package io.quarkus.oidc.common.runtime;

import io.quarkus.arc.Arc;
import io.quarkus.arc.ArcContainer;
import io.quarkus.arc.ClientProxy;
import io.quarkus.credentials.runtime.CredentialsProviderFinder;
import io.quarkus.oidc.common.OidcEndpoint;
import io.quarkus.oidc.common.OidcRequestContextProperties;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.quarkus.oidc.common.OidcResponseFilter;
import io.quarkus.oidc.common.runtime.OidcTlsSupport;
import io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig;
import io.quarkus.oidc.common.runtime.config.OidcCommonConfig;
import io.quarkus.runtime.configuration.ConfigurationException;
import io.quarkus.runtime.util.ClassPathUtils;
import io.quarkus.tls.runtime.config.TlsConfigUtils;
import io.smallrye.jwt.algorithm.SignatureAlgorithm;
import io.smallrye.jwt.build.Jwt;
import io.smallrye.jwt.build.JwtSignatureBuilder;
import io.smallrye.jwt.util.KeyUtils;
import io.smallrye.jwt.util.ResourceUtils;
import io.smallrye.mutiny.Uni;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonObject;
import io.vertx.core.net.KeyStoreOptions;
import io.vertx.core.net.ProxyOptions;
import io.vertx.mutiny.core.MultiMap;
import io.vertx.mutiny.core.Vertx;
import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpRequest;
import io.vertx.mutiny.ext.web.client.HttpResponse;
import io.vertx.mutiny.ext.web.client.WebClient;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.annotation.Annotation;
import java.net.InetAddress;
import java.net.SocketException;
import java.net.URI;
import java.net.URLEncoder;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.OptionalInt;
import java.util.StringTokenizer;
import java.util.concurrent.Callable;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/oidc/common/runtime/OidcCommonUtils.class */
public class OidcCommonUtils {
    static final byte AMP = 38;
    static final byte EQ = 61;
    static final String HTTP_SCHEME = "http";
    public static final Duration CONNECTION_BACKOFF_DURATION = Duration.ofSeconds(2);
    public static final String LOCATION_RESPONSE_HEADER = String.valueOf(HttpHeaders.LOCATION);
    public static final String COOKIE_REQUEST_HEADER = String.valueOf(HttpHeaders.COOKIE);
    private static final Logger LOG = Logger.getLogger(OidcCommonUtils.class);

    private OidcCommonUtils() {
    }

    public static void verifyEndpointUrl(String str) {
        try {
            URI.create(str).toURL();
        } catch (Throwable th) {
            throw new ConfigurationException(String.format("'%s' is invalid", str), th);
        }
    }

    public static void verifyCommonConfiguration(io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig oidcClientCommonConfig, boolean z, boolean z2) {
        String str = z2 ? "quarkus.oidc." : "quarkus.oidc-client.";
        if (!z && !oidcClientCommonConfig.clientId().isPresent()) {
            throw new ConfigurationException(String.format("'%sclient-id' property must be configured", str));
        }
        OidcClientCommonConfig.Credentials credentials = oidcClientCommonConfig.credentials();
        if (credentials.secret().isPresent() && credentials.clientSecret().value().isPresent()) {
            throw new ConfigurationException(String.format("'%1$scredentials.secret' and '%1$scredentials.client-secret' properties are mutually exclusive", str));
        }
        if ((credentials.secret().isPresent() || credentials.clientSecret().value().isPresent()) && credentials.jwt().secret().isPresent()) {
            throw new ConfigurationException(String.format("Use only '%1$scredentials.secret' or '%1$scredentials.client-secret' or '%1$scredentials.jwt.secret' property", str));
        }
        OidcClientCommonConfig.Credentials.Jwt jwt = credentials.jwt();
        if (jwt.source() != OidcClientCommonConfig.Credentials.Jwt.Source.BEARER) {
            if (jwt.tokenPath().isPresent()) {
                throw new ConfigurationException("Bearer token path can only be set when the JWT source is a bearer token");
            }
        } else if (z2 && jwt.tokenPath().isEmpty()) {
            throw new ConfigurationException("Bearer token path must be set when the JWT source is a bearer token");
        }
    }

