package io.vertx.ext.auth.oauth2.impl;

import io.quarkus.oidc.common.runtime.OidcConstants;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.oauth2.AccessToken;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.OAuth2Response;
import java.io.UnsupportedEncodingException;
import java.util.Base64;
import org.apache.zookeeper.server.admin.CommandResponse;
import org.jose4j.jwt.ReservedClaimNames;
import org.kie.internal.query.QueryParameterIdentifiers;
import org.wildfly.security.x500.cert.acme.Acme;

/* loaded from: input_file:io/vertx/ext/auth/oauth2/impl/OAuth2TokenImpl.class */
public class OAuth2TokenImpl extends OAuth2UserImpl {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OAuth2TokenImpl.class);

    public OAuth2TokenImpl() {
    }

    public OAuth2TokenImpl(OAuth2Auth oAuth2Auth, JsonObject jsonObject) {
        super(oAuth2Auth, jsonObject);
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessToken setTrustJWT(boolean z) {
        this.accessToken = decodeToken("access_token", z);
        this.refreshToken = decodeToken(OidcConstants.REFRESH_TOKEN_GRANT, z);
        this.idToken = decodeToken("id_token", z);
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public String tokenType() {
        return principal().getString("token_type");
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public OAuth2TokenImpl refresh(Handler<AsyncResult<Void>> handler) {
        LOG.trace("Refreshing AccessToken");
        JsonObject jsonObject = new JsonObject();
        OAuth2AuthProviderImpl provider = getProvider();
        OAuth2ClientOptions config = provider.getConfig();
        JsonObject headers = config.getHeaders();
        if (headers != null) {
            jsonObject.mergeIn(headers);
        }
        JsonObject jsonObject2 = new JsonObject();
        jsonObject2.put(OidcConstants.GRANT_TYPE, OidcConstants.REFRESH_TOKEN_GRANT).put(OidcConstants.REFRESH_TOKEN_GRANT, opaqueRefreshToken()).put(OidcConstants.CLIENT_ID, config.getClientID());
        if (config.getClientSecretParameterName() != null) {
            jsonObject2.put(config.getClientSecretParameterName(), config.getClientSecret());
        }
        jsonObject.put("Content-Type", "application/x-www-form-urlencoded");
        Buffer buffer = Buffer.buffer(OAuth2API.stringify(jsonObject2));
        jsonObject.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        OAuth2API.fetch(provider.getVertx(), config, HttpMethod.POST, config.getTokenPath(), jsonObject, buffer, asyncResult -> {
            JsonObject jsonObject3;
            String obj;
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            OAuth2Response oAuth2Response = (OAuth2Response) asyncResult.result();
            if (oAuth2Response.body() == null || oAuth2Response.body().length() == 0) {
                handler.handle(Future.failedFuture("No Body"));
                return;
            }
            if (oAuth2Response.is("application/json")) {
                try {
                    jsonObject3 = oAuth2Response.jsonObject();
                } catch (RuntimeException e) {
                    handler.handle(Future.failedFuture(e));
                    return;
                }
            } else {
                if (!oAuth2Response.is("application/x-www-form-urlencoded") && !oAuth2Response.is("text/plain")) {
                    handler.handle(Future.failedFuture("Cannot handle accessToken type: " + oAuth2Response.headers().get("Content-Type")));
                    return;
                }
                try {
                    jsonObject3 = OAuth2API.queryToJSON(oAuth2Response.body().toString());
                } catch (UnsupportedEncodingException | RuntimeException e2) {
                    handler.handle(Future.failedFuture(e2));
                    return;
                }
            }
            try {
                if (jsonObject3.containsKey(CommandResponse.KEY_ERROR)) {
                    Object value = jsonObject3.getValue(CommandResponse.KEY_ERROR);
                    if (value instanceof JsonObject) {
                        obj = ((JsonObject) value).getString("message");
                    } else {
                        try {
                            obj = jsonObject3.getString("error_description", jsonObject3.getString(CommandResponse.KEY_ERROR));
                        } catch (RuntimeException e3) {
                            obj = value.toString();
                        }
                    }
                    handler.handle(Future.failedFuture(obj));
                } else {
                    OAuth2API.processNonStandardHeaders(jsonObject3, oAuth2Response, config.getScopeSeparator());
                    LOG.trace("Got new AccessToken");
