package org.modelio.vbasic.oidc;

import com.nimbusds.jose.HeaderParameterNames;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderConfigurationRequest;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.io.IOException;
import java.net.URI;
import java.time.Instant;
import java.util.Objects;
import javax.net.ssl.SSLException;
import org.modelio.vbasic.auth.OidcAuthData;
import org.modelio.vbasic.net.HttpErrorMapper;
import org.modelio.vbasic.net.HttpUriException;
import org.modelio.vbasic.net.SslManager;
import org.modelio.vbasic.oidc.IOidcAuthenticationFlow;
import org.modelio.vbasic.oidc.flows.OidClientCredentialsflow;
import org.modelio.vbasic.oidc.flows.OidUserPasswordFlow;
import org.modelio.vbasic.oidc.flows.OidcRefreshTokenFlow;

/* loaded from: input_file:org/modelio/vbasic/oidc/OidcAuthentications.class */
public class OidcAuthentications {
    public static final String PUBLIC_CLIENT_ID = "com-modelio-wildfly-public";
    private OIDCProviderMetadata oidcProviderMetadata;
    private URI modelioServerUrl;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/modelio/vbasic/oidc/OidcAuthentications$AccessTokenFlow.class */
    public static class AccessTokenFlow implements IOidcAuthenticationFlow {
        private final IOidcAuthenticationFlow.AuthResponse resp;
        private OidcAuthData oidcAuthData;

        public AccessTokenFlow(String str, String str2) {
            this.resp = new IOidcAuthenticationFlow.AuthResponse(new OIDCTokens(new BearerAccessToken(str), null), Instant.MAX);
            this.oidcAuthData = new OidcAuthData(() -> {
                return str;
            }, str2);
        }

        @Override // org.modelio.vbasic.oidc.IOidcAuthenticationFlow
        public IOidcAuthenticationFlow.AuthResponse run() throws IOException {
            return this.resp;
        }

        @Override // org.modelio.vbasic.oidc.IOidcAuthenticationFlow
        public OidcAuthData createAuthData() throws IOException {
            return super.createAuthData();
        }
    }

    public static OidcAuthentications fromServer(URI uri) {
        return new OidcAuthentications(uri);
    }

    public OidcAuthentications(URI uri) {
        this.modelioServerUrl = uri;
    }

    OIDCProviderMetadata getOIDCProviderMetadata() throws HttpUriException, IOException {
        if (this.oidcProviderMetadata == null) {
            this.oidcProviderMetadata = reloadOIDCProviderMetadata();
        }
        return this.oidcProviderMetadata;
    }

    private OIDCProviderMetadata reloadOIDCProviderMetadata() throws HttpUriException, IOException {
        HTTPResponse send;
        HTTPRequest.setDefaultSSLSocketFactory(SslManager.getInstance().getSslContext().getSocketFactory());
        HTTPRequest hTTPRequest = new OIDCProviderConfigurationRequest(new Issuer(this.modelioServerUrl)).toHTTPRequest();
        try {
            send = hTTPRequest.send();
        } catch (SSLException e) {
            if (!SslManager.getInstance().fixUntrustedServer(e, this.modelioServerUrl)) {
                throw e;
            }
            send = hTTPRequest.send();
        }
        if (!send.indicatesSuccess()) {
            throw HttpErrorMapper.create(send.getStatusCode(), hTTPRequest.getURL().toString(), send.getContent(), null);
        }
        try {
            return OIDCProviderMetadata.parse(send.getContentAsJSONObject());
        } catch (ParseException e2) {
            throw HttpErrorMapper.create(send.getStatusCode(), hTTPRequest.getURL().toString(), "Response parsing failed: " + e2.getLocalizedMessage(), e2);
        }
    }

    public OidcBrowserFlowBuilder browserFlow(IOidcWebBrowser iOidcWebBrowser) throws HttpUriException, IOException {
        Objects.requireNonNull(iOidcWebBrowser, "Browser not specified");
        return new OidcBrowserFlowBuilder(getOIDCProviderMetadata(), iOidcWebBrowser);
    }

    public IOidcAuthenticationFlow clientCredentialsFlow(String str, String str2) throws IOException {
        Objects.requireNonNull(str, "Client ID not specified");
        Objects.requireNonNull(str2, "Client secret not specified");
        OIDCProviderMetadata oIDCProviderMetadata = getOIDCProviderMetadata();
        ClientID clientID = new ClientID(str);
        Secret makeSecret = makeSecret(str2);
        return refreshable(clientID, makeSecret, oIDCProviderMetadata, new OidClientCredentialsflow(oIDCProviderMetadata, clientID, makeSecret));
    }

    public IOidcAuthenticationFlow tokenFlow(String str, String str2, String str3) throws IOException {
        Objects.requireNonNull(str3, "token not specified");
        OIDCProviderMetadata oIDCProviderMetadata = getOIDCProviderMetadata();
        ClientID clientID = new ClientID(str);
        Secret makeSecret = makeSecret(str2);
        IOidcAuthenticationFlow createAccessTokenFlow = createAccessTokenFlow(str3);
        return createAccessTokenFlow != null ? createAccessTokenFlow : new OidcRefreshTokenFlow(clientID, makeSecret, oIDCProviderMetadata, null, new IOidcAuthenticationFlow.AuthResponse(new OIDCTokens(new BearerAccessToken(), new RefreshToken(str3)), Instant.MIN));
    }

    private static IOidcAuthenticationFlow createAccessTokenFlow(String str) {
        try {
            JWT parse = JWTParser.parse(str);
            if ("Bearer".equals(parse.getJWTClaimsSet().getClaim(HeaderParameterNames.TYPE))) {
                return new AccessTokenFlow(str, parse.getJWTClaimsSet().getSubject());
            }
            return null;
        } catch (java.text.ParseException e) {
            return null;
        }
    }

    public IOidcAuthenticationFlow userPasswordFlow(String str, String str2, String str3, String str4) throws IOException {
        OIDCProviderMetadata oIDCProviderMetadata = getOIDCProviderMetadata();
        ClientID clientID = new ClientID(str);
        Secret makeSecret = makeSecret(str2);
        return refreshable(clientID, makeSecret, oIDCProviderMetadata, new OidUserPasswordFlow(oIDCProviderMetadata, clientID, makeSecret, str3, makeSecret(str4)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Secret makeSecret(String str) {
        if (str == null) {
            return null;
        }
        return new Secret(str);
    }

    static IOidcAuthenticationFlow refreshable(ClientID clientID, Secret secret, OIDCProviderMetadata oIDCProviderMetadata, IOidcAuthenticationFlow iOidcAuthenticationFlow) {
        return new OidcRefreshTokenFlow(clientID, secret, oIDCProviderMetadata, iOidcAuthenticationFlow);
    }
}
