package io.helidon.security.providers.oidc;

import io.helidon.common.CollectionsHelper;
import io.helidon.common.OptionalHelper;
import io.helidon.common.http.Http;
import io.helidon.config.Config;
import io.helidon.security.providers.oidc.common.OidcConfig;
import io.helidon.webserver.Handler;
import io.helidon.webserver.Routing;
import io.helidon.webserver.ServerRequest;
import io.helidon.webserver.ServerResponse;
import io.helidon.webserver.Service;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.json.JsonObject;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.Response;

/* loaded from: input_file:io/helidon/security/providers/oidc/OidcSupport.class */
public final class OidcSupport implements Service {
    private static final Logger LOGGER = Logger.getLogger(OidcSupport.class.getName());
    private static final String CODE_PARAM_NAME = "code";
    private static final String STATE_PARAM_NAME = "state";
    private static final String DEFAULT_REDIRECT = "/index.html";
    private final OidcConfig oidcConfig;

    private OidcSupport(OidcConfig oidcConfig) {
        this.oidcConfig = oidcConfig;
    }

    public static OidcSupport create(Config config, String str) {
        return create(OidcConfig.create(findMyKey(config, str)));
    }

    public void update(Routing.Rules rules) {
        rules.get(this.oidcConfig.redirectUri(), new Handler[]{this::processOidcRedirect}).any(new Handler[]{this::addRequestAsHeader});
    }

    private void addRequestAsHeader(ServerRequest serverRequest, ServerResponse serverResponse) {
        Map map = (Map) serverRequest.context().get("security.addHeaders", Map.class).map(map2 -> {
            return map2;
        }).orElseGet(() -> {
            HashMap hashMap = new HashMap();
            serverRequest.context().register("security.addHeaders", hashMap);
            return hashMap;
        });
        String query = serverRequest.query();
        if (null == query || query.isEmpty()) {
            map.put("X_ORIG_URI_HEADER", CollectionsHelper.listOf(new String[]{serverRequest.uri().getPath()}));
        } else {
            map.put("X_ORIG_URI_HEADER", CollectionsHelper.listOf(new String[]{serverRequest.uri().getPath() + "?" + query}));
        }
        serverRequest.next();
    }

    private void processOidcRedirect(ServerRequest serverRequest, ServerResponse serverResponse) {
        OptionalHelper.from(serverRequest.queryParams().first(CODE_PARAM_NAME)).ifPresentOrElse(str -> {
            processCode(str, serverRequest, serverResponse);
        }, () -> {
            processError(serverRequest, serverResponse);
        });
    }

    private void processCode(String str, ServerRequest serverRequest, ServerResponse serverResponse) {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("grant_type", "authorization_code");
        multivaluedHashMap.putSingle(CODE_PARAM_NAME, str);
        multivaluedHashMap.putSingle("redirect_uri", this.oidcConfig.redirectUriWithHost());
        Response post = this.oidcConfig.tokenEndpoint().request().accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).post(Entity.form(multivaluedHashMap));
        if (post.getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) {
            LOGGER.log(Level.FINE, "Invalid token or failed request when connecting to OIDC Token Endpoint. Response: " + ((String) post.readEntity(String.class)));
            serverResponse.status(Http.Status.UNAUTHORIZED_401);
            serverResponse.send("Not a valid authorization code");
            return;
        }
        String string = ((JsonObject) post.readEntity(JsonObject.class)).getString("access_token");
        String str2 = (String) serverRequest.queryParams().first(STATE_PARAM_NAME).orElse(DEFAULT_REDIRECT);
        serverResponse.status(Http.Status.TEMPORARY_REDIRECT_307);
        if (this.oidcConfig.useParam()) {
            str2 = str2.contains("?") ? str2 + "&" + this.oidcConfig.paramName() + "=" + string : str2 + "?" + this.oidcConfig.paramName() + "=" + string;
        }
        serverResponse.headers().add("Location", new String[]{increaseRedirectCounter(str2)});
        if (this.oidcConfig.useCookie()) {
            serverResponse.headers().add("Set-Cookie", new String[]{this.oidcConfig.cookieName() + "=" + string + this.oidcConfig.cookieOptions()});
        }
        serverResponse.send();
    }

    String increaseRedirectCounter(String str) {
        if (!str.contains("?")) {
            return str + "?" + this.oidcConfig.redirectAttemptParam() + "=1";
        }
        Matcher matcher = Pattern.compile(".*?(" + this.oidcConfig.redirectAttemptParam() + "=\\d+).*").matcher(str);
        if (!matcher.matches()) {
            return str + "&" + this.oidcConfig.redirectAttemptParam() + "=1";
        }
        String group = matcher.group(1);
        return str.replace(group, this.oidcConfig.redirectAttemptParam() + "=" + (Integer.parseInt(group.substring(group.lastIndexOf(61) + 1)) + 1));
    }

    public static OidcSupport create(Config config) {
        return create(config, OidcProviderService.PROVIDER_CONFIG_KEY);
    }

    private void processError(ServerRequest serverRequest, ServerResponse serverResponse) {
        String str = (String) serverRequest.queryParams().first("error").orElse("invalid_request");
        String str2 = (String) serverRequest.queryParams().first("error_description").orElseGet(() -> {
            return "Failed to process authorization request. Expected redirect from OIDC server with code parameter, but got: " + serverRequest.query();
        });
        LOGGER.log(Level.WARNING, () -> {
            return "Received request on OIDC endpoint with no code. Error: " + str + " Error description: " + str2;
        });
        serverResponse.status(Http.Status.BAD_REQUEST_400);
        serverResponse.send("{\"error\": \"" + str + "\", \"error_description\": \"" + str2 + "\"}");
    }

    public static OidcSupport create(OidcConfig oidcConfig) {
        return new OidcSupport(oidcConfig);
    }

    private static Config findMyKey(Config config, String str) {
        return config.key().name().equals(str) ? config : (Config) ((List) config.get("security.providers").asNodeList().get()).stream().filter(config2 -> {
            return config2.get(str).exists();
        }).findFirst().map(config3 -> {
            return config3.get(str);
        }).orElseThrow(() -> {
            return new SecurityException("No configuration found for provider named: " + str);
        });
    }
}