                    init(jsonObject3);
                    handler.handle(Future.succeededFuture());
                }
            } catch (RuntimeException e4) {
                handler.handle(Future.failedFuture(e4));
            }
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public OAuth2TokenImpl revoke(String str, Handler<AsyncResult<Void>> handler) {
        OAuth2AuthProviderImpl provider = getProvider();
        OAuth2ClientOptions config = provider.getConfig();
        String string = principal().getString(str);
        if (string != null) {
            JsonObject jsonObject = new JsonObject();
            if ((config.getClientID() == null || config.getClientSecret() == null) ? false : true) {
                jsonObject.put("Authorization", "Basic " + Base64.getEncoder().encodeToString((config.getClientID() + QueryParameterIdentifiers.VAR_VAL_SEPARATOR + (config.getClientSecret() == null ? "" : config.getClientSecret())).getBytes()));
            }
            JsonObject headers = config.getHeaders();
            if (headers != null) {
                jsonObject.mergeIn(headers);
            }
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.put(Acme.TOKEN, string).put("token_type_hint", str);
            jsonObject.put("Content-Type", "application/x-www-form-urlencoded");
            Buffer buffer = Buffer.buffer(OAuth2API.stringify(jsonObject2));
            jsonObject.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
            OAuth2API.fetch(provider.getVertx(), config, HttpMethod.POST, config.getRevocationPath(), jsonObject, buffer, asyncResult -> {
                if (asyncResult.failed()) {
                    handler.handle(Future.failedFuture(asyncResult.cause()));
                } else {
                    if (((OAuth2Response) asyncResult.result()).body() == null) {
                        handler.handle(Future.failedFuture("No Body"));
                        return;
                    }
                    principal().remove(str);
                    init(principal());
                    handler.handle(Future.succeededFuture());
                }
            });
        } else {
            handler.handle(Future.failedFuture("Invalid token: " + str));
        }
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public OAuth2TokenImpl logout(Handler<AsyncResult<Void>> handler) {
        OAuth2AuthProviderImpl provider = getProvider();
        OAuth2ClientOptions config = provider.getConfig();
        JsonObject jsonObject = new JsonObject();
        jsonObject.put("Authorization", "Bearer " + opaqueAccessToken());
        JsonObject headers = config.getHeaders();
        if (headers != null) {
            jsonObject.mergeIn(headers);
        }
        JsonObject jsonObject2 = new JsonObject();
        jsonObject2.put(OidcConstants.CLIENT_ID, config.getClientID());
        if (config.getClientSecretParameterName() != null && config.getClientSecret() != null) {
            jsonObject2.put(config.getClientSecretParameterName(), config.getClientSecret());
        }
        if (opaqueRefreshToken() != null) {
            jsonObject2.put(OidcConstants.REFRESH_TOKEN_GRANT, opaqueRefreshToken());
        }
        jsonObject.put("Content-Type", "application/x-www-form-urlencoded");
        Buffer buffer = Buffer.buffer(OAuth2API.stringify(jsonObject2));
        jsonObject.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        OAuth2API.fetch(provider.getVertx(), config, HttpMethod.POST, config.getLogoutPath(), jsonObject, buffer, asyncResult -> {
            if (!asyncResult.succeeded()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
            } else {
                init(null);
                handler.handle(Future.succeededFuture());
            }
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessToken introspect(String str, Handler<AsyncResult<Void>> handler) {
        JsonObject jsonObject = new JsonObject();
        OAuth2AuthProviderImpl provider = getProvider();
        OAuth2ClientOptions config = provider.getConfig();
        if ((config.getClientID() == null || config.getClientSecret() == null) ? false : true) {
            jsonObject.put("Authorization", "Basic " + Base64.getEncoder().encodeToString((config.getClientID() + QueryParameterIdentifiers.VAR_VAL_SEPARATOR + (config.getClientSecret() == null ? "" : config.getClientSecret())).getBytes()));
        }
        JsonObject headers = config.getHeaders();
        if (headers != null) {
            jsonObject.mergeIn(headers);
        }
        JsonObject put = new JsonObject().put(Acme.TOKEN, principal().getString(str)).put("token_type_hint", str);
        jsonObject.put("Content-Type", "application/x-www-form-urlencoded");
