package org.gluu.oxauth.client;

import java.util.Arrays;
import java.util.List;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.commons.lang.RandomStringUtils;
import org.gluu.oxauth.client.auth.principal.OpenIdCredentials;
import org.gluu.oxauth.client.auth.user.CommonProfile;
import org.gluu.oxauth.client.auth.user.UserProfile;
import org.gluu.oxauth.client.conf.AppConfiguration;
import org.gluu.oxauth.client.conf.ClaimToAttributeMapping;
import org.gluu.oxauth.client.conf.Configuration;
import org.gluu.oxauth.client.conf.LdapAppConfiguration;
import org.gluu.oxauth.client.exception.CommunicationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.context.WebContext;
import org.xdi.oxauth.client.AuthorizationRequest;
import org.xdi.oxauth.client.OpenIdConfigurationClient;
import org.xdi.oxauth.client.OpenIdConfigurationResponse;
import org.xdi.oxauth.client.RegisterClient;
import org.xdi.oxauth.client.RegisterRequest;
import org.xdi.oxauth.client.RegisterResponse;
import org.xdi.oxauth.client.TokenClient;
import org.xdi.oxauth.client.TokenResponse;
import org.xdi.oxauth.client.UserInfoClient;
import org.xdi.oxauth.client.UserInfoResponse;
import org.xdi.oxauth.model.common.AuthenticationMethod;
import org.xdi.oxauth.model.common.ResponseType;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.register.ApplicationType;
import org.xdi.util.StringHelper;
import org.xdi.util.exception.ConfigurationException;
import org.xdi.util.init.Initializable;
import org.xdi.util.security.StringEncrypter;

/* loaded from: input_file:org/gluu/oxauth/client/OpenIdClient.class */
public class OpenIdClient<C extends AppConfiguration, L extends LdapAppConfiguration> extends Initializable implements Client<UserProfile> {
    private static final String STATE_PARAMETER = "#oxauth_state_parameter";
    private static final long NEW_CLIENT_EXPIRATION_OVERLAP = 60000;
    private C appConfiguration;
    private String clientId;
    private String clientSecret;
    private long clientExpiration;
    private boolean preRegisteredClient;
    private OpenIdConfigurationResponse openIdConfiguration;
    private Configuration<C, L> configuration;
    private final Logger logger = LoggerFactory.getLogger(OpenIdClient.class);
    private final ReentrantLock clientLock = new ReentrantLock();

    public OpenIdClient(Configuration<C, L> configuration) {
        this.configuration = configuration;
        this.appConfiguration = configuration.getAppConfiguration();
    }

    public void init() {
        super.init();
        initClient();
    }

    protected void initInternal() {
        this.clientId = this.appConfiguration.getOpenIdClientId();
        this.clientSecret = this.appConfiguration.getOpenIdClientPassword();
        if (StringHelper.isNotEmpty(this.clientSecret)) {
            try {
                this.clientSecret = StringEncrypter.instance(this.configuration.getCryptoConfigurationSalt()).decrypt(this.clientSecret);
            } catch (StringEncrypter.EncryptionException e) {
                this.logger.warn("Assuming that client password is not encrypted!");
            }
        }
        this.preRegisteredClient = StringHelper.isNotEmpty(this.clientId) && StringHelper.isNotEmpty(this.clientSecret);
        loadOpenIdConfiguration();
    }

    private void loadOpenIdConfiguration() {
        String openIdProviderUrl = this.appConfiguration.getOpenIdProviderUrl();
        if (StringHelper.isEmpty(openIdProviderUrl)) {
            throw new ConfigurationException("OpenIdProvider Url is invalid");
        }
        OpenIdConfigurationResponse execOpenIdConfiguration = new OpenIdConfigurationClient(openIdProviderUrl).execOpenIdConfiguration();
        if (execOpenIdConfiguration == null || execOpenIdConfiguration.getStatus() != 200) {
            throw new ConfigurationException("Failed to load oxAuth configuration");
        }
        this.logger.info("Successfully loaded oxAuth configuration");
        this.openIdConfiguration = execOpenIdConfiguration;
    }

