package io.vertx.ext.auth.oauth2.impl;

import io.vertx.core.Future;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpClient;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.RequestOptions;
import io.vertx.core.internal.logging.Logger;
import io.vertx.core.internal.logging.LoggerFactory;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.impl.Codec;
import io.vertx.ext.auth.impl.http.SimpleHttpClient;
import io.vertx.ext.auth.impl.http.SimpleHttpResponse;
import io.vertx.ext.auth.impl.jose.JWT;
import io.vertx.ext.auth.oauth2.OAuth2AuthorizationURL;
import io.vertx.ext.auth.oauth2.OAuth2Options;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.SignatureException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:io/vertx/ext/auth/oauth2/impl/OAuth2API.class */
public class OAuth2API {
    private static final Logger LOG = LoggerFactory.getLogger(OAuth2API.class);
    private static final Pattern MAX_AGE = Pattern.compile("max-age=\"?(\\d+)\"?");
    private final HttpClient client;
    private final OAuth2Options config;

    public OAuth2API(Vertx vertx, OAuth2Options oAuth2Options) {
        this.config = oAuth2Options;
        this.client = vertx.createHttpClient(oAuth2Options.getHttpClientOptions());
    }

    public Future<JsonObject> jwkSet() {
        JsonObject jsonObject = new JsonObject();
        jsonObject.put("Accept", "application/jwk-set+json, application/json");
        return fetch(HttpMethod.GET, this.config.getJwkPath(), jsonObject, null).compose(simpleHttpResponse -> {
            if (simpleHttpResponse.body() == null || simpleHttpResponse.body().length() == 0) {
                return Future.failedFuture("No Body");
            }
            if (!simpleHttpResponse.is("application/jwk-set+json") && !simpleHttpResponse.is("application/json")) {
                return Future.failedFuture("Cannot handle content type: " + simpleHttpResponse.headers().get("Content-Type"));
            }
            try {
                JsonObject jsonObject2 = new JsonObject(simpleHttpResponse.body());
                try {
                    if (jsonObject2.containsKey("error")) {
                        return Future.failedFuture(extractErrorDescription(jsonObject2));
                    }
                    List<String> all = simpleHttpResponse.headers().getAll(HttpHeaders.CACHE_CONTROL);
                    if (all != null) {
                        for (String str : all) {
                            if (str.length() > 8) {
                                Matcher matcher = MAX_AGE.matcher(str);
                                if (matcher.find()) {
                                    try {
                                        jsonObject2.put("maxAge", Long.valueOf(matcher.group(1)));
                                        break;
                                    } catch (RuntimeException e) {
                                    }
                                } else {
                                    continue;
                                }
                            }
                        }
                    }
                    return Future.succeededFuture(jsonObject2);
                } catch (RuntimeException e2) {
                    return Future.failedFuture(e2);
                }
            } catch (RuntimeException e3) {
                return Future.failedFuture(e3);
            }
        });
    }

    public String authorizeURL(OAuth2AuthorizationURL oAuth2AuthorizationURL) {
        JsonObject jsonObject = new JsonObject();
        if (oAuth2AuthorizationURL.getAdditionalParameters() != null) {
            Map<String, String> additionalParameters = oAuth2AuthorizationURL.getAdditionalParameters();
            Objects.requireNonNull(jsonObject);
            additionalParameters.forEach((v1, v2) -> {
                r1.put(v1, v2);
            });
        }
        jsonObject.put("state", oAuth2AuthorizationURL.getState());
        if (oAuth2AuthorizationURL.getScopes() != null) {
            jsonObject.put("scope", String.join(this.config.getScopeSeparator(), oAuth2AuthorizationURL.getScopes()));
        }
        jsonObject.put("response_type", "code");
        String clientId = this.config.getClientId();
        if (clientId != null) {
            jsonObject.put("client_id", clientId);
        } else {
            if (this.config.getClientAssertionType() != null) {
                jsonObject.put("client_assertion_type", this.config.getClientAssertionType());
            }
            if (this.config.getClientAssertion() != null) {
                jsonObject.put("client_assertion", this.config.getClientAssertion());
            }
        }
        String authorizationPath = this.config.getAuthorizationPath();
        return (authorizationPath.charAt(0) == '/' ? this.config.getSite() + authorizationPath : authorizationPath) + "?" + String.valueOf(SimpleHttpClient.jsonToQuery(jsonObject));
    }

