package org.gecko.util.pac4j.clients;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.JWTParser;
import java.text.ParseException;
import org.gecko.util.pac4j.clients.config.BearerTokenClientConfig;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.log.Logger;
import org.osgi.service.log.LoggerFactory;
import org.osgi.service.metatype.annotations.Designate;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.extractor.CredentialsExtractor;
import org.pac4j.oidc.config.KeycloakOidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
import org.pac4j.oidc.profile.OidcProfile;
import org.pac4j.oidc.profile.creator.OidcProfileCreator;

@Designate(ocd = BearerTokenClientConfig.class)
@Component(service = {Client.class}, name = "BearerTokenClient", configurationPolicy = ConfigurationPolicy.REQUIRE)
/* loaded from: input_file:org/gecko/util/pac4j/clients/BearerTokenClient.class */
public class BearerTokenClient extends DirectClient<OidcCredentials, OidcProfile> {

    @Reference(service = LoggerFactory.class)
    private Logger logger;

    @Activate
    public void activate(BearerTokenClientConfig bearerTokenClientConfig) throws ConfigurationException {
        KeycloakOidcConfiguration keycloakOidcConfiguration = new KeycloakOidcConfiguration();
        keycloakOidcConfiguration.setBaseUri(bearerTokenClientConfig.oid_baseUri());
        keycloakOidcConfiguration.setRealm(bearerTokenClientConfig.oid_realm());
        keycloakOidcConfiguration.setClientId(bearerTokenClientConfig.oid_clientId());
        keycloakOidcConfiguration.setSecret(bearerTokenClientConfig.oid_secret());
        setName(bearerTokenClientConfig.oid_clientId());
        keycloakOidcConfiguration.setPreferredJwsAlgorithm(JWSAlgorithm.parse(bearerTokenClientConfig.oid_jws_algorithm().toString()));
        setProfileCreator(new OidcProfileCreator(keycloakOidcConfiguration));
        setAuthenticator(new OidcBearerAuthenticator(keycloakOidcConfiguration));
        setCredentialsExtractor(new CredentialsExtractor<OidcCredentials>() { // from class: org.gecko.util.pac4j.clients.BearerTokenClient.1
            /* renamed from: extract, reason: merged with bridge method [inline-methods] */
            public OidcCredentials m0extract(WebContext webContext) {
                String requestHeader = webContext.getRequestHeader("Authorization");
                OidcCredentials oidcCredentials = new OidcCredentials();
                if (requestHeader == null) {
                    webContext.setResponseStatus(401);
                    webContext.setResponseContentType("text/plain");
                    webContext.setResponseHeader("Athorization-Error", "Authorization Header is missing");
                    return null;
                }
                try {
                    oidcCredentials.setIdToken(JWTParser.parse(requestHeader.substring("Bearer ".length())));
                    return oidcCredentials;
                } catch (ParseException e) {
                    BearerTokenClient.this.logger.error("Could not parse JWT Token", e);
                    webContext.setResponseStatus(500);
                    webContext.setResponseContentType("text/plain");
                    webContext.setResponseHeader("Athorization-Error", "Authorization failed. Could not parse JWT Token: " + e.getMessage());
                    return null;
                }
            }
        });
    }

    protected void clientInit() {
    }
}
