package io.micronaut.security.oauth2.endpoint.token.response;

import com.nimbusds.jwt.JWTParser;
import edu.umd.cs.findbugs.annotations.Nullable;
import io.micronaut.context.annotation.Requires;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.cookie.Cookie;
import io.micronaut.security.authentication.AuthenticationMode;
import io.micronaut.security.authentication.UserDetails;
import io.micronaut.security.config.RedirectConfiguration;
import io.micronaut.security.errors.OauthErrorResponseException;
import io.micronaut.security.errors.ObtainingAuthorizationErrorCode;
import io.micronaut.security.errors.PriorToLoginPersistence;
import io.micronaut.security.token.config.TokenConfiguration;
import io.micronaut.security.token.jwt.cookie.AccessTokenCookieConfiguration;
import io.micronaut.security.token.jwt.cookie.CookieLoginHandler;
import io.micronaut.security.token.jwt.cookie.JwtCookieConfiguration;
import java.text.ParseException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Requires(property = "micronaut.security.authentication", value = "idtoken")
/* loaded from: input_file:io/micronaut/security/oauth2/endpoint/token/response/IdTokenLoginHandler.class */
public class IdTokenLoginHandler extends CookieLoginHandler {
    private static final Logger LOG = LoggerFactory.getLogger(IdTokenLoginHandler.class);
    private final TokenConfiguration tokenConfiguration;

    @Deprecated
    public IdTokenLoginHandler(JwtCookieConfiguration jwtCookieConfiguration, RedirectConfiguration redirectConfiguration, TokenConfiguration tokenConfiguration, @Nullable PriorToLoginPersistence priorToLoginPersistence) {
        super(jwtCookieConfiguration, redirectConfiguration, priorToLoginPersistence);
        this.tokenConfiguration = tokenConfiguration;
    }

    @Inject
    public IdTokenLoginHandler(AccessTokenCookieConfiguration accessTokenCookieConfiguration, RedirectConfiguration redirectConfiguration, TokenConfiguration tokenConfiguration, @Nullable PriorToLoginPersistence priorToLoginPersistence) {
        super(accessTokenCookieConfiguration, redirectConfiguration, priorToLoginPersistence);
        this.tokenConfiguration = tokenConfiguration;
    }

    protected List<Cookie> getCookies(UserDetails userDetails, HttpRequest<?> httpRequest) {
        ArrayList arrayList = new ArrayList(1);
        Cookie of = Cookie.of(this.accessTokenCookieConfiguration.getCookieName(), parseIdToken(userDetails).orElseThrow(() -> {
            return new OauthErrorResponseException(ObtainingAuthorizationErrorCode.SERVER_ERROR, "Cannot obtain an access token", (String) null);
        }));
        of.configure(this.accessTokenCookieConfiguration, httpRequest.isSecure());
        of.maxAge(cookieExpiration(userDetails, httpRequest));
        arrayList.add(of);
        return arrayList;
    }

    protected List<Cookie> getCookies(UserDetails userDetails, String str, HttpRequest<?> httpRequest) {
        throw new OauthErrorResponseException(ObtainingAuthorizationErrorCode.INVALID_REQUEST, "Cannot refresh a provider token through the oauth endpoint. The token must be refreshed directly with the provider", (String) null);
    }

    protected Optional<String> parseIdToken(UserDetails userDetails) {
        Map attributes = userDetails.getAttributes(this.tokenConfiguration.getRolesName(), this.tokenConfiguration.getNameKey());
        if (!attributes.containsKey(OpenIdUserDetailsMapper.OPENID_TOKEN_KEY)) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("{} should be present in user details attributes to use {}:{}", new Object[]{OpenIdUserDetailsMapper.OPENID_TOKEN_KEY, "micronaut.security.authentication", AuthenticationMode.IDTOKEN.toString()});
            }
            return Optional.empty();
        }
        Object obj = attributes.get(OpenIdUserDetailsMapper.OPENID_TOKEN_KEY);
        if (obj instanceof String) {
            return Optional.of((String) obj);
        }
        if (LOG.isWarnEnabled()) {
            LOG.warn("{} present in user details attributes should be of type String to use {}:{}", new Object[]{OpenIdUserDetailsMapper.OPENID_TOKEN_KEY, "micronaut.security.authentication", AuthenticationMode.IDTOKEN.toString()});
        }
        return Optional.empty();
    }

    protected Duration cookieExpiration(UserDetails userDetails, HttpRequest<?> httpRequest) {
        Optional<String> parseIdToken = parseIdToken(userDetails);
        if (!parseIdToken.isPresent()) {
            return Duration.ofSeconds(0L);
        }
        try {
            Date expirationTime = JWTParser.parse(parseIdToken.get()).getJWTClaimsSet().getExpirationTime();
            if (expirationTime != null) {
                return Duration.between(new Date().toInstant(), expirationTime.toInstant());
            }
            if (LOG.isWarnEnabled()) {
                LOG.warn("unable to define a cookie expiration because id token exp claim is not set");
            }
            return Duration.ofSeconds(0L);
        } catch (ParseException e) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("unable to define a cookie expiration because id token cannot be parsed to JWT");
            }
            return Duration.ofSeconds(0L);
        }
    }
}
