package io.quarkus.oidc.client.runtime;

import io.quarkus.oidc.client.OidcClient;
import io.quarkus.oidc.client.OidcClientConfig;
import io.quarkus.oidc.client.OidcClientException;
import io.quarkus.oidc.client.Tokens;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.oidc.common.runtime.OidcConstants;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.groups.UniOnItem;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonObject;
import io.vertx.mutiny.core.MultiMap;
import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpRequest;
import io.vertx.mutiny.ext.web.client.HttpResponse;
import io.vertx.mutiny.ext.web.client.WebClient;
import java.io.IOException;
import java.net.ConnectException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.time.Instant;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import java.util.function.Supplier;
import org.eclipse.microprofile.jwt.Claims;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/oidc/client/runtime/OidcClientImpl.class */
public class OidcClientImpl implements OidcClient {
    private static final Logger LOG = Logger.getLogger((Class<?>) OidcClientImpl.class);
    private static final String AUTHORIZATION_HEADER = String.valueOf(HttpHeaders.AUTHORIZATION);
    private final WebClient client;
    private final String tokenRequestUri;
    private final MultiMap tokenGrantParams;
    private final MultiMap commonRefreshGrantParams;
    private final String grantType;
    private final String clientSecretBasicAuthScheme;
    private final Key clientJwtKey;
    private final OidcClientConfig oidcConfig;
    private volatile boolean closed;

    public OidcClientImpl(WebClient webClient, String str, String str2, MultiMap multiMap, MultiMap multiMap2, OidcClientConfig oidcClientConfig) {
        this.client = webClient;
        this.tokenRequestUri = str;
        this.tokenGrantParams = multiMap;
        this.commonRefreshGrantParams = multiMap2;
        this.grantType = str2;
        this.oidcConfig = oidcClientConfig;
        this.clientSecretBasicAuthScheme = OidcCommonUtils.initClientSecretBasicAuth(oidcClientConfig);
        this.clientJwtKey = OidcCommonUtils.initClientJwtKey(oidcClientConfig);
    }

    @Override // io.quarkus.oidc.client.OidcClient
    public Uni<Tokens> getTokens(Map<String, String> map) {
        checkClosed();
        if (this.tokenGrantParams == null) {
            throw new OidcClientException("Only 'refresh_token' grant is supported, please call OidcClient#refreshTokens method instead");
        }
        return getJsonResponse(this.tokenGrantParams, map, false);
    }

    @Override // io.quarkus.oidc.client.OidcClient
    public Uni<Tokens> refreshTokens(String str) {
        checkClosed();
        if (str == null) {
            throw new OidcClientException("Refresh token is null");
        }
        MultiMap copyMultiMap = copyMultiMap(this.commonRefreshGrantParams);
        copyMultiMap.add("refresh_token", str);
        return getJsonResponse(copyMultiMap, Collections.emptyMap(), true);
    }

    private Uni<Tokens> getJsonResponse(final MultiMap multiMap, final Map<String, String> map, final boolean z) {
        return Uni.createFrom().deferred(new Supplier<Uni<? extends Tokens>>() { // from class: io.quarkus.oidc.client.runtime.OidcClientImpl.1
            @Override // java.util.function.Supplier
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public Uni<? extends Tokens> get2() {
                MultiMap multiMap2 = multiMap;
                HttpRequest<Buffer> postAbs = OidcClientImpl.this.client.postAbs(OidcClientImpl.this.tokenRequestUri);
                postAbs.putHeader(HttpHeaders.CONTENT_TYPE.toString(), HttpHeaders.APPLICATION_X_WWW_FORM_URLENCODED.toString());
                if (OidcClientImpl.this.oidcConfig.headers != null) {
                    for (Map.Entry<String, String> entry : OidcClientImpl.this.oidcConfig.headers.entrySet()) {
                        postAbs.putHeader(entry.getKey(), entry.getValue());
                    }
                }
                if (OidcClientImpl.this.clientSecretBasicAuthScheme != null) {
                    postAbs.putHeader(OidcClientImpl.AUTHORIZATION_HEADER, OidcClientImpl.this.clientSecretBasicAuthScheme);
                } else if (OidcClientImpl.this.clientJwtKey != null) {
                    multiMap2 = !z ? OidcClientImpl.copyMultiMap(multiMap2) : multiMap2;
                    multiMap2.add(OidcConstants.CLIENT_ASSERTION_TYPE, OidcConstants.JWT_BEARER_CLIENT_ASSERTION_TYPE);
                    multiMap2.add(OidcConstants.CLIENT_ASSERTION, OidcCommonUtils.signJwtWithKey(OidcClientImpl.this.oidcConfig, OidcClientImpl.this.tokenRequestUri, OidcClientImpl.this.clientJwtKey));
                }
                if (!map.isEmpty()) {
                    multiMap2 = OidcClientImpl.copyMultiMap(multiMap2);
                    for (Map.Entry entry2 : map.entrySet()) {
                        multiMap2.add((String) entry2.getKey(), (String) entry2.getValue());
                    }
                }
                UniOnItem<HttpResponse<Buffer>> onItem = postAbs.sendBuffer(OidcCommonUtils.encodeForm(multiMap2)).onFailure(ConnectException.class).retry().atMost(OidcClientImpl.this.oidcConfig.connectionRetryCount).onFailure().transform(th -> {
                    return th.getCause();
                }).onItem();
                boolean z2 = z;
                return onItem.transform(httpResponse -> {
                    return OidcClientImpl.this.emitGrantTokens(httpResponse, z2);
                });
            }
        });
    }

