package nl.wldelft.util.io.auth;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Base64;
import nl.wldelft.fews.castor.types.ImportTypeEnumStringType;
import nl.wldelft.util.Arguments;
import nl.wldelft.util.IOUtils;
import nl.wldelft.util.TextUtils;

/* loaded from: input_file:nl/wldelft/util/io/auth/OpenIdUtils.class */
public final class OpenIdUtils {
    private static final String[] EMPTY_ARRAY;
    static final /* synthetic */ boolean $assertionsDisabled;

    private OpenIdUtils() {
    }

    public static boolean isExpired(String str) throws IOException {
        String parseTokenValue = parseTokenValue("exp", str);
        if (parseTokenValue == null) {
            throw new IOException("Missing claim 'exp'");
        }
        return Long.parseLong(parseTokenValue) * 1000 < System.currentTimeMillis() + 300000;
    }

    public static void validateJwtBody(String str, OpenIdConf openIdConf) throws IOException {
        if (isExpired(str)) {
            throw new IOException("AccessToken is expired!");
        }
        boolean z = false;
        String[] parseTokenObject = parseTokenObject("aud", str);
        for (String str2 : parseTokenObject) {
            if (openIdConf.isValidAudience(str2)) {
                z = true;
            }
        }
        if (!z) {
            throw new IOException("AccessToken does not contain valid audience: " + TextUtils.join((Object[]) parseTokenObject, ','));
        }
        boolean z2 = false;
        String[] parseTokenObject2 = parseTokenObject("scope", str);
        for (String str3 : parseTokenObject2) {
            if (openIdConf.isValidScope(str3)) {
                z2 = true;
            }
        }
        if (!z2 && parseTokenObject2.length > 0) {
            throw new IOException("AccessToken does not contain valid scope: " + TextUtils.join((Object[]) parseTokenObject2, ','));
        }
        String parseTokenValue = parseTokenValue("iss", str);
        if (parseTokenValue != null && !TextUtils.equals(parseTokenValue, openIdConf.getIssuer())) {
            throw new IOException("AccessToken contains invalid issuer " + openIdConf.getIssuer());
        }
        String parseTokenValue2 = parseTokenValue("client_id", str);
        if (parseTokenValue2 != null) {
            if (!openIdConf.isValidClientId(parseTokenValue2)) {
                throw new IOException("AccessToken does not contain valid clientId " + openIdConf.getClientId());
            }
        } else if (parseTokenValue("azp", str) == null && openIdConf.getClientId() != null) {
            throw new IOException("Missing claim 'clientId'");
        }
    }

    public static String parseTokenValue(String str, String str2) {
        int indexOf = str2.indexOf("\"" + str + "\"");
        if (indexOf == -1) {
            return null;
        }
        int indexOf2 = str2.indexOf(44, indexOf);
        if (indexOf2 == -1) {
            indexOf2 = str2.indexOf(ImportTypeEnumStringType.VALUE_125_TYPE, indexOf);
        }
        if (indexOf2 == -1) {
            return null;
        }
        return TextUtils.trimToNull(TextUtils.removeCharacters(TextUtils.rightFrom(str2.substring(indexOf, indexOf2), ':'), new char[]{'\"'}));
    }

    public static String[] parseTokenObject(String str, String str2) {
        String str3 = "\"" + str + "\"";
        int indexOf = str2.indexOf(str3);
        if (indexOf == -1) {
            return EMPTY_ARRAY;
        }
        int length = indexOf + str3.length() + 1;
        if (str2.charAt(length) != '[') {
            String parseTokenValue = parseTokenValue(str, str2);
            return parseTokenValue == null ? EMPTY_ARRAY : TextUtils.split(parseTokenValue, ' ');
        }
        int indexOf2 = str2.indexOf(93, length);
        if (indexOf2 == -1) {
            return EMPTY_ARRAY;
        }
        String[] split = TextUtils.split(str2.substring(length + 1, indexOf2), ',', '\"');
        for (int i = 0; i < split.length; i++) {
            split[i] = TextUtils.trimToNull(TextUtils.removeCharacters(split[i], new char[]{'\"'}));
        }
        return split;
    }

    public static String decodeJwt(String str) {
        String[] split = str.split("\\.");
        if (!$assertionsDisabled && split.length <= 1) {
            throw new AssertionError();
        }
        return new String(Base64.getUrlDecoder().decode(split[1]));
    }

    public static String getAccessToken(OpenIdConf openIdConf) throws IOException {
        Arguments.require.notNull(openIdConf).notNull(openIdConf.getAuthUrl());
        return parseTokenResponse(getTokenResponse(openIdConf), openIdConf);
    }