    private void initClient() {
        if (this.preRegisteredClient || isValidClient(System.currentTimeMillis())) {
            return;
        }
        this.clientLock.lock();
        try {
            if (!isValidClient(System.currentTimeMillis())) {
                RegisterResponse registerOpenIdClient = registerOpenIdClient();
                this.clientId = registerOpenIdClient.getClientId();
                this.clientSecret = registerOpenIdClient.getClientSecret();
                this.clientExpiration = registerOpenIdClient.getClientSecretExpiresAt().getTime();
            }
        } finally {
            this.clientLock.unlock();
        }
    }

    private boolean isValidClient(long j) {
        return (StringHelper.isEmpty(this.clientId) || StringHelper.isEmpty(this.clientSecret) || this.clientExpiration - NEW_CLIENT_EXPIRATION_OVERLAP <= j) ? false : true;
    }

    private RegisterResponse registerOpenIdClient() {
        this.logger.info("Registering OpenId client");
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, this.appConfiguration.getApplicationName() + " client", Arrays.asList(this.appConfiguration.getOpenIdRedirectUrl()));
        registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS256);
        registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
        RegisterClient registerClient = new RegisterClient(this.openIdConfiguration.getRegistrationEndpoint());
        registerClient.setRequest(registerRequest);
        RegisterResponse exec = registerClient.exec();
        if (exec == null || exec.getStatus() != 200) {
            throw new ConfigurationException("Failed to register new client");
        }
        return exec;
    }

    @Override // org.gluu.oxauth.client.Client
    public String getName() {
        return getClass().getSimpleName();
    }

    @Override // org.gluu.oxauth.client.Client
    public String getRedirectionUrl(WebContext webContext) {
        init();
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(10);
        String randomAlphanumeric2 = RandomStringUtils.randomAlphanumeric(10);
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), this.clientId, this.appConfiguration.getOpenIdScopes(), this.appConfiguration.getOpenIdRedirectUrl(), (String) null);
        authorizationRequest.setState(randomAlphanumeric);
        authorizationRequest.setNonce(randomAlphanumeric2);
        webContext.setSessionAttribute(getName() + STATE_PARAMETER, randomAlphanumeric);
        String str = this.openIdConfiguration.getAuthorizationEndpoint() + "?" + authorizationRequest.getQueryString();
        this.logger.debug("oxAuth redirection Url: '{}'", str);
        return str;
    }

    @Override // org.gluu.oxauth.client.Client
    public boolean isAuthorizationResponse(WebContext webContext) {
        String requestParameter = webContext.getRequestParameter(ResponseType.CODE.getValue());
        this.logger.debug("oxAuth authorization code: '{}'", requestParameter);
        boolean isNotEmpty = StringHelper.isNotEmpty(requestParameter);
        this.logger.debug("Is authorization request: '{}'", Boolean.valueOf(isNotEmpty));
        return isNotEmpty;
    }

    @Override // org.gluu.oxauth.client.Client
    public boolean isValidRequestState(WebContext webContext) {
        String requestParameter = webContext.getRequestParameter("state");
        this.logger.debug("oxAuth request state: '{}'", requestParameter);
        Object sessionAttribute = webContext.getSessionAttribute(getName() + STATE_PARAMETER);
        this.logger.debug("Session context state: '{}'", sessionAttribute);
        if (StringHelper.isEmptyString(sessionAttribute)) {
            return false;
        }
        boolean equals = StringHelper.equals(requestParameter, (String) sessionAttribute);
        this.logger.debug("Is valid state: '{}'", Boolean.valueOf(equals));
        return equals;
    }

    @Override // org.gluu.oxauth.client.Client
    public final OpenIdCredentials getCredentials(WebContext webContext) {
        OpenIdCredentials openIdCredentials = new OpenIdCredentials(webContext.getRequestParameter(ResponseType.CODE.getValue()));
        openIdCredentials.setClientName(getName());
        this.logger.debug("Client credential: '{}'", openIdCredentials);
        return openIdCredentials;
    }

