package org.hspconsortium.client.auth.access;

import ca.uhn.fhir.context.FhirContext;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.hspconsortium.client.auth.credentials.ClientSecretCredentials;
import org.hspconsortium.client.auth.credentials.Credentials;
import org.hspconsortium.client.auth.credentials.JWTCredentials;
import org.hspconsortium.client.auth.validation.IdTokenValidator;

/* loaded from: input_file:org/hspconsortium/client/auth/access/JsonAccessTokenProvider.class */
public class JsonAccessTokenProvider implements AccessTokenProvider<JsonAccessToken> {
    private final FhirContext fhirContext;
    private IdTokenValidator idTokenValidator = new IdTokenValidator.Impl();

    public JsonAccessTokenProvider(FhirContext fhirContext) {
        this.fhirContext = fhirContext;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.hspconsortium.client.auth.access.AccessTokenProvider
    public JsonAccessToken getAccessToken(String str, AccessTokenRequest accessTokenRequest) {
        String clientId = accessTokenRequest.getClientId();
        Credentials credentials = accessTokenRequest.getCredentials();
        ArrayList arrayList = new ArrayList();
        Map<String, String> parameters = accessTokenRequest.getParameters();
        if (parameters != null) {
            for (String str2 : parameters.keySet()) {
                arrayList.add(new BasicNameValuePair(str2, parameters.get(str2)));
            }
        }
        JsonAccessToken buildAccessToken = buildAccessToken(post(str, clientId, credentials, arrayList), null);
        if (buildAccessToken.getIdTokenStr() == null || this.idTokenValidator.validate(buildAccessToken.getIdToken(), str, clientId)) {
            return buildAccessToken;
        }
        throw new RuntimeException("IdToken is not valid");
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.hspconsortium.client.auth.access.AccessTokenProvider
    public JsonAccessToken refreshAccessToken(String str, AccessTokenRequest accessTokenRequest, AccessToken accessToken) {
        return buildAccessToken(post(str, accessTokenRequest.getClientId(), accessTokenRequest.getCredentials(), accessToken.asNameValuePairList()), new String[0]);
    }

    @Override // org.hspconsortium.client.auth.access.AccessTokenProvider
    public UserInfo getUserInfo(String str, JsonAccessToken jsonAccessToken) {
        HttpGet httpGet = new HttpGet(str);
        httpGet.addHeader("Content-Type", "application/x-www-form-urlencoded");
        httpGet.addHeader("Authorization", String.format("Bearer %s", jsonAccessToken.getValue()));
        return buildUserInfo(processRequest(httpGet));
    }

    protected JsonAccessToken buildAccessToken(JsonObject jsonObject, String[] strArr) {
        return new JsonAccessToken(jsonObject, getResponseElement("access_token", jsonObject), getResponseElement("token_type", jsonObject), getResponseElement("expires_in", jsonObject), getResponseElement("scope", jsonObject), getResponseElement(AccessToken.INTENT, jsonObject), getResponseElement(AccessToken.SMART_STYLE_URL, jsonObject), getResponseElement(AccessToken.PATIENT, jsonObject), getResponseElement(AccessToken.ENCOUNTER, jsonObject), getResponseElement(AccessToken.LOCATION, jsonObject), Boolean.parseBoolean(getResponseElement(AccessToken.NEED_PATIENT_BANNER, jsonObject)), getResponseElement(AccessToken.RESOURCE, jsonObject), getResponseElement("refresh_token", jsonObject), getResponseElement(AccessToken.ID_TOKEN, jsonObject));
    }

    protected JsonUserInfo buildUserInfo(JsonObject jsonObject) {
        return new JsonUserInfo(jsonObject, getResponseElement(UserInfo.SUB, jsonObject), getResponseElement(UserInfo.NAME, jsonObject), getResponseElement(UserInfo.PREFERRED_USERNAME, jsonObject));
    }

    protected JsonObject post(String str, String str2, Credentials credentials, List<NameValuePair> list) {
        HttpPost httpPost = new HttpPost(str);
        httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
        if (credentials instanceof ClientSecretCredentials) {
            Object credentials2 = credentials.getCredentials();
            if (!(credentials2 instanceof String)) {
                throw new IllegalArgumentException("Credentials not supported");
            }
            String str3 = (String) credentials2;
            if (!StringUtils.isNotBlank(str2) || !StringUtils.isNotBlank(str3)) {
                throw new RuntimeException("Confidential client authorization requires clientId and client secret.");
            }
            setAuthorizationHeader(httpPost, str2, str3);
        } else {
            if (!(credentials instanceof JWTCredentials)) {
                throw new IllegalArgumentException("Credentials type not supported");
            }
            ((JWTCredentials) credentials).setAudience(str);
        }
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(list));
            return processRequest(httpPost);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    protected static void setAuthorizationHeader(HttpRequest httpRequest, String str, String str2) {
        httpRequest.addHeader("Authorization", String.format("Basic %s", Base64.encode(String.format("%s:%s", str, str2).getBytes())));
    }

    protected JsonObject processRequest(HttpUriRequest httpUriRequest) {
        try {
            HttpResponse execute = this.fhirContext.getRestfulClientFactory().getHttpClient().execute(httpUriRequest);
            if (execute.getStatusLine().getStatusCode() != 200) {
                throw new RuntimeException(String.format("There was a problem attempting to get the access token.\nResponse Status : %s .\nResponse Detail :%s.", execute.getStatusLine(), EntityUtils.toString(execute.getEntity(), "UTF-8")));
            }
            try {
                return new JsonParser().parse(new InputStreamReader(execute.getEntity().getContent()));
            } catch (IOException e) {
                throw new RuntimeException("There was a problem attempting to get the access token", e);
            }
        } catch (IOException e2) {
            throw new RuntimeException("Error sending HTTP Post Payload", e2);
        }
    }

    protected String getResponseElement(String str, JsonObject jsonObject) {
        JsonElement jsonElement = jsonObject.get(str);
        if (jsonElement != null) {
            return jsonElement.getAsString();
        }
        return null;
    }
}
