2);
            }
        }
        if (jsonObject.getString("id_token") != null) {
            try {
                create.principal().put("idToken", this.jwt.decode(jsonObject.getString("id_token")));
            } catch (IllegalStateException e3) {
                LOG.debug("Cannot decode id token:", e3);
            }
        }
        return create;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    @Deprecated
    public OAuth2Auth decodeToken(String str, Handler<AsyncResult<AccessToken>> handler) {
        try {
            handler.handle(Future.succeededFuture(createAccessToken(this.jwt.decode(str))));
        } catch (RuntimeException e) {
            handler.handle(Future.failedFuture(e));
        }
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    @Deprecated
    public OAuth2Auth introspectToken(String str, String str2, Handler<AsyncResult<AccessToken>> handler) {
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    @Deprecated
    public OAuth2FlowType getFlowType() {
        return this.config.getFlow();
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    @Deprecated
    public OAuth2Auth rbacHandler(OAuth2RBAC oAuth2RBAC) {
        return null;
    }

    private AccessToken createAccessToken(JsonObject jsonObject) {
        Long valueOf;
        Long l;
        AccessTokenImpl accessTokenImpl = new AccessTokenImpl(jsonObject, this);
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (jsonObject.containsKey("expires_in")) {
            try {
                valueOf = jsonObject.getLong("expires_in");
            } catch (ClassCastException e) {
                valueOf = Long.valueOf(jsonObject.getString("expires_in"));
            }
            accessTokenImpl.attributes().put("iat", Long.valueOf(currentTimeMillis)).put("exp", Long.valueOf(currentTimeMillis + valueOf.longValue()));
        }
        if (jsonObject.getString("access_token") != null) {
            try {
                accessTokenImpl.principal().put("accessToken", this.jwt.decode(jsonObject.getString("access_token")));
                if (!accessTokenImpl.attributes().containsKey("exp") && (l = accessTokenImpl.principal().getJsonObject("accessToken").getLong("exp")) != null) {
                    accessTokenImpl.attributes().put("exp", l);
                }
                accessTokenImpl.attributes().put("rootClaim", "accessToken");
            } catch (IllegalStateException e2) {
                LOG.debug("Cannot decode access token:", e2);
            }
        }
        if (jsonObject.getString("id_token") != null) {
            try {
                accessTokenImpl.principal().put("idToken", this.jwt.decode(jsonObject.getString("id_token")));
            } catch (IllegalStateException e3) {
                LOG.debug("Cannot decode id token:", e3);
            }
        }
        return accessTokenImpl;
    }
}
