package org.gcube.oidc.rest;

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.ProtocolException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gcube/oidc/rest/OpenIdConnectRESTHelper.class */
public class OpenIdConnectRESTHelper {
    protected static final Logger logger = LoggerFactory.getLogger(OpenIdConnectRESTHelper.class);

    public static String buildLoginRequestURL(URL url, String str, String str2, String str3) throws UnsupportedEncodingException {
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", Arrays.asList(URLEncoder.encode(str, "UTF-8")));
        hashMap.put("response_type", Arrays.asList("code"));
        hashMap.put("scope", Arrays.asList("openid"));
        hashMap.put("state", Arrays.asList(URLEncoder.encode(str2, "UTF-8")));
        hashMap.put("redirect_uri", Arrays.asList(URLEncoder.encode(str3, "UTF-8")));
        hashMap.put("login", Arrays.asList("true"));
        return url + "?" + mapToQueryString(hashMap);
    }

    public static String mapToQueryString(Map<String, List<String>> map) {
        String str = (String) map.entrySet().stream().flatMap(entry -> {
            return ((List) entry.getValue()).stream().map(str2 -> {
                return ((String) entry.getKey()) + "=" + str2;
            });
        }).reduce((str2, str3) -> {
            return str2 + "&" + str3;
        }).orElse("");
        logger.debug("Query string is: {}", str);
        return str;
    }

    public static JWTToken queryClientToken(String str, String str2, URL url) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", Arrays.asList("client_credentials"));
        hashMap.put("client_id", Arrays.asList(URLEncoder.encode(str, "UTF-8")));
        hashMap.put("client_secret", Arrays.asList(URLEncoder.encode(str2, "UTF-8")));
        return performQueryTokenWithPOST(url, null, hashMap);
    }

    public static JWTToken queryToken(String str, URL url, String str2, String str3, String str4) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", Arrays.asList(URLEncoder.encode(str, "UTF-8")));
        hashMap.put("grant_type", Arrays.asList("authorization_code"));
        hashMap.put("scope", Arrays.asList(URLEncoder.encode(str3, "UTF-8")));
        hashMap.put("code", Arrays.asList(URLEncoder.encode(str2, "UTF-8")));
        hashMap.put("redirect_uri", Arrays.asList(URLEncoder.encode(str4, "UTF-8")));
        return performQueryTokenWithPOST(url, null, hashMap);
    }

    public static JWTToken performQueryTokenWithPOST(URL url, String str, Map<String, List<String>> map) throws Exception {
        logger.debug("Querying access token from OIDC server with URL: {}", url);
        HttpURLConnection performURLEncodedPOSTSendData = performURLEncodedPOSTSendData(url, map, str);
        StringBuilder sb = new StringBuilder();
        int responseCode = performURLEncodedPOSTSendData.getResponseCode();
        logger.trace("HTTP Response code: {}", Integer.valueOf(responseCode));
        if (responseCode != 200) {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(performURLEncodedPOSTSendData.getErrorStream(), "UTF-8"));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine + "\n");
            }
            bufferedReader.close();
            throw new Exception("Unable to get token " + ((Object) sb));
        }
        BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(performURLEncodedPOSTSendData.getInputStream(), "UTF-8"));
        while (true) {
            String readLine2 = bufferedReader2.readLine();
            if (readLine2 == null) {
                bufferedReader2.close();
                return JWTToken.fromString(sb.toString());
            }
            sb.append(readLine2 + "\n");
        }
    }

    protected static HttpURLConnection performURLEncodedPOSTSendData(URL url, Map<String, List<String>> map, String str) throws IOException, ProtocolException, UnsupportedEncodingException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("Accept", "application/json");
        if (str != null) {
            logger.debug("Adding authorization header as: {}", str);
            httpURLConnection.setRequestProperty("Authorization", str);
        }
        OutputStream outputStream = httpURLConnection.getOutputStream();
        String mapToQueryString = mapToQueryString(map);
        logger.debug("Parameters query string is: {}", mapToQueryString);
        outputStream.write(mapToQueryString.getBytes("UTF-8"));
        outputStream.close();
        return httpURLConnection;
    }

