package io.micronaut.security.oauth2.endpoint.token.request.password;

import com.nimbusds.jwt.JWT;
import io.micronaut.security.authentication.AuthenticationProvider;
import io.micronaut.security.authentication.AuthenticationRequest;
import io.micronaut.security.authentication.AuthenticationResponse;
import io.micronaut.security.oauth2.client.OpenIdProviderMetadata;
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
import io.micronaut.security.oauth2.endpoint.DefaultSecureEndpoint;
import io.micronaut.security.oauth2.endpoint.SecureEndpoint;
import io.micronaut.security.oauth2.endpoint.token.request.TokenEndpointClient;
import io.micronaut.security.oauth2.endpoint.token.request.context.OpenIdPasswordTokenRequestContext;
import io.micronaut.security.oauth2.endpoint.token.response.JWTOpenIdClaims;
import io.micronaut.security.oauth2.endpoint.token.response.OpenIdAuthenticationMapper;
import io.micronaut.security.oauth2.endpoint.token.response.validation.OpenIdTokenResponseValidator;
import java.text.ParseException;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.reactivestreams.Publisher;
import reactor.core.publisher.Flux;

@Deprecated(since = "4.8.0", forRemoval = true)
/* loaded from: input_file:io/micronaut/security/oauth2/endpoint/token/request/password/OpenIdPasswordAuthenticationProvider.class */
public class OpenIdPasswordAuthenticationProvider<T> implements AuthenticationProvider<T> {
    private final TokenEndpointClient tokenEndpointClient;
    private final SecureEndpoint secureEndpoint;
    private final OauthClientConfiguration clientConfiguration;
    private final OpenIdProviderMetadata openIdProviderMetadata;
    private final OpenIdAuthenticationMapper openIdAuthenticationMapper;
    private final OpenIdTokenResponseValidator tokenResponseValidator;

    public OpenIdPasswordAuthenticationProvider(OauthClientConfiguration oauthClientConfiguration, OpenIdProviderMetadata openIdProviderMetadata, TokenEndpointClient tokenEndpointClient, OpenIdAuthenticationMapper openIdAuthenticationMapper, OpenIdTokenResponseValidator openIdTokenResponseValidator) {
        this.tokenEndpointClient = tokenEndpointClient;
        this.clientConfiguration = oauthClientConfiguration;
        this.openIdProviderMetadata = openIdProviderMetadata;
        this.openIdAuthenticationMapper = openIdAuthenticationMapper;
        this.tokenResponseValidator = openIdTokenResponseValidator;
        this.secureEndpoint = getTokenEndpoint(openIdProviderMetadata);
    }

    public Publisher<AuthenticationResponse> authenticate(T t, AuthenticationRequest<?, ?> authenticationRequest) {
        return Flux.from(this.tokenEndpointClient.sendRequest(new OpenIdPasswordTokenRequestContext(authenticationRequest, this.secureEndpoint, this.clientConfiguration))).switchMap(openIdTokenResponse -> {
            Optional<JWT> validate = this.tokenResponseValidator.validate(this.clientConfiguration, this.openIdProviderMetadata, openIdTokenResponse, null);
            if (!validate.isPresent()) {
                return Flux.error(AuthenticationResponse.exception("JWT validation failed"));
            }
            try {
                return this.openIdAuthenticationMapper.createAuthenticationResponse(this.clientConfiguration.getName(), openIdTokenResponse, new JWTOpenIdClaims(validate.get().getJWTClaimsSet()), null);
            } catch (ParseException e) {
                return Flux.error(e);
            }
        });
    }

    protected SecureEndpoint getTokenEndpoint(OpenIdProviderMetadata openIdProviderMetadata) {
        List<String> tokenEndpointAuthMethodsSupported = openIdProviderMetadata.getTokenEndpointAuthMethodsSupported();
        List list = null;
        if (tokenEndpointAuthMethodsSupported != null) {
            list = (List) tokenEndpointAuthMethodsSupported.stream().map((v0) -> {
                return v0.toUpperCase();
            }).map(AuthenticationMethod::valueOf).collect(Collectors.toList());
        }
        return new DefaultSecureEndpoint(openIdProviderMetadata.getTokenEndpoint(), list);
    }
}
