package org.apache.cxf.rs.security.oidc.rp;

import java.util.Map;
import javax.ws.rs.core.Form;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.client.Consumer;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/rp/UserInfoClient.class */
public class UserInfoClient extends OidcClaimsValidator {
    private boolean sendTokenAsFormParameter;
    private WebClient profileClient;
    private boolean getUserInfoFromJwt;

    public UserInfo getUserInfo(ClientAccessToken clientAccessToken, IdToken idToken, Consumer consumer) {
        if (this.sendTokenAsFormParameter) {
            Form param = new Form().param(OidcUtils.TOKEN_CLAIM_SOURCE_PROPERTY, clientAccessToken.getTokenKey());
            if (this.getUserInfoFromJwt) {
                return getUserInfoFromJwt((String) this.profileClient.form(param).readEntity(String.class), idToken, consumer);
            }
            UserInfo userInfo = (UserInfo) this.profileClient.form(param).readEntity(UserInfo.class);
            validateUserInfo(userInfo, idToken, consumer);
            return userInfo;
        }
        OAuthClientUtils.setAuthorizationHeader(this.profileClient, clientAccessToken);
        if (this.getUserInfoFromJwt) {
            return getUserInfoFromJwt((String) this.profileClient.get(String.class), idToken, consumer);
        }
        UserInfo userInfo2 = (UserInfo) this.profileClient.get(UserInfo.class);
        validateUserInfo(userInfo2, idToken, consumer);
        return userInfo2;
    }

    public UserInfo getUserInfoFromJwt(String str, IdToken idToken, Consumer consumer) {
        return getUserInfoFromJwt(getUserInfoJwt(str, consumer), idToken, consumer);
    }

    public UserInfo getUserInfoFromJwt(JwtToken jwtToken, IdToken idToken, Consumer consumer) {
        UserInfo userInfo = new UserInfo((Map<String, Object>) jwtToken.getClaims().asMap());
        validateUserInfo(userInfo, idToken, consumer);
        return userInfo;
    }

    public JwtToken getUserInfoJwt(String str, Consumer consumer) {
        return getJwtToken(str);
    }

    public void validateUserInfo(UserInfo userInfo, IdToken idToken, Consumer consumer) {
        validateJwtClaims(userInfo, consumer.getClientId(), false);
        if (!idToken.getSubject().equals(userInfo.getSubject())) {
            throw new OAuthServiceException("Invalid subject");
        }
    }

    public void setUserInfoServiceClient(WebClient webClient) {
        this.profileClient = webClient;
    }

    public void setSendTokenAsFormParameter(boolean z) {
        this.sendTokenAsFormParameter = z;
    }

    public void setGetUserInfoFromJwt(boolean z) {
        this.getUserInfoFromJwt = z;
    }
}
