package io.micronaut.security.oauth2.client;

import io.micronaut.context.BeanContext;
import io.micronaut.context.BeanProvider;
import io.micronaut.context.annotation.EachBean;
import io.micronaut.context.annotation.Factory;
import io.micronaut.context.annotation.Parameter;
import io.micronaut.context.annotation.Requires;
import io.micronaut.context.exceptions.BeanInstantiationException;
import io.micronaut.core.annotation.Internal;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.core.async.SupplierUtil;
import io.micronaut.core.util.StringUtils;
import io.micronaut.http.client.HttpClient;
import io.micronaut.http.client.annotation.Client;
import io.micronaut.http.client.exceptions.HttpClientResponseException;
import io.micronaut.security.oauth2.client.condition.OpenIdClientCondition;
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
import io.micronaut.security.oauth2.configuration.OpenIdClientConfiguration;
import io.micronaut.security.oauth2.configuration.endpoints.EndSessionEndpointConfiguration;
import io.micronaut.security.oauth2.endpoint.authorization.request.AuthorizationRedirectHandler;
import io.micronaut.security.oauth2.endpoint.authorization.response.OpenIdAuthorizationResponseHandler;
import io.micronaut.security.oauth2.endpoint.endsession.request.EndSessionEndpoint;
import io.micronaut.security.oauth2.endpoint.endsession.request.EndSessionEndpointResolver;
import io.micronaut.security.oauth2.endpoint.endsession.response.EndSessionCallbackUrlBuilder;
import io.micronaut.security.oauth2.endpoint.token.response.OpenIdUserDetailsMapper;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.Optional;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Internal
@Requires(configuration = "io.micronaut.security.token.jwt")
@Factory
/* loaded from: input_file:io/micronaut/security/oauth2/client/OpenIdClientFactory.class */
class OpenIdClientFactory {
    private static final Logger LOG = LoggerFactory.getLogger(OpenIdClientFactory.class);
    private final BeanContext beanContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenIdClientFactory(BeanContext beanContext) {
        this.beanContext = beanContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @EachBean(OpenIdClientConfiguration.class)
    public DefaultOpenIdProviderMetadata openIdConfiguration(@Parameter OauthClientConfiguration oauthClientConfiguration, @Parameter OpenIdClientConfiguration openIdClientConfiguration, @Client HttpClient httpClient) {
        DefaultOpenIdProviderMetadata defaultOpenIdProviderMetadata = (DefaultOpenIdProviderMetadata) openIdClientConfiguration.getIssuer().map(url -> {
            try {
                URL url = new URL(url, StringUtils.prependUri(url.getPath(), openIdClientConfiguration.getConfigurationPath()));
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Sending request for OpenID configuration for provider [{}] to URL [{}]", openIdClientConfiguration.getName(), url);
                }
                return (DefaultOpenIdProviderMetadata) httpClient.toBlocking().retrieve(url.toString(), DefaultOpenIdProviderMetadata.class);
            } catch (MalformedURLException e) {
                throw new BeanInstantiationException("Failure parsing issuer URL " + url.toString(), e);
            } catch (HttpClientResponseException e2) {
                throw new BeanInstantiationException("Failed to retrieve OpenID configuration for " + openIdClientConfiguration.getName(), e2);
            }
        }).orElse(new DefaultOpenIdProviderMetadata());
        overrideFromConfig(defaultOpenIdProviderMetadata, openIdClientConfiguration, oauthClientConfiguration);
        return defaultOpenIdProviderMetadata;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Requires(condition = OpenIdClientCondition.class)
    @EachBean(OpenIdClientConfiguration.class)
    public DefaultOpenIdClient openIdClient(@Parameter OpenIdClientConfiguration openIdClientConfiguration, @Parameter OauthClientConfiguration oauthClientConfiguration, @Parameter BeanProvider<DefaultOpenIdProviderMetadata> beanProvider, @Parameter @Nullable OpenIdUserDetailsMapper openIdUserDetailsMapper, AuthorizationRedirectHandler authorizationRedirectHandler, OpenIdAuthorizationResponseHandler openIdAuthorizationResponseHandler, EndSessionEndpointResolver endSessionEndpointResolver, EndSessionCallbackUrlBuilder endSessionCallbackUrlBuilder) {
