package org.wildfly.security.credential.source;

import com.arjuna.ats.internal.jdbc.recovery.JDBCXARecovery;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.json.Json;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
import org.jboss.weld.probe.Strings;
import org.wildfly.common.Assert;
import org.wildfly.common.bytes.ByteStringBuilder;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient;
import org.wildfly.security.credential.BearerTokenCredential;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.MaskedPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.MaskedPasswordSpec;

@Deprecated
/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-client-1.14.1.Final.jar:org/wildfly/security/credential/source/OAuth2CredentialSource.class */
public class OAuth2CredentialSource implements CredentialSource {
    private final URL tokenEndpointUri;
    private final Consumer<Map<String, String>> authenticationHandler;
    private String scopes;
    private final Supplier<SSLContext> sslContextSupplier;
    private final Supplier<HostnameVerifier> hostnameVerifierSupplier;
    private static final char[] defaultKeyMaterial = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();

    /* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-client-1.14.1.Final.jar:org/wildfly/security/credential/source/OAuth2CredentialSource$Builder.class */
    public static class Builder {
        private final URL tokenEndpointUrl;
        private String scopes;
        private Supplier<SSLContext> sslContextSupplier;
        private Supplier<HostnameVerifier> hostnameVerifierSupplier;
        private Consumer<Map<String, String>> authenticationHandler;

        private Builder(URL url) {
            this.sslContextSupplier = new Supplier<SSLContext>() { // from class: org.wildfly.security.credential.source.OAuth2CredentialSource.Builder.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.function.Supplier
                public SSLContext get() {
                    try {
                        return ((AuthenticationContextConfigurationClient) AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION)).getSSLContext(Builder.this.tokenEndpointUrl.toURI(), AuthenticationContext.captureCurrent());
                    } catch (Exception e) {
                        throw ElytronMessages2.saslOAuth2.failedToObtainSSLContext(e);
                    }
                }
            };
            this.tokenEndpointUrl = (URL) Assert.checkNotNullParam("tokenEndpointUrl", url);
        }

        public Builder grantScopes(String str) {
            this.scopes = (String) Assert.checkNotNullParam("scopes", str);
            return this;
        }

        public Builder useResourceOwnerPassword(String str, String str2) {
            configureAuthenticationHandler(map -> {
                configureResourceOwnerCredentialsParameters(map, str, str2);
            });
            return this;
        }

        public Builder clientCredentials(String str, String str2) {
            Assert.checkNotNullParam("id", str);
            Assert.checkNotNullParam("secret", str2);
            configureAuthenticationHandler(map -> {
                AuthenticationContext captureCurrent = AuthenticationContext.captureCurrent();
                AuthenticationContextConfigurationClient authenticationContextConfigurationClient = (AuthenticationContextConfigurationClient) AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION);
                CallbackHandler callbackHandler = authenticationContextConfigurationClient.getCallbackHandler(authenticationContextConfigurationClient.getAuthenticationConfiguration(URI.create(this.tokenEndpointUrl.toString()), captureCurrent));
                if (callbackHandler != null) {
                    Callback nameCallback = new NameCallback("Username");
                    PasswordCallback passwordCallback = new PasswordCallback(JDBCXARecovery.PASSWORD, false);
                    try {
                        callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
                    } catch (Exception e) {
                    }
                    String name = nameCallback.getName();
                    char[] password = passwordCallback.getPassword();
                    if (name != null && password != null) {
                        configureResourceOwnerCredentialsParameters(map, name, String.valueOf(password));
                    }
                }
                configureClientCredentialsParameters(map, str, str2.toCharArray());
            });
            return this;
        }

        public Builder useResourceOwnerMaskedPassword(String str, String str2, String str3, String str4, int i, String str5, String str6) throws NoSuchAlgorithmException, InvalidKeySpecException {
            String convertMaskedPasswordToClearText = convertMaskedPasswordToClearText(str2, str3, str4, i, str5, str6);
            configureAuthenticationHandler(map -> {
                configureResourceOwnerCredentialsParameters(map, str, convertMaskedPasswordToClearText);
            });
            return this;
        }

