package org.wildfly.security.mechanism.oauth2;

import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.credential.BearerTokenCredential;
import org.wildfly.security.mechanism.AuthenticationMechanismException;
import org.wildfly.security.mechanism._private.MechanismUtil;
import org.wildfly.security.sasl.util.StringPrep;
import org.wildfly.security.util.ByteIterator;
import org.wildfly.security.util.ByteStringBuilder;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.2.1.Final.jar:org/wildfly/security/mechanism/oauth2/OAuth2Client.class */
public class OAuth2Client {
    private static final String KV_DELIMITER = "%x01";
    private final CallbackHandler callbackHandler;
    private final String authorizationId;
    private ElytronMessages log;

    public OAuth2Client(String str, CallbackHandler callbackHandler, ElytronMessages elytronMessages) {
        this.authorizationId = str;
        this.callbackHandler = callbackHandler;
        this.log = elytronMessages;
    }

    public OAuth2InitialClientMessage getInitialResponse() throws AuthenticationMechanismException {
        CredentialCallback credentialCallback = new CredentialCallback(BearerTokenCredential.class);
        try {
            MechanismUtil.handleCallbacks(this.log, this.callbackHandler, credentialCallback);
            Assert.assertTrue(credentialCallback.isCredentialTypeSupported(BearerTokenCredential.class));
            String str = (String) credentialCallback.applyToCredential(BearerTokenCredential.class, (v0) -> {
                return v0.getToken();
            });
            if (str == null) {
                throw this.log.mechNoTokenGiven();
            }
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
            byteStringBuilder.append("n").append(",");
            if (this.authorizationId != null) {
                byteStringBuilder.append('a').append('=');
                StringPrep.encode(this.authorizationId, byteStringBuilder, 1073758207L);
            }
            byteStringBuilder.append(",").append(KV_DELIMITER).append("auth").append("=").append("Bearer").append(" ").append(str).append(KV_DELIMITER);
            return new OAuth2InitialClientMessage(null, null, byteStringBuilder.toArray());
        } catch (UnsupportedCallbackException e) {
            throw this.log.mechCallbackHandlerDoesNotSupportUserName(e);
        }
    }

    public byte[] handleServerResponse(byte[] bArr) {
        if (bArr.length == 0) {
            return null;
        }
        try {
            this.log.debugf("Got error message from server [%s].", ByteIterator.ofBytes(bArr).base64Decode().asUtf8String().drainToString());
        } catch (Exception e) {
            this.log.errorf((Throwable) e, "Server returned an unexpected message that is probably an error but could not be parsed.", new Object[0]);
        }
        return new ByteStringBuilder().append(KV_DELIMITER).toArray();
    }
}
