package io.asgardeo.java.oidc.sdk;

import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.AbstractRequest;
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.AuthorizationResponse;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.ServletUtils;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.Nonce;
import io.asgardeo.java.oidc.sdk.SSOAgentConstants;
import io.asgardeo.java.oidc.sdk.bean.RequestContext;
import io.asgardeo.java.oidc.sdk.bean.SessionContext;
import io.asgardeo.java.oidc.sdk.bean.User;
import io.asgardeo.java.oidc.sdk.config.model.OIDCAgentConfig;
import io.asgardeo.java.oidc.sdk.exception.SSOAgentClientException;
import io.asgardeo.java.oidc.sdk.exception.SSOAgentException;
import io.asgardeo.java.oidc.sdk.exception.SSOAgentServerException;
import io.asgardeo.java.oidc.sdk.request.OIDCRequestBuilder;
import io.asgardeo.java.oidc.sdk.request.OIDCRequestResolver;
import io.asgardeo.java.oidc.sdk.request.model.AuthenticationRequest;
import io.asgardeo.java.oidc.sdk.request.model.LogoutRequest;
import io.asgardeo.java.oidc.sdk.validators.IDTokenValidator;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.minidev.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:io/asgardeo/java/oidc/sdk/DefaultOIDCManager.class */
public class DefaultOIDCManager implements OIDCManager {
    private static final Logger logger = LogManager.getLogger(DefaultOIDCManager.class);
    private OIDCAgentConfig oidcAgentConfig;

    public DefaultOIDCManager(OIDCAgentConfig oIDCAgentConfig) throws SSOAgentClientException {
        validateConfig(oIDCAgentConfig);
        this.oidcAgentConfig = oIDCAgentConfig;
    }

    @Override // io.asgardeo.java.oidc.sdk.OIDCManager
    public RequestContext sendForLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SSOAgentException {
        AuthenticationRequest buildAuthenticationRequest = new OIDCRequestBuilder(this.oidcAgentConfig).buildAuthenticationRequest();
        try {
            httpServletResponse.sendRedirect(buildAuthenticationRequest.getAuthenticationRequestURI().toString());
            return buildAuthenticationRequest.getRequestContext();
        } catch (IOException e) {
            throw new SSOAgentException(e.getMessage(), e);
        }
    }

    @Override // io.asgardeo.java.oidc.sdk.OIDCManager
    public SessionContext handleOIDCCallback(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestContext requestContext) throws SSOAgentException {
        OIDCRequestResolver oIDCRequestResolver = new OIDCRequestResolver(httpServletRequest, this.oidcAgentConfig);
        SessionContext sessionContext = new SessionContext();
        Nonce nonce = requestContext.getNonce();
        try {
            if (!oIDCRequestResolver.isError() && oIDCRequestResolver.isAuthorizationCodeResponse()) {
                logger.log(Level.TRACE, "Handling the OIDC Authorization response.");
                if (handleAuthentication(httpServletRequest, sessionContext, nonce)) {
                    logger.log(Level.TRACE, "Authentication successful. Redirecting to the target page.");
                    return sessionContext;
                }
            }
            logger.log(Level.ERROR, "Authentication unsuccessful. Clearing the active session and redirecting.");
            throw new SSOAgentServerException(SSOAgentConstants.ErrorMessages.AUTHENTICATION_FAILED.getMessage(), SSOAgentConstants.ErrorMessages.AUTHENTICATION_FAILED.getCode());
        } catch (SSOAgentServerException e) {
            throw new SSOAgentException(e.getMessage(), e.getErrorCode());
        }
    }