    private static String getTokenResponse(OpenIdConf openIdConf) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(openIdConf.getAuthUrl()).openConnection();
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setRequestMethod("POST");
        if (openIdConf.getUserName() != null && openIdConf.getPassword() != null) {
            BasicAuthProvider basicAuthProvider = new BasicAuthProvider(openIdConf.getUserName(), openIdConf.getPassword());
            httpURLConnection.setRequestProperty(basicAuthProvider.getAuthorizationKey(), basicAuthProvider.getAuthorizationValue());
        }
        httpURLConnection.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpURLConnection.getOutputStream());
        Throwable th = null;
        try {
            try {
                if (openIdConf.getClientId() != null) {
                    outputStreamWriter.write("CLIENT_ID=" + openIdConf.getClientId() + "&CLIENT_SECRET=" + openIdConf.getClientSecret() + '&');
                }
                if (openIdConf.getRefreshToken() != null) {
                    outputStreamWriter.write("refresh_token=" + openIdConf.getRefreshToken() + '&');
                }
                outputStreamWriter.write("grant_type=" + openIdConf.getGrantType());
                if (openIdConf.getScopeText() != null) {
                    outputStreamWriter.write("&scope=" + openIdConf.getScopeText());
                }
                outputStreamWriter.flush();
                if (outputStreamWriter != null) {
                    if (0 != 0) {
                        try {
                            outputStreamWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        outputStreamWriter.close();
                    }
                }
                int responseCode = httpURLConnection.getResponseCode();
                if (responseCode > 250) {
                    throw new IOException(String.format("Invalid response code %d: %s.", Integer.valueOf(responseCode), getErrorMessage(httpURLConnection)));
                }
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                Throwable th3 = null;
                try {
                    try {
                        String readText = IOUtils.readText(bufferedReader);
                        if (bufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                        return readText;
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (bufferedReader != null) {
                        if (th3 != null) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Throwable th7) {
            if (outputStreamWriter != null) {
                if (th != null) {
                    try {
                        outputStreamWriter.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    outputStreamWriter.close();
                }
            }
            throw th7;
        }
    }

    public static String getTokenInfoResponse(OpenIdConf openIdConf, String str) throws IOException {
        Arguments.require.notNull(openIdConf.getTokenInfoUrl());
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(openIdConf.getTokenInfoUrl() + "?access_token=" + str).openConnection();
        if (httpURLConnection.getResponseCode() != 200) {
            throw new IOException(String.format("Error retrieving token info!: %s.", getErrorMessage(httpURLConnection)));
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
        Throwable th = null;
        try {
            try {
                String readText = IOUtils.readText(bufferedReader);
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return readText;
            } finally {
            }
        } catch (Throwable th3) {
            if (bufferedReader != null) {
                if (th != null) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            throw th3;
        }
    }

    private static String parseTokenResponse(String str, OpenIdConf openIdConf) throws IOException {
        Arguments.require.notNull(str).notNull(openIdConf);
        String parseTokenValue = parseTokenValue("access_token", str);
        if (parseTokenValue == null) {
            throw new IOException("Missing 'access_token' in token response!");
        }
        String parseTokenValue2 = parseTokenValue("token_type", str);
        if (parseTokenValue2 == null || !TextUtils.equals("Bearer", parseTokenValue2)) {
            throw new IOException("Missing or invalid 'token_type' in token response: " + (parseTokenValue2 == null ? "null" : parseTokenValue2));
        }
        validateJwtBody(decodeJwt(parseTokenValue), openIdConf);
        return parseTokenValue;
    }

    private static String getErrorMessage(HttpURLConnection httpURLConnection) throws IOException {
        String readText = IOUtils.readText(new InputStreamReader(httpURLConnection.getInputStream()));
        if (TextUtils.trimToNull(readText) == null) {
            readText = IOUtils.readText(new InputStreamReader(httpURLConnection.getErrorStream()));
        }
        return readText;
    }

    public static String getIssuerFromTokenUrl(String str) {
        Arguments.require.notNull(str).isTrue(str.length() > "/connect/token".length());
        return str.endsWith("/") ? TextUtils.left(str, str.length() - "/connect/token/".length()) : TextUtils.left(str, str.length() - "/connect/token".length());
    }

    public static String getEmail(String str) {
        return parseTokenValue("email", str);
    }

    public static String[] getRoles(String str) {
        return parseTokenObject("role", str);
    }

    static {
        $assertionsDisabled = !OpenIdUtils.class.desiredAssertionStatus();
        EMPTY_ARRAY = new String[0];
    }
}
