package app.utils.server.security.legacy.oidc;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Map;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.eclipse.jetty.security.DefaultUserIdentity;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.server.Authentication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:app/utils/server/security/legacy/oidc/OidcAccessTokenAuthenticator.class */
public class OidcAccessTokenAuthenticator extends LoginAuthenticator {
    private static Logger LOG = LoggerFactory.getLogger(OidcAccessTokenAuthenticator.class);
    private OidcConfiguration oidcConfiguration;

    public OidcAccessTokenAuthenticator(Map<String, String> map) {
        new OidcClientUtils(map);
        this.oidcConfiguration = OidcClientUtils.getOidcConfiguration();
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        String substring;
        String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
        return (header == null || !header.startsWith("Bearer ") || (substring = header.substring("Bearer ".length())) == null || substring.isEmpty() || !verifyAccessToken(substring)) ? Authentication.UNAUTHENTICATED : new UserAuthentication(getAuthMethod(), new DefaultUserIdentity((Subject) null, (Principal) null, new String[]{"user"}));
    }

    private boolean verifyAccessToken(String str) {
        String validationEndpoint = this.oidcConfiguration.getValidationEndpoint();
        HttpURLConnection httpURLConnection = null;
        try {
            if (validationEndpoint != null) {
                try {
                    if (!validationEndpoint.isEmpty()) {
                        HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(validationEndpoint).openConnection();
                        String format = String.format("token=%s&token_type_hint=access_token", URLEncoder.encode(str, "UTF-8"));
                        httpURLConnection2.setRequestMethod("POST");
                        httpURLConnection2.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                        httpURLConnection2.setDoOutput(true);
                        Throwable th = null;
                        try {
                            OutputStream outputStream = httpURLConnection2.getOutputStream();
                            try {
                                outputStream.write(format.getBytes("UTF-8"));
                                if (outputStream != null) {
                                    outputStream.close();
                                }
                                String str2 = OidcClientUtils.parseJson(new ByteArrayInputStream(((String) new BufferedReader(new InputStreamReader(httpURLConnection2.getInputStream())).lines().collect(Collectors.joining())).getBytes(StandardCharsets.UTF_8))).get("active");
                                if (str2 == null || !str2.equalsIgnoreCase("true")) {
                                    if (httpURLConnection2 == null) {
                                        return false;
                                    }
                                    httpURLConnection2.disconnect();
                                    return false;
                                }
                                if (httpURLConnection2 == null) {
                                    return true;
                                }
                                httpURLConnection2.disconnect();
                                return true;
                            } catch (Throwable th2) {
                                if (outputStream != null) {
                                    outputStream.close();
                                }
                                throw th2;
                            }
                        } catch (Throwable th3) {
                            if (0 == 0) {
                                th = th3;
                            } else if (null != th3) {
                                th.addSuppressed(th3);
                            }
                            throw th;
                        }
                    }
                } catch (IOException e) {
                    LOG.error("Something else than the token validity has gone wrong", e);
                    if (0 == 0) {
                        return false;
                    }
                    httpURLConnection.disconnect();
                    return false;
                }
            }
            throw new RuntimeException("Location of Oidc validation endpoint is not set");
        } catch (Throwable th4) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th4;
        }
    }

    public String getAuthMethod() {
        return "OAUTH";
    }

    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        return true;
    }
}