    @Override // io.asgardeo.java.oidc.sdk.OIDCManager
    public RequestContext logout(SessionContext sessionContext, HttpServletResponse httpServletResponse) throws SSOAgentException {
        if (this.oidcAgentConfig.getPostLogoutRedirectURI() == null) {
            logger.info("postLogoutRedirectURI is not configured. Using the callbackURL instead.");
            this.oidcAgentConfig.setPostLogoutRedirectURI(this.oidcAgentConfig.getCallbackUrl());
        }
        LogoutRequest buildLogoutRequest = new OIDCRequestBuilder(this.oidcAgentConfig).buildLogoutRequest(sessionContext);
        try {
            httpServletResponse.sendRedirect(buildLogoutRequest.getLogoutRequestURI().toString());
            return buildLogoutRequest.getRequestContext();
        } catch (IOException e) {
            throw new SSOAgentException(SSOAgentConstants.ErrorMessages.SERVLET_CONNECTION.getMessage(), SSOAgentConstants.ErrorMessages.SERVLET_CONNECTION.getCode(), e);
        }
    }

    private boolean handleAuthentication(HttpServletRequest httpServletRequest, SessionContext sessionContext, Nonce nonce) throws SSOAgentServerException {
        try {
            AuthorizationResponse parse = AuthorizationResponse.parse(ServletUtils.createHTTPRequest(httpServletRequest));
            if (!parse.indicatesSuccess()) {
                handleErrorAuthorizationResponse(parse);
                return false;
            }
            TokenRequest tokenRequest = getTokenRequest(parse.toSuccessResponse().getAuthorizationCode());
            TokenResponse tokenResponse = getTokenResponse(tokenRequest);
            if (tokenResponse.indicatesSuccess()) {
                handleSuccessTokenResponse(tokenResponse, sessionContext, nonce);
                return true;
            }
            handleErrorTokenResponse(tokenRequest, tokenResponse);
            return false;
        } catch (ParseException | SSOAgentServerException | IOException e) {
            throw new SSOAgentServerException(e.getMessage(), (Throwable) e);
        }
    }

    private void handleSuccessTokenResponse(TokenResponse tokenResponse, SessionContext sessionContext, Nonce nonce) throws SSOAgentServerException {
        AccessTokenResponse successResponse = tokenResponse.toSuccessResponse();
        AccessToken accessToken = successResponse.getTokens().getAccessToken();
        RefreshToken refreshToken = successResponse.getTokens().getRefreshToken();
        try {
            String obj = successResponse.getCustomParameters().get(SSOAgentConstants.ID_TOKEN).toString();
            try {
                JWT parse = JWTParser.parse(obj);
                User user = new User(new IDTokenValidator(this.oidcAgentConfig, parse).validate(nonce).getSubject().getValue(), getUserAttributes(obj));
                sessionContext.setIdToken(parse.getParsedString());
                sessionContext.setUser(user);
                sessionContext.setAccessToken(accessToken.toJSONString());
                if (refreshToken != null) {
                    sessionContext.setRefreshToken(refreshToken.getValue());
                }
            } catch (java.text.ParseException e) {
                throw new SSOAgentServerException(SSOAgentConstants.ErrorMessages.ID_TOKEN_PARSE.getMessage(), SSOAgentConstants.ErrorMessages.ID_TOKEN_PARSE.getCode(), e);
            }
        } catch (NullPointerException e2) {
            logger.log(Level.ERROR, "id_token is null.");
            throw new SSOAgentServerException(SSOAgentConstants.ErrorMessages.ID_TOKEN_NULL.getMessage(), SSOAgentConstants.ErrorMessages.ID_TOKEN_NULL.getCode(), e2);
        }
    }

    private void handleErrorTokenResponse(TokenRequest tokenRequest, TokenResponse tokenResponse) {
        TokenErrorResponse errorResponse = tokenResponse.toErrorResponse();
        JSONObject requestToJson = requestToJson(tokenRequest);
        JSONObject jSONObject = errorResponse.toJSONObject();
        logger.log(Level.INFO, "Request object for the error response: ", requestToJson);
        logger.log(Level.INFO, "Error response object: ", jSONObject);
    }

    private void handleErrorAuthorizationResponse(AuthorizationResponse authorizationResponse) {
        logger.log(Level.INFO, "Error response object: ", authorizationResponse.toErrorResponse().getErrorObject().toJSONObject());
    }

