package com.nimbusds.openid.connect.provider.spi.impl.subjects;

import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ciba.CIBAError;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.oauth2.sdk.util.StringUtils;
import com.nimbusds.openid.connect.provider.spi.InitContext;
import com.nimbusds.openid.connect.provider.spi.InvocationContext;
import com.nimbusds.openid.connect.provider.spi.impl.common.Loggers;
import com.nimbusds.openid.connect.provider.spi.subjects.LoginHintResolveException;
import com.nimbusds.openid.connect.provider.spi.subjects.LoginHintResolver;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
import net.jcip.annotations.ThreadSafe;

@ThreadSafe
/* loaded from: input_file:com/nimbusds/openid/connect/provider/spi/impl/subjects/LoginHintResolverDelegator.class */
public class LoginHintResolverDelegator implements LoginHintResolver {
    public static final String CONFIG_FILE_PATH = "/WEB-INF/loginHintResolverWebAPI.properties";
    private Configuration config;

    public void init(InitContext initContext) throws Exception {
        Properties properties = new Properties();
        InputStream resourceAsStream = initContext.getResourceAsStream(CONFIG_FILE_PATH);
        Loggers.MAIN.debug("[LHR1000] Loading {}: File {}found", CONFIG_FILE_PATH, resourceAsStream != null ? "" : "not ");
        if (resourceAsStream != null) {
            properties.load(resourceAsStream);
            Loggers.MAIN.debug("[LHR1001] Loaded {} properties: {}", CONFIG_FILE_PATH, properties);
        }
        this.config = new Configuration(properties);
        this.config.log();
    }

    Configuration getConfiguration() {
        return this.config;
    }

    public boolean isEnabled() {
        return this.config != null && this.config.enable;
    }

    public Subject resolveToSubject(String str, InvocationContext invocationContext) throws LoginHintResolveException {
        if (!isEnabled()) {
            throw new RuntimeException("Login hint resolver disabled");
        }
        HTTPRequest hTTPRequest = new LoginHintResolverRequest(invocationContext.getIssuer(), getConfiguration().url, getConfiguration().apiAccessToken, str).toHTTPRequest(getConfiguration().connectTimeout, getConfiguration().readTimeout);
        Loggers.CIBA.debug("[LHR0007] Login hint resolver: New HTTP POST to {}", hTTPRequest.getURL());
        try {
            HTTPResponse send = hTTPRequest.send();
            if (send.indicatesSuccess()) {
                Loggers.TOKEN.debug("[LHR0009] Login hint resolver: Received response: {}", send.getBody());
                try {
                    return new Subject(JSONObjectUtils.getNonBlankString(send.getBodyAsJSONObject(), "sub"));
                } catch (Exception e) {
                    Loggers.CIBA.error("[LHR0010] Login hint resolver: Invalid response: {}", e.getMessage(), e);
                    throw new RuntimeException("Invalid response: " + e.getMessage());
                }
            }
            ErrorObject parse = ErrorObject.parse(send);
            if (400 != parse.getHTTPStatusCode() || !CIBAError.UNKNOWN_USER_ID.equals(parse)) {
                Loggers.CIBA.error("[LHR0011] Login hint resolver: Unexpected HTTP response: {}", Integer.valueOf(send.getStatusCode()));
                throw new RuntimeException("Unexpected HTTP response: " + send.getStatusCode());
            }
            if (StringUtils.isNotBlank(parse.getDescription())) {
                Loggers.CIBA.info("[LHR0004] Login hint resolver: Unknown user ID: {}", parse.getDescription());
                throw new LoginHintResolveException(parse.getDescription());
            }
            Loggers.CIBA.info("[LHR0004] Login hint resolver: Unknown user ID");
            throw new LoginHintResolveException("Unknown user ID");
        } catch (IOException e2) {
            Loggers.CIBA.error("[LHR0008] Login hint resolver: HTTP exception: {}", e2.getMessage(), e2);
            throw new RuntimeException(e2.getMessage());
        }
    }
}
