package br.com.techne.cronos.paas.oidc.sdk.oauth2.servlet;

import br.com.techne.cronos.paas.oidc.sdk.oauth2.OAuth2Lib;
import br.com.techne.cronos.paas.oidc.sdk.oauth2.OidcUser;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import net.minidev.json.JSONObject;

/* loaded from: input_file:br/com/techne/cronos/paas/oidc/sdk/oauth2/servlet/OidcCallbackServlet.class */
public class OidcCallbackServlet extends HttpServlet {
    private static final long serialVersionUID = -696840155622416565L;

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpSession session = httpServletRequest.getSession();
        OidcUser oidcUser = (OidcUser) session.getAttribute(OAuth2Lib.OIDC_USER);
        if (oidcUser.userId != null && oidcUser.userId.length() != 0) {
            httpServletResponse.sendRedirect(oidcUser.originalUrl);
            return;
        }
        AccessTokenResponse accessToken = OAuth2Lib.getAccessToken(OAuth2Lib.parseAuthenticationRequest(httpServletRequest).getAuthorizationCode());
        OIDCTokens tokens = accessToken.getTokens();
        BearerAccessToken accessToken2 = tokens.getAccessToken();
        RefreshToken refreshToken = tokens.getRefreshToken();
        JWT iDToken = tokens.getIDToken();
        SignedJWT signedToken = OAuth2Lib.getSignedToken((TokenResponse) accessToken);
        JSONObject tokenKey = OAuth2Lib.getTokenKey(accessToken2);
        if (signedToken != null && !OAuth2Lib.verifySignedToken(signedToken, tokenKey)) {
            httpServletResponse.sendError(403, "Invalid Id Token signature");
            return;
        }
        JSONObject userInfo = OAuth2Lib.getUserInfo(accessToken2);
        oidcUser.userInfo = userInfo;
        oidcUser.userId = userInfo.get("user_id").toString();
        oidcUser.userName = userInfo.get("user_name").toString();
        oidcUser.name = userInfo.get("name") != null ? userInfo.get("name").toString() : "";
        oidcUser.givenName = userInfo.get("given_name") != null ? userInfo.get("given_name").toString() : "";
        oidcUser.familyName = userInfo.get("family_name") != null ? userInfo.get("family_name").toString() : "";
        oidcUser.accessToken = accessToken2;
        oidcUser.refreshToken = refreshToken;
        oidcUser.idToken = iDToken;
        session.setAttribute(OAuth2Lib.OIDC_USER, oidcUser);
        httpServletResponse.sendRedirect(oidcUser.originalUrl);
    }
}
