package com.predic8.membrane.core.interceptor.oauth2client.rf;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.predic8.membrane.core.Constants;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Request;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.jwt.Jwks;
import com.predic8.membrane.core.interceptor.jwt.JwtAuthInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AnswerParameters;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Statistics;
import com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService;
import com.predic8.membrane.core.interceptor.session.Session;
import java.util.ArrayList;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.3.5.jar:com/predic8/membrane/core/interceptor/oauth2client/rf/SessionAuthorizer.class */
public class SessionAuthorizer {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SessionAuthorizer.class);
    LogHelper logHelper = new LogHelper();
    private JwtAuthInterceptor jwtAuthInterceptor;
    private boolean skip;
    private AuthorizationService auth;
    private Router router;
    private OAuth2Statistics statistics;

    public void init(AuthorizationService authorizationService, Router router, OAuth2Statistics oAuth2Statistics) {
        this.auth = authorizationService;
        this.router = router;
        this.statistics = oAuth2Statistics;
        if (this.skip) {
            try {
                this.jwtAuthInterceptor = createJwtAuthInterceptor();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public boolean isSkipUserInfo() {
        return this.skip;
    }

    public void setSkipUserInfo(boolean z) {
        this.skip = z;
    }

    public void authorizeSession(Map<String, Object> map, Session session, AuthorizationService authorizationService) {
        if (!map.containsKey(authorizationService.getSubject())) {
            throw new RuntimeException("User object does not contain " + authorizationService.getSubject() + " key.");
        }
        Map<String, Object> map2 = session.get();
        String str = authorizationService.getSubject().substring(0, 1).toUpperCase() + authorizationService.getSubject().substring(1);
        String str2 = (String) map.get(authorizationService.getSubject());
        map2.put("headerX-Authenticated-" + str, str2);
        session.authorize(str2);
    }

    public JwtAuthInterceptor getJwtAuthInterceptor() {
        return this.jwtAuthInterceptor;
    }

    private JwtAuthInterceptor createJwtAuthInterceptor() throws Exception {
        JwtAuthInterceptor jwtAuthInterceptor = new JwtAuthInterceptor();
        jwtAuthInterceptor.setJwks(createJwks());
        jwtAuthInterceptor.setExpectedAud("any!!");
        jwtAuthInterceptor.init(this.router);
        return jwtAuthInterceptor;
    }

    private Jwks createJwks() throws Exception {
        Jwks jwks = new Jwks();
        jwks.setJwks(new ArrayList());
        jwks.setJwksUris(this.auth.getJwksEndpoint());
        jwks.setAuthorizationService(this.auth);
        return jwks;
    }

    public void retrieveUserInfo(String str, String str2, OAuth2AnswerParameters oAuth2AnswerParameters, Session session) throws Exception {
        Exchange buildExchange = new Request.Builder().get(this.auth.getUserInfoEndpoint()).header("Authorization", str + " " + str2).header("User-Agent", Constants.USERAGENT).header("Accept", "application/json").buildExchange();
        this.logHelper.handleRequest(buildExchange);
        Response doRequest = this.auth.doRequest(buildExchange);
        this.logHelper.handleResponse(buildExchange);
        if (doRequest.getStatusCode() != 200) {
            this.statistics.accessTokenInvalid();
            throw new RuntimeException("User data could not be retrieved.");
        }
        this.statistics.accessTokenValid();
        if (!JsonUtils.isJson(doRequest)) {
            throw new RuntimeException("Userinfo response is no JSON.");
        }
        Map<String, ?> map = (Map) new ObjectMapper().readValue(doRequest.getBodyAsStreamDecoded(), new TypeReference<Map<String, Object>>() { // from class: com.predic8.membrane.core.interceptor.oauth2client.rf.SessionAuthorizer.1
        });
        oAuth2AnswerParameters.setUserinfo(map);
        authorizeSession(map, session, this.auth);
        session.put("oauth2Answer", oAuth2AnswerParameters.serialize());
    }

    public void verifyJWT(Exchange exchange, String str, OAuth2AnswerParameters oAuth2AnswerParameters, Session session) throws Exception {
        session.put("oauth2Answer", oAuth2AnswerParameters.serialize());
        if (getJwtAuthInterceptor().handleJwt(exchange, str) != Outcome.CONTINUE) {
            throw new RuntimeException("Access token is not a JWT.");
        }
        authorizeSession((Map) exchange.getProperty("jwt"), session, this.auth);
    }
}
