package com.mongodb.jdbc.oidc;

import com.mongodb.jdbc.logging.LoggingAspect;
import com.mongodb.jdbc.logging.MongoLogger;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.RefreshTokenGrant;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.net.URI;
import java.time.Duration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.RefreshFailedException;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;

/* loaded from: input_file:com/mongodb/jdbc/oidc/OidcAuthFlow.class */
public class OidcAuthFlow {
    private static final Logger logger;
    private MongoLogger mongoLogger;
    private static final String OFFLINE_ACCESS = "offline_access";
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_2;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_3;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_4;

    static {
        ajc$preClinit();
        logger = Logger.getLogger(OidcAuthFlow.class.getName());
    }

    public OidcAuthFlow() {
    }

    public OidcAuthFlow(MongoLogger mongoLogger) {
        MongoLogger mongoLogger2 = new MongoLogger(OidcAuthFlow.class.getName(), mongoLogger);
        if (LoggingAspect.hasAspect(this)) {
            mongoLogger_aroundBody1$advice(this, this, mongoLogger2, LoggingAspect.aspectOf(this), mongoLogger2, null);
        } else {
            this.mongoLogger = mongoLogger2;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:100:0x034c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.mongodb.jdbc.oidc.OidcCallbackResult doAuthCodeFlow(com.mongodb.jdbc.oidc.OidcCallbackContext r10) {
        /*
            Method dump skipped, instructions count: 859
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mongodb.jdbc.oidc.OidcAuthFlow.doAuthCodeFlow(com.mongodb.jdbc.oidc.OidcCallbackContext):com.mongodb.jdbc.oidc.OidcCallbackResult");
    }

    private void log(Level level, String str) {
        try {
            if (this.mongoLogger != null) {
                this.mongoLogger.log(level, str);
            } else {
                logger.log(level, str);
            }
        } catch (Exception e) {
            if (LoggingAspect.hasAspect(this)) {
                LoggingAspect.aspectOf(this).ajc$afterThrowing$com_mongodb_jdbc_logging_LoggingAspect$3$9756aa6b(e, ajc$tjp_1);
            }
            throw e;
        }
    }

    public OidcCallbackResult doRefresh(OidcCallbackContext oidcCallbackContext) {
        try {
            IdpInfo idpInfo = oidcCallbackContext.getIdpInfo();
            String clientId = idpInfo.getClientId();
            String issuer = idpInfo.getIssuer();
            if (!validateIdpInfo(idpInfo, clientId, issuer)) {
                return null;
            }
            try {
                URI tokenEndpointURI = OIDCProviderMetadata.resolve(new Issuer(issuer)).getTokenEndpointURI();
                String refreshToken = oidcCallbackContext.getRefreshToken();
                if (refreshToken == null) {
                    throw new IllegalArgumentException("Refresh token is required");
                }
                HTTPResponse send = new TokenRequest(tokenEndpointURI, new ClientID(clientId), new RefreshTokenGrant(new RefreshToken(refreshToken))).toHTTPRequest().send();
                try {
                    TokenResponse parse = OIDCTokenResponseParser.parse(send);
                    if (parse.indicatesSuccess()) {
                        return getOidcCallbackResultFromTokenResponse((OIDCTokenResponse) parse);
                    }
                    TokenErrorResponse errorResponse = parse.toErrorResponse();
                    throw new RefreshFailedException("Token refresh failed with error: code=" + (errorResponse.getErrorObject() != null ? errorResponse.getErrorObject().getCode() : null) + ", description=" + (errorResponse.getErrorObject() != null ? errorResponse.getErrorObject().getDescription() : null));
                } catch (ParseException e) {
                    throw new RefreshFailedException("Failed to parse server response: " + e.getMessage() + " [response=" + send.getBody() + "]");
                }
            } catch (Exception e2) {
                log(Level.SEVERE, "OpenID Connect: Error during token refresh. " + e2.getMessage());
                return null;
            }
        } catch (Exception e3) {
            if (LoggingAspect.hasAspect(this)) {
                LoggingAspect.aspectOf(this).ajc$afterThrowing$com_mongodb_jdbc_logging_LoggingAspect$3$9756aa6b(e3, ajc$tjp_2);
            }
            throw e3;
        }
    }