    public static String prependSlash(String str) {
        return !str.startsWith("/") ? "/" + str : str;
    }

    public static Buffer encodeForm(MultiMap multiMap) {
        Buffer buffer = Buffer.buffer();
        Iterator it = multiMap.iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            if (buffer.length() != 0) {
                buffer.appendByte((byte) 38);
            }
            buffer.appendString((String) entry.getKey());
            buffer.appendByte((byte) 61);
            buffer.appendString(urlEncode((String) entry.getValue()));
        }
        return buffer;
    }

    public static String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static void setHttpClientOptions(io.quarkus.oidc.common.runtime.config.OidcCommonConfig oidcCommonConfig, HttpClientOptions httpClientOptions, OidcTlsSupport.TlsConfigSupport tlsConfigSupport) {
        Optional<ProxyOptions> proxyOptions = toProxyOptions(oidcCommonConfig.proxy());
        if (proxyOptions.isPresent()) {
            httpClientOptions.setProxyOptions(proxyOptions.get());
        }
        OptionalInt maxPoolSize = oidcCommonConfig.maxPoolSize();
        if (maxPoolSize.isPresent()) {
            httpClientOptions.setMaxPoolSize(maxPoolSize.getAsInt());
        }
        httpClientOptions.setConnectTimeout((int) oidcCommonConfig.connectionTimeout().toMillis());
        if (tlsConfigSupport.useTlsRegistry()) {
            TlsConfigUtils.configure(httpClientOptions, tlsConfigSupport.getTlsConfig());
            return;
        }
        if (oidcCommonConfig.tls().verification().isPresent() ? oidcCommonConfig.tls().verification().get() == OidcCommonConfig.Tls.Verification.NONE : tlsConfigSupport.isGlobalTrustAll()) {
            httpClientOptions.setTrustAll(true);
            httpClientOptions.setVerifyHost(false);
        } else if (oidcCommonConfig.tls().trustStoreFile().isPresent()) {
            try {
                httpClientOptions.setTrustOptions(new KeyStoreOptions().setPassword(oidcCommonConfig.tls().trustStorePassword().orElse("password")).setAlias(oidcCommonConfig.tls().trustStoreCertAlias().orElse(null)).setValue(io.vertx.core.buffer.Buffer.buffer(getFileContent(oidcCommonConfig.tls().trustStoreFile().get()))).setType(getKeyStoreType(oidcCommonConfig.tls().trustStoreFileType(), oidcCommonConfig.tls().trustStoreFile().get())).setProvider(oidcCommonConfig.tls().trustStoreProvider().orElse(null)));
                if (OidcCommonConfig.Tls.Verification.CERTIFICATE_VALIDATION == oidcCommonConfig.tls().verification().orElse(OidcCommonConfig.Tls.Verification.REQUIRED)) {
                    httpClientOptions.setVerifyHost(false);
                }
            } catch (IOException e) {
                throw new ConfigurationException(String.format("OIDC truststore file %s does not exist or can not be read", oidcCommonConfig.tls().trustStoreFile().get()), e);
            }
        }
        if (oidcCommonConfig.tls().keyStoreFile().isPresent()) {
            try {
                KeyStoreOptions provider = new KeyStoreOptions().setAlias(oidcCommonConfig.tls().keyStoreKeyAlias().orElse(null)).setAliasPassword(oidcCommonConfig.tls().keyStoreKeyPassword().orElse(null)).setValue(io.vertx.core.buffer.Buffer.buffer(getFileContent(oidcCommonConfig.tls().keyStoreFile().get()))).setType(getKeyStoreType(oidcCommonConfig.tls().keyStoreFileType(), oidcCommonConfig.tls().keyStoreFile().get())).setProvider(oidcCommonConfig.tls().keyStoreProvider().orElse(null));
                if (oidcCommonConfig.tls().keyStorePassword().isPresent()) {
                    provider.setPassword(oidcCommonConfig.tls().keyStorePassword().get());
                }
                httpClientOptions.setKeyCertOptions(provider);
            } catch (IOException e2) {
                throw new ConfigurationException(String.format("OIDC keystore file %s does not exist or can not be read", oidcCommonConfig.tls().keyStoreFile().get()), e2);
            }
        }
    }

