package org.wildfly.security.http.oidc;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpRequestBase;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.wildfly.security.jose.util.JsonSerialization;

/* loaded from: input_file:org/wildfly/security/http/oidc/Oidc.class */
public class Oidc {
    public static final String OIDC_NAME = "OIDC";
    public static final String JSON_CONTENT_TYPE = "application/json";
    public static final String HTML_CONTENT_TYPE = "text/html";
    public static final String WILDCARD_CONTENT_TYPE = "*/*";
    public static final String TEXT_CONTENT_TYPE = "text/*";
    public static final String DISCOVERY_PATH = ".well-known/openid-configuration";
    public static final String KEYCLOAK_REALMS_PATH = "realms/";
    public static final String JSON_CONFIG_CONTEXT_PARAM = "org.wildfly.security.http.oidc.json.config";
    static final String ACCOUNT_PATH = "account";
    public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "clients-managements/register-node";
    public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH = "clients-managements/unregister-node";
    public static final String SLASH = "/";
    public static final String OIDC_CLIENT_CONTEXT_KEY = OidcClientContext.class.getName();
    public static final String CLIENT_ID = "client_id";
    public static final String CODE = "code";
    public static final String ERROR = "error";
    public static final String GRANT_TYPE = "grant_type";
    public static final String LOGIN_HINT = "login_hint";
    public static final String DOMAIN_HINT = "domain_hint";
    public static final String MAX_AGE = "max_age";
    public static final String PASSWORD = "password";
    public static final String PROMPT = "prompt";
    public static final String SCOPE = "scope";
    public static final String UI_LOCALES = "ui_locales";
    public static final String USERNAME = "username";
    public static final String OIDC_SCOPE = "openid";
    public static final String REDIRECT_URI = "redirect_uri";
    public static final String REFRESH_TOKEN = "refresh_token";
    public static final String RESPONSE_TYPE = "response_type";
    public static final String SESSION_STATE = "session_state";
    public static final String STATE = "state";
    public static final int INVALID_ISSUED_FOR_CLAIM = -1;
    public static final int INVALID_AT_HASH_CLAIM = -2;
    public static final int INVALID_TYPE_CLAIM = -3;
    static final String OIDC_CLIENT_CONFIG_RESOLVER = "oidc.config.resolver";
    static final String OIDC_CONFIG_FILE_LOCATION = "oidc.config.file";
    static final String OIDC_JSON_FILE = "/WEB-INF/oidc.json";
    static final String AUTHORIZATION = "authorization";
    static final String AUTHORIZATION_CODE = "authorization_code";
    static final String CLIENT_ASSERTION_TYPE = "client_assertion_type";
    static final String CLIENT_ASSERTION = "client_assertion";
    static final String CLIENT_ASSERTION_TYPE_JWT = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
    static final String RS256 = "SHA256withRSA";
    static final String RS384 = "SHA384withRSA";
    static final String RS512 = "SHA512withRSA";
    static final String HS256 = "HMACSHA256";
    static final String HS384 = "HMACSHA384";
    static final String HS512 = "HMACSHA512";
    static final String ES256 = "SHA256withECDSA";
    static final String ES384 = "SHA384withECDSA";
    static final String ES512 = "SHA512withECDSA";
    public static final String SHA256 = "SHA-256";
    public static final String SHA384 = "SHA-384";
    public static final String SHA512 = "SHA-512";
    static final String PROTOCOL_CLASSPATH = "classpath:";
    static final String OIDC_STATE_COOKIE = "OIDC_STATE";
    static final String KEYCLOAK_CLIENT_CLUSTER_HOST = "client_cluster_host";
    static final String KEYCLOAK_QUERY_BEARER_TOKEN = "k_query_bearer_token";
    static final String DEFAULT_TOKEN_SIGNATURE_ALGORITHM = "RS256";
    public static final String KC_IDP_HINT = "kc_idp_hint";

    /* loaded from: input_file:org/wildfly/security/http/oidc/Oidc$AuthOutcome.class */
    public enum AuthOutcome {
        NOT_ATTEMPTED,
        FAILED,
        AUTHENTICATED,
        NOT_AUTHENTICATED,
        LOGGED_OUT
    }

    /* loaded from: input_file:org/wildfly/security/http/oidc/Oidc$ClientCredentialsProviderType.class */
    public enum ClientCredentialsProviderType {
        SECRET("secret"),
        JWT("jwt"),
        SECRET_JWT("secret-jwt");

        private final String value;

        ClientCredentialsProviderType(String str) {
            this.value = str;
        }

        public String getValue() {
            return this.value;
        }
    }

    /* loaded from: input_file:org/wildfly/security/http/oidc/Oidc$EnvUtil.class */
    public static final class EnvUtil {
        private static final Pattern p = Pattern.compile("[$][{]([^}]+)[}]");

        private EnvUtil() {
        }

        public static String replace(String str) {
            Matcher matcher = p.matcher(str);
            StringBuffer stringBuffer = new StringBuffer();
            while (matcher.find()) {
                String property = System.getProperty(matcher.group(1));
                if (property == null) {
                    property = "NOT-SPECIFIED";
                }
                matcher.appendReplacement(stringBuffer, property.replace("\\", "\\\\"));
            }
            matcher.appendTail(stringBuffer);
            return stringBuffer.toString();
        }
    }

    /* loaded from: input_file:org/wildfly/security/http/oidc/Oidc$SSLRequired.class */
    public enum SSLRequired {
        ALL,
        EXTERNAL,
        NONE;

        public boolean isRequired(String str) {
            switch (this) {
                case ALL:
                    return true;
                case NONE:
                    return false;
                case EXTERNAL:
                    return !isLocal(str);
                default:
                    return true;
            }
        }

        private boolean isLocal(String str) {
            try {
                InetAddress byName = InetAddress.getByName(str);
                if (!byName.isAnyLocalAddress() && !byName.isLoopbackAddress()) {
                    if (!byName.isSiteLocalAddress()) {
                        return false;
                    }
                }
                return true;
            } catch (UnknownHostException e) {
                return false;
            }
        }
    }

