package io.vertx.ext.auth.oauth2.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.cli.UsageMessageFormatter;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.impl.AuthProviderInternal;
import io.vertx.ext.auth.oauth2.AccessToken;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.OAuth2RBAC;
import io.vertx.ext.auth.oauth2.OAuth2Response;
import io.vertx.ext.auth.oauth2.impl.flow.AuthCodeImpl;
import io.vertx.ext.auth.oauth2.impl.flow.AuthJWTImpl;
import io.vertx.ext.auth.oauth2.impl.flow.ClientImpl;
import io.vertx.ext.auth.oauth2.impl.flow.OAuth2Flow;
import io.vertx.ext.auth.oauth2.impl.flow.PasswordImpl;
import io.vertx.ext.jwt.JWK;
import io.vertx.ext.jwt.JWT;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.zookeeper.server.admin.CommandResponse;
import org.jose4j.jwk.JsonWebKeySet;

/* loaded from: input_file:io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.class */
public class OAuth2AuthProviderImpl implements OAuth2Auth, AuthProviderInternal {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OAuth2AuthProviderImpl.class);
    private static final Pattern MAX_AGE = Pattern.compile("max-age=\"?(\\d+)\"?");
    private final Vertx vertx;
    private final OAuth2ClientOptions config;
    private Handler<String> missingKeyHandler;
    private final OAuth2Flow flow;
    private OAuth2RBAC rbac;
    private long updateTimerId = -1;
    private JWT jwt = new JWT();

    public OAuth2AuthProviderImpl(Vertx vertx, OAuth2ClientOptions oAuth2ClientOptions) {
        this.vertx = vertx;
        this.config = oAuth2ClientOptions;
        if (oAuth2ClientOptions.getPubSecKeys() != null) {
            for (PubSecKeyOptions pubSecKeyOptions : oAuth2ClientOptions.getPubSecKeys()) {
                if (pubSecKeyOptions.isSymmetric()) {
                    this.jwt.addJWK(new JWK(pubSecKeyOptions.getAlgorithm(), pubSecKeyOptions.getPublicKey()));
                } else {
                    this.jwt.addJWK(new JWK(pubSecKeyOptions.getAlgorithm(), pubSecKeyOptions.isCertificate(), pubSecKeyOptions.getPublicKey(), pubSecKeyOptions.getSecretKey()));
                }
            }
        }
        switch (oAuth2ClientOptions.getFlow()) {
            case AUTH_CODE:
                this.flow = new AuthCodeImpl(this);
                return;
            case CLIENT:
                this.flow = new ClientImpl(this);
                return;
            case PASSWORD:
                this.flow = new PasswordImpl(this);
                return;
            case AUTH_JWT:
                this.flow = new AuthJWTImpl(this);
                return;
            default:
                throw new IllegalArgumentException("Unsupported oauth2 flow type: " + oAuth2ClientOptions.getFlow());
        }
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2Auth missingKeyHandler(Handler<String> handler) {
        this.missingKeyHandler = handler;
        return this;
    }

    @Override // io.vertx.ext.auth.impl.AuthProviderInternal
    public void verifyIsUsingPassword() {
        if (getFlowType() != OAuth2FlowType.PASSWORD) {
            throw new IllegalArgumentException("OAuth2Auth + Basic Auth requires OAuth2 PASSWORD flow");
        }
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2Auth loadJWK(Handler<AsyncResult<Void>> handler) {
        internalLoadJWK(asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            if (this.updateTimerId != -1) {
                this.vertx.cancelTimer(this.updateTimerId);
            }
            JsonObject jsonObject = (JsonObject) asyncResult.result();
            JWT jwt = new JWT();
            Iterator<Object> it = jsonObject.getJsonArray(JsonWebKeySet.JWK_SET_MEMBER_NAME).iterator();
            while (it.hasNext()) {
                try {
                    jwt.addJWK(new JWK((JsonObject) it.next()));
                } catch (RuntimeException e) {
                    LOG.warn("Skipped unsupported JWK: " + e.getMessage());
                }
            }
            this.jwt = jwt;
            if (jsonObject.containsKey("maxAge")) {
                long longValue = jsonObject.getLong("maxAge").longValue() * 1000;
                if (longValue > 0) {
                    this.updateTimerId = this.vertx.setPeriodic(longValue, l -> {
                        loadJWK(asyncResult -> {
                            if (asyncResult.failed()) {
                                LOG.warn("Failed to auto-update JWK Set", asyncResult.cause());
                            }
                        });
                    });
                } else {
                    this.updateTimerId = -1L;
                }
            }
            handler.handle(Future.succeededFuture());
        });
        return this;
    }

