package org.pac4j.oidc.credentials.extractor;

import com.nimbusds.jwt.JWT;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationResponseParser;
import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.extractor.CredentialsExtractor;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.InitializableWebObject;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/pac4j-oidc-2.2.1.jar:org/pac4j/oidc/credentials/extractor/OidcExtractor.class */
public class OidcExtractor extends InitializableWebObject implements CredentialsExtractor<OidcCredentials> {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OidcExtractor.class);
    private OidcConfiguration configuration;
    private String clientName;

    public OidcExtractor() {
    }

    public OidcExtractor(OidcConfiguration oidcConfiguration, String str) {
        this.configuration = oidcConfiguration;
        this.clientName = str;
    }

    @Override // org.pac4j.core.util.InitializableWebObject
    protected void internalInit(WebContext webContext) {
        CommonHelper.assertNotNull("configuration", this.configuration);
        CommonHelper.assertNotBlank("clientName", this.clientName);
        this.configuration.init(webContext);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pac4j.core.credentials.extractor.CredentialsExtractor
    public OidcCredentials extract(WebContext webContext) throws HttpAction {
        init(webContext);
        try {
            AuthenticationResponse parse = AuthenticationResponseParser.parse(new URI(this.configuration.getCallbackUrl()), retrieveParameters(webContext));
            if (parse instanceof AuthenticationErrorResponse) {
                logger.error("Bad authentication response, error={}", ((AuthenticationErrorResponse) parse).getErrorObject());
                return null;
            }
            logger.debug("Authentication response successful");
            AuthenticationSuccessResponse authenticationSuccessResponse = (AuthenticationSuccessResponse) parse;
            State state = authenticationSuccessResponse.getState();
            if (state == null) {
                throw new TechnicalException("Missing state parameter");
            }
            if (!state.equals(webContext.getSessionAttribute(OidcConfiguration.STATE_SESSION_ATTRIBUTE))) {
                throw new TechnicalException("State parameter is different from the one sent in authentication request. Session expired or possible threat of cross-site request forgery");
            }
            OidcCredentials oidcCredentials = new OidcCredentials(this.clientName);
            AuthorizationCode authorizationCode = authenticationSuccessResponse.getAuthorizationCode();
            if (authorizationCode != null) {
                oidcCredentials.setCode(authorizationCode);
            }
            JWT iDToken = authenticationSuccessResponse.getIDToken();
            if (iDToken != null) {
                oidcCredentials.setIdToken(iDToken);
            }
            AccessToken accessToken = authenticationSuccessResponse.getAccessToken();
            if (accessToken != null) {
                oidcCredentials.setAccessToken(accessToken);
            }
            return oidcCredentials;
        } catch (ParseException | URISyntaxException e) {
            throw new TechnicalException(e);
        }
    }

    protected Map<String, String> retrieveParameters(WebContext webContext) {
        Map<String, String[]> requestParameters = webContext.getRequestParameters();
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String[]> entry : requestParameters.entrySet()) {
            hashMap.put(entry.getKey(), entry.getValue()[0]);
        }
        return hashMap;
    }

    public String toString() {
        return CommonHelper.toString(getClass(), "configuration", this.configuration, "clientName", this.clientName);
    }
}
