package io.quarkus.oidc.runtime;

import io.quarkus.oidc.AuthorizationCodeTokens;
import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.OidcConfigurationMetadata;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.TokenIntrospection;
import io.quarkus.oidc.common.OidcEndpoint;
import io.quarkus.oidc.common.OidcRequestContextProperties;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.quarkus.oidc.common.OidcResponseFilter;
import io.quarkus.oidc.common.runtime.OidcClientCommonConfig;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.groups.UniOnItem;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonObject;
import io.vertx.mutiny.core.MultiMap;
import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpRequest;
import io.vertx.mutiny.ext.web.client.HttpResponse;
import io.vertx.mutiny.ext.web.client.WebClient;
import java.io.Closeable;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.ConnectException;
import java.security.Key;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/oidc/runtime/OidcProviderClient.class */
public class OidcProviderClient implements Closeable {
    private static final Logger LOG = Logger.getLogger(OidcProviderClient.class);
    private static final String AUTHORIZATION_HEADER = String.valueOf(HttpHeaders.AUTHORIZATION);
    private static final String CONTENT_TYPE_HEADER = String.valueOf(HttpHeaders.CONTENT_TYPE);
    private static final String ACCEPT_HEADER = String.valueOf(HttpHeaders.ACCEPT);
    private static final String APPLICATION_X_WWW_FORM_URLENCODED = String.valueOf(HttpHeaders.APPLICATION_X_WWW_FORM_URLENCODED.toString());
    private static final String APPLICATION_JSON = "application/json";
    private final WebClient client;
    private final Vertx vertx;
    private final OidcConfigurationMetadata metadata;
    private final OidcTenantConfig oidcConfig;
    private final String clientSecretBasicAuthScheme;
    private final String introspectionBasicAuthScheme;
    private final Key clientJwtKey;
    private final Map<OidcEndpoint.Type, List<OidcRequestFilter>> requestFilters;
    private final Map<OidcEndpoint.Type, List<OidcResponseFilter>> responseFilters;
    private final boolean clientSecretQueryAuthentication;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcProviderClient$UserInfoResponse.class */
    public static final class UserInfoResponse extends Record {
        private final String contentType;
        private final String data;

        UserInfoResponse(String str, String str2) {
            this.contentType = str;
            this.data = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, UserInfoResponse.class), UserInfoResponse.class, "contentType;data", "FIELD:Lio/quarkus/oidc/runtime/OidcProviderClient$UserInfoResponse;->contentType:Ljava/lang/String;", "FIELD:Lio/quarkus/oidc/runtime/OidcProviderClient$UserInfoResponse;->data:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, UserInfoResponse.class), UserInfoResponse.class, "contentType;data", "FIELD:Lio/quarkus/oidc/runtime/OidcProviderClient$UserInfoResponse;->contentType:Ljava/lang/String;", "FIELD:Lio/quarkus/oidc/runtime/OidcProviderClient$UserInfoResponse;->data:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, UserInfoResponse.class, Object.class), UserInfoResponse.class, "contentType;data", "FIELD:Lio/quarkus/oidc/runtime/OidcProviderClient$UserInfoResponse;->contentType:Ljava/lang/String;", "FIELD:Lio/quarkus/oidc/runtime/OidcProviderClient$UserInfoResponse;->data:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String contentType() {
            return this.contentType;
        }

        public String data() {
            return this.data;
        }
    }

    public OidcProviderClient(WebClient webClient, Vertx vertx, OidcConfigurationMetadata oidcConfigurationMetadata, OidcTenantConfig oidcTenantConfig, Map<OidcEndpoint.Type, List<OidcRequestFilter>> map, Map<OidcEndpoint.Type, List<OidcResponseFilter>> map2) {
        this.client = webClient;
        this.vertx = vertx;
        this.metadata = oidcConfigurationMetadata;
        this.oidcConfig = oidcTenantConfig;
        this.clientSecretBasicAuthScheme = OidcCommonUtils.initClientSecretBasicAuth(oidcTenantConfig);
        this.clientJwtKey = OidcCommonUtils.initClientJwtKey(oidcTenantConfig, true);
        this.introspectionBasicAuthScheme = initIntrospectionBasicAuthScheme(oidcTenantConfig);
        this.requestFilters = map;
        this.responseFilters = map2;
        this.clientSecretQueryAuthentication = oidcTenantConfig.credentials.clientSecret.method.orElse(null) == OidcClientCommonConfig.Credentials.Secret.Method.QUERY;
    }

