package org.pac4j.oidc.credentials.authenticator;

import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.InitializableWebObject;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-oidc-2.0.0-RC2-SNAPSHOT.jar:org/pac4j/oidc/credentials/authenticator/OidcAuthenticator.class */
public class OidcAuthenticator extends InitializableWebObject implements Authenticator<OidcCredentials> {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OidcAuthenticator.class);
    private OidcConfiguration configuration;
    protected ClientAuthentication clientAuthentication;

    public OidcAuthenticator() {
    }

    public OidcAuthenticator(OidcConfiguration oidcConfiguration) {
        this.configuration = oidcConfiguration;
    }

    @Override // org.pac4j.core.util.InitializableWebObject
    protected void internalInit(WebContext webContext) {
        ClientAuthenticationMethod clientAuthenticationMethod;
        CommonHelper.assertNotNull("configuration", this.configuration);
        this.configuration.init(webContext);
        List<ClientAuthenticationMethod> tokenEndpointAuthMethods = this.configuration.getProviderMetadata().getTokenEndpointAuthMethods();
        ClientAuthenticationMethod clientAuthenticationMethod2 = this.configuration.getClientAuthenticationMethod();
        if (!CommonHelper.isNotEmpty(tokenEndpointAuthMethods)) {
            clientAuthenticationMethod = ClientAuthenticationMethod.getDefault();
            logger.warn("Provider metadata does not provide Token endpoint authentication methods. Defaulting to: {}", clientAuthenticationMethod);
        } else if (tokenEndpointAuthMethods.contains(clientAuthenticationMethod2)) {
            clientAuthenticationMethod = clientAuthenticationMethod2;
        } else {
            clientAuthenticationMethod = tokenEndpointAuthMethods.get(0);
            logger.warn("Preferred token endpoint Authentication method: {} not available. Defaulting to: {}", clientAuthenticationMethod2, clientAuthenticationMethod);
        }
        ClientID clientID = new ClientID(this.configuration.getClientId());
        Secret secret = new Secret(this.configuration.getSecret());
        if (ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(clientAuthenticationMethod)) {
            this.clientAuthentication = new ClientSecretPost(clientID, secret);
        } else {
            if (!ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(clientAuthenticationMethod)) {
                throw new TechnicalException("Unsupported client authentication method: " + clientAuthenticationMethod);
            }
            this.clientAuthentication = new ClientSecretBasic(clientID, secret);
        }
    }

    @Override // org.pac4j.core.credentials.authenticator.Authenticator
    public void validate(OidcCredentials oidcCredentials, WebContext webContext) throws HttpAction {
        init(webContext);
        AuthorizationCode code = oidcCredentials.getCode();
        if (code != null) {
            try {
                HTTPRequest hTTPRequest = new TokenRequest(this.configuration.getProviderMetadata().getTokenEndpointURI(), this.clientAuthentication, new AuthorizationCodeGrant(code, new URI(this.configuration.getCallbackUrl()))).toHTTPRequest();
                hTTPRequest.setConnectTimeout(this.configuration.getConnectTimeout());
                hTTPRequest.setReadTimeout(this.configuration.getReadTimeout());
                HTTPResponse send = hTTPRequest.send();
                logger.debug("Token response: status={}, content={}", Integer.valueOf(send.getStatusCode()), send.getContent());
                TokenResponse parse = OIDCTokenResponseParser.parse(send);
                if (parse instanceof TokenErrorResponse) {
                    throw new TechnicalException("Bad token response, error=" + ((TokenErrorResponse) parse).getErrorObject());
                }
                logger.debug("Token response successful");
                OIDCTokens oIDCTokens = ((OIDCTokenResponse) parse).getOIDCTokens();
                oidcCredentials.setAccessToken(oIDCTokens.getAccessToken());
                oidcCredentials.setRefreshToken(oIDCTokens.getRefreshToken());
                oidcCredentials.setIdToken(oIDCTokens.getIDToken());
            } catch (ParseException | IOException | URISyntaxException e) {
                throw new TechnicalException(e);
            }
        }
    }

    public OidcConfiguration getConfiguration() {
        return this.configuration;
    }

    public void setConfiguration(OidcConfiguration oidcConfiguration) {
        this.configuration = oidcConfiguration;
    }

    public ClientAuthentication getClientAuthentication() {
        return this.clientAuthentication;
    }

    public String toString() {
        return CommonHelper.toString(getClass(), "configuration", this.configuration, "clientAuthentication", this.clientAuthentication);
    }
}
