package pl.edu.icm.unity.oauth.client.profile;

import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import eu.unicore.util.httpclient.ServerHostnameCheckingMode;
import java.net.URI;
import java.net.URL;
import java.util.List;
import java.util.Map;
import net.minidev.json.JSONObject;
import org.apache.hc.core5.http.ContentType;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.oauth.BaseRemoteASProperties;
import pl.edu.icm.unity.oauth.client.AttributeFetchResult;
import pl.edu.icm.unity.oauth.client.HttpRequestConfigurer;
import pl.edu.icm.unity.oauth.client.UserProfileFetcher;
import pl.edu.icm.unity.oauth.client.config.CustomProviderProperties;

/* loaded from: input_file:pl/edu/icm/unity/oauth/client/profile/OrcidProfileFetcher.class */
public class OrcidProfileFetcher implements UserProfileFetcher {
    private static final Logger log = Log.getLogger("unity.server.oauth", OrcidProfileFetcher.class);

    @Override // pl.edu.icm.unity.oauth.client.UserProfileFetcher
    public AttributeFetchResult fetchProfile(BearerAccessToken bearerAccessToken, String str, BaseRemoteASProperties baseRemoteASProperties, Map<String, List<String>> map) throws Exception {
        ServerHostnameCheckingMode serverHostnameCheckingMode = (ServerHostnameCheckingMode) baseRemoteASProperties.getEnumValue("httpClientHostnameChecking", ServerHostnameCheckingMode.class);
        return ProfileFetcherUtils.fetchFromJsonObject(fetchUserBio(str, baseRemoteASProperties, map, serverHostnameCheckingMode, getClientAccessToken(baseRemoteASProperties, serverHostnameCheckingMode)));
    }

    private AccessToken getClientAccessToken(BaseRemoteASProperties baseRemoteASProperties, ServerHostnameCheckingMode serverHostnameCheckingMode) throws Exception {
        HTTPResponse send = new HttpRequestConfigurer().secureRequest(new TokenRequest(new URI(baseRemoteASProperties.getValue(CustomProviderProperties.ACCESS_TOKEN_ENDPOINT)), new ClientSecretBasic(new ClientID(baseRemoteASProperties.getValue("clientId")), new Secret(baseRemoteASProperties.getValue("clientSecret"))), new ClientCredentialsGrant(), new Scope(new String[]{"/read-public"})).toHTTPRequest(), baseRemoteASProperties.getValidator(), serverHostnameCheckingMode).send();
        if (log.isTraceEnabled()) {
            log.trace("Received client credentials grant:\n" + send.getContent());
        }
        AccessTokenResponse parse = TokenResponse.parse(send);
        if (parse.indicatesSuccess()) {
            return parse.getTokens().getAccessToken();
        }
        throw new AuthenticationException("User's authentication was successful but there was a problem authenticating server (with client credentials) to obtain user's profile: " + parse.toHTTPResponse().getContent());
    }

    private JSONObject fetchUserBio(String str, BaseRemoteASProperties baseRemoteASProperties, Map<String, List<String>> map, ServerHostnameCheckingMode serverHostnameCheckingMode, AccessToken accessToken) throws Exception {
        String str2 = map.get("orcid") == null ? null : map.get("orcid").get(0);
        if (str2 == null) {
            throw new AuthenticationException("Authentication was successful but the orcid id is missing in the received access token");
        }
        HTTPRequest hTTPRequest = new HTTPRequest(HTTPRequest.Method.GET, new URL(str + str2));
        new HttpRequestConfigurer().secureRequest(hTTPRequest, baseRemoteASProperties.getValidator(), serverHostnameCheckingMode);
        hTTPRequest.setAuthorization(accessToken.toAuthorizationHeader());
        hTTPRequest.setAccept(ContentType.APPLICATION_JSON.getMimeType());
        HTTPResponse send = hTTPRequest.send();
        if (send.getStatusCode() != 200) {
            throw new AuthenticationException("Authentication was successful but there was a problem fetching user's profile information: " + send.getContent());
        }
        if (log.isTraceEnabled()) {
            log.trace("Received user's profile:\n" + send.getContent());
        }
        if (send.getEntityContentType() == null || !com.nimbusds.common.contenttype.ContentType.APPLICATION_JSON.matches(send.getEntityContentType())) {
            throw new AuthenticationException("Authentication was successful but there was a problem fetching user's profile information. It has non-orcid-JSON content type: " + send.getEntityContentType());
        }
        return send.getContentAsJSONObject();
    }
}