    private static String initIntrospectionBasicAuthScheme(OidcTenantConfig oidcTenantConfig) {
        if (oidcTenantConfig.getIntrospectionCredentials().name.isPresent() && oidcTenantConfig.getIntrospectionCredentials().secret.isPresent()) {
            return OidcCommonUtils.basicSchemeValue(oidcTenantConfig.getIntrospectionCredentials().name.get(), oidcTenantConfig.getIntrospectionCredentials().secret.get());
        }
        return null;
    }

    public OidcConfigurationMetadata getMetadata() {
        return this.metadata;
    }

    public Uni<JsonWebKeySet> getJsonWebKeySet(OidcRequestContextProperties oidcRequestContextProperties) {
        OidcRequestContextProperties requestProps = getRequestProps(oidcRequestContextProperties);
        return OidcCommonUtils.sendRequest(this.vertx, filterHttpRequest(requestProps, OidcEndpoint.Type.JWKS, this.client.getAbs(this.metadata.getJsonWebKeySetUri()), null, oidcRequestContextProperties), this.oidcConfig.useBlockingDnsLookup).onItem().transform(httpResponse -> {
            return getJsonWebKeySet(requestProps, httpResponse);
        });
    }

    public Uni<UserInfoResponse> getUserInfo(String str) {
        LOG.debugf("Get UserInfo on: %s auth: %s", this.metadata.getUserInfoUri(), "Bearer " + str);
        OidcRequestContextProperties requestProps = getRequestProps(null, null);
        return OidcCommonUtils.sendRequest(this.vertx, filterHttpRequest(requestProps, OidcEndpoint.Type.USERINFO, this.client.getAbs(this.metadata.getUserInfoUri()), null, null).putHeader(AUTHORIZATION_HEADER, "Bearer " + str), this.oidcConfig.useBlockingDnsLookup).onItem().transform(httpResponse -> {
            return getUserInfo(requestProps, httpResponse);
        });
    }

    public Uni<TokenIntrospection> introspectToken(String str) {
        MultiMap multiMap = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
        multiMap.add("token", str);
        multiMap.add("token_type_hint", "access_token");
        OidcRequestContextProperties requestProps = getRequestProps(null, null);
        return getHttpResponse(requestProps, this.metadata.getIntrospectionUri(), multiMap, true).transform(httpResponse -> {
            return getTokenIntrospection(requestProps, httpResponse);
        });
    }

    private JsonWebKeySet getJsonWebKeySet(OidcRequestContextProperties oidcRequestContextProperties, HttpResponse<Buffer> httpResponse) {
        return new JsonWebKeySet(getString(oidcRequestContextProperties, this.metadata.getJsonWebKeySetUri(), httpResponse, OidcEndpoint.Type.JWKS));
    }

    public OidcTenantConfig getOidcConfig() {
        return this.oidcConfig;
    }

    public Uni<AuthorizationCodeTokens> getAuthorizationCodeTokens(String str, String str2, String str3) {
        MultiMap multiMap = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
        multiMap.add("grant_type", "authorization_code");
        multiMap.add("code", str);
        multiMap.add("redirect_uri", str2);
        if (str3 != null) {
            multiMap.add("code_verifier", str3);
        }
        if (this.oidcConfig.codeGrant.extraParams != null) {
            multiMap.addAll(this.oidcConfig.codeGrant.extraParams);
        }
        OidcRequestContextProperties requestProps = getRequestProps("authorization_code");
        return getHttpResponse(requestProps, this.metadata.getTokenUri(), multiMap, false).transform(httpResponse -> {
            return getAuthorizationCodeTokens(requestProps, httpResponse);
        });
    }

    public Uni<AuthorizationCodeTokens> refreshAuthorizationCodeTokens(String str) {
        MultiMap multiMap = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
        multiMap.add("grant_type", "refresh_token");
        multiMap.add("refresh_token", str);
        OidcRequestContextProperties requestProps = getRequestProps("refresh_token");
        return getHttpResponse(requestProps, this.metadata.getTokenUri(), multiMap, false).transform(httpResponse -> {
            return getAuthorizationCodeTokens(requestProps, httpResponse);
        });
    }