    private Tokens emitGrantTokens(HttpResponse<Buffer> httpResponse, boolean z) {
        Long expiresJwtClaim;
        if (httpResponse.statusCode() != 200) {
            String bodyAsString = httpResponse.bodyAsString();
            Logger logger = LOG;
            Object[] objArr = new Object[4];
            objArr[0] = this.oidcConfig.getId().get();
            objArr[1] = z ? "refresh_token" : this.grantType;
            objArr[2] = Integer.valueOf(httpResponse.statusCode());
            objArr[3] = bodyAsString;
            logger.debugf("%s OidcClient has failed to complete the %s grant request:  status: %d, error message: %s", objArr);
            throw new OidcClientException(bodyAsString);
        }
        LOG.debugf("%s OidcClient has %s the tokens", this.oidcConfig.getId().get(), z ? "refreshed" : "acquired");
        JsonObject bodyAsJsonObject = httpResponse.bodyAsJsonObject();
        String string = bodyAsJsonObject.getString(this.oidcConfig.grant.accessTokenProperty);
        String string2 = bodyAsJsonObject.getString(this.oidcConfig.grant.refreshTokenProperty);
        Object value = bodyAsJsonObject.getValue(this.oidcConfig.grant.expiresInProperty);
        if (value != null) {
            long longValue = value instanceof Number ? ((Number) value).longValue() : Long.parseLong(value.toString());
            expiresJwtClaim = Long.valueOf(this.oidcConfig.absoluteExpiresIn ? longValue : Instant.now().getEpochSecond() + longValue);
        } else {
            expiresJwtClaim = getExpiresJwtClaim(string);
        }
        return new Tokens(string, expiresJwtClaim, this.oidcConfig.refreshTokenTimeSkew.orElse(null), string2, bodyAsJsonObject);
    }

    private static Long getExpiresJwtClaim(String str) {
        JsonObject decodeJwtToken = decodeJwtToken(str);
        if (decodeJwtToken == null) {
            return null;
        }
        try {
            return decodeJwtToken.getLong(Claims.exp.name());
        } catch (IllegalArgumentException e) {
            LOG.debug("JWT expiry claim can not be converted to Long");
            return null;
        }
    }

    private static JsonObject decodeJwtToken(String str) {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            LOG.debug("Access token is not formatted as the encoded JWT token");
            return null;
        }
        try {
            return new JsonObject(new String(Base64.getUrlDecoder().decode(split[1]), StandardCharsets.UTF_8));
        } catch (IllegalArgumentException e) {
            LOG.debug("JWT token can not be decoded using the Base64Url encoding scheme");
            return null;
        }
    }

    private static MultiMap copyMultiMap(MultiMap multiMap) {
        MultiMap multiMap2 = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
        multiMap2.addAll(multiMap);
        return multiMap2;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.closed) {
            return;
        }
        this.client.close();
        this.closed = true;
    }

    private void checkClosed() {
        if (this.closed) {
            throw new IllegalStateException("OidcClient " + this.oidcConfig.getId().get() + " is closed");
        }
    }
}