        beanProvider.getClass();
        Supplier<OpenIdProviderMetadata> memoized = SupplierUtil.memoized(beanProvider::get);
        EndSessionEndpoint endSessionEndpoint = null;
        if (openIdClientConfiguration.getEndSession().isEnabled()) {
            endSessionEndpoint = endSessionEndpointResolver.resolve(oauthClientConfiguration, memoized, endSessionCallbackUrlBuilder).orElse(null);
        }
        return new DefaultOpenIdClient(oauthClientConfiguration, memoized, openIdUserDetailsMapper, authorizationRedirectHandler, openIdAuthorizationResponseHandler, this.beanContext, endSessionEndpoint);
    }

    private void overrideFromConfig(DefaultOpenIdProviderMetadata defaultOpenIdProviderMetadata, OpenIdClientConfiguration openIdClientConfiguration, OauthClientConfiguration oauthClientConfiguration) {
        Optional<String> jwksUri = openIdClientConfiguration.getJwksUri();
        defaultOpenIdProviderMetadata.getClass();
        jwksUri.ifPresent(defaultOpenIdProviderMetadata::setJwksUri);
        oauthClientConfiguration.getIntrospection().ifPresent(secureEndpointConfiguration -> {
            Optional<String> url = secureEndpointConfiguration.getUrl();
            defaultOpenIdProviderMetadata.getClass();
            url.ifPresent(defaultOpenIdProviderMetadata::setIntrospectionEndpoint);
            secureEndpointConfiguration.getAuthMethod().ifPresent(authenticationMethod -> {
                defaultOpenIdProviderMetadata.setIntrospectionEndpointAuthMethodsSupported(Collections.singletonList(authenticationMethod.toString()));
            });
        });
        oauthClientConfiguration.getRevocation().ifPresent(secureEndpointConfiguration2 -> {
            Optional<String> url = secureEndpointConfiguration2.getUrl();
            defaultOpenIdProviderMetadata.getClass();
            url.ifPresent(defaultOpenIdProviderMetadata::setRevocationEndpoint);
            secureEndpointConfiguration2.getAuthMethod().ifPresent(authenticationMethod -> {
                defaultOpenIdProviderMetadata.setRevocationEndpointAuthMethodsSupported(Collections.singletonList(authenticationMethod.toString()));
            });
        });
        Optional<U> flatMap = openIdClientConfiguration.getRegistration().flatMap((v0) -> {
            return v0.getUrl();
        });
        defaultOpenIdProviderMetadata.getClass();
        flatMap.ifPresent(defaultOpenIdProviderMetadata::setRegistrationEndpoint);
        Optional<U> flatMap2 = openIdClientConfiguration.getUserInfo().flatMap((v0) -> {
            return v0.getUrl();
        });
        defaultOpenIdProviderMetadata.getClass();
        flatMap2.ifPresent(defaultOpenIdProviderMetadata::setUserinfoEndpoint);
        Optional<U> flatMap3 = openIdClientConfiguration.getAuthorization().flatMap((v0) -> {
            return v0.getUrl();
        });
        defaultOpenIdProviderMetadata.getClass();
        flatMap3.ifPresent(defaultOpenIdProviderMetadata::setAuthorizationEndpoint);
        openIdClientConfiguration.getToken().ifPresent(tokenEndpointConfiguration -> {
            Optional<String> url = tokenEndpointConfiguration.getUrl();
            defaultOpenIdProviderMetadata.getClass();
            url.ifPresent(defaultOpenIdProviderMetadata::setTokenEndpoint);
            tokenEndpointConfiguration.getAuthMethod().ifPresent(authenticationMethod -> {
                defaultOpenIdProviderMetadata.setTokenEndpointAuthMethodsSupported(Collections.singletonList(authenticationMethod.toString()));
            });
        });
        EndSessionEndpointConfiguration endSession = openIdClientConfiguration.getEndSession();
        if (endSession.isEnabled()) {
            Optional<String> url = endSession.getUrl();
            defaultOpenIdProviderMetadata.getClass();
            url.ifPresent(defaultOpenIdProviderMetadata::setEndSessionEndpoint);
        }
    }
}
