package org.keycloak.social;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.codehaus.jackson.map.ObjectMapper;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.social.utils.SimpleHttp;

/* loaded from: input_file:WEB-INF/lib/keycloak-social-core-1.1.1.Final.jar:org/keycloak/social/AbstractOAuth2Provider.class */
public abstract class AbstractOAuth2Provider implements SocialProvider {
    private static ObjectMapper mapper = new ObjectMapper();
    private static final String AUTHORIZATION_CODE = "authorization_code";
    private static final String ACCESS_TOKEN = "access_token";
    private static final String CLIENT_ID = "client_id";
    private static final String CLIENT_SECRET = "client_secret";
    private static final String CODE = "code";
    private static final String GRANT_TYPE = "grant_type";
    private static final String REDIRECT_URI = "redirect_uri";
    private static final String RESPONSE_TYPE = "response_type";
    private static final String SCOPE = "scope";
    private static final String STATE = "state";
    private static final String TOKEN_REGEX = "access_token=([^&]+)";

    @Override // org.keycloak.social.SocialProvider
    public abstract String getId();

    @Override // org.keycloak.social.SocialProvider
    public abstract String getName();

    protected abstract String getScope();

    protected abstract String getAuthUrl();

    protected abstract String getTokenUrl();

    protected abstract SocialUser getProfile(String str) throws SocialProviderException;

    @Override // org.keycloak.social.SocialProvider
    public AuthRequest getAuthUrl(ClientSessionModel clientSessionModel, SocialProviderConfig socialProviderConfig, String str) throws SocialProviderException {
        return AuthRequest.create(getAuthUrl()).setQueryParam("client_id", socialProviderConfig.getKey()).setQueryParam("response_type", "code").setQueryParam("scope", getScope()).setQueryParam("redirect_uri", socialProviderConfig.getCallbackUrl()).setQueryParam("state", str).build();
    }

    @Override // org.keycloak.social.SocialProvider
    public SocialUser processCallback(ClientSessionModel clientSessionModel, SocialProviderConfig socialProviderConfig, AuthCallback authCallback) throws SocialProviderException {
        String group;
        String queryParam = authCallback.getQueryParam("error");
        if (queryParam != null) {
            if (queryParam.equals("access_denied")) {
                throw new SocialAccessDeniedException();
            }
            throw new SocialProviderException(queryParam);
        }
        try {
            String asString = SimpleHttp.doPost(getTokenUrl()).param("code", authCallback.getQueryParam("code")).param("client_id", socialProviderConfig.getKey()).param(CLIENT_SECRET, socialProviderConfig.getSecret()).param("redirect_uri", socialProviderConfig.getCallbackUrl()).param("grant_type", AUTHORIZATION_CODE).asString();
            if (asString.startsWith("{")) {
                group = mapper.readTree(asString).get(ACCESS_TOKEN).getTextValue();
            } else {
                Matcher matcher = Pattern.compile(TOKEN_REGEX).matcher(asString);
                if (!matcher.find()) {
                    throw new SocialProviderException("Invalid response, could not find token");
                }
                group = matcher.group(1);
            }
            return getProfile(group);
        } catch (IOException e) {
            throw new SocialProviderException(e);
        }
    }
}