    private boolean validateIdpInfo(IdpInfo idpInfo, String str, String str2) {
        try {
            if (idpInfo == null) {
                log(Level.SEVERE, "IdpServerInfo is null");
                return false;
            }
            if (str == null || str.isEmpty()) {
                log(Level.SEVERE, "Client ID is null or empty");
                return false;
            }
            if (str2.startsWith("https")) {
                return true;
            }
            log(Level.SEVERE, "Issuer URI must be HTTPS");
            return false;
        } catch (Exception e) {
            if (LoggingAspect.hasAspect(this)) {
                LoggingAspect.aspectOf(this).ajc$afterThrowing$com_mongodb_jdbc_logging_LoggingAspect$3$9756aa6b(e, ajc$tjp_3);
            }
            throw e;
        }
    }

    private OidcCallbackResult getOidcCallbackResultFromTokenResponse(OIDCTokenResponse oIDCTokenResponse) {
        try {
            OIDCTokens oIDCTokens = oIDCTokenResponse.getOIDCTokens();
            return new OidcCallbackResult(oIDCTokens.getAccessToken().getValue(), Duration.ofSeconds(oIDCTokens.getAccessToken().getLifetime()), oIDCTokens.getRefreshToken() != null ? oIDCTokens.getRefreshToken().getValue() : null);
        } catch (Exception e) {
            if (LoggingAspect.hasAspect(this)) {
                LoggingAspect.aspectOf(this).ajc$afterThrowing$com_mongodb_jdbc_logging_LoggingAspect$3$9756aa6b(e, ajc$tjp_4);
            }
            throw e;
        }
    }

    private static final /* synthetic */ Object mongoLogger_aroundBody1$advice(OidcAuthFlow oidcAuthFlow, OidcAuthFlow oidcAuthFlow2, MongoLogger mongoLogger, LoggingAspect loggingAspect, MongoLogger mongoLogger2, AroundClosure aroundClosure) {
        loggingAspect.logger = mongoLogger2;
        oidcAuthFlow2.mongoLogger = mongoLogger2;
        return null;
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("OidcAuthFlow.java", OidcAuthFlow.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "doAuthCodeFlow", "com.mongodb.jdbc.oidc.OidcAuthFlow", "com.mongodb.jdbc.oidc.OidcCallbackContext", "callbackContext", StringUtils.EMPTY, "com.mongodb.jdbc.oidc.OidcCallbackResult"), 61);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "log", "com.mongodb.jdbc.oidc.OidcAuthFlow", "java.util.logging.Level:java.lang.String", "level:message", StringUtils.EMPTY, "void"), 173);
        ajc$tjp_2 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "doRefresh", "com.mongodb.jdbc.oidc.OidcAuthFlow", "com.mongodb.jdbc.oidc.OidcCallbackContext", "callbackContext", StringUtils.EMPTY, "com.mongodb.jdbc.oidc.OidcCallbackResult"), 181);
        ajc$tjp_3 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "validateIdpInfo", "com.mongodb.jdbc.oidc.OidcAuthFlow", "com.mongodb.jdbc.oidc.IdpInfo:java.lang.String:java.lang.String", "idpInfo:clientID:issuerURI", StringUtils.EMPTY, "boolean"), 244);
        ajc$tjp_4 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "getOidcCallbackResultFromTokenResponse", "com.mongodb.jdbc.oidc.OidcAuthFlow", "com.nimbusds.openid.connect.sdk.OIDCTokenResponse", "tokenResponse", StringUtils.EMPTY, "com.mongodb.jdbc.oidc.OidcCallbackResult"), 260);
    }
}
