package net.trajano.openidconnect.provider.ejb;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.json.JsonObject;
import javax.json.JsonValue;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import net.trajano.openidconnect.auth.AuthenticationRequest;
import net.trajano.openidconnect.core.Scope;
import net.trajano.openidconnect.crypto.Encoding;
import net.trajano.openidconnect.crypto.JsonWebAlgorithm;
import net.trajano.openidconnect.crypto.JsonWebTokenBuilder;
import net.trajano.openidconnect.internal.CharSets;
import net.trajano.openidconnect.provider.endpoints.WellKnownOpenIdConfiguration;
import net.trajano.openidconnect.provider.spi.Consent;
import net.trajano.openidconnect.provider.spi.KeyProvider;
import net.trajano.openidconnect.provider.spi.TokenProvider;
import net.trajano.openidconnect.provider.spi.TokenStorage;
import net.trajano.openidconnect.provider.spi.UserinfoProvider;
import net.trajano.openidconnect.rs.IdTokenProvider;
import net.trajano.openidconnect.token.IdToken;
import net.trajano.openidconnect.token.IdTokenResponse;
import net.trajano.openidconnect.token.TokenResponse;
import net.trajano.openidconnect.userinfo.Userinfo;
import org.eclipse.persistence.internal.oxm.schema.model.Occurs;

@Stateless
/* loaded from: input_file:openid-connect-provider-sample-1.0.1.war:WEB-INF/lib/openid-connect-provider-1.0.1.jar:net/trajano/openidconnect/provider/ejb/DefaultTokenProvider.class */
public class DefaultTokenProvider implements TokenProvider {

    @EJB
    private KeyProvider keyProvider;

    @EJB
    private TokenStorage tokenStorage;

    @EJB
    private UserinfoProvider userinfoProvider;

    private String computeHash(String str) throws GeneralSecurityException {
        return Encoding.base64urlEncode(MessageDigest.getInstance("SHA-256").digest(str.getBytes(CharSets.US_ASCII)), 0, 16);
    }

    @Override // net.trajano.openidconnect.provider.spi.TokenProvider
    public String createNewToken(String str, URI uri, AuthenticationRequest authenticationRequest) throws IOException, GeneralSecurityException {
        IdToken idToken = new IdToken();
        idToken.setSub(str);
        idToken.setNonce(authenticationRequest.getNonce());
        idToken.setAuthTime(System.currentTimeMillis() / 1000);
        idToken.setAud(authenticationRequest.getClientId());
        idToken.setAzp(authenticationRequest.getClientId());
        idToken.setIss(uri.toASCIIString());
        idToken.setAcr(Occurs.ZERO);
        if (authenticationRequest.getClaims().containsKey(WellKnownOpenIdConfiguration.ID_TOKEN)) {
            Userinfo userinfo = this.userinfoProvider.getUserinfo(idToken);
            Iterator<Map.Entry<String, JsonValue>> it = authenticationRequest.getClaims().getJsonObject(WellKnownOpenIdConfiguration.ID_TOKEN).entrySet().iterator();
            while (it.hasNext()) {
                if ("name".equals(it.next().getKey())) {
                    idToken.setName(userinfo.getName());
                }
            }
        }
        return store(idToken, authenticationRequest);
    }

    @Override // net.trajano.openidconnect.provider.spi.TokenProvider
    public IdTokenResponse getByAccessToken(String str) {
        return this.tokenStorage.getByAccessToken(str);
    }

    @Override // net.trajano.openidconnect.provider.spi.TokenProvider
    public IdTokenResponse getByCode(String str, boolean z) {
        IdTokenResponse byCode = this.tokenStorage.getByCode(str);
        if (!this.tokenStorage.isCodeUsed(str)) {
            if (z) {
                this.tokenStorage.markCodeAsUsed(str);
            }
            return byCode;
        }
        this.tokenStorage.removeMappingForAccessToken(byCode.getAccessToken());
        this.tokenStorage.removeMappingForRefreshToken(byCode.getRefreshToken());
        this.tokenStorage.removeMappingForCode(str);
        return null;
    }

    @Override // net.trajano.openidconnect.provider.spi.TokenProvider
    public IdTokenResponse getByConsent(Consent consent) {
        return this.tokenStorage.getByConsent(consent);
    }

