package io.quarkus.oidc.runtime;

import io.quarkus.oidc.AuthorizationCodeTokens;
import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.subscription.UniEmitter;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.oauth2.AccessToken;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.impl.OAuth2AuthProviderImpl;
import io.vertx.ext.auth.oauth2.impl.OAuth2TokenImpl;
import io.vertx.ext.auth.oauth2.providers.KeycloakAuth;
import io.vertx.ext.jwt.JWT;
import io.vertx.ext.web.RoutingContext;
import java.time.Duration;
import java.util.function.Consumer;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/oidc/runtime/OidcRuntimeClient.class */
public class OidcRuntimeClient {
    final OAuth2Auth auth;

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcRuntimeClient$JwkSetRefreshHandler.class */
    public static class JwkSetRefreshHandler implements Handler<String> {
        private static final Logger LOG = Logger.getLogger(JwkSetRefreshHandler.class);
        private OAuth2Auth auth;
        private volatile long lastForcedRefreshTime;
        private volatile long forcedJwksRefreshIntervalMilliSecs;

        public JwkSetRefreshHandler(OAuth2Auth oAuth2Auth, Duration duration) {
            this.auth = oAuth2Auth;
            this.forcedJwksRefreshIntervalMilliSecs = duration.toMillis();
        }

        public void handle(String str) {
            long currentTimeMillis = System.currentTimeMillis();
            if (currentTimeMillis > this.lastForcedRefreshTime + this.forcedJwksRefreshIntervalMilliSecs) {
                this.lastForcedRefreshTime = currentTimeMillis;
                LOG.debugf("No JWK with %s key id is available, trying to refresh the JWK set", str);
                this.auth.loadJWK(asyncResult -> {
                    if (asyncResult.failed()) {
                        LOG.debugf("Failed to refresh the JWK set: %s", asyncResult.cause());
                    }
                });
            }
        }
    }

    public OidcRuntimeClient(OAuth2Auth oAuth2Auth) {
        this.auth = oAuth2Auth;
    }

    public String authorizationURL() {
        OAuth2ClientOptions config = ((OAuth2AuthProviderImpl) OAuth2AuthProviderImpl.class.cast(this.auth)).getConfig();
        String authorizationPath = config.getAuthorizationPath();
        return authorizationPath.charAt(0) == '/' ? config.getSite() + authorizationPath : authorizationPath;
    }

    public void verifyToken(final UniEmitter<? super TokenVerificationResult> uniEmitter, TenantConfigContext tenantConfigContext, String str) {
        tenantConfigContext.client.decodeToken(str, new Handler<AsyncResult<AccessToken>>() { // from class: io.quarkus.oidc.runtime.OidcRuntimeClient.1
            public void handle(AsyncResult<AccessToken> asyncResult) {
                if (asyncResult.failed()) {
                    uniEmitter.fail(new AuthenticationFailedException(asyncResult.cause()));
                } else {
                    uniEmitter.complete(new TokenVerificationResult(((AccessToken) asyncResult.result()).accessToken(), ((AccessToken) asyncResult.result()).principal()));
                }
            }
        });
    }

    public Uni<TokenVerificationResult> verifyTokenUni(final TenantConfigContext tenantConfigContext, final String str) {
        return Uni.createFrom().emitter(new Consumer<UniEmitter<? super TokenVerificationResult>>() { // from class: io.quarkus.oidc.runtime.OidcRuntimeClient.2
            @Override // java.util.function.Consumer
            public void accept(UniEmitter<? super TokenVerificationResult> uniEmitter) {
                OidcRuntimeClient.this.verifyToken(uniEmitter, tenantConfigContext, str);
            }
        });
    }

    public void refreshToken(final UniEmitter<? super AuthorizationCodeTokens> uniEmitter, final String str) {
        final OAuth2TokenImpl oAuth2TokenImpl = new OAuth2TokenImpl(this.auth, new JsonObject());
        oAuth2TokenImpl.principal().put("refresh_token", str);
        oAuth2TokenImpl.refresh(new Handler<AsyncResult<Void>>() { // from class: io.quarkus.oidc.runtime.OidcRuntimeClient.3
            public void handle(AsyncResult<Void> asyncResult) {
                if (asyncResult.succeeded()) {
                    uniEmitter.complete(new AuthorizationCodeTokens(oAuth2TokenImpl.opaqueIdToken(), oAuth2TokenImpl.opaqueAccessToken(), oAuth2TokenImpl.opaqueRefreshToken() == null ? str : oAuth2TokenImpl.opaqueRefreshToken()));
                } else {
                    uniEmitter.fail(asyncResult.cause());
                }
            }
        });
    }

    public void getCodeFlowTokens(final UniEmitter<? super AuthorizationCodeTokens> uniEmitter, JsonObject jsonObject) {
        this.auth.authenticate(jsonObject, new Handler<AsyncResult<User>>() { // from class: io.quarkus.oidc.runtime.OidcRuntimeClient.4
            public void handle(AsyncResult<User> asyncResult) {
                if (!asyncResult.succeeded()) {
                    uniEmitter.fail(asyncResult.cause());
                    return;
                }
                AccessToken accessToken = (AccessToken) AccessToken.class.cast(asyncResult.result());
                uniEmitter.complete(new AuthorizationCodeTokens(accessToken.opaqueIdToken(), accessToken.opaqueAccessToken(), accessToken.opaqueRefreshToken()));
            }
        });
    }