    public static String getKeyStoreType(Optional<String> optional, Path path) {
        return optional.isPresent() ? optional.get().toUpperCase() : inferKeyStoreTypeFromFileExtension(path.toString());
    }

    private static String inferKeyStoreTypeFromFileExtension(String str) {
        return (str.endsWith(".p12") || str.endsWith(".pkcs12") || str.endsWith(".pfx")) ? "PKCS12" : "JKS";
    }

    public static String getAuthServerUrl(io.quarkus.oidc.common.runtime.config.OidcCommonConfig oidcCommonConfig) {
        return removeLastPathSeparator(oidcCommonConfig.authServerUrl().get());
    }

    private static String removeLastPathSeparator(String str) {
        return str.endsWith("/") ? str.substring(0, str.length() - 1) : str;
    }

    public static String getOidcEndpointUrl(String str, Optional<String> optional) {
        if (optional == null || !optional.isPresent()) {
            return null;
        }
        return isAbsoluteUrl(optional) ? optional.get() : str + prependSlash(optional.get());
    }

    public static boolean isAbsoluteUrl(Optional<String> optional) {
        return optional.isPresent() && optional.get().startsWith(HTTP_SCHEME);
    }

    private static long getConnectionDelay(io.quarkus.oidc.common.runtime.config.OidcCommonConfig oidcCommonConfig) {
        if (oidcCommonConfig.connectionDelay().isPresent()) {
            return oidcCommonConfig.connectionDelay().get().getSeconds();
        }
        return 0L;
    }

    public static long getConnectionDelayInMillis(io.quarkus.oidc.common.runtime.config.OidcCommonConfig oidcCommonConfig) {
        long connectionDelay = getConnectionDelay(oidcCommonConfig);
        long j = connectionDelay > 1 ? connectionDelay / 2 : 1L;
        if (j > 1) {
            LOG.infof("Connecting to OpenId Connect Provider for up to %d times every 2 seconds", Long.valueOf(j));
        }
        return connectionDelay * 1000;
    }

    public static Optional<ProxyOptions> toProxyOptions(OidcCommonConfig.Proxy proxy) {
        if (!proxy.host().isPresent()) {
            return Optional.empty();
        }
        JsonObject jsonObject = new JsonObject();
        String host = URI.create(proxy.host().get()).getHost();
        if (host == null) {
            host = proxy.host().get();
        }
        jsonObject.put("host", host);
        jsonObject.put("port", Integer.valueOf(proxy.port()));
        if (proxy.username().isPresent()) {
            jsonObject.put("username", proxy.username().get());
        }
        if (proxy.password().isPresent()) {
            jsonObject.put("password", proxy.password().get());
        }
        return Optional.of(new ProxyOptions(jsonObject));
    }

    public static String formatConnectionErrorMessage(String str) {
        return String.format("OIDC server is not available at the '%s' URL. Please make sure it is correct. Note it has to end with a realm value if you work with Keycloak, for example: 'https://localhost:8180/auth/realms/quarkus'", str);
    }

    public static boolean isClientSecretBasicAuthRequired(OidcClientCommonConfig.Credentials credentials) {
        return credentials.secret().isPresent() || ((credentials.clientSecret().value().isPresent() || credentials.clientSecret().provider().key().isPresent()) && clientSecretMethod(credentials) == OidcClientCommonConfig.Credentials.Secret.Method.BASIC);
    }

