package org.webswing.server.services.security.modules.openidconnect;

import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest;
import com.google.api.client.auth.oauth2.BearerToken;
import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.auth.oauth2.TokenRequest;
import com.google.api.client.auth.openidconnect.IdToken;
import com.google.api.client.auth.openidconnect.IdTokenResponse;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.Serializable;
import java.net.URL;
import java.util.Collections;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.server.services.security.api.AbstractWebswingUser;

/* loaded from: input_file:WEB-INF/lib/webswing-server-security-2.5.6.jar:org/webswing/server/services/security/modules/openidconnect/OpenIdConnectClient.class */
public class OpenIdConnectClient {
    private static final Logger log = LoggerFactory.getLogger(OpenIdConnectClient.class);
    public static final String CODE = "code";
    public static final String ISSUER = "issuer";
    public static final String AUTHORIZATION_ENDPOINT = "authorization_endpoint";
    public static final String TOKEN_ENDPOINT = "token_endpoint";
    public static final String OPENID_SCOPE = "openid profile";
    public static final String CLIENT_ID = "client_id";
    private final String roleAttrName;
    private final String usernameAttrName;
    private URL discovery;
    private URL callback;
    private String clientId;
    private String clientSecret;
    private String logoutUrl;
    private Credential.AccessMethod method;
    private ClientParametersAuthentication auth;
    private AuthorizationCodeFlow flow;
    private Integer pingPeriod;
    private JacksonFactory jsonFactory = new JacksonFactory();
    private long lastPing = System.currentTimeMillis();
    private NetHttpTransport.Builder transportBuilder = new NetHttpTransport.Builder();

    public OpenIdConnectClient(URL url, URL url2, String str, String str2, boolean z, File file, String str3, String str4) throws Exception {
        this.callback = url2;
        this.roleAttrName = str3;
        this.usernameAttrName = str4;
        this.discovery = url;
        this.clientId = str;
        this.clientSecret = str2;
        if (z) {
            this.transportBuilder.doNotValidateCertificate();
        }
        if (file != null) {
            this.transportBuilder.trustCertificatesFromStream(new FileInputStream(file));
        }
        if (StringUtils.isNotBlank(str2)) {
            this.auth = new ClientParametersAuthentication(str, str2);
        }
        this.method = BearerToken.authorizationHeaderAccessMethod();
        this.pingPeriod = Integer.valueOf(Integer.getInteger("org.webswing.openid.ping.interval", 60).intValue() * 1000);
        initializeFlow();
    }

    private synchronized void initializeFlow() {
        this.lastPing = System.currentTimeMillis();
        if (this.discovery == null) {
            throw new RuntimeException("OpenID Connect Discovery URL is not defined.");
        }
        try {
            log.info("Loading OpenID Connect definition from: " + this.discovery);
            Map map = (Map) this.jsonFactory.createJsonParser(this.transportBuilder.build().createRequestFactory().buildGetRequest(new GenericUrl(this.discovery)).execute().getContent()).parse(Map.class);
            if (map.get(ISSUER) == null) {
                throw new RuntimeException("Discovery json does not define issuer field");
            }
            String str = (String) map.get(ISSUER);
            if (map.get(AUTHORIZATION_ENDPOINT) == null) {
                throw new RuntimeException("Discovery json does not define authorization_endpoint field");
            }
            URL url = new URL((String) map.get(AUTHORIZATION_ENDPOINT));
            if (map.get(TOKEN_ENDPOINT) == null) {
                throw new RuntimeException("Discovery json does not define token_endpoint field");
            }
            URL url2 = new URL((String) map.get(TOKEN_ENDPOINT));
            if (this.flow != null || url == null || url2 == null || str == null) {
                return;
            }
            AuthorizationCodeFlow.Builder builder = new AuthorizationCodeFlow.Builder(this.method, this.transportBuilder.build(), this.jsonFactory, new GenericUrl(url2), this.auth, this.clientId, url.toString());
            builder.setScopes(Collections.singletonList(OPENID_SCOPE));
            this.flow = builder.build();
        } catch (IOException e) {
            log.error("Failed resolve OpenID Connect details :" + e.getMessage());
            log.debug("Failed resolve OpenID Connect details", (Throwable) e);
            this.flow = null;
        }
    }

    public String getOpenIDRedirectUrl() throws IOException {
        if (isInitialized()) {
            return this.flow.newAuthorizationUrl().setRedirectUri(this.callback.toString()).build();
        }
        return null;
    }

    public static String getCode(HttpServletRequest httpServletRequest) {
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null) {
            return null;
        }
        for (String str : queryString.split("&")) {
            int indexOf = str.indexOf(61);
            if (indexOf != -1 && str.substring(0, indexOf).equals(CODE)) {
                return str.substring(indexOf + 1);
            }
        }
        return null;
    }

    private static IdToken executeIdToken(TokenRequest tokenRequest) throws IOException {
        return IdTokenResponse.execute(tokenRequest).parseIdToken();
    }

    public AbstractWebswingUser getUser(String str, Map<String, Serializable> map) throws IOException {
        if (this.flow == null) {
            return null;
        }
        AuthorizationCodeTokenRequest redirectUri = this.flow.newTokenRequest(str).setRedirectUri(this.callback.toString());
        redirectUri.set(CLIENT_ID, (Object) this.flow.getClientId());
        return new OpenIdWebswingUser(executeIdToken(redirectUri), this.usernameAttrName, this.roleAttrName, map);
    }

    public boolean isInitialized() {
        if (System.currentTimeMillis() - this.lastPing > this.pingPeriod.intValue()) {
            try {
                initializeFlow();
            } catch (Exception e) {
                log.error("Authentication server error:", (Throwable) e);
            }
        }
        return this.flow != null;
    }

    public String getLogoutUrl() {
        return this.logoutUrl;
    }

    public void setLogoutUrl(String str) {
        this.logoutUrl = str;
    }
}
