package io.micronaut.security.oauth2.client;

import io.micronaut.context.BeanContext;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.core.async.SupplierUtil;
import io.micronaut.core.convert.value.ConvertibleMultiValues;
import io.micronaut.core.convert.value.MutableConvertibleMultiValuesMap;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.HttpResponse;
import io.micronaut.http.HttpStatus;
import io.micronaut.http.MutableHttpResponse;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.authentication.AuthenticationResponse;
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
import io.micronaut.security.oauth2.endpoint.DefaultSecureEndpoint;
import io.micronaut.security.oauth2.endpoint.SecureEndpoint;
import io.micronaut.security.oauth2.endpoint.authorization.request.AuthorizationRedirectHandler;
import io.micronaut.security.oauth2.endpoint.authorization.request.AuthorizationRequest;
import io.micronaut.security.oauth2.endpoint.authorization.request.OpenIdAuthorizationRequest;
import io.micronaut.security.oauth2.endpoint.authorization.response.AuthorizationErrorResponse;
import io.micronaut.security.oauth2.endpoint.authorization.response.AuthorizationErrorResponseException;
import io.micronaut.security.oauth2.endpoint.authorization.response.OpenIdAuthorizationResponse;
import io.micronaut.security.oauth2.endpoint.authorization.response.OpenIdAuthorizationResponseHandler;
import io.micronaut.security.oauth2.endpoint.endsession.request.EndSessionEndpoint;
import io.micronaut.security.oauth2.endpoint.token.response.OpenIdUserDetailsMapper;
import io.reactivex.Flowable;
import java.util.Map;
import java.util.Optional;
import java.util.function.Supplier;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/micronaut/security/oauth2/client/DefaultOpenIdClient.class */
public class DefaultOpenIdClient implements OpenIdClient {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultOpenIdClient.class);
    private final OauthClientConfiguration clientConfiguration;
    private final Supplier<OpenIdProviderMetadata> openIdProviderMetadata;
    private final OpenIdUserDetailsMapper userDetailsMapper;
    private final AuthorizationRedirectHandler redirectUrlBuilder;
    private final OpenIdAuthorizationResponseHandler authorizationResponseHandler;
    private final Supplier<SecureEndpoint> tokenEndpoint = SupplierUtil.memoized(this::getTokenEndpoint);
    private final BeanContext beanContext;
    private final EndSessionEndpoint endSessionEndpoint;

    public DefaultOpenIdClient(OauthClientConfiguration oauthClientConfiguration, Supplier<OpenIdProviderMetadata> supplier, @Nullable OpenIdUserDetailsMapper openIdUserDetailsMapper, AuthorizationRedirectHandler authorizationRedirectHandler, OpenIdAuthorizationResponseHandler openIdAuthorizationResponseHandler, BeanContext beanContext, @Nullable EndSessionEndpoint endSessionEndpoint) {
        this.clientConfiguration = oauthClientConfiguration;
        this.openIdProviderMetadata = supplier;
        this.userDetailsMapper = openIdUserDetailsMapper;
        this.redirectUrlBuilder = authorizationRedirectHandler;
        this.authorizationResponseHandler = openIdAuthorizationResponseHandler;
        this.beanContext = beanContext;
        this.endSessionEndpoint = endSessionEndpoint;
    }

    @Override // io.micronaut.security.oauth2.client.OauthClient
    public String getName() {
        return this.clientConfiguration.getName();
    }

    @Override // io.micronaut.security.oauth2.client.OpenIdClient
    public boolean supportsEndSession() {
        return this.endSessionEndpoint != null;
    }

    @Override // io.micronaut.security.oauth2.client.OpenIdClient
    public Optional<MutableHttpResponse<?>> endSessionRedirect(HttpRequest<?> httpRequest, Authentication authentication) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Starting end session flow to provider [{}]", getName());
        }
        return Optional.ofNullable(this.endSessionEndpoint).map(endSessionEndpoint -> {
            return endSessionEndpoint.getUrl(httpRequest, authentication);
        }).map(str -> {
            return HttpResponse.status(HttpStatus.FOUND).header("Location", str);
        });
    }

    @Override // io.micronaut.security.oauth2.client.OauthClient
    public Publisher<MutableHttpResponse<?>> authorizationRedirect(HttpRequest<?> httpRequest) {
        AuthorizationRequest authorizationRequest = (AuthorizationRequest) this.beanContext.createBean(OpenIdAuthorizationRequest.class, new Object[]{httpRequest, this.clientConfiguration});
        String authorizationEndpoint = this.openIdProviderMetadata.get().getAuthorizationEndpoint();
        if (LOG.isTraceEnabled()) {
            LOG.trace("Starting authorization code grant flow to provider [{}]. Redirecting to [{}]", getName(), authorizationEndpoint);
        }
        return Flowable.just(this.redirectUrlBuilder.redirect(authorizationRequest, authorizationEndpoint));
    }

    @Override // io.micronaut.security.oauth2.client.OauthClient
    public Publisher<AuthenticationResponse> onCallback(HttpRequest<Map<String, Object>> httpRequest) {
        Optional map = httpRequest.getBody().map(map2 -> {
            MutableConvertibleMultiValuesMap mutableConvertibleMultiValuesMap = new MutableConvertibleMultiValuesMap();
            map2.forEach((str, obj) -> {
                mutableConvertibleMultiValuesMap.add(str, obj.toString());
            });
            return mutableConvertibleMultiValuesMap;
        });
        httpRequest.getClass();
        if (isErrorCallback((ConvertibleMultiValues) map.orElseGet(httpRequest::getParameters))) {
            AuthorizationErrorResponse authorizationErrorResponse = (AuthorizationErrorResponse) this.beanContext.createBean(AuthorizationErrorResponse.class, new Object[]{httpRequest});
            if (LOG.isTraceEnabled()) {
                LOG.trace("Received an authorization error response from provider [{}]. Error: [{}]", getName(), authorizationErrorResponse.getError());
            }
            throw new AuthorizationErrorResponseException(authorizationErrorResponse);
        }
        OpenIdAuthorizationResponse openIdAuthorizationResponse = (OpenIdAuthorizationResponse) this.beanContext.createBean(OpenIdAuthorizationResponse.class, new Object[]{httpRequest});
        if (LOG.isTraceEnabled()) {
            LOG.trace("Received a successful authorization response from provider [{}]", getName());
        }
        return this.authorizationResponseHandler.handle(openIdAuthorizationResponse, this.clientConfiguration, this.openIdProviderMetadata.get(), this.userDetailsMapper, this.tokenEndpoint.get());
    }

    protected boolean isErrorCallback(ConvertibleMultiValues<String> convertibleMultiValues) {
        return convertibleMultiValues.contains("error");
    }

    protected SecureEndpoint getTokenEndpoint() {
        return new DefaultSecureEndpoint(this.openIdProviderMetadata.get().getTokenEndpoint(), this.openIdProviderMetadata.get().getTokenEndpointAuthMethods().orElse(null));
    }
}