    public static boolean isClientJwtAuthRequired(OidcClientCommonConfig.Credentials credentials, boolean z) {
        HashSet hashSet = new HashSet();
        if (credentials.jwt().secret().isPresent()) {
            hashSet.add(".credentials.jwt.secret");
        }
        if (credentials.jwt().secretProvider().key().isPresent()) {
            hashSet.add(".credentials.jwt.secret-provider.key");
        }
        if (credentials.jwt().key().isPresent()) {
            hashSet.add(".credentials.jwt.key");
        }
        if (credentials.jwt().keyFile().isPresent()) {
            hashSet.add(".credentials.jwt.key-file");
        }
        if (credentials.jwt().keyStoreFile().isPresent()) {
            hashSet.add(".credentials.jwt.key-store-file");
        }
        if (hashSet.size() <= 1) {
            return hashSet.size() == 1;
        }
        String str = z ? "quarkus.oidc" : "quarkus.oidc-client";
        throw new ConfigurationException("Only a single OIDC JWT credential key property can be configured, but you have configured: %s".formatted(hashSet.stream().map(str2 -> {
            return str + str2;
        }).collect(Collectors.joining(","))));
    }

    public static boolean isClientSecretPostAuthRequired(OidcClientCommonConfig.Credentials credentials) {
        return (credentials.clientSecret().value().isPresent() || credentials.clientSecret().provider().key().isPresent()) && clientSecretMethod(credentials) == OidcClientCommonConfig.Credentials.Secret.Method.POST;
    }

    public static boolean isClientSecretPostJwtAuthRequired(OidcClientCommonConfig.Credentials credentials) {
        return clientSecretMethod(credentials) == OidcClientCommonConfig.Credentials.Secret.Method.POST_JWT;
    }

    public static boolean isJwtAssertion(OidcClientCommonConfig.Credentials credentials) {
        return credentials.jwt().assertion();
    }

    public static String clientSecret(OidcClientCommonConfig.Credentials credentials) {
        return credentials.secret().orElse(credentials.clientSecret().value().orElseGet(fromCredentialsProvider(credentials.clientSecret().provider())));
    }

    public static String jwtSecret(OidcClientCommonConfig.Credentials credentials) {
        return credentials.jwt().secret().orElseGet(fromCredentialsProvider(credentials.jwt().secretProvider()));
    }

    public static String getClientOrJwtSecret(OidcClientCommonConfig.Credentials credentials) {
        LOG.debug("Trying to get the configured client secret");
        String clientSecret = clientSecret(credentials);
        if (clientSecret == null) {
            LOG.debug("Client secret is not configured, trying to get the configured 'client_jwt_secret' secret");
            clientSecret = jwtSecret(credentials);
        }
        return clientSecret;
    }

    public static SecretKey generateSecretKey() throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        return keyGenerator.generateKey();
    }

    public static OidcClientCommonConfig.Credentials.Secret.Method clientSecretMethod(OidcClientCommonConfig.Credentials credentials) {
        return credentials.clientSecret().method().orElseGet(() -> {
            return OidcClientCommonConfig.Credentials.Secret.Method.BASIC;
        });
    }

    private static Supplier<? extends String> fromCredentialsProvider(final OidcClientCommonConfig.Credentials.Provider provider) {
        return new Supplier<String>() { // from class: io.quarkus.oidc.common.runtime.OidcCommonUtils.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public String get() {
                if (!OidcClientCommonConfig.Credentials.Provider.this.key().isPresent()) {
                    return null;
                }
                String orElse = OidcClientCommonConfig.Credentials.Provider.this.name().orElse(null);
                return (String) CredentialsProviderFinder.find(orElse).getCredentials(OidcClientCommonConfig.Credentials.Provider.this.keyringName().orElse(null)).get(OidcClientCommonConfig.Credentials.Provider.this.key().get());
            }
        };
    }