    /* loaded from: input_file:org/wildfly/security/http/oidc/Oidc$TokenStore.class */
    public enum TokenStore {
        SESSION,
        COOKIE
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T> T sendJsonHttpRequest(OidcClientConfiguration oidcClientConfiguration, HttpRequestBase httpRequestBase, Class<T> cls) throws OidcException {
        try {
            HttpResponse execute = oidcClientConfiguration.getClient().execute(httpRequestBase);
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode != 200) {
                close(execute);
                ElytronMessages.log.unexpectedResponseCodeFromOidcProvider(statusCode);
            }
            HttpEntity entity = execute.getEntity();
            if (entity == null) {
                ElytronMessages.log.noEntityInResponse();
            }
            InputStream content = entity.getContent();
            try {
                return (T) JsonSerialization.readValue(content, cls);
            } finally {
                try {
                    content.close();
                } catch (IOException e) {
                }
            }
        } catch (IOException e2) {
            throw ElytronMessages.log.unexpectedErrorSendingRequestToOidcProvider(e2);
        }
    }

    private static void close(HttpResponse httpResponse) {
        if (httpResponse.getEntity() != null) {
            try {
                httpResponse.getEntity().getContent().close();
            } catch (IOException e) {
            }
        }
    }

    public static String getJavaAlgorithm(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 66245349:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256)) {
                    z = 6;
                    break;
                }
                break;
            case 66246401:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384)) {
                    z = 7;
                    break;
                }
                break;
            case 66248104:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512)) {
                    z = 8;
                    break;
                }
                break;
            case 69015912:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA256)) {
                    z = 3;
                    break;
                }
                break;
            case 69016964:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA384)) {
                    z = 4;
                    break;
                }
                break;
            case 69018667:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA512)) {
                    z = 5;
                    break;
                }
                break;
            case 78251122:
                if (str.equals("RS256")) {
                    z = false;
                    break;
                }
                break;
            case 78252174:
                if (str.equals(AlgorithmIdentifiers.RSA_USING_SHA384)) {
                    z = true;
                    break;
                }
                break;
            case 78253877:
                if (str.equals(AlgorithmIdentifiers.RSA_USING_SHA512)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "SHA256withRSA";
            case true:
                return RS384;
            case true:
                return "SHA512withRSA";
            case true:
                return HS256;
            case true:
                return HS384;
            case true:
                return HS512;
            case true:
                return "SHA256withECDSA";
            case true:
                return "SHA384withECDSA";
            case true:
                return "SHA512withECDSA";
            default:
                throw ElytronMessages.log.unknownAlgorithm(str);
        }
    }

    public static String getJavaAlgorithmForHash(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 66245349:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256)) {
                    z = 6;
                    break;
                }
                break;
            case 66246401:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384)) {
                    z = 7;
                    break;
                }
                break;
            case 66248104:
                if (str.equals(AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512)) {
                    z = 8;
                    break;
                }
                break;
            case 69015912:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA256)) {
                    z = 3;
                    break;
                }
                break;
            case 69016964:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA384)) {
                    z = 4;
                    break;
                }
                break;
            case 69018667:
                if (str.equals(AlgorithmIdentifiers.HMAC_SHA512)) {
                    z = 5;
                    break;
                }
                break;
            case 78251122:
                if (str.equals("RS256")) {
                    z = false;
                    break;
                }
                break;
            case 78252174:
                if (str.equals(AlgorithmIdentifiers.RSA_USING_SHA384)) {
                    z = true;
                    break;
                }
                break;
            case 78253877:
                if (str.equals(AlgorithmIdentifiers.RSA_USING_SHA512)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "SHA-256";
            case true:
                return "SHA-384";
            case true:
                return "SHA-512";
            case true:
                return "SHA-256";
            case true:
                return "SHA-384";
            case true:
                return "SHA-512";
            case true:
                return "SHA-256";
            case true:
                return "SHA-384";
            case true:
                return "SHA-512";
            default:
                throw ElytronMessages.log.unknownAlgorithm(str);
        }
    }

    public static String generateId() {
        return UUID.randomUUID().toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getCurrentTimeInSeconds() {
        return (int) (System.currentTimeMillis() / 1000);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Integer asInt(Map<String, Object> map, String str, int i) {
        Object obj = map.get(str);
        if (obj == null) {
            return Integer.valueOf(i);
        }
        if (obj instanceof String) {
            return Integer.valueOf(Integer.parseInt(obj.toString()));
        }
        if (obj instanceof Number) {
            return Integer.valueOf(((Number) obj).intValue());
        }
        throw ElytronMessages.log.unableToParseKeyWithValue(str, obj);
    }

    public static String getQueryParamValue(OidcHttpFacade oidcHttpFacade, String str) {
        return oidcHttpFacade.getRequest().getQueryParamValue(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String stripQueryParam(String str, String str2) {
        return str.replaceFirst("[\\?&]" + str2 + "=[^&]*$|" + str2 + "=[^&]*&", "");
    }

    public static boolean isOpaqueToken(String str) {
        return new StringTokenizer(str, ".").countTokens() != 3;
    }

    public static void logToken(String str, String str2) {
        if (str2 == null || isOpaqueToken(str2)) {
            ElytronMessages.log.tracef("\t%s: %s", str, str2);
        } else {
            ElytronMessages.log.tracef("\t%s: %s", str, str2.substring(0, str2.lastIndexOf(".")) + ".signature");
        }
    }
}
