package org.eclipse.sensinact.gateway.core.security.user.openid;

import java.io.IOException;
import java.security.InvalidKeyException;
import org.eclipse.sensinact.gateway.core.security.AccessToken;
import org.eclipse.sensinact.gateway.core.security.InvalidCredentialException;
import org.eclipse.sensinact.gateway.core.security.UserKey;
import org.eclipse.sensinact.gateway.core.security.UserKeyBuilder;
import org.eclipse.sensinact.gateway.datastore.api.DataStoreException;
import org.eclipse.sensinact.gateway.protocol.http.client.ConnectionConfigurationImpl;
import org.eclipse.sensinact.gateway.protocol.http.client.SimpleRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/sensinact/gateway/core/security/user/openid/OpenIdAccessTokenUserKeyBuilder.class */
public class OpenIdAccessTokenUserKeyBuilder implements UserKeyBuilder<String, AccessToken> {
    private static final Logger LOG = LoggerFactory.getLogger(OpenIdAccessTokenUserKeyBuilder.class);
    private OpenIdUserKeyBuilderConfig config;

    public OpenIdAccessTokenUserKeyBuilder(OpenIdUserKeyBuilderConfig openIdUserKeyBuilderConfig) {
        this.config = openIdUserKeyBuilderConfig;
    }

    public UserKey buildKey(AccessToken accessToken) throws InvalidKeyException, InvalidCredentialException, DataStoreException {
        OpenIdUser openIdUser = null;
        try {
            openIdUser = getUserInfo(accessToken.getAuthenticationMaterial());
        } catch (IOException e) {
            LOG.error(e.getMessage(), e);
        }
        if (openIdUser == null) {
            return null;
        }
        return new UserKey(openIdUser.getSensiNactPublicKey());
    }

    private OpenIdUser getUserInfo(String str) throws IOException {
        if (!this.config.isConfigured()) {
            return null;
        }
        JsonWebToken jsonWebToken = new JsonWebToken(str, this.config.getPublicKeys());
        if (!jsonWebToken.isValid()) {
            return null;
        }
        ConnectionConfigurationImpl connectionConfigurationImpl = new ConnectionConfigurationImpl();
        connectionConfigurationImpl.setUri(this.config.getUserinfoEP().toURL().toExternalForm());
        connectionConfigurationImpl.queryParameter("client_id", this.config.getClientId());
        connectionConfigurationImpl.addHeader("Authorization", "Bearer " + jsonWebToken.token());
        connectionConfigurationImpl.setHttpMethod("GET");
        OpenIdUser openIdUser = new OpenIdUser(this.config, new String(new SimpleRequest(connectionConfigurationImpl).send().getContent()), jsonWebToken);
        if (openIdUser.isValid()) {
            return openIdUser;
        }
        return null;
    }
}
