package io.quarkus.oidc.runtime;

import io.quarkus.oidc.AuthorizationCodeTokens;
import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.OidcConfigurationMetadata;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.TokenIntrospection;
import io.quarkus.oidc.UserInfo;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.oidc.common.runtime.OidcEndpointAccessException;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.groups.UniOnItem;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonObject;
import io.vertx.mutiny.core.MultiMap;
import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpRequest;
import io.vertx.mutiny.ext.web.client.HttpResponse;
import io.vertx.mutiny.ext.web.client.WebClient;
import java.io.Closeable;
import java.net.ConnectException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/oidc/runtime/OidcProviderClient.class */
public class OidcProviderClient implements Closeable {
    private static final Logger LOG = Logger.getLogger(OidcProviderClient.class);
    private static final String AUTHORIZATION_HEADER = String.valueOf(HttpHeaders.AUTHORIZATION);
    private static final String CONTENT_TYPE_HEADER = String.valueOf(HttpHeaders.CONTENT_TYPE);
    private static final String ACCEPT_HEADER = String.valueOf(HttpHeaders.ACCEPT);
    private static final String APPLICATION_X_WWW_FORM_URLENCODED = String.valueOf(HttpHeaders.APPLICATION_X_WWW_FORM_URLENCODED.toString());
    private static final String APPLICATION_JSON = "application/json";
    private final WebClient client;
    private final OidcConfigurationMetadata metadata;
    private final OidcTenantConfig oidcConfig;
    private final String clientSecretBasicAuthScheme;
    private final String introspectionBasicAuthScheme;
    private final Key clientJwtKey;

    public OidcProviderClient(WebClient webClient, OidcConfigurationMetadata oidcConfigurationMetadata, OidcTenantConfig oidcTenantConfig) {
        this.client = webClient;
        this.metadata = oidcConfigurationMetadata;
        this.oidcConfig = oidcTenantConfig;
        this.clientSecretBasicAuthScheme = OidcCommonUtils.initClientSecretBasicAuth(oidcTenantConfig);
        this.clientJwtKey = OidcCommonUtils.initClientJwtKey(oidcTenantConfig);
        this.introspectionBasicAuthScheme = initIntrospectionBasicAuthScheme(oidcTenantConfig);
    }

    private static String initIntrospectionBasicAuthScheme(OidcTenantConfig oidcTenantConfig) {
        if (oidcTenantConfig.getIntrospectionCredentials().name.isPresent() && oidcTenantConfig.getIntrospectionCredentials().secret.isPresent()) {
            return OidcCommonUtils.basicSchemeValue(oidcTenantConfig.getIntrospectionCredentials().name.get(), oidcTenantConfig.getIntrospectionCredentials().secret.get());
        }
        return null;
    }

    public OidcConfigurationMetadata getMetadata() {
        return this.metadata;
    }

    public Uni<JsonWebKeySet> getJsonWebKeySet() {
        return this.client.getAbs(this.metadata.getJsonWebKeySetUri()).send().onItem().transform(httpResponse -> {
            return getJsonWebKeySet(httpResponse);
        });
    }

    public Uni<UserInfo> getUserInfo(String str) {
        LOG.debugf("Get UserInfo on: %s auth: %s", this.metadata.getUserInfoUri(), "Bearer " + str);
        return this.client.getAbs(this.metadata.getUserInfoUri()).putHeader(AUTHORIZATION_HEADER, "Bearer " + str).send().onItem().transform(httpResponse -> {
            return getUserInfo((HttpResponse<Buffer>) httpResponse);
        });
    }

    public Uni<TokenIntrospection> introspectToken(String str) {
        MultiMap multiMap = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
        multiMap.add("token", str);
        multiMap.add("token_type_hint", "access_token");
        return getHttpResponse(this.metadata.getIntrospectionUri(), multiMap, true).transform(httpResponse -> {
            return getTokenIntrospection(httpResponse);
        });
    }

    private JsonWebKeySet getJsonWebKeySet(HttpResponse<Buffer> httpResponse) {
        if (httpResponse.statusCode() == 200) {
            return new JsonWebKeySet(httpResponse.bodyAsString(StandardCharsets.UTF_8.name()));
        }
        throw new OidcEndpointAccessException(httpResponse.statusCode());
    }

    public OidcTenantConfig getOidcConfig() {
        return this.oidcConfig;
    }

    public Uni<AuthorizationCodeTokens> getAuthorizationCodeTokens(String str, String str2, String str3) {
        MultiMap multiMap = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
        multiMap.add("grant_type", "authorization_code");
        multiMap.add("code", str);
        multiMap.add("redirect_uri", str2);
        if (str3 != null) {
            multiMap.add("code_verifier", str3);
        }
        return getHttpResponse(this.metadata.getTokenUri(), multiMap, false).transform(httpResponse -> {
            return getAuthorizationCodeTokens(httpResponse);
        });
    }