    public static Key clientJwtKey(OidcClientCommonConfig.Credentials credentials) {
        if (credentials.jwt().secret().isPresent() || credentials.jwt().secretProvider().key().isPresent()) {
            return KeyUtils.createSecretKeyFromSecret(jwtSecret(credentials));
        }
        Key key = null;
        try {
            if (credentials.jwt().key().isPresent()) {
                key = KeyUtils.tryAsPemSigningPrivateKey(credentials.jwt().key().get(), getSignatureAlgorithm(credentials, SignatureAlgorithm.RS256));
            } else if (credentials.jwt().keyFile().isPresent()) {
                key = KeyUtils.readSigningKey(credentials.jwt().keyFile().get(), credentials.jwt().keyId().orElse(null), getSignatureAlgorithm(credentials, SignatureAlgorithm.RS256));
            } else if (credentials.jwt().keyStoreFile().isPresent()) {
                String str = credentials.jwt().keyStoreFile().get();
                KeyStore keyStore = KeyStore.getInstance(inferKeyStoreTypeFromFileExtension(str));
                InputStream resourceStream = ResourceUtils.getResourceStream(str);
                if (credentials.jwt().keyStorePassword().isPresent()) {
                    keyStore.load(resourceStream, credentials.jwt().keyStorePassword().get().toCharArray());
                } else {
                    keyStore.load(resourceStream, null);
                }
                if (!credentials.jwt().keyPassword().isPresent()) {
                    throw new ConfigurationException("When using a key store, the `quarkus.oidc-client.credentials.jwt.key-password` property must be set");
                }
                key = keyStore.getKey(credentials.jwt().keyId().get(), credentials.jwt().keyPassword().get().toCharArray());
            }
            if (key == null) {
                throw new ConfigurationException("Key is null");
            }
            return key;
        } catch (Exception e) {
            throw new ConfigurationException("Key can not be loaded", e);
        }
    }

    public static String signJwtWithKey(io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig oidcClientCommonConfig, String str, Key key) {
        JwtSignatureBuilder jws = Jwt.claims(additionalClaims(oidcClientCommonConfig.credentials().jwt().claims())).issuer(oidcClientCommonConfig.credentials().jwt().issuer().orElse(oidcClientCommonConfig.clientId().get())).subject(oidcClientCommonConfig.credentials().jwt().subject().orElse(oidcClientCommonConfig.clientId().get())).audience(oidcClientCommonConfig.credentials().jwt().audience().isPresent() ? removeLastPathSeparator(oidcClientCommonConfig.credentials().jwt().audience().get()) : str).expiresIn(oidcClientCommonConfig.credentials().jwt().lifespan()).jws();
        if (oidcClientCommonConfig.credentials().jwt().tokenKeyId().isPresent()) {
            jws.keyId(oidcClientCommonConfig.credentials().jwt().tokenKeyId().get());
        }
        SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm(oidcClientCommonConfig.credentials(), null);
        if (signatureAlgorithm != null) {
            jws.algorithm(signatureAlgorithm);
        }
        return key instanceof SecretKey ? jws.sign((SecretKey) key) : jws.sign((PrivateKey) key);
    }

    private static Map<String, Object> additionalClaims(Map<String, String> map) {
        return map;
    }

    private static SignatureAlgorithm getSignatureAlgorithm(OidcClientCommonConfig.Credentials credentials, SignatureAlgorithm signatureAlgorithm) {
        if (!credentials.jwt().signatureAlgorithm().isPresent()) {
            return signatureAlgorithm;
        }
        try {
            return SignatureAlgorithm.fromAlgorithm(credentials.jwt().signatureAlgorithm().get());
        } catch (Exception e) {
            throw new ConfigurationException("Unsupported signature algorithm");
        }
    }

    public static void verifyConfigurationId(String str, String str2, Optional<String> optional) {
        if (str2.equals(str)) {
            throw new ConfigurationException("configuration id '" + str2 + "' duplicates the default configuration id");
        }
        if (optional.isPresent() && !str2.equals(optional.get())) {
            throw new ConfigurationException("Configuration has 2 different id values: '" + str2 + "' and '" + optional.get() + "'");
        }
    }

