package org.eclipse.sensinact.gateway.core.security.user.openid;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.util.Base64;
import org.eclipse.sensinact.gateway.core.security.Credentials;
import org.eclipse.sensinact.gateway.core.security.InvalidCredentialException;
import org.eclipse.sensinact.gateway.core.security.UserKey;
import org.eclipse.sensinact.gateway.core.security.UserKeyBuilder;
import org.eclipse.sensinact.gateway.datastore.api.DataStoreException;
import org.eclipse.sensinact.gateway.protocol.http.client.ConnectionConfigurationImpl;
import org.eclipse.sensinact.gateway.protocol.http.client.SimpleRequest;
import org.eclipse.sensinact.gateway.protocol.http.client.SimpleResponse;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/sensinact/gateway/core/security/user/openid/OpenIdCredentialsUserKeyBuilder.class */
public class OpenIdCredentialsUserKeyBuilder implements UserKeyBuilder<Credentials, Credentials> {
    private static final Logger LOG = LoggerFactory.getLogger(OpenIdCredentialsUserKeyBuilder.class);
    private OpenIdUserKeyBuilderConfig config;

    public OpenIdCredentialsUserKeyBuilder(OpenIdUserKeyBuilderConfig openIdUserKeyBuilderConfig) {
        this.config = openIdUserKeyBuilderConfig;
    }

    public UserKey buildKey(Credentials credentials) throws InvalidKeyException, InvalidCredentialException, DataStoreException {
        OpenIdUser openIdUser = null;
        try {
            openIdUser = getUserInfo(credentials);
        } catch (IOException e) {
            LOG.error(e.getMessage(), e);
        }
        if (openIdUser == null) {
            return null;
        }
        return new UserKey(openIdUser.getSensiNactPublicKey());
    }

    private OpenIdUser getUserInfo(Credentials credentials) throws IOException {
        if (!this.config.isConfigured()) {
            return null;
        }
        String str = null;
        try {
            ConnectionConfigurationImpl connectionConfigurationImpl = new ConnectionConfigurationImpl();
            connectionConfigurationImpl.setHttpMethod("POST");
            connectionConfigurationImpl.setContentType("application/x-www-form-urlencoded");
            connectionConfigurationImpl.setUri(this.config.getTokenEP().toURL().toExternalForm());
            connectionConfigurationImpl.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString(new String(this.config.getClientId() + ":" + this.config.getClientSecret()).getBytes(StandardCharsets.UTF_8)));
            StringBuilder sb = new StringBuilder();
            String str2 = credentials.login;
            String str3 = credentials.password;
            sb.append("client_id=");
            sb.append(this.config.getClientId());
            sb.append("&username=");
            sb.append(str2);
            sb.append("&password=");
            sb.append(str3);
            sb.append("&scope=openid%20roles");
            sb.append("&grant_type=password");
            sb.append("&response_type=id_token%20token");
            connectionConfigurationImpl.setContent(sb.toString());
            SimpleResponse send = new SimpleRequest(connectionConfigurationImpl).send();
            if (send.getStatusCode() == 200) {
                str = new JSONObject(new String(send.getContent(), "UTF-8")).getString("access_token");
            }
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
        if (str == null) {
            return null;
        }
        JsonWebToken jsonWebToken = new JsonWebToken(str, this.config.getPublicKeys());
        if (!jsonWebToken.isValid()) {
            return null;
        }
        ConnectionConfigurationImpl connectionConfigurationImpl2 = new ConnectionConfigurationImpl();
        connectionConfigurationImpl2.setUri(this.config.getUserinfoEP().toURL().toExternalForm());
        connectionConfigurationImpl2.queryParameter("client_id", this.config.getClientId());
        connectionConfigurationImpl2.addHeader("Authorization", "Bearer " + jsonWebToken.token());
        connectionConfigurationImpl2.setHttpMethod("GET");
        OpenIdUser openIdUser = new OpenIdUser(this.config, new String(new SimpleRequest(connectionConfigurationImpl2).send().getContent()), jsonWebToken);
        if (openIdUser.isValid()) {
            return openIdUser;
        }
        return null;
    }
}