    private TokenResponse getTokenResponse(TokenRequest tokenRequest) throws SSOAgentServerException {
        try {
            HTTPRequest hTTPRequest = tokenRequest.toHTTPRequest();
            hTTPRequest.setConnectTimeout(this.oidcAgentConfig.getHttpConnectTimeout());
            hTTPRequest.setReadTimeout(this.oidcAgentConfig.getHttpReadTimeout());
            return TokenResponse.parse(hTTPRequest.send());
        } catch (ParseException | IOException e) {
            throw new SSOAgentServerException(e.getMessage(), (Throwable) e);
        }
    }

    private TokenRequest getTokenRequest(AuthorizationCode authorizationCode) {
        AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant(authorizationCode, this.oidcAgentConfig.getCallbackUrl());
        return new TokenRequest(this.oidcAgentConfig.getTokenEndpoint(), new ClientSecretBasic(this.oidcAgentConfig.getConsumerKey(), this.oidcAgentConfig.getConsumerSecret()), authorizationCodeGrant);
    }

    private JSONObject requestToJson(AbstractRequest abstractRequest) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.appendField(SSOAgentConstants.OIDC_TOKEN_ENDPOINT, abstractRequest.toHTTPRequest().getURI().toString());
        jSONObject.appendField("request body", abstractRequest.toHTTPRequest().getQueryParameters());
        return jSONObject;
    }

    private Map<String, Object> getUserAttributes(String str) throws SSOAgentServerException {
        HashMap hashMap = new HashMap();
        try {
            Map claims = SignedJWT.parse(str).getJWTClaimsSet().getClaims();
            for (String str2 : claims.keySet()) {
                if (!SSOAgentConstants.OIDC_METADATA_CLAIMS.contains(str2)) {
                    hashMap.put(str2, claims.get(str2));
                }
            }
            return hashMap;
        } catch (java.text.ParseException e) {
            throw new SSOAgentServerException(SSOAgentConstants.ErrorMessages.JWT_PARSE.getMessage(), SSOAgentConstants.ErrorMessages.JWT_PARSE.getCode(), e);
        }
    }

    private void validateConfig(OIDCAgentConfig oIDCAgentConfig) throws SSOAgentClientException {
        validateForCode(oIDCAgentConfig);
    }

    private void validateForCode(OIDCAgentConfig oIDCAgentConfig) throws SSOAgentClientException {
        Scope scope = oIDCAgentConfig.getScope();
        if (scope.isEmpty() || !scope.contains(SSOAgentConstants.OIDC_OPENID)) {
            throw new SSOAgentClientException(SSOAgentConstants.ErrorMessages.AGENT_CONFIG_SCOPE.getMessage(), SSOAgentConstants.ErrorMessages.AGENT_CONFIG_SCOPE.getCode());
        }
        if (oIDCAgentConfig.getConsumerKey() == null) {
            throw new SSOAgentClientException(SSOAgentConstants.ErrorMessages.AGENT_CONFIG_CLIENT_SECRET.getMessage(), SSOAgentConstants.ErrorMessages.AGENT_CONFIG_CLIENT_SECRET.getCode());
        }
        if (oIDCAgentConfig.getConsumerSecret() == null) {
            throw new SSOAgentClientException(SSOAgentConstants.ErrorMessages.AGENT_CONFIG_CLIENT_ID.getMessage(), SSOAgentConstants.ErrorMessages.AGENT_CONFIG_CLIENT_ID.getCode());
        }
        if (StringUtils.isEmpty(oIDCAgentConfig.getCallbackUrl().toString())) {
            throw new SSOAgentClientException(SSOAgentConstants.ErrorMessages.AGENT_CONFIG_CALLBACK_URL.getMessage(), SSOAgentConstants.ErrorMessages.AGENT_CONFIG_CALLBACK_URL.getCode());
        }
    }
}
