package com.premiumminds.flowable.service;

import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse;
import com.nimbusds.oauth2.sdk.AuthorizationRequest;
import com.nimbusds.oauth2.sdk.AuthorizationResponse;
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import com.premiumminds.flowable.conf.KeycloakProperties;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/premiumminds/flowable/service/OIDCClient.class */
public class OIDCClient extends OIDCRequestService {
    private final KeycloakProperties properties;
    private final Issuer issuer;
    private final ClientID clientID;
    private final Secret clientSecret;
    private final URI callbackUri;
    private final Scope scope;
    private final OIDCProviderMetadata providerMetadata;

    public OIDCClient(KeycloakProperties keycloakProperties, OIDCMetadataHolder oIDCMetadataHolder) {
        super(keycloakProperties);
        this.properties = keycloakProperties;
        this.issuer = new Issuer(keycloakProperties.getIssuerUrl());
        this.clientID = new ClientID(keycloakProperties.getClient().getClientId());
        this.clientSecret = new Secret(keycloakProperties.getClient().getClientSecret());
        this.callbackUri = URI.create(keycloakProperties.getClient().getRedirectUri());
        this.scope = Scope.parse(keycloakProperties.getClient().getScope());
        this.providerMetadata = oIDCMetadataHolder.getProviderMetadata();
    }

    public URI login() {
        return new AuthorizationRequest.Builder(new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE}), this.clientID).scope(this.scope).redirectionURI(this.callbackUri).endpointURI(this.providerMetadata.getAuthorizationEndpointURI()).build().toURI();
    }

    public OIDCTokens getOIDCTokens(HttpServletRequest httpServletRequest) {
        try {
            TokenResponse parse = OIDCTokenResponseParser.parse(configureHttpRequest(new TokenRequest(this.providerMetadata.getTokenEndpointURI(), new ClientSecretBasic(this.clientID, this.clientSecret), new AuthorizationCodeGrant(extractAuthorizationCode(httpServletRequest), this.callbackUri)).toHTTPRequest()).send());
            if (parse.indicatesSuccess()) {
                return parse.toSuccessResponse().getOIDCTokens();
            }
            TokenErrorResponse errorResponse = parse.toErrorResponse();
            throw new RuntimeException("OpenID Connect - error getting token. Message from issuer server\n\tcode: " + errorResponse.getErrorObject().getCode() + "\tmessage: " + errorResponse.getErrorObject().getDescription());
        } catch (Exception e) {
            throw new RuntimeException("OpenID Connect - error getting token", e);
        }
    }

    private AuthorizationCode extractAuthorizationCode(HttpServletRequest httpServletRequest) {
        URI create = URI.create(getFullURL(httpServletRequest));
        try {
            AuthorizationResponse parse = AuthorizationResponse.parse(create);
            if (parse.indicatesSuccess()) {
                return parse.toSuccessResponse().getAuthorizationCode();
            }
            AuthorizationErrorResponse errorResponse = parse.toErrorResponse();
            throw new RuntimeException("OpenID Connect - error getting authorization code. Message from issuer server\n\tcode: " + errorResponse.getErrorObject().getCode() + "\tmessage: " + errorResponse.getErrorObject().getDescription());
        } catch (ParseException e) {
            throw new RuntimeException("OpenID Connect - error parsing callback request '" + create.toASCIIString() + "'", e);
        }
    }

    public OIDCTokens authenticate(String str, String str2) {
        try {
            OIDCTokenResponse parse = OIDCTokenResponse.parse(configureHttpRequest(new TokenRequest(this.providerMetadata.getTokenEndpointURI(), new ClientSecretPost(new ClientID(str), new Secret(str2)), new ClientCredentialsGrant()).toHTTPRequest()).send());
            if (parse.indicatesSuccess()) {
                return parse.getOIDCTokens();
            }
            TokenErrorResponse errorResponse = parse.toErrorResponse();
            throw new RuntimeException("OpenID Connect - error authenticating client. Message from issuer server\n\tcode: " + errorResponse.getErrorObject().getCode() + "\tmessage: " + errorResponse.getErrorObject().getDescription());
        } catch (Exception e) {
            throw new RuntimeException("OpenID Connect - error authenticating client", e);
        }
    }

    private static String getFullURL(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURL().toString());
        String queryString = httpServletRequest.getQueryString();
        return queryString == null ? sb.toString() : sb.append('?').append(queryString).toString();
    }
}