        Buffer buffer = Buffer.buffer(OAuth2API.stringify(put));
        jsonObject.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        OAuth2API.fetch(provider.getVertx(), config, HttpMethod.POST, config.getIntrospectionPath(), jsonObject, buffer, asyncResult -> {
            JsonObject jsonObject2;
            long currentTimeMillis;
            String obj;
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            OAuth2Response oAuth2Response = (OAuth2Response) asyncResult.result();
            if (oAuth2Response.body() == null || oAuth2Response.body().length() == 0) {
                handler.handle(Future.failedFuture("No Body"));
                return;
            }
            if (oAuth2Response.is("application/json")) {
                try {
                    jsonObject2 = oAuth2Response.jsonObject();
                } catch (RuntimeException e) {
                    handler.handle(Future.failedFuture(e));
                    return;
                }
            } else {
                if (!oAuth2Response.is("application/x-www-form-urlencoded") && !oAuth2Response.is("text/plain")) {
                    handler.handle(Future.failedFuture("Cannot handle accessToken type: " + oAuth2Response.headers().get("Content-Type")));
                    return;
                }
                try {
                    jsonObject2 = OAuth2API.queryToJSON(oAuth2Response.body().toString());
                } catch (UnsupportedEncodingException | RuntimeException e2) {
                    handler.handle(Future.failedFuture(e2));
                    return;
                }
            }
            try {
                if (jsonObject2.containsKey(CommandResponse.KEY_ERROR)) {
                    Object value = jsonObject2.getValue(CommandResponse.KEY_ERROR);
                    if (value instanceof JsonObject) {
                        obj = ((JsonObject) value).getString("message");
                    } else {
                        try {
                            obj = jsonObject2.getString("error_description", jsonObject2.getString(CommandResponse.KEY_ERROR));
                        } catch (RuntimeException e3) {
                            obj = value.toString();
                        }
                    }
                    handler.handle(Future.failedFuture(obj));
                    return;
                }
                if (jsonObject2.containsKey("active") && !jsonObject2.getBoolean("active", false).booleanValue()) {
                    handler.handle(Future.failedFuture("Inactive Token"));
                    return;
                }
                if (jsonObject2.containsKey(OidcConstants.TOKEN_SCOPE) && jsonObject2.getString(OidcConstants.TOKEN_SCOPE) != null) {
                    principal().put(OidcConstants.TOKEN_SCOPE, jsonObject2.getString(OidcConstants.TOKEN_SCOPE));
                }
                if (jsonObject2.containsKey(OidcConstants.CLIENT_ID)) {
                    if (!principal().containsKey(OidcConstants.CLIENT_ID)) {
                        principal().put(OidcConstants.CLIENT_ID, jsonObject2.getString(OidcConstants.CLIENT_ID));
                    } else if (!jsonObject2.getString(OidcConstants.CLIENT_ID, "").equals(principal().getString(OidcConstants.CLIENT_ID))) {
                        handler.handle(Future.failedFuture("Wrong client_id"));
                        return;
                    }
                }
                if (jsonObject2.containsKey("username")) {
                    principal().put("username", jsonObject2.getString("username"));
                }
                if (jsonObject2.containsKey("token_type")) {
                    if (!principal().containsKey("token_type")) {
                        principal().put("token_type", jsonObject2.getString("token_type"));
                    } else if (!jsonObject2.getString("token_type", "").equalsIgnoreCase(principal().getString("token_type"))) {
                        handler.handle(Future.failedFuture("Wrong token_type"));
                        return;
                    }
                }
                try {
                    OAuth2API.processNonStandardHeaders(jsonObject2, oAuth2Response, config.getScopeSeparator());
                    if (jsonObject2.containsKey(OidcConstants.EXPIRES_IN)) {
                        principal().put(OidcConstants.EXPIRES_IN, jsonObject2.getValue(OidcConstants.EXPIRES_IN)).remove("expires_at");
                    }
                    currentTimeMillis = System.currentTimeMillis() / 1000;
                } catch (RuntimeException e4) {
                    handler.handle(Future.failedFuture(e4));
                }