    private UniOnItem<HttpResponse<Buffer>> getHttpResponse(OidcRequestContextProperties oidcRequestContextProperties, String str, MultiMap multiMap, boolean z) {
        Buffer buffer;
        HttpRequest<Buffer> postAbs = this.client.postAbs(str);
        if (this.clientSecretQueryAuthentication) {
            multiMap.add("client_id", (String) this.oidcConfig.clientId.get());
            multiMap.add("client_secret", OidcCommonUtils.clientSecret(this.oidcConfig.credentials));
            Iterator it = multiMap.iterator();
            while (it.hasNext()) {
                Map.Entry entry = (Map.Entry) it.next();
                postAbs.addQueryParam((String) entry.getKey(), OidcCommonUtils.urlEncode((String) entry.getValue()));
            }
            postAbs.putHeader(ACCEPT_HEADER, APPLICATION_JSON);
            buffer = Buffer.buffer();
        } else {
            postAbs.putHeader(CONTENT_TYPE_HEADER, APPLICATION_X_WWW_FORM_URLENCODED);
            postAbs.putHeader(ACCEPT_HEADER, APPLICATION_JSON);
            if (z && this.introspectionBasicAuthScheme != null) {
                postAbs.putHeader(AUTHORIZATION_HEADER, this.introspectionBasicAuthScheme);
                if (this.oidcConfig.clientId.isPresent() && this.oidcConfig.introspectionCredentials.includeClientId) {
                    multiMap.set("client_id", (String) this.oidcConfig.clientId.get());
                }
            } else if (this.clientSecretBasicAuthScheme != null) {
                postAbs.putHeader(AUTHORIZATION_HEADER, this.clientSecretBasicAuthScheme);
            } else if (this.clientJwtKey != null) {
                String signJwtWithKey = OidcCommonUtils.signJwtWithKey(this.oidcConfig, this.metadata.getTokenUri(), this.clientJwtKey);
                if (OidcCommonUtils.isClientSecretPostJwtAuthRequired(this.oidcConfig.credentials)) {
                    multiMap.add("client_id", (String) this.oidcConfig.clientId.get());
                    multiMap.add("client_secret", signJwtWithKey);
                } else {
                    multiMap.add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
                    multiMap.add("client_assertion", signJwtWithKey);
                }
            } else if (OidcCommonUtils.isClientSecretPostAuthRequired(this.oidcConfig.credentials)) {
                multiMap.add("client_id", (String) this.oidcConfig.clientId.get());
                multiMap.add("client_secret", OidcCommonUtils.clientSecret(this.oidcConfig.credentials));
            } else {
                multiMap.add("client_id", (String) this.oidcConfig.clientId.get());
            }
            buffer = OidcCommonUtils.encodeForm(multiMap);
        }
        if (this.oidcConfig.codeGrant.headers != null) {
            for (Map.Entry<String, String> entry2 : this.oidcConfig.codeGrant.headers.entrySet()) {
                postAbs.putHeader(entry2.getKey(), entry2.getValue());
            }
        }
        LOG.debugf("Get token on: %s params: %s headers: %s", this.metadata.getTokenUri(), multiMap, postAbs.headers());
        return filterHttpRequest(oidcRequestContextProperties, z ? OidcEndpoint.Type.INTROSPECTION : OidcEndpoint.Type.TOKEN, postAbs, buffer, null).sendBuffer(buffer).onFailure(ConnectException.class).retry().atMost(this.oidcConfig.connectionRetryCount).onFailure().transform(th -> {
            return th.getCause();
        }).onItem();
    }

    private AuthorizationCodeTokens getAuthorizationCodeTokens(OidcRequestContextProperties oidcRequestContextProperties, HttpResponse<Buffer> httpResponse) {
        JsonObject jsonObject = getJsonObject(oidcRequestContextProperties, this.metadata.getAuthorizationUri(), httpResponse, OidcEndpoint.Type.TOKEN);
        String string = jsonObject.getString("id_token");
        String string2 = jsonObject.getString("access_token");
        String string3 = jsonObject.getString("refresh_token");
        Long l = null;
        Object value = jsonObject.getValue("expires_in");
        if (value != null) {
            l = Long.valueOf(value instanceof Number ? ((Number) value).longValue() : Long.parseLong(value.toString()));
        }
        return new AuthorizationCodeTokens(string, string2, string3, l);
    }

    private UserInfoResponse getUserInfo(OidcRequestContextProperties oidcRequestContextProperties, HttpResponse<Buffer> httpResponse) {
        return new UserInfoResponse(httpResponse.getHeader(CONTENT_TYPE_HEADER), getString(oidcRequestContextProperties, this.metadata.getUserInfoUri(), httpResponse, OidcEndpoint.Type.USERINFO));
    }