    public String getLogoutPath() {
        return ((OAuth2AuthProviderImpl) OAuth2AuthProviderImpl.class.cast(this.auth)).getConfig().getLogoutPath();
    }

    public void decodeToken(String str, Handler<AsyncResult<AccessToken>> handler) {
        this.auth.decodeToken(str, handler);
    }

    public void createUserInfoToken(final UniEmitter<? super JsonObject> uniEmitter, RoutingContext routingContext, TokenAuthenticationRequest tokenAuthenticationRequest) {
        OAuth2TokenImpl oAuth2TokenImpl = new OAuth2TokenImpl(this.auth, new JsonObject());
        String str = (String) routingContext.get("access_token");
        if (str == null) {
            str = tokenAuthenticationRequest.getToken().getToken();
        }
        oAuth2TokenImpl.principal().put("access_token", str);
        oAuth2TokenImpl.userInfo(new Handler<AsyncResult<JsonObject>>() { // from class: io.quarkus.oidc.runtime.OidcRuntimeClient.5
            public void handle(AsyncResult<JsonObject> asyncResult) {
                if (asyncResult.failed()) {
                    uniEmitter.fail(new AuthenticationFailedException(asyncResult.cause()));
                } else {
                    uniEmitter.complete(asyncResult.result());
                }
            }
        });
    }

    public static OidcRuntimeClient discoverOidcEndpoints(final Vertx vertx, final OAuth2ClientOptions oAuth2ClientOptions, final OidcTenantConfig oidcTenantConfig) {
        return (OidcRuntimeClient) Uni.createFrom().emitter(new Consumer<UniEmitter<? super OidcRuntimeClient>>() { // from class: io.quarkus.oidc.runtime.OidcRuntimeClient.6
            @Override // java.util.function.Consumer
            public void accept(final UniEmitter<? super OidcRuntimeClient> uniEmitter) {
                KeycloakAuth.discover(vertx, oAuth2ClientOptions, new Handler<AsyncResult<OAuth2Auth>>() { // from class: io.quarkus.oidc.runtime.OidcRuntimeClient.6.1
                    public void handle(AsyncResult<OAuth2Auth> asyncResult) {
                        if (asyncResult.failed()) {
                            uniEmitter.fail(OidcRuntimeClient.toOidcException(asyncResult.cause(), oAuth2ClientOptions.getSite()));
                        } else {
                            uniEmitter.complete(OidcRuntimeClient.createClient((OAuth2Auth) asyncResult.result(), oidcTenantConfig));
                        }
                    }
                });
            }
        }).await().atMost(Duration.ofSeconds(OidcCommonUtils.getMaximumConnectionDelay(oidcTenantConfig) + 3));
    }

    public static OidcRuntimeClient setOidcEndpoints(final Vertx vertx, final OAuth2ClientOptions oAuth2ClientOptions, final OidcTenantConfig oidcTenantConfig) {
        return oAuth2ClientOptions.getJwkPath() != null ? (OidcRuntimeClient) Uni.createFrom().emitter(new Consumer<UniEmitter<? super OidcRuntimeClient>>() { // from class: io.quarkus.oidc.runtime.OidcRuntimeClient.7
            @Override // java.util.function.Consumer
            public void accept(UniEmitter<? super OidcRuntimeClient> uniEmitter) {
                OAuth2Auth create = OAuth2Auth.create(vertx, oAuth2ClientOptions);
                OAuth2ClientOptions oAuth2ClientOptions2 = oAuth2ClientOptions;
                OidcTenantConfig oidcTenantConfig2 = oidcTenantConfig;
                create.loadJWK(asyncResult -> {
                    if (asyncResult.failed()) {
                        uniEmitter.fail(OidcRuntimeClient.toOidcException(asyncResult.cause(), oAuth2ClientOptions2.getSite()));
                    } else {
                        uniEmitter.complete(OidcRuntimeClient.createClient(create, oidcTenantConfig2));
                    }
                });
            }
        }).await().atMost(Duration.ofSeconds(OidcCommonUtils.getMaximumConnectionDelay(oidcTenantConfig) + 3)) : new OidcRuntimeClient(OAuth2Auth.create(vertx, oAuth2ClientOptions));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static OidcRuntimeClient createClient(OAuth2Auth oAuth2Auth, OidcTenantConfig oidcTenantConfig) {
        oAuth2Auth.missingKeyHandler(new JwkSetRefreshHandler(oAuth2Auth, oidcTenantConfig.token.forcedJwkRefreshInterval));
        return new OidcRuntimeClient(oAuth2Auth);
    }

    public static OidcRuntimeClient createClientWithPublicKey(OAuth2ClientOptions oAuth2ClientOptions, String str) {
        oAuth2ClientOptions.addPubSecKey(new PubSecKeyOptions().setAlgorithm("RS256").setPublicKey(str));
        return new OidcRuntimeClient(new OAuth2AuthProviderImpl((Vertx) null, oAuth2ClientOptions));
    }

    protected static OIDCException toOidcException(Throwable th, String str) {
        return new OIDCException(OidcCommonUtils.formatConnectionErrorMessage(str), th);
    }

    public JsonObject validateTokenWithoutOidcServer(String str) throws Exception {
        OAuth2AuthProviderImpl oAuth2AuthProviderImpl = this.auth;
        JWT jwt = oAuth2AuthProviderImpl.getJWT();
        JsonObject decode = jwt.decode(str);
        jwt.isExpired(decode, oAuth2AuthProviderImpl.getConfig().getJWTOptions());
        return decode;
    }
}