        public Builder maskedClientCredentials(String str, String str2, String str3, String str4, int i, String str5, String str6) throws NoSuchAlgorithmException, InvalidKeySpecException {
            String convertMaskedPasswordToClearText = convertMaskedPasswordToClearText(str2, str3, str4, i, str5, str6);
            Assert.checkNotNullParam("id", str);
            Assert.checkNotNullParam("secret", convertMaskedPasswordToClearText);
            configureAuthenticationHandler(map -> {
                AuthenticationContext captureCurrent = AuthenticationContext.captureCurrent();
                AuthenticationContextConfigurationClient authenticationContextConfigurationClient = (AuthenticationContextConfigurationClient) AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION);
                CallbackHandler callbackHandler = authenticationContextConfigurationClient.getCallbackHandler(authenticationContextConfigurationClient.getAuthenticationConfiguration(URI.create(this.tokenEndpointUrl.toString()), captureCurrent));
                if (callbackHandler != null) {
                    Callback nameCallback = new NameCallback("Username");
                    PasswordCallback passwordCallback = new PasswordCallback(JDBCXARecovery.PASSWORD, false);
                    try {
                        callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
                    } catch (Exception e) {
                    }
                    String name = nameCallback.getName();
                    char[] password = passwordCallback.getPassword();
                    if (name != null && password != null) {
                        configureResourceOwnerCredentialsParameters(map, name, String.valueOf(password));
                    }
                }
                configureClientCredentialsParameters(map, str, convertMaskedPasswordToClearText.toCharArray());
            });
            return this;
        }

        public Builder useSslContext(SSLContext sSLContext) {
            Assert.checkNotNullParam(TransportConstants.SSL_CONTEXT_PROP_NAME, sSLContext);
            this.sslContextSupplier = () -> {
                return sSLContext;
            };
            return this;
        }

        public Builder useSslHostnameVerifier(HostnameVerifier hostnameVerifier) {
            Assert.checkNotNullParam("hostnameVerifier", hostnameVerifier);
            this.hostnameVerifierSupplier = () -> {
                return hostnameVerifier;
            };
            return this;
        }

        public OAuth2CredentialSource build() {
            if (this.authenticationHandler == null) {
                this.authenticationHandler = map -> {
                    AuthenticationContext captureCurrent = AuthenticationContext.captureCurrent();
                    AuthenticationContextConfigurationClient authenticationContextConfigurationClient = (AuthenticationContextConfigurationClient) AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION);
                    CallbackHandler callbackHandler = authenticationContextConfigurationClient.getCallbackHandler(authenticationContextConfigurationClient.getAuthenticationConfiguration(URI.create(this.tokenEndpointUrl.toString()), captureCurrent));
                    Callback nameCallback = new NameCallback("Client ID");
                    PasswordCallback passwordCallback = new PasswordCallback("Client Secret", false);
                    try {
                        callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
                    } catch (Exception e) {
                    }
                    configureClientCredentialsParameters(map, nameCallback.getName(), passwordCallback.getPassword());
                };
            }
            return new OAuth2CredentialSource(this.tokenEndpointUrl, this.authenticationHandler.andThen(map2 -> {
                if (!map2.containsKey("client_id") || !map2.containsKey("client_secret")) {
                    throw ElytronMessages2.saslOAuth2.oauth2ClientCredentialsNotProvided();
                }
            }), this.scopes, this.sslContextSupplier, this.hostnameVerifierSupplier);
        }

        private void configureClientCredentialsParameters(Map<String, String> map, String str, char[] cArr) {
            map.putIfAbsent("grant_type", "client_credentials");
            map.put("client_id", (String) Assert.checkNotNullParam("client_id", str));
            map.put("client_secret", (String) Assert.checkNotNullParam("client_secret", cArr == null ? null : String.valueOf(cArr)));
        }

        private void configureResourceOwnerCredentialsParameters(Map<String, String> map, String str, String str2) {
            map.put("grant_type", "password");
            map.put("username", (String) Assert.checkNotNullParam("userName", str));
            map.put("password", (String) Assert.checkNotNullParam("password", str2));
        }

        private void configureAuthenticationHandler(Consumer<Map<String, String>> consumer) {
            if (this.authenticationHandler == null) {
                this.authenticationHandler = consumer;
            } else {
                this.authenticationHandler = this.authenticationHandler.andThen(consumer);
            }
        }

        private String convertMaskedPasswordToClearText(String str, String str2, String str3, int i, String str4, String str5) throws NoSuchAlgorithmException, InvalidKeySpecException {
            Assert.assertNotNull(str);
            Assert.checkMinimumParameter("iterationCount", 1, i);
            Assert.assertNotNull(str4);
            byte[] drain = CodePointIterator.ofString(str).base64Decode().drain();
            if (str2 == null) {
                str2 = MaskedPassword.ALGORITHM_MASKED_MD5_DES;
            }
            MaskedPasswordSpec maskedPasswordSpec = new MaskedPasswordSpec(str3 == null ? OAuth2CredentialSource.defaultKeyMaterial : str3.toCharArray(), i, CodePointIterator.ofString(str4).asUtf8().drain(), drain, str5 == null ? null : CodePointIterator.ofString(str5).base64Decode().drain());
            PasswordFactory passwordFactory = PasswordFactory.getInstance(str2);
            return String.valueOf(((ClearPasswordSpec) passwordFactory.getKeySpec((MaskedPassword) passwordFactory.generatePassword(maskedPasswordSpec).castAs(MaskedPassword.class), ClearPasswordSpec.class)).getEncodedPassword());
        }
    }