    public Future<JsonObject> token(String str, JsonObject jsonObject) {
        if (str == null) {
            return Future.failedFuture("Token request requires a grantType other than null");
        }
        JsonObject jsonObject2 = new JsonObject();
        JsonObject copy = jsonObject.copy();
        if (this.config.getExtraParameters() != null) {
            copy.mergeIn(this.config.getExtraParameters());
        }
        copy.put("grant_type", str);
        if (!clientAuthentication(jsonObject2, copy) && this.config.getClientId() == null) {
            if (this.config.getClientAssertionType() != null) {
                copy.put("client_assertion_type", this.config.getClientAssertionType());
            }
            if (this.config.getClientAssertion() != null) {
                copy.put("client_assertion", this.config.getClientAssertion());
            }
        }
        jsonObject2.put("Content-Type", "application/x-www-form-urlencoded");
        Buffer jsonToQuery = SimpleHttpClient.jsonToQuery(copy);
        jsonObject2.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.POST, this.config.getTokenPath(), jsonObject2, jsonToQuery).compose(simpleHttpResponse -> {
            JsonObject jsonObject3;
            if (simpleHttpResponse.body() == null || simpleHttpResponse.body().length() == 0) {
                return Future.failedFuture("No Body");
            }
            if (simpleHttpResponse.is("application/json")) {
                try {
                    jsonObject3 = simpleHttpResponse.jsonObject();
                } catch (RuntimeException e) {
                    return Future.failedFuture(e);
                }
            } else {
                if (!simpleHttpResponse.is("application/x-www-form-urlencoded") && !simpleHttpResponse.is("text/plain")) {
                    return Future.failedFuture("Cannot handle content type: " + simpleHttpResponse.headers().get("Content-Type"));
                }
                try {
                    jsonObject3 = SimpleHttpClient.queryToJson(simpleHttpResponse.body());
                } catch (UnsupportedEncodingException | RuntimeException e2) {
                    return Future.failedFuture(e2);
                }
            }
            if (jsonObject3 != null) {
                try {
                    if (!jsonObject3.containsKey("error")) {
                        processNonStandardHeaders(jsonObject3, simpleHttpResponse, this.config.getScopeSeparator());
                        return Future.succeededFuture(jsonObject3);
                    }
                } catch (RuntimeException e3) {
                    return Future.failedFuture(e3);
                }
            }
            return Future.failedFuture(extractErrorDescription(jsonObject3));
        });
    }

    public Future<JsonObject> tokenIntrospection(String str, String str2) {
        JsonObject put = new JsonObject().put("Content-Type", "application/x-www-form-urlencoded");
        JsonObject put2 = new JsonObject().put("token", str2).put("token_type_hint", str);
        clientAuthentication(put, put2);
        Buffer jsonToQuery = SimpleHttpClient.jsonToQuery(put2);
        put.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.POST, this.config.getIntrospectionPath(), put, jsonToQuery).compose(simpleHttpResponse -> {
            JsonObject jsonObject;
            if (simpleHttpResponse.body() == null || simpleHttpResponse.body().length() == 0) {
                return Future.failedFuture("No Body");
            }
            if (simpleHttpResponse.is("application/json")) {
                try {
                    jsonObject = simpleHttpResponse.jsonObject();
                } catch (RuntimeException e) {
                    return Future.failedFuture(e);
                }
            } else {
                if (!simpleHttpResponse.is("application/x-www-form-urlencoded") && !simpleHttpResponse.is("text/plain")) {
                    return Future.failedFuture("Cannot handle accessToken type: " + simpleHttpResponse.headers().get("Content-Type"));
                }
                try {
                    jsonObject = SimpleHttpClient.queryToJson(simpleHttpResponse.body());
                } catch (UnsupportedEncodingException | RuntimeException e2) {
                    return Future.failedFuture(e2);
                }
            }
            if (jsonObject != null) {
                try {
                    if (!jsonObject.containsKey("error")) {
                        processNonStandardHeaders(jsonObject, simpleHttpResponse, this.config.getScopeSeparator());
                        return Future.succeededFuture(jsonObject);
                    }
                } catch (RuntimeException e3) {
                    return Future.failedFuture(e3);
                }
            }
            return Future.failedFuture(extractErrorDescription(jsonObject));
        });
    }