    private TokenIntrospection getTokenIntrospection(OidcRequestContextProperties oidcRequestContextProperties, HttpResponse<Buffer> httpResponse) {
        return new TokenIntrospection(getString(oidcRequestContextProperties, this.metadata.getIntrospectionUri(), httpResponse, OidcEndpoint.Type.INTROSPECTION));
    }

    private JsonObject getJsonObject(OidcRequestContextProperties oidcRequestContextProperties, String str, HttpResponse<Buffer> httpResponse, OidcEndpoint.Type type) {
        Buffer buffer = (Buffer) httpResponse.body();
        OidcCommonUtils.filterHttpResponse(oidcRequestContextProperties, httpResponse, buffer, this.responseFilters, type);
        if (httpResponse.statusCode() != 200) {
            throw responseException(str, httpResponse, buffer);
        }
        LOG.debugf("Request succeeded: %s", httpResponse.bodyAsJsonObject());
        return buffer.toJsonObject();
    }

    private String getString(OidcRequestContextProperties oidcRequestContextProperties, String str, HttpResponse<Buffer> httpResponse, OidcEndpoint.Type type) {
        Buffer buffer = (Buffer) httpResponse.body();
        OidcCommonUtils.filterHttpResponse(oidcRequestContextProperties, httpResponse, buffer, this.responseFilters, type);
        if (httpResponse.statusCode() != 200) {
            throw responseException(str, httpResponse, buffer);
        }
        LOG.debugf("Request succeeded: %s", httpResponse.bodyAsString());
        return buffer.toString();
    }

    private static OIDCException responseException(String str, HttpResponse<Buffer> httpResponse, Buffer buffer) {
        String buffer2 = buffer.toString();
        if (buffer2 == null || buffer2.isEmpty()) {
            LOG.errorf("Request %s has failed: status: %d", str, Integer.valueOf(httpResponse.statusCode()));
            throw new OIDCException("Error status:" + httpResponse.statusCode());
        }
        LOG.errorf("Request %s has failed: status: %d, error message: %s", str, Integer.valueOf(httpResponse.statusCode()), buffer2);
        throw new OIDCException(buffer2);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.client.close();
    }

    public Key getClientJwtKey() {
        return this.clientJwtKey;
    }

    private HttpRequest<Buffer> filterHttpRequest(OidcRequestContextProperties oidcRequestContextProperties, OidcEndpoint.Type type, HttpRequest<Buffer> httpRequest, Buffer buffer, OidcRequestContextProperties oidcRequestContextProperties2) {
        if (!this.requestFilters.isEmpty()) {
            OidcRequestFilter.OidcRequestContext oidcRequestContext = new OidcRequestFilter.OidcRequestContext(httpRequest, buffer, oidcRequestContextProperties);
            Iterator it = OidcCommonUtils.getMatchingOidcRequestFilters(this.requestFilters, type).iterator();
            while (it.hasNext()) {
                ((OidcRequestFilter) it.next()).filter(oidcRequestContext);
            }
        }
        return httpRequest;
    }

    private OidcRequestContextProperties getRequestProps(String str) {
        return getRequestProps(null, str);
    }

    private OidcRequestContextProperties getRequestProps(OidcRequestContextProperties oidcRequestContextProperties) {
        return getRequestProps(oidcRequestContextProperties, null);
    }

    private OidcRequestContextProperties getRequestProps(OidcRequestContextProperties oidcRequestContextProperties, String str) {
        if (this.requestFilters.isEmpty() && this.responseFilters.isEmpty()) {
            return null;
        }
        HashMap hashMap = oidcRequestContextProperties == null ? new HashMap() : new HashMap(oidcRequestContextProperties.getAll());
        hashMap.put(OidcUtils.TENANT_ID_ATTRIBUTE, this.oidcConfig.getTenantId().orElse(OidcUtils.DEFAULT_TENANT_ID));
        hashMap.put(OidcConfigurationMetadata.class.getName(), this.metadata);
        if (str != null) {
            hashMap.put("grant_type", str);
        }
        return new OidcRequestContextProperties(hashMap);
    }

    public Vertx getVertx() {
        return this.vertx;
    }

    public WebClient getWebClient() {
        return this.client;
    }
}