                if (jsonObject2.containsKey(ReservedClaimNames.ISSUED_AT) && jsonObject2.getLong(ReservedClaimNames.ISSUED_AT).longValue() > currentTimeMillis + config.getJWTOptions().getLeeway()) {
                    handler.handle(Future.failedFuture("Invalid token: iat > now"));
                    return;
                }
                if (jsonObject2.containsKey(ReservedClaimNames.EXPIRATION_TIME)) {
                    Long l = jsonObject2.getLong(ReservedClaimNames.EXPIRATION_TIME);
                    if (currentTimeMillis - config.getJWTOptions().getLeeway() >= l.longValue()) {
                        handler.handle(Future.failedFuture("Invalid token: exp <= now"));
                        return;
                    }
                    principal().put(OidcConstants.EXPIRES_IN, Long.valueOf(l.longValue() - currentTimeMillis)).remove("expires_at");
                }
                init(principal());
                handler.handle(Future.succeededFuture());
                return;
            } catch (RuntimeException e5) {
                handler.handle(Future.failedFuture(e5));
            }
            handler.handle(Future.failedFuture(e5));
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessToken introspect(Handler<AsyncResult<Void>> handler) {
        return introspect("access_token", handler);
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessToken userInfo(Handler<AsyncResult<JsonObject>> handler) {
        JsonObject jsonObject = new JsonObject();
        OAuth2AuthProviderImpl provider = getProvider();
        OAuth2ClientOptions config = provider.getConfig();
        JsonObject userInfoParameters = config.getUserInfoParameters();
        String userInfoPath = config.getUserInfoPath();
        if (userInfoParameters != null) {
            userInfoPath = userInfoPath + "?" + OAuth2API.stringify(userInfoParameters);
        }
        jsonObject.put("Authorization", "Bearer " + opaqueAccessToken());
        jsonObject.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        OAuth2API.fetch(provider.getVertx(), config, HttpMethod.GET, userInfoPath, jsonObject, null, asyncResult -> {
            JsonObject jsonObject2;
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            OAuth2Response oAuth2Response = (OAuth2Response) asyncResult.result();
            if (oAuth2Response.is("application/json")) {
                try {
                    jsonObject2 = oAuth2Response.jsonObject();
                } catch (RuntimeException e) {
                    handler.handle(Future.failedFuture(e));
                    return;
                }
            } else {
                if (!oAuth2Response.is("application/x-www-form-urlencoded") && !oAuth2Response.is("text/plain")) {
                    handler.handle(Future.failedFuture("Cannot handle Content-Type: " + oAuth2Response.headers().get("Content-Type")));
                    return;
                }
                try {
                    jsonObject2 = OAuth2API.queryToJSON(oAuth2Response.body().toString());
                } catch (UnsupportedEncodingException | RuntimeException e2) {
                    handler.handle(Future.failedFuture(e2));
                    return;
                }
            }
            OAuth2API.processNonStandardHeaders(principal(), oAuth2Response, config.getScopeSeparator());
            init(principal());
            handler.handle(Future.succeededFuture(jsonObject2));
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public AccessToken fetch(HttpMethod httpMethod, String str, JsonObject jsonObject, Buffer buffer, Handler<AsyncResult<OAuth2Response>> handler) {
        OAuth2AuthProviderImpl provider = getProvider();
        OAuth2ClientOptions config = provider.getConfig();
        if (jsonObject == null) {
            jsonObject = new JsonObject();
        }
        jsonObject.put("Authorization", "Bearer " + opaqueAccessToken());
        OAuth2API.fetch(provider.getVertx(), config, httpMethod, str, jsonObject, buffer, asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
            } else {
                handler.handle(Future.succeededFuture(asyncResult.result()));
            }
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public /* bridge */ /* synthetic */ AccessToken logout(Handler handler) {
        return logout((Handler<AsyncResult<Void>>) handler);
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public /* bridge */ /* synthetic */ AccessToken revoke(String str, Handler handler) {
        return revoke(str, (Handler<AsyncResult<Void>>) handler);
    }

    @Override // io.vertx.ext.auth.oauth2.AccessToken
    public /* bridge */ /* synthetic */ AccessToken refresh(Handler handler) {
        return refresh((Handler<AsyncResult<Void>>) handler);
    }
}