    public Future<Void> tokenRevocation(String str, String str2) {
        if (str2 == null) {
            return Future.failedFuture("Cannot revoke null token");
        }
        JsonObject put = new JsonObject().put("Content-Type", "application/x-www-form-urlencoded");
        JsonObject put2 = new JsonObject().put("token", str2).put("token_type_hint", str);
        clientAuthentication(put, put2);
        Buffer jsonToQuery = SimpleHttpClient.jsonToQuery(put2);
        put.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.POST, this.config.getRevocationPath(), put, jsonToQuery).compose(simpleHttpResponse -> {
            return simpleHttpResponse.body() == null ? Future.failedFuture("No Body") : Future.succeededFuture();
        });
    }

    public Future<JsonObject> userInfo(String str, JWT jwt) {
        JsonObject jsonObject = new JsonObject();
        JsonObject userInfoParameters = this.config.getUserInfoParameters();
        String userInfoPath = this.config.getUserInfoPath();
        if (userInfoPath == null) {
            return Future.failedFuture("userInfo path is not configured");
        }
        if (userInfoParameters != null) {
            userInfoPath = userInfoPath + "?" + String.valueOf(SimpleHttpClient.jsonToQuery(userInfoParameters));
        }
        jsonObject.put("Authorization", "Bearer " + str);
        jsonObject.put("Accept", "application/json,application/jwt,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.GET, userInfoPath, jsonObject, null).compose(simpleHttpResponse -> {
            JsonObject jsonObject2;
            Buffer body = simpleHttpResponse.body();
            if (body == null) {
                return Future.failedFuture("No Body");
            }
            if (simpleHttpResponse.is("application/json")) {
                try {
                    jsonObject2 = simpleHttpResponse.jsonObject();
                } catch (RuntimeException e) {
                    return Future.failedFuture(e);
                }
            } else if (simpleHttpResponse.is("application/jwt")) {
                try {
                    jsonObject2 = jwt.decode(body.toString(StandardCharsets.UTF_8));
                } catch (RuntimeException | SignatureException e2) {
                    return Future.failedFuture(e2);
                }
            } else {
                if (!simpleHttpResponse.is("application/x-www-form-urlencoded") && !simpleHttpResponse.is("text/plain")) {
                    return Future.failedFuture("Cannot handle Content-Type: " + simpleHttpResponse.headers().get("Content-Type"));
                }
                try {
                    jsonObject2 = SimpleHttpClient.queryToJson(simpleHttpResponse.body());
                } catch (UnsupportedEncodingException | RuntimeException e3) {
                    return Future.failedFuture(e3);
                }
            }
            processNonStandardHeaders(jsonObject2, simpleHttpResponse, this.config.getScopeSeparator());
            return Future.succeededFuture(jsonObject2);
        });
    }

    public String endSessionURL(String str, JsonObject jsonObject) {
        String logoutPath = this.config.getLogoutPath();
        if (logoutPath == null) {
            return null;
        }
        JsonObject copy = jsonObject.copy();
        if (str != null) {
            copy.put("id_token_hint", str);
        }
        return (logoutPath.charAt(0) == '/' ? this.config.getSite() + logoutPath : logoutPath) + "?" + String.valueOf(SimpleHttpClient.jsonToQuery(copy));
    }

    private boolean clientAuthentication(JsonObject jsonObject, JsonObject jsonObject2) {
        boolean z = (this.config.getClientId() == null || this.config.getClientSecret() == null) ? false : true;
        if (z) {
            if (this.config.isUseBasicAuthorization()) {
                jsonObject.put("Authorization", "Basic " + Codec.base64Encode((this.config.getClientId() + ":" + this.config.getClientSecret()).getBytes(StandardCharsets.UTF_8)));
            } else {
                jsonObject2.put("client_id", this.config.getClientId());
                jsonObject2.put("client_secret", this.config.getClientSecret());
            }
        } else if (this.config.getClientId() != null) {
            jsonObject2.put("client_id", this.config.getClientId());
        }
        return z;
    }