    @Override // org.gluu.oxauth.client.Client
    public UserProfile getUserProfile(OpenIdCredentials openIdCredentials, WebContext webContext) {
        init();
        try {
            CommonProfile retrieveUserProfileFromUserInfoResponse = retrieveUserProfileFromUserInfoResponse(getUserInfo(getAccessToken(openIdCredentials)));
            this.logger.debug("User profile: '{}'", retrieveUserProfileFromUserInfoResponse);
            return retrieveUserProfileFromUserInfoResponse;
        } catch (Exception e) {
            throw new CommunicationException(e);
        }
    }

    private String getAccessToken(OpenIdCredentials openIdCredentials) {
        this.logger.debug("Getting access token");
        TokenResponse execAuthorizationCode = new TokenClient(this.openIdConfiguration.getTokenEndpoint()).execAuthorizationCode(openIdCredentials.getAuthorizationCode(), this.appConfiguration.getOpenIdRedirectUrl(), this.clientId, this.clientSecret);
        this.logger.trace("tokenResponse.getStatus(): '{}'", Integer.valueOf(execAuthorizationCode.getStatus()));
        this.logger.trace("tokenResponse.getErrorType(): '{}'", execAuthorizationCode.getErrorType());
        String accessToken = execAuthorizationCode.getAccessToken();
        this.logger.trace("accessToken : " + accessToken);
        return accessToken;
    }

    private UserInfoResponse getUserInfo(String str) {
        this.logger.debug("Session validation successful. Getting user information");
        UserInfoResponse execUserInfo = new UserInfoClient(this.openIdConfiguration.getUserInfoEndpoint()).execUserInfo(str);
        this.logger.trace("userInfoResponse.getStatus(): '{}'", Integer.valueOf(execUserInfo.getStatus()));
        this.logger.trace("userInfoResponse.getErrorType(): '{}'", execUserInfo.getErrorType());
        this.logger.debug("userInfoResponse.getClaims(): '{}'", execUserInfo.getClaims());
        return execUserInfo;
    }

    protected CommonProfile retrieveUserProfileFromUserInfoResponse(UserInfoResponse userInfoResponse) {
        CommonProfile commonProfile = new CommonProfile();
        String firstClaim = getFirstClaim(userInfoResponse, "user_name");
        if (StringHelper.isEmpty(firstClaim)) {
            firstClaim = getFirstClaim(userInfoResponse, "sub");
        }
        commonProfile.setId(firstClaim);
        List<ClaimToAttributeMapping> openIdClaimMapping = this.appConfiguration.getOpenIdClaimMapping();
        if (openIdClaimMapping == null || openIdClaimMapping.size() == 0) {
            this.logger.info("Using default claims to attributes mapping");
            commonProfile.setUserName(firstClaim);
            commonProfile.setEmail(getFirstClaim(userInfoResponse, "email"));
            commonProfile.setDisplayName(getFirstClaim(userInfoResponse, "name"));
            commonProfile.setFirstName(getFirstClaim(userInfoResponse, "given_name"));
            commonProfile.setFamilyName(getFirstClaim(userInfoResponse, "family_name"));
            commonProfile.setZone(getFirstClaim(userInfoResponse, "zoneinfo"));
            commonProfile.setLocale(getFirstClaim(userInfoResponse, "locale"));
        } else {
            for (ClaimToAttributeMapping claimToAttributeMapping : openIdClaimMapping) {
                String attribute = claimToAttributeMapping.getAttribute();
                String firstClaim2 = getFirstClaim(userInfoResponse, claimToAttributeMapping.getClaim());
                commonProfile.addAttribute(attribute, firstClaim2);
                this.logger.trace("Adding attribute '{}' with value '{}'", attribute, firstClaim2);
            }
        }
        return commonProfile;
    }

    protected String getFirstClaim(UserInfoResponse userInfoResponse, String str) {
        List claim = userInfoResponse.getClaim(str);
        if (claim == null || claim.isEmpty()) {
            return null;
        }
        return (String) claim.get(0);
    }

    public C getAppConfiguration() {
        return this.appConfiguration;
    }

    public OpenIdConfigurationResponse getOpenIdConfiguration() {
        return this.openIdConfiguration;
    }
}