    public void internalLoadJWK(Handler<AsyncResult<JsonObject>> handler) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.put("Accept", "application/json, application/jwk-set+json");
        OAuth2API.fetch(this.vertx, this.config, HttpMethod.GET, this.config.getJwkPath(), jsonObject, null, asyncResult -> {
            String obj;
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            OAuth2Response oAuth2Response = (OAuth2Response) asyncResult.result();
            if (oAuth2Response.body() == null || oAuth2Response.body().length() == 0) {
                handler.handle(Future.failedFuture("No Body"));
                return;
            }
            if (!oAuth2Response.is("application/json") && !oAuth2Response.is("application/jwk-set+json")) {
                handler.handle(Future.failedFuture("Cannot handle content type: " + oAuth2Response.headers().get("Content-Type")));
                return;
            }
            try {
                JsonObject jsonObject2 = oAuth2Response.jsonObject();
                try {
                    if (jsonObject2.containsKey(CommandResponse.KEY_ERROR)) {
                        Object value = jsonObject2.getValue(CommandResponse.KEY_ERROR);
                        if (value instanceof JsonObject) {
                            obj = ((JsonObject) value).getString("message");
                        } else {
                            try {
                                obj = jsonObject2.getString("error_description", jsonObject2.getString(CommandResponse.KEY_ERROR));
                            } catch (RuntimeException e) {
                                obj = value.toString();
                            }
                        }
                        handler.handle(Future.failedFuture(obj));
                    } else {
                        List<String> all = oAuth2Response.headers().getAll(HttpHeaders.CACHE_CONTROL);
                        if (all != null) {
                            for (String str : all) {
                                if (str.length() > 8) {
                                    Matcher matcher = MAX_AGE.matcher(str);
                                    if (matcher.find()) {
                                        try {
                                            jsonObject2.put("maxAge", Long.valueOf(matcher.group(1)));
                                            break;
                                        } catch (RuntimeException e2) {
                                        }
                                    } else {
                                        continue;
                                    }
                                }
                            }
                        }
                        handler.handle(Future.succeededFuture(jsonObject2));
                    }
                } catch (RuntimeException e3) {
                    handler.handle(Future.failedFuture(e3));
                }
            } catch (RuntimeException e4) {
                handler.handle(Future.failedFuture(e4));
            }
        });
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2Auth rbacHandler(OAuth2RBAC oAuth2RBAC) {
        if (this.rbac != null) {
            throw new IllegalStateException("There is already a RBAC handler registered");
        }
        this.rbac = oAuth2RBAC;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuth2RBAC getRBACHandler() {
        return this.rbac;
    }

    public OAuth2ClientOptions getConfig() {
        return this.config;
    }

    public Vertx getVertx() {
        return this.vertx;
    }

    public JWT getJWT() {
        return this.jwt;
    }

    @Override // io.vertx.ext.auth.AuthProvider
    public void authenticate(JsonObject jsonObject, Handler<AsyncResult<User>> handler) {
        if (!jsonObject.containsKey("access_token") || jsonObject.getString("access_token") == null) {
            this.flow.getToken(jsonObject, asyncResult -> {
                if (asyncResult.failed()) {
                    handler.handle(Future.failedFuture(asyncResult.cause()));
                } else {
                    handler.handle(Future.succeededFuture(asyncResult.result()));
                }
            });
            return;
        }
        OAuth2TokenImpl oAuth2TokenImpl = new OAuth2TokenImpl(this, jsonObject);
        if (oAuth2TokenImpl.accessToken() == null || this.jwt.isUnsecure()) {
            oAuth2TokenImpl.introspect(asyncResult2 -> {
                if (asyncResult2.failed()) {
                    handler.handle(Future.failedFuture(asyncResult2.cause()));
                } else if (oAuth2TokenImpl.expired()) {
                    handler.handle(Future.failedFuture("Expired token"));
                } else {
                    handler.handle(Future.succeededFuture(oAuth2TokenImpl));
                }
            });
        } else if (oAuth2TokenImpl.expired()) {
            handler.handle(Future.failedFuture("Expired Token"));
        } else {
            handler.handle(Future.succeededFuture(oAuth2TokenImpl));
        }
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public String authorizeURL(JsonObject jsonObject) {
        return this.flow.authorizeURL(jsonObject);
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    @Deprecated
    public void getToken(JsonObject jsonObject, Handler<AsyncResult<AccessToken>> handler) {
        this.flow.getToken(jsonObject, handler);
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    @Deprecated
    public OAuth2Auth decodeToken(String str, Handler<AsyncResult<AccessToken>> handler) {
        authenticate(new JsonObject().put("access_token", str).put("token_type", "Bearer"), asyncResult -> {
            if (asyncResult.succeeded()) {
                handler.handle(Future.succeededFuture((AccessToken) asyncResult.result()));
            } else {
                handler.handle(Future.failedFuture(asyncResult.cause()));
            }
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2Auth introspectToken(String str, String str2, Handler<AsyncResult<AccessToken>> handler) {
        OAuth2TokenImpl oAuth2TokenImpl;
        try {
            oAuth2TokenImpl = new OAuth2TokenImpl(this, new JsonObject().put(str2, str));
        } catch (RuntimeException e) {
            handler.handle(Future.failedFuture(e));
        }
        if (oAuth2TokenImpl.expired()) {
            handler.handle(Future.failedFuture("Expired token"));
            return this;
        }
        oAuth2TokenImpl.introspect(asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
            } else if (oAuth2TokenImpl.expired()) {
                handler.handle(Future.failedFuture("Expired token"));
            } else {
                handler.handle(Future.succeededFuture(oAuth2TokenImpl));
            }
        });
        return this;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    @Deprecated
    public String getScopeSeparator() {
        String scopeSeparator = this.config.getScopeSeparator();
        return scopeSeparator == null ? UsageMessageFormatter.DEFAULT_LONG_OPT_SEPARATOR : scopeSeparator;
    }

    @Override // io.vertx.ext.auth.oauth2.OAuth2Auth
    public OAuth2FlowType getFlowType() {
        return this.config.getFlow();
    }

    public OAuth2Flow getFlow() {
        return this.flow;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handler<String> missingKeyHandler() {
        return this.missingKeyHandler;
    }
}