    private String extractErrorDescription(JsonObject jsonObject) {
        String obj;
        if (jsonObject == null) {
            return "null";
        }
        Object value = jsonObject.getValue("error");
        if (value instanceof JsonObject) {
            obj = ((JsonObject) value).getString("message");
        } else {
            try {
                obj = jsonObject.getString("error_description", jsonObject.getString("error"));
            } catch (RuntimeException e) {
                obj = value.toString();
            }
        }
        return obj == null ? "null" : obj;
    }

    public Future<SimpleHttpResponse> fetch(HttpMethod httpMethod, String str, JsonObject jsonObject, Buffer buffer) {
        if (str == null || str.length() == 0) {
            return Future.failedFuture("Invalid path");
        }
        String str2 = str.charAt(0) == '/' ? this.config.getSite() + str : str;
        LOG.debug("Fetching URL: " + str2);
        RequestOptions absoluteURI = new RequestOptions().setMethod(httpMethod).setAbsoluteURI(str2);
        JsonObject headers = this.config.getHeaders();
        if (headers != null) {
            Iterator it = headers.iterator();
            while (it.hasNext()) {
                Map.Entry entry = (Map.Entry) it.next();
                absoluteURI.addHeader((String) entry.getKey(), (String) entry.getValue());
            }
        }
        if (jsonObject != null) {
            Iterator it2 = jsonObject.iterator();
            while (it2.hasNext()) {
                Map.Entry entry2 = (Map.Entry) it2.next();
                absoluteURI.addHeader((String) entry2.getKey(), (String) entry2.getValue());
            }
        }
        if (this.config.getUserAgent() != null) {
            absoluteURI.addHeader("User-Agent", this.config.getUserAgent());
        }
        if (httpMethod != HttpMethod.POST && httpMethod != HttpMethod.PATCH && httpMethod != HttpMethod.PUT) {
            buffer = null;
        }
        return makeRequest(absoluteURI, buffer);
    }

    private Future<SimpleHttpResponse> makeRequest(RequestOptions requestOptions, Buffer buffer) {
        return this.client.request(requestOptions).compose(httpClientRequest -> {
            r0 = httpClientResponse -> {
                return httpClientResponse.body().compose(buffer2 -> {
                    SimpleHttpResponse simpleHttpResponse = new SimpleHttpResponse(httpClientResponse.statusCode(), httpClientResponse.headers(), buffer2);
                    if (httpClientResponse.statusCode() >= 200 && httpClientResponse.statusCode() < 300) {
                        return Future.succeededFuture(simpleHttpResponse);
                    }
                    if (simpleHttpResponse.body() == null || simpleHttpResponse.body().length() == 0) {
                        return Future.failedFuture(httpClientResponse.statusMessage());
                    }
                    if (simpleHttpResponse.is("application/json")) {
                        try {
                            JsonObject jsonObject = simpleHttpResponse.jsonObject();
                            if (jsonObject != null && jsonObject.containsKey("error")) {
                                return jsonObject.containsKey("error_description") ? Future.failedFuture(jsonObject.getString("error") + ": " + jsonObject.getString("error_description")) : Future.failedFuture(jsonObject.getString("error"));
                            }
                        } catch (RuntimeException e) {
                        }
                    }
                    return Future.failedFuture(httpClientResponse.statusMessage() + ": " + String.valueOf(simpleHttpResponse.body()));
                });
            };
            return buffer != null ? httpClientRequest.send(buffer).compose(r0) : httpClientRequest.send().compose(r0);
        });
    }

    public static void processNonStandardHeaders(JsonObject jsonObject, SimpleHttpResponse simpleHttpResponse, String str) {
        String header = simpleHttpResponse.getHeader("X-OAuth-Scopes");
        String header2 = simpleHttpResponse.getHeader("X-Accepted-OAuth-Scopes");
        if (header != null) {
            LOG.trace("Received non-standard X-OAuth-Scopes: " + header);
            if (jsonObject.containsKey("scope")) {
                jsonObject.put("scope", jsonObject.getString("scope") + str + header);
            } else {
                jsonObject.put("scope", header);
            }
        }
        if (header2 != null) {
            LOG.trace("Received non-standard X-Accepted-OAuth-Scopes: " + header2);
            jsonObject.put("acceptedScopes", header2);
        }
    }
}