    public Uni<AuthorizationCodeTokens> refreshAuthorizationCodeTokens(String str) {
        MultiMap multiMap = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
        multiMap.add("grant_type", "refresh_token");
        multiMap.add("refresh_token", str);
        return getHttpResponse(this.metadata.getTokenUri(), multiMap, false).transform(httpResponse -> {
            return getAuthorizationCodeTokens(httpResponse);
        });
    }

    private UniOnItem<HttpResponse<Buffer>> getHttpResponse(String str, MultiMap multiMap, boolean z) {
        HttpRequest postAbs = this.client.postAbs(str);
        postAbs.putHeader(CONTENT_TYPE_HEADER, APPLICATION_X_WWW_FORM_URLENCODED);
        postAbs.putHeader(ACCEPT_HEADER, APPLICATION_JSON);
        if (z && this.introspectionBasicAuthScheme != null) {
            postAbs.putHeader(AUTHORIZATION_HEADER, this.introspectionBasicAuthScheme);
            if (this.oidcConfig.clientId.isPresent()) {
                multiMap.set("client_id", (String) this.oidcConfig.clientId.get());
            }
        } else if (this.clientSecretBasicAuthScheme != null) {
            postAbs.putHeader(AUTHORIZATION_HEADER, this.clientSecretBasicAuthScheme);
        } else if (this.clientJwtKey != null) {
            String signJwtWithKey = OidcCommonUtils.signJwtWithKey(this.oidcConfig, this.metadata.getTokenUri(), this.clientJwtKey);
            if (OidcCommonUtils.isClientSecretPostJwtAuthRequired(this.oidcConfig.credentials)) {
                multiMap.add("client_id", (String) this.oidcConfig.clientId.get());
                multiMap.add("client_secret", signJwtWithKey);
            } else {
                multiMap.add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
                multiMap.add("client_assertion", signJwtWithKey);
            }
        } else if (OidcCommonUtils.isClientSecretPostAuthRequired(this.oidcConfig.credentials)) {
            multiMap.add("client_id", (String) this.oidcConfig.clientId.get());
            multiMap.add("client_secret", OidcCommonUtils.clientSecret(this.oidcConfig.credentials));
        } else {
            multiMap.add("client_id", (String) this.oidcConfig.clientId.get());
        }
        LOG.debugf("Get token on: %s params: %s headers: %s", this.metadata.getTokenUri(), multiMap, postAbs.headers());
        return postAbs.sendBuffer(OidcCommonUtils.encodeForm(multiMap)).onFailure(ConnectException.class).retry().atMost(this.oidcConfig.connectionRetryCount).onFailure().transform(th -> {
            return th.getCause();
        }).onItem();
    }

    private AuthorizationCodeTokens getAuthorizationCodeTokens(HttpResponse<Buffer> httpResponse) {
        JsonObject jsonObject = getJsonObject(httpResponse);
        return new AuthorizationCodeTokens(jsonObject.getString("id_token"), jsonObject.getString("access_token"), jsonObject.getString("refresh_token"));
    }

    private UserInfo getUserInfo(HttpResponse<Buffer> httpResponse) {
        return new UserInfo(getString(httpResponse));
    }

    private TokenIntrospection getTokenIntrospection(HttpResponse<Buffer> httpResponse) {
        return new TokenIntrospection(getString(httpResponse));
    }

    private static JsonObject getJsonObject(HttpResponse<Buffer> httpResponse) {
        if (httpResponse.statusCode() != 200) {
            throw responseException(httpResponse);
        }
        LOG.debugf("Request succeeded: %s", httpResponse.bodyAsJsonObject());
        return httpResponse.bodyAsJsonObject();
    }

    private static String getString(HttpResponse<Buffer> httpResponse) {
        if (httpResponse.statusCode() != 200) {
            throw responseException(httpResponse);
        }
        LOG.debugf("Request succeeded: %s", httpResponse.bodyAsString());
        return httpResponse.bodyAsString();
    }

    private static OIDCException responseException(HttpResponse<Buffer> httpResponse) {
        String bodyAsString = httpResponse.bodyAsString();
        LOG.debugf("Request has failed: status: %d, error message: %s", httpResponse.statusCode(), bodyAsString);
        throw new OIDCException(bodyAsString);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.client.close();
    }

    public Key getClientJwtKey() {
        return this.clientJwtKey;
    }
}