    @Override // net.trajano.openidconnect.provider.spi.TokenProvider
    public IdTokenResponse refreshToken(String str, String str2, Set<Scope> set, Integer num) throws IOException, GeneralSecurityException {
        IdTokenResponse removeMappingForRefreshToken = this.tokenStorage.removeMappingForRefreshToken(str2);
        if (!str.equals(removeMappingForRefreshToken.getIdToken(this.keyProvider.getPrivateJwks()).getAud())) {
            throw new WebApplicationException();
        }
        if (set != null && !set.containsAll(set)) {
            throw new WebApplicationException();
        }
        if (set != null && set.containsAll(set)) {
            removeMappingForRefreshToken.setScopes(set);
        }
        JsonObject claimsByAccessToken = this.tokenStorage.getClaimsByAccessToken(removeMappingForRefreshToken.getAccessToken());
        this.tokenStorage.removeMappingForAccessToken(removeMappingForRefreshToken.getAccessToken());
        String nextEncodedToken = this.keyProvider.nextEncodedToken();
        String nextEncodedToken2 = this.keyProvider.nextEncodedToken();
        removeMappingForRefreshToken.setAccessToken(nextEncodedToken);
        removeMappingForRefreshToken.setRefreshToken(nextEncodedToken2);
        IdToken idToken = removeMappingForRefreshToken.getIdToken(this.keyProvider.getJwks());
        if (num != null) {
            idToken.resetIssueAndExpiration(this.tokenStorage.getExpiration(num.intValue()));
        } else {
            idToken.resetIssueAndExpiration(this.tokenStorage.getDefaultExpiration());
        }
        idToken.setAtHash(computeHash(nextEncodedToken));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new IdTokenProvider().writeTo(idToken, IdToken.class, (Type) IdToken.class, (Annotation[]) null, MediaType.APPLICATION_JSON_TYPE, (MultivaluedMap<String, Object>) null, (OutputStream) byteArrayOutputStream);
        byteArrayOutputStream.close();
        removeMappingForRefreshToken.setEncodedIdToken(new JsonWebTokenBuilder().jwk(this.keyProvider.getPrivateJwks()).payload(byteArrayOutputStream.toByteArray()).toString());
        this.tokenStorage.store(idToken, removeMappingForRefreshToken, claimsByAccessToken);
        return removeMappingForRefreshToken;
    }

    private String store(IdToken idToken, AuthenticationRequest authenticationRequest) throws IOException, GeneralSecurityException {
        IdTokenResponse idTokenResponse = new IdTokenResponse();
        String nextEncodedToken = this.keyProvider.nextEncodedToken();
        idTokenResponse.setAccessToken(nextEncodedToken);
        idTokenResponse.setRefreshToken(this.keyProvider.nextEncodedToken());
        idTokenResponse.setExpiresIn(this.tokenStorage.getDefaultExpiration());
        idTokenResponse.setScopes(authenticationRequest.getScopes());
        idTokenResponse.setTokenType(TokenResponse.BEARER);
        idToken.setAtHash(computeHash(nextEncodedToken));
        idToken.resetIssueAndExpiration(this.tokenStorage.getDefaultExpiration());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new IdTokenProvider().writeTo(idToken, IdToken.class, (Type) IdToken.class, (Annotation[]) null, MediaType.APPLICATION_JSON_TYPE, (MultivaluedMap<String, Object>) null, (OutputStream) byteArrayOutputStream);
        byteArrayOutputStream.close();
        idTokenResponse.setEncodedIdToken(new JsonWebTokenBuilder().jwk(this.keyProvider.getPrivateJwks()).alg(JsonWebAlgorithm.RS256).payload(byteArrayOutputStream.toByteArray()).toString());
        String nextEncodedToken2 = this.keyProvider.nextEncodedToken();
        this.tokenStorage.store(idToken, idTokenResponse, nextEncodedToken2, authenticationRequest.getClaims());
        return nextEncodedToken2;
    }

    @Override // net.trajano.openidconnect.provider.spi.TokenProvider
    public JsonObject getClaimsByAccessToken(String str) {
        return this.tokenStorage.getClaimsByAccessToken(str);
    }
}