    public static String initClientSecretBasicAuth(io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig oidcClientCommonConfig) {
        if (isClientSecretBasicAuthRequired(oidcClientCommonConfig.credentials())) {
            return basicSchemeValue(oidcClientCommonConfig.clientId().get(), clientSecret(oidcClientCommonConfig.credentials()));
        }
        return null;
    }

    public static String basicSchemeValue(String str, String str2) {
        return "Basic " + Base64.getEncoder().encodeToString((str + ":" + str2).getBytes(StandardCharsets.UTF_8));
    }

    public static Key initClientJwtKey(io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig oidcClientCommonConfig, boolean z) {
        if (isClientJwtAuthRequired(oidcClientCommonConfig.credentials(), z)) {
            return clientJwtKey(oidcClientCommonConfig.credentials());
        }
        return null;
    }

    public static Predicate<? super Throwable> oidcEndpointNotAvailable() {
        return th -> {
            return (th instanceof SocketException) || ((th instanceof OidcEndpointAccessException) && ((OidcEndpointAccessException) th).getErrorStatus() == 404);
        };
    }

    public static Predicate<? super Throwable> validOidcClientRedirect(String str) {
        return th -> {
            return (th instanceof OidcClientRedirectException) && isValidOidcClientRedirectRequest((OidcClientRedirectException) th, str);
        };
    }

    private static boolean isValidOidcClientRedirectRequest(OidcClientRedirectException oidcClientRedirectException, String str) {
        if (!str.equals(oidcClientRedirectException.getLocation())) {
            LOG.warnf("Redirect is only allowed to %s but redirect to %s is requested", str, oidcClientRedirectException.getLocation());
            return false;
        }
        if (oidcClientRedirectException.getCookies().isEmpty()) {
            LOG.warnf("Redirect is requested to %s but no cookies are set", str);
            return false;
        }
        LOG.debugf("Single redirect to %s with cookies is approved", str);
        return true;
    }

    public static Uni<JsonObject> discoverMetadata(final WebClient webClient, final Map<OidcEndpoint.Type, List<OidcRequestFilter>> map, OidcRequestContextProperties oidcRequestContextProperties, final Map<OidcEndpoint.Type, List<OidcResponseFilter>> map2, String str, final long j, final Vertx vertx, final boolean z) {
        final String discoveryUri = getDiscoveryUri(str);
        final OidcRequestContextProperties discoveryRequestProps = map.isEmpty() ? null : getDiscoveryRequestProps(oidcRequestContextProperties, discoveryUri);
        return doDiscoverMetadata(webClient, map, oidcRequestContextProperties, map2, discoveryUri, j, vertx, z, List.of()).onFailure(validOidcClientRedirect(discoveryUri)).recoverWithUni(new Function<Throwable, Uni<? extends JsonObject>>() { // from class: io.quarkus.oidc.common.runtime.OidcCommonUtils.2
            @Override // java.util.function.Function
            public Uni<JsonObject> apply(Throwable th) {
                return OidcCommonUtils.doDiscoverMetadata(webClient, map, discoveryRequestProps, map2, discoveryUri, j, vertx, z, ((OidcClientRedirectException) th).getCookies());
            }
        }).onFailure().transform(th -> {
            LOG.warn("OIDC Server is not available:", th.getCause() != null ? th.getCause() : th);
            return new RuntimeException("OIDC Server is not available");
        });
    }