    public static Builder builder(URL url) {
        return new Builder(url);
    }

    private OAuth2CredentialSource(URL url, Consumer<Map<String, String>> consumer, String str, Supplier<SSLContext> supplier, Supplier<HostnameVerifier> supplier2) {
        this.tokenEndpointUri = (URL) Assert.checkNotNullParam("tokenEndpointUri", url);
        if (isHttps(url)) {
            Assert.checkNotNullParam("sslContextSupplier", supplier);
        }
        this.authenticationHandler = (Consumer) Assert.checkNotNullParam("authenticationHandler", consumer);
        this.scopes = str;
        this.sslContextSupplier = supplier;
        this.hostnameVerifierSupplier = supplier2;
    }

    @Override // org.wildfly.security.credential.source.CredentialSource
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
        return BearerTokenCredential.class.isAssignableFrom(cls) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.credential.source.CredentialSource
    public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
        if (!BearerTokenCredential.class.isAssignableFrom(cls)) {
            return null;
        }
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                HttpURLConnection openConnection = openConnection();
                openConnection.setDoOutput(true);
                openConnection.setRequestMethod("POST");
                openConnection.setInstanceFollowRedirects(false);
                openConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                HashMap hashMap = new HashMap();
                this.authenticationHandler.accept(hashMap);
                if (this.scopes != null) {
                    hashMap.put(Strings.SCOPE, this.scopes);
                }
                byte[] buildParameters = buildParameters(hashMap);
                OutputStream outputStream = openConnection.getOutputStream();
                try {
                    outputStream.write(buildParameters);
                    if (outputStream != null) {
                        outputStream.close();
                    }
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(openConnection.getInputStream());
                    try {
                        C cast = cls.cast(new BearerTokenCredential(Json.createReader(bufferedInputStream).readObject().getString("access_token")));
                        bufferedInputStream.close();
                        return cast;
                    } catch (Throwable th) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                if (0 != 0 && httpURLConnection.getErrorStream() != null) {
                    try {
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream()));
                        try {
                            ElytronMessages2.saslOAuth2.errorf(e, "Unexpected response from server [%s]. Response: [%s]", this.tokenEndpointUri, (StringBuffer) bufferedReader.lines().reduce(new StringBuffer(), (v0, v1) -> {
                                return v0.append(v1);
                            }, (stringBuffer, stringBuffer2) -> {
                                return stringBuffer;
                            }));
                            bufferedReader.close();
                        } catch (Throwable th5) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                            throw th5;
                        }
                    } catch (IOException e2) {
                    }
                }
                throw ElytronMessages2.saslOAuth2.mechUnableToHandleResponseFromServer(e);
            }
        } catch (Exception e3) {
            throw ElytronMessages2.saslOAuth2.mechCallbackHandlerFailedForUnknownReason(e3);
        }
    }

    private SSLContext resolveSSLContext() {
        if (isHttps(this.tokenEndpointUri) && this.sslContextSupplier != null) {
            return this.sslContextSupplier.get();
        }
        return null;
    }

    private HttpURLConnection openConnection() throws IOException {
        ElytronMessages2.saslOAuth2.debugf("Opening connection to [%s]", this.tokenEndpointUri);
        HttpURLConnection httpURLConnection = (HttpURLConnection) this.tokenEndpointUri.openConnection();
        SSLContext resolveSSLContext = resolveSSLContext();
        if (resolveSSLContext != null) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            httpsURLConnection.setSSLSocketFactory(resolveSSLContext.getSocketFactory());
            if (this.hostnameVerifierSupplier != null) {
                httpsURLConnection.setHostnameVerifier((HostnameVerifier) Assert.checkNotNullParam("hostnameVerifier", this.hostnameVerifierSupplier.get()));
            }
        }
        return httpURLConnection;
    }

    private byte[] buildParameters(Map<String, String> map) {
        ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
        map.entrySet().stream().forEach(entry -> {
            if (byteStringBuilder.length() > 0) {
                byteStringBuilder.append('&');
            }
            byteStringBuilder.append((String) entry.getKey()).append('=').append((String) entry.getValue());
        });
        return byteStringBuilder.toArray();
    }

    private boolean isHttps(URL url) {
        return "https".equals(url.getProtocol());
    }
}
