package org.logevents.util.openid;

import java.io.IOException;
import java.net.URL;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Random;
import java.util.Set;
import org.logevents.config.Configuration;
import org.logevents.config.LogEventConfigurationException;
import org.logevents.util.JsonParser;
import org.logevents.util.NetUtils;

/* loaded from: input_file:org/logevents/util/openid/OpenIdConfiguration.class */
public class OpenIdConfiguration {
    private final String clientId;
    private final String clientSecret;
    private final String openIdIssuer;
    private Optional<String> redirectUri;
    private Optional<String> scopes;
    private Map<String, List<String>> requiredClaims;
    private static final Random random = new Random();
    private static final String CHARS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

    public OpenIdConfiguration(Configuration configuration) {
        this(getOpenIdIssuer(configuration), getClientId(configuration), configuration.getString("clientSecret"));
        this.redirectUri = configuration.optionalString("redirectUri");
        this.scopes = configuration.optionalString("scopes");
        Set<String> listProperties = configuration.listProperties("requiredClaim");
        for (String str : listProperties) {
            addRequiredClaim(str, configuration.getStringList("requiredClaim." + str));
        }
        if (!this.openIdIssuer.startsWith("https://login.microsoftonline.com/") && listProperties.isEmpty()) {
            throw new LogEventConfigurationException(configuration.fullKey("requiredClaim") + ".<someClaim> must be set unless openIdIssues is an organization (like Active Directory)");
        }
    }

    private static String getClientId(Configuration configuration) {
        return configuration.optionalString("clientId").orElseThrow(() -> {
            String str = "Missing required key <" + configuration.fullKey("clientId") + ">.";
            if (getOpenIdIssuer(configuration).startsWith("https://accounts.google.com")) {
                str = str + " Create your credentials at https://console.developers.google.com/apis/credentials";
            }
            return new LogEventConfigurationException(str);
        });
    }

    private static String getOpenIdIssuer(Configuration configuration) {
        return configuration.optionalString("openIdIssuer").orElseThrow(() -> {
            return new LogEventConfigurationException("Missing require key <" + configuration.fullKey("openIdIssuer") + ">. Try https://accounts.google.com for Google or https://login.microsoftonline.com/{tenantId}/v2.0/ for Active Directory");
        });
    }

    public OpenIdConfiguration(String str, String str2, String str3) {
        this.redirectUri = Optional.empty();
        this.scopes = Optional.empty();
        this.requiredClaims = new HashMap();
        this.openIdIssuer = str;
        this.clientId = str2;
        this.clientSecret = str3;
    }

    public static String randomString(int i) {
        StringBuilder sb = new StringBuilder(i);
        for (int i2 = 0; i2 < i; i2++) {
            sb.append(CHARS.charAt(random.nextInt(CHARS.length())));
        }
        return sb.toString();
    }

    private String getRedirectUri(String str) {
        return this.redirectUri.orElse(str);
    }

    public String getScopes() {
        return this.scopes.orElse("openid+email+profile");
    }

    public String getAuthorizationUrl(String str, String str2) throws IOException {
        return getAuthorizationEndpoint() + "?response_type=code&client_id=" + this.clientId + "&redirect_uri=" + getRedirectUri(str2) + "&scope=" + getScopes() + "&state=" + str;
    }

    protected String getAuthorizationEndpoint() throws IOException {
        return (String) loadOpenIdConfiguration().get("authorization_endpoint");
    }

    public Map<String, Object> fetchIdToken(String str, String str2) throws IOException {
        return getIdToken(postTokenRequest(createTokenRequestPayload(str, str2)));
    }

    protected Map<String, Object> postTokenRequest(Map<String, String> map) throws IOException {
        return NetUtils.postFormForJson(getTokenEndpoint(), map);
    }

    public Map<String, String> createTokenRequestPayload(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", this.clientId);
        hashMap.put("client_secret", this.clientSecret);
        hashMap.put("redirect_uri", getRedirectUri(str2));
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str);
        return hashMap;
    }

    private Map<String, Object> getIdToken(Map<String, Object> map) throws IOException {
        return JsonParser.parseFromBase64encodedString(map.get("id_token").toString().split("\\.")[1]);
    }

    protected URL getTokenEndpoint() throws IOException {
        return new URL((String) loadOpenIdConfiguration().get("token_endpoint"));
    }

    private Map<String, Object> loadOpenIdConfiguration() throws IOException {
        return JsonParser.parseObject(new URL(this.openIdIssuer + "/.well-known/openid-configuration"));
    }

    public String toString() {
        return getClass().getSimpleName() + "{openIdIssuer='" + this.openIdIssuer + "'}";
    }

    public void addRequiredClaim(String str, List<String> list) {
        this.requiredClaims.put(str, list);
    }

    public boolean isAuthorizedToken(Map<String, Object> map) {
        for (Map.Entry<String, List<String>> entry : this.requiredClaims.entrySet()) {
            if (!map.containsKey(entry.getKey()) || !entry.getValue().contains(map.get(entry.getKey()).toString())) {
                return false;
            }
        }
        return true;
    }
}