    public static Uni<JsonObject> doDiscoverMetadata(WebClient webClient, Map<OidcEndpoint.Type, List<OidcRequestFilter>> map, OidcRequestContextProperties oidcRequestContextProperties, Map<OidcEndpoint.Type, List<OidcResponseFilter>> map2, String str, long j, Vertx vertx, boolean z, List<String> list) {
        HttpRequest abs = webClient.getAbs(str);
        if (!list.isEmpty()) {
            abs.putHeader(COOKIE_REQUEST_HEADER, list);
        }
        if (!map.isEmpty()) {
            OidcRequestFilter.OidcRequestContext oidcRequestContext = new OidcRequestFilter.OidcRequestContext(abs, null, oidcRequestContextProperties);
            Iterator<OidcRequestFilter> it = getMatchingOidcRequestFilters(map, OidcEndpoint.Type.DISCOVERY).iterator();
            while (it.hasNext()) {
                it.next().filter(oidcRequestContext);
            }
        }
        return sendRequest(vertx, (HttpRequest<Buffer>) abs, z).onItem().transform(httpResponse -> {
            Buffer buffer = (Buffer) httpResponse.body();
            filterHttpResponse(oidcRequestContextProperties, httpResponse, buffer, map2, OidcEndpoint.Type.DISCOVERY);
            if (httpResponse.statusCode() == 200) {
                return buffer.toJsonObject();
            }
            if (httpResponse.statusCode() == 302) {
                throw createOidcClientRedirectException(httpResponse);
            }
            String buffer2 = buffer != null ? buffer.toString() : null;
            if (buffer2 == null || buffer2.isEmpty()) {
                LOG.warnf("Discovery request %s has failed, status code: %d", str, Integer.valueOf(httpResponse.statusCode()));
            } else {
                LOG.warnf("Discovery request %s has failed, status code: %d, error message: %s", str, Integer.valueOf(httpResponse.statusCode()), buffer2);
            }
            throw new OidcEndpointAccessException(httpResponse.statusCode());
        }).onFailure(oidcEndpointNotAvailable()).retry().withBackOff(CONNECTION_BACKOFF_DURATION, CONNECTION_BACKOFF_DURATION).expireIn(j);
    }

    public static OidcClientRedirectException createOidcClientRedirectException(HttpResponse<Buffer> httpResponse) {
        LOG.debug("OIDC client redirect is requested");
        return new OidcClientRedirectException(httpResponse.getHeader(LOCATION_RESPONSE_HEADER), httpResponse.cookies());
    }

    private static OidcRequestContextProperties getDiscoveryRequestProps(OidcRequestContextProperties oidcRequestContextProperties, String str) {
        HashMap hashMap = oidcRequestContextProperties == null ? new HashMap() : new HashMap(oidcRequestContextProperties.getAll());
        hashMap.put(OidcRequestContextProperties.DISCOVERY_ENDPOINT, str);
        return new OidcRequestContextProperties(hashMap);
    }

    public static void filterHttpResponse(OidcRequestContextProperties oidcRequestContextProperties, HttpResponse<Buffer> httpResponse, Buffer buffer, Map<OidcEndpoint.Type, List<OidcResponseFilter>> map, OidcEndpoint.Type type) {
        if (map.isEmpty()) {
            return;
        }
        OidcResponseFilter.OidcResponseContext oidcResponseContext = new OidcResponseFilter.OidcResponseContext(oidcRequestContextProperties, httpResponse.statusCode(), httpResponse.headers(), buffer);
        Iterator<OidcResponseFilter> it = getMatchingOidcResponseFilters(map, type).iterator();
        while (it.hasNext()) {
            it.next().filter(oidcResponseContext);
        }
    }

    public static String getDiscoveryUri(String str) {
        return str + "/.well-known/openid-configuration";
    }

    private static byte[] getFileContent(Path path) throws IOException {
        byte[] doRead;
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(ClassPathUtils.toResourceName(path));
        if (resourceAsStream != null) {
            try {
                doRead = doRead(resourceAsStream);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } else {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                doRead = doRead(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Throwable th3) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }
        return doRead;
    }

    private static byte[] doRead(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    public static Map<OidcEndpoint.Type, List<OidcRequestFilter>> getOidcRequestFilters() {
        return getOidcFilters(OidcRequestFilter.class);
    }

    public static Map<OidcEndpoint.Type, List<OidcResponseFilter>> getOidcResponseFilters() {
        return getOidcFilters(OidcResponseFilter.class);
    }

