package org.keycloak.jaxrs;

import java.net.URI;
import java.util.Map;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.logging.Logger;
import org.keycloak.AbstractOAuthClient;
import org.keycloak.representations.AccessTokenResponse;

/* loaded from: input_file:org/keycloak/jaxrs/JaxrsOAuthClient.class */
public class JaxrsOAuthClient extends AbstractOAuthClient {
    protected static final Logger logger = Logger.getLogger(JaxrsOAuthClient.class);
    protected Client client;

    public void start() {
        if (this.client == null) {
            this.client = new ResteasyClientBuilder().trustStore(this.truststore).hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).connectionPoolSize(10).build();
        }
    }

    public void stop() {
        this.client.close();
    }

    public Client getClient() {
        return this.client;
    }

    public void setClient(Client client) {
        this.client = client;
    }

    public String resolveBearerToken(String str, String str2) {
        Form param = new Form().param("grant_type", "authorization_code").param("code", str2).param("client_id", this.clientId).param("redirect_uri", stripOauthParametersFromRedirect(str));
        for (Map.Entry entry : this.credentials.entrySet()) {
            param.param((String) entry.getKey(), (String) entry.getValue());
        }
        Response post = this.client.target(this.codeUrl).request().post(Entity.form(param));
        try {
            if (post.getStatus() == 400) {
                throw new BadRequestException();
            }
            if (post.getStatus() != 200) {
                throw new InternalServerErrorException(new Exception("Unknown error when getting acess token"));
            }
            String token = ((AccessTokenResponse) post.readEntity(AccessTokenResponse.class)).getToken();
            post.close();
            return token;
        } catch (Throwable th) {
            post.close();
            throw th;
        }
    }

    public Response redirect(UriInfo uriInfo, String str) {
        String stateCode = getStateCode();
        UriBuilder queryParam = UriBuilder.fromUri(this.authUrl).queryParam("client_id", new Object[]{this.clientId}).queryParam("redirect_uri", new Object[]{str}).queryParam("state", new Object[]{stateCode});
        if (this.scope != null) {
            queryParam.queryParam("scope", new Object[]{this.scope});
        }
        URI build = queryParam.build(new Object[0]);
        NewCookie newCookie = new NewCookie(getStateCookieName(), stateCode, getStateCookiePath(uriInfo), (String) null, (String) null, -1, this.isSecure, true);
        logger.debug("NewCookie: " + newCookie.toString());
        logger.debug("Oauth Redirect to: " + build);
        return Response.status(302).location(build).cookie(new NewCookie[]{newCookie}).build();
    }

    public String getStateCookiePath(UriInfo uriInfo) {
        return this.stateCookiePath != null ? this.stateCookiePath : uriInfo.getBaseUri().getRawPath();
    }

    public String getBearerToken(UriInfo uriInfo, HttpHeaders httpHeaders) throws BadRequestException, InternalServerErrorException {
        String error = getError(uriInfo);
        if (error != null) {
            throw new BadRequestException(new Exception("OAuth error: " + error));
        }
        checkStateCookie(uriInfo, httpHeaders);
        String accessCode = getAccessCode(uriInfo);
        if (accessCode == null) {
            throw new BadRequestException(new Exception("code parameter was null"));
        }
        return resolveBearerToken(uriInfo.getRequestUri().toString(), accessCode);
    }

    public String getError(UriInfo uriInfo) {
        return (String) uriInfo.getQueryParameters().getFirst("error");
    }

    public String getAccessCode(UriInfo uriInfo) {
        return (String) uriInfo.getQueryParameters().getFirst("code");
    }

    public void checkStateCookie(UriInfo uriInfo, HttpHeaders httpHeaders) {
        Cookie cookie = (Cookie) httpHeaders.getCookies().get(this.stateCookieName);
        if (cookie == null) {
            throw new BadRequestException("state cookie not set");
        }
        String str = (String) uriInfo.getQueryParameters().getFirst("state");
        if (str == null) {
            throw new BadRequestException("state parameter was null");
        }
        if (!str.equals(cookie.getValue())) {
            throw new BadRequestException("state parameter invalid");
        }
    }
}
