package app.utils.security.client;

import app.utils.config.AppConfig;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import java.io.InputStream;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.HashMap;
import java.util.Map;
import org.apache.cxf.jaxrs.AbstractJAXRSFactoryBean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:app/utils/security/client/AppClientAuth.class */
public class AppClientAuth {
    private static final String DEFAULT_LEGACY_PUBLIC_CLIENT_ID = "aFSloIZSXHRQtA";
    private static final String DEFAULT_LEGACY_OIDC_SCOPE = "openid";
    private static final Logger LOG = LoggerFactory.getLogger(AppClientAuth.class);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    private static final TypeReference<HashMap<String, String>> HASH_MAP_TYPE_REF = new TypeReference<HashMap<String, String>>() { // from class: app.utils.security.client.AppClientAuth.1
    };
    private static final HttpClient httpClient = HttpClient.newHttpClient();

    @FunctionalInterface
    /* loaded from: input_file:app/utils/security/client/AppClientAuth$GetAuthHeaderFun.class */
    public interface GetAuthHeaderFun {
        String generate() throws Exception;
    }

    public static String getLegacyOIDCAuthHeader(String str, String str2) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("OIDC username is a required parameter");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("OIDC password is a required parameter");
        }
        String string = AppConfig.getString("token.endpoint");
        if (string == null || string.isEmpty()) {
            throw new Exception("Token endpoint setting is null or empty");
        }
        String string2 = AppConfig.getString("public.client.id");
        if (string2 == null) {
            string2 = DEFAULT_LEGACY_PUBLIC_CLIENT_ID;
        } else if (string2.isEmpty()) {
            throw new Exception("OIDC client ID setting is empty");
        }
        String string3 = AppConfig.getString("scope");
        if (string3 == null) {
            string3 = DEFAULT_LEGACY_OIDC_SCOPE;
        }
        HttpResponse send = httpClient.send(HttpRequest.newBuilder().uri(URI.create(string)).header("Content-Type", "application/x-www-form-urlencoded").POST(HttpRequest.BodyPublishers.ofString("grant_type=password&scope=" + string3 + "&username=" + str + "&password=" + str2 + "&client_id=" + string2)).build(), HttpResponse.BodyHandlers.ofInputStream());
        try {
            Map map = (Map) OBJECT_MAPPER.readValue((InputStream) send.body(), HASH_MAP_TYPE_REF);
            if (send.statusCode() != 200) {
                if (map.get("error") != null) {
                    throw new Exception("OIDC Access Token request failed: " + ((String) map.get("error")));
                }
                throw new Exception("OIDC token endpoint replied with HTTTP " + send.statusCode() + " on token request");
            }
            if ("Bearer".equals(map.get("token_type"))) {
                return "Bearer " + ((String) map.get("access_token"));
            }
            throw new Exception("Token returned from OIDC Access Token service is not of Bearer type");
        } catch (Exception e) {
            throw new Exception("Can not parse response from  OIDC Access Token service: ", e);
        }
    }

    public static void setLegacyOIDCAuthHeader(AbstractJAXRSFactoryBean abstractJAXRSFactoryBean, String str, String str2) {
        abstractJAXRSFactoryBean.getOutInterceptors().add(new AsyncClientInterceptor(() -> {
            return getLegacyOIDCAuthHeader(str, str2);
        }));
    }

    public static String getJWTAuthHeader() throws Exception {
        HTTPResponse send = new TokenRequest(new URI(AppConfig.getString("oauth.provider.token.endpoint")), new ClientSecretBasic(new ClientID(AppConfig.getString("oauth.client.id")), new Secret(AppConfig.getString("oauth.client.secret"))), new ClientCredentialsGrant()).toHTTPRequest().send();
        if (send.getStatusCode() != 200) {
            throw new Exception(String.format("JWT Access Token request failed with HTTP status code %d: %s ", Integer.valueOf(send.getStatusCode()), send.getContent()));
        }
        AccessToken accessToken = TokenResponse.parse(send).getTokens().getAccessToken();
        return String.format("%s %s", accessToken.getType().getValue(), accessToken.getValue());
    }

    public static void setJWTAuthHeader(AbstractJAXRSFactoryBean abstractJAXRSFactoryBean) {
        abstractJAXRSFactoryBean.getOutInterceptors().add(new AsyncClientInterceptor(() -> {
            return getJWTAuthHeader();
        }));
    }
}