    private static <T> Map<OidcEndpoint.Type, List<T>> getOidcFilters(Class<T> cls) {
        ArcContainer container = Arc.container();
        if (container == null) {
            return Map.of();
        }
        HashMap hashMap = new HashMap();
        for (Object obj : (List) container.listAll(cls, new Annotation[0]).stream().map(instanceHandle -> {
            return instanceHandle.get();
        }).collect(Collectors.toList())) {
            OidcEndpoint oidcEndpoint = (OidcEndpoint) ClientProxy.unwrap(obj).getClass().getAnnotation(OidcEndpoint.class);
            if (oidcEndpoint != null) {
                for (OidcEndpoint.Type type : oidcEndpoint.value()) {
                    ((List) hashMap.computeIfAbsent(type, type2 -> {
                        return new ArrayList();
                    })).add(obj);
                }
            } else {
                ((List) hashMap.computeIfAbsent(OidcEndpoint.Type.ALL, type3 -> {
                    return new ArrayList();
                })).add(obj);
            }
        }
        return hashMap;
    }

    public static List<OidcRequestFilter> getMatchingOidcRequestFilters(Map<OidcEndpoint.Type, List<OidcRequestFilter>> map, OidcEndpoint.Type type) {
        return getMatchingOidcFilters(map, type);
    }

    public static List<OidcResponseFilter> getMatchingOidcResponseFilters(Map<OidcEndpoint.Type, List<OidcResponseFilter>> map, OidcEndpoint.Type type) {
        return getMatchingOidcFilters(map, type);
    }

    private static <T> List<T> getMatchingOidcFilters(Map<OidcEndpoint.Type, List<T>> map, OidcEndpoint.Type type) {
        List<T> list = map.get(type);
        List<T> list2 = map.get(OidcEndpoint.Type.ALL);
        if (list == null && list2 == null) {
            return List.of();
        }
        if (list != null && list2 == null) {
            return list;
        }
        if (list == null && list2 != null) {
            return list2;
        }
        ArrayList arrayList = new ArrayList(list.size() + list2.size());
        arrayList.addAll(list);
        arrayList.addAll(list2);
        return arrayList;
    }

    public static Uni<HttpResponse<Buffer>> sendRequest(io.vertx.core.Vertx vertx, HttpRequest<Buffer> httpRequest, boolean z) {
        return z ? sendRequest(new Vertx(vertx), httpRequest, true) : httpRequest.send();
    }

    public static Uni<HttpResponse<Buffer>> sendRequest(Vertx vertx, final HttpRequest<Buffer> httpRequest, boolean z) {
        return z ? vertx.executeBlocking(new Callable<Void>() { // from class: io.quarkus.oidc.common.runtime.OidcCommonUtils.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() {
                try {
                    InetAddress.getByName(httpRequest.host());
                    return null;
                } catch (UnknownHostException e) {
                    throw new RuntimeException(e);
                }
            }
        }).flatMap(new Function<Void, Uni<? extends HttpResponse<Buffer>>>() { // from class: io.quarkus.oidc.common.runtime.OidcCommonUtils.3
            @Override // java.util.function.Function
            public Uni<? extends HttpResponse<Buffer>> apply(Void r3) {
                return httpRequest.send();
            }
        }) : httpRequest.send();
    }

    public static JsonObject decodeJwtContent(String str) {
        String jwtContentPart = getJwtContentPart(str);
        if (jwtContentPart == null) {
            return null;
        }
        return decodeAsJsonObject(jwtContentPart);
    }

    public static String getJwtContentPart(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ".");
        stringTokenizer.nextToken();
        if (!stringTokenizer.hasMoreTokens()) {
            return null;
        }
        String nextToken = stringTokenizer.nextToken();
        if (stringTokenizer.countTokens() != 1) {
            return null;
        }
        return nextToken;
    }

    public static String base64UrlDecode(String str) {
        return new String(Base64.getUrlDecoder().decode(str), StandardCharsets.UTF_8);
    }

    public static String base64UrlEncode(byte[] bArr) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    public static JsonObject decodeAsJsonObject(String str) {
        try {
            return new JsonObject(base64UrlDecode(str));
        } catch (IllegalArgumentException e) {
            return null;
        }
    }
}