    public static JWTToken queryUMAToken(URL url, String str, String str2, List<String> list) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", Arrays.asList("urn:ietf:params:oauth:grant-type:uma-ticket"));
        hashMap.put("audience", Arrays.asList(URLEncoder.encode(str2, "UTF-8")));
        if (list != null && !list.isEmpty()) {
            hashMap.put("permission", list.stream().map(str3 -> {
                try {
                    return URLEncoder.encode(str3, "UTF-8");
                } catch (UnsupportedEncodingException e) {
                    return "";
                }
            }).collect(Collectors.toList()));
        }
        return performQueryTokenWithPOST(url, str, hashMap);
    }

    public static JWTToken refreshToken(URL url, JWTToken jWTToken) throws Exception {
        return refreshToken(url, null, null, jWTToken);
    }

    public static JWTToken refreshToken(URL url, String str, JWTToken jWTToken) throws Exception {
        return refreshToken(url, str, null, jWTToken);
    }

    public static JWTToken refreshToken(URL url, String str, String str2, JWTToken jWTToken) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", Arrays.asList("refresh_token"));
        if (str == null) {
            str = getClientIdFromToken(jWTToken);
        }
        hashMap.put("client_id", Arrays.asList(URLEncoder.encode(str, "UTF-8")));
        if (str2 != null) {
            hashMap.put("client_secret", Arrays.asList(URLEncoder.encode(str2, "UTF-8")));
        }
        hashMap.put("refresh_token", Arrays.asList(jWTToken.getRefreshTokenString()));
        return performQueryTokenWithPOST(url, null, hashMap);
    }

    protected static String getClientIdFromToken(JWTToken jWTToken) {
        logger.debug("Client id not provided, using authorized party field (azp)");
        String azp = jWTToken.getAzp();
        if (azp == null) {
            logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
            azp = getFirstAudienceNoAccount(jWTToken);
        }
        return azp;
    }

    private static String getFirstAudienceNoAccount(JWTToken jWTToken) {
        List<String> aud = jWTToken.getAud();
        aud.remove(JWTToken.ACCOUNT_RESOURCE);
        return aud.size() > 0 ? aud.iterator().next() : "";
    }

    public static boolean logout(URL url, JWTToken jWTToken) throws IOException {
        return logout(url, null, jWTToken);
    }

    public static boolean logout(URL url, String str, JWTToken jWTToken) throws IOException {
        HashMap hashMap = new HashMap();
        if (str == null) {
            str = getClientIdFromToken(jWTToken);
        }
        hashMap.put("client_id", Arrays.asList(URLEncoder.encode(str, "UTF-8")));
        hashMap.put("refresh_token", Arrays.asList(jWTToken.getRefreshTokenString()));
        logger.info("Performing logut from OIDC server with URL: " + url);
        HttpURLConnection performURLEncodedPOSTSendData = performURLEncodedPOSTSendData(url, hashMap, jWTToken.getAccessTokenAsBearer());
        int responseCode = performURLEncodedPOSTSendData.getResponseCode();
        if (responseCode == 204) {
            logger.info("Logout performed correctly");
            return true;
        }
        logger.error("Cannot perfrom logout: [{}] {}", Integer.valueOf(responseCode), performURLEncodedPOSTSendData.getResponseMessage());
        return false;
    }

    public static byte[] getUserAvatar(URL url, JWTToken jWTToken) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setDoOutput(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setRequestProperty("Accept", "image/png, image/jpeg, image/gif");
        if (jWTToken != null) {
            String accessTokenAsBearer = jWTToken.getAccessTokenAsBearer();
            logger.debug("Adding authorization header as: {}", accessTokenAsBearer);
            httpURLConnection.setRequestProperty("Authorization", accessTokenAsBearer);
        }
        InputStream inputStream = httpURLConnection.getInputStream();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr, 0, bArr.length);
            if (read == -1) {
                byteArrayOutputStream.flush();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }
}
