package io.quarkus.oidc.client.runtime;

import io.quarkus.oidc.client.OidcClient;
import io.quarkus.oidc.client.OidcClientConfig;
import io.quarkus.oidc.client.OidcClientException;
import io.quarkus.oidc.client.OidcClients;
import io.quarkus.oidc.client.Tokens;
import io.quarkus.oidc.common.runtime.OidcCommonConfig;
import io.quarkus.oidc.common.runtime.OidcCommonUtils;
import io.quarkus.runtime.TlsConfig;
import io.quarkus.runtime.annotations.Recorder;
import io.quarkus.runtime.configuration.ConfigurationException;
import io.smallrye.mutiny.Uni;
import io.vertx.core.Vertx;
import io.vertx.ext.web.client.WebClientOptions;
import io.vertx.mutiny.core.MultiMap;
import io.vertx.mutiny.ext.web.client.WebClient;
import java.io.IOException;
import java.net.ConnectException;
import java.net.URI;
import java.time.Duration;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;

@Recorder
/* loaded from: input_file:io/quarkus/oidc/client/runtime/OidcClientRecorder.class */
public class OidcClientRecorder {
    private static final String DEFAULT_OIDC_CLIENT_ID = "Default";
    private static final Logger LOG = Logger.getLogger(OidcClientRecorder.class);
    private static final Duration INITIAL_BACKOFF_DURATION = Duration.ofSeconds(2);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkus/oidc/client/runtime/OidcClientRecorder$DisabledOidcClient.class */
    public static class DisabledOidcClient implements OidcClient {
        String message;

        DisabledOidcClient(String str) {
            this.message = str;
        }

        @Override // io.quarkus.oidc.client.OidcClient
        public Uni<Tokens> getTokens() {
            throw new OidcClientException(this.message);
        }

        @Override // io.quarkus.oidc.client.OidcClient
        public Uni<Tokens> refreshTokens(String str) {
            throw new OidcClientException(this.message);
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            throw new OidcClientException(this.message);
        }
    }

    public OidcClients setup(OidcClientsConfig oidcClientsConfig, final TlsConfig tlsConfig, final Supplier<Vertx> supplier) {
        String orElse = oidcClientsConfig.defaultClient.getId().orElse(DEFAULT_OIDC_CLIENT_ID);
        OidcClient createOidcClient = createOidcClient(oidcClientsConfig.defaultClient, orElse, tlsConfig, supplier);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, OidcClientConfig> entry : oidcClientsConfig.namedClients.entrySet()) {
            OidcCommonUtils.verifyConfigurationId(orElse, entry.getKey(), entry.getValue().getId());
            hashMap.put(entry.getKey(), createOidcClient(entry.getValue(), entry.getKey(), tlsConfig, supplier));
        }
        return new OidcClientsImpl(createOidcClient, hashMap, new Function<OidcClientConfig, Uni<OidcClient>>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.1
            @Override // java.util.function.Function
            public Uni<OidcClient> apply(OidcClientConfig oidcClientConfig) {
                return OidcClientRecorder.createOidcClientUni(oidcClientConfig, oidcClientConfig.getId().get(), tlsConfig, supplier);
            }
        });
    }

    public Supplier<OidcClient> createOidcClientBean(final OidcClients oidcClients) {
        return new Supplier<OidcClient>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public OidcClient get() {
                return oidcClients.getClient();
            }
        };
    }

    public Supplier<OidcClients> createOidcClientsBean(final OidcClients oidcClients) {
        return new Supplier<OidcClients>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public OidcClients get() {
                return oidcClients;
            }
        };
    }

    protected static OidcClient createOidcClient(OidcClientConfig oidcClientConfig, String str, TlsConfig tlsConfig, Supplier<Vertx> supplier) {
        return (OidcClient) createOidcClientUni(oidcClientConfig, str, tlsConfig, supplier).await().indefinitely();
    }

    protected static Uni<OidcClient> createOidcClientUni(final OidcClientConfig oidcClientConfig, String str, TlsConfig tlsConfig, Supplier<Vertx> supplier) {
        if (!oidcClientConfig.isClientEnabled()) {
            String format = String.format("'%s' client configuration is disabled", str);
            LOG.debug(format);
            return Uni.createFrom().item(new DisabledOidcClient(format));
        }
        if (!oidcClientConfig.getId().isPresent()) {
            oidcClientConfig.setId(str);
        }
        OidcCommonUtils.verifyCommonConfiguration(oidcClientConfig);
        String authServerUrl = OidcCommonUtils.getAuthServerUrl(oidcClientConfig);
        WebClientOptions webClientOptions = new WebClientOptions();
        URI create = URI.create(authServerUrl);
        OidcCommonUtils.setHttpClientOptions(oidcClientConfig, tlsConfig, webClientOptions);
        final WebClient create2 = WebClient.create(new io.vertx.mutiny.core.Vertx(supplier.get()), webClientOptions);
        return (!oidcClientConfig.discoveryEnabled ? Uni.createFrom().item(OidcCommonUtils.getOidcEndpointUrl(create.toString(), oidcClientConfig.tokenPath)) : discoverTokenRequestUri(create2, create.toString(), oidcClientConfig)).onItem().transform(new Function<String, OidcClient>() { // from class: io.quarkus.oidc.client.runtime.OidcClientRecorder.4
            @Override // java.util.function.Function
            public OidcClient apply(String str2) {
                if (str2 == null) {
                    throw new ConfigurationException("OpenId Connect Provider token endpoint URL is not configured and can not be discovered");
                }
                MultiMap multiMap = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
                String str3 = OidcClientConfig.this.grant.getType() == OidcClientConfig.Grant.Type.CLIENT ? "client_credentials" : "password";
                OidcClientRecorder.setGrantClientParams(OidcClientConfig.this, multiMap, str3);
                if (OidcClientConfig.this.grant.getType() == OidcClientConfig.Grant.Type.PASSWORD) {
                    Map<String, String> map = OidcClientConfig.this.getGrantOptions().get("password");
                    multiMap.add("username", map.get("username"));
                    multiMap.add("password", map.get("password"));
                }
                MultiMap multiMap2 = new MultiMap(io.vertx.core.MultiMap.caseInsensitiveMultiMap());
                OidcClientRecorder.setGrantClientParams(OidcClientConfig.this, multiMap2, "refresh_token");
                return new OidcClientImpl(create2, str2, str3, multiMap, multiMap2, OidcClientConfig.this);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setGrantClientParams(OidcClientConfig oidcClientConfig, MultiMap multiMap, String str) {
        multiMap.add("grant_type", str);
        OidcCommonConfig.Credentials credentials = oidcClientConfig.getCredentials();
        if (OidcCommonUtils.isClientSecretPostAuthRequired(credentials)) {
            multiMap.add("client_id", (String) oidcClientConfig.clientId.get());
            multiMap.add("client_secret", OidcCommonUtils.clientSecret(credentials));
        }
        if (oidcClientConfig.getScopes().isPresent()) {
            multiMap.add("scope", (String) oidcClientConfig.getScopes().get().stream().collect(Collectors.joining(" ")));
        }
    }

    private static Uni<String> discoverTokenRequestUri(WebClient webClient, String str, OidcClientConfig oidcClientConfig) {
        String str2 = str + "/.well-known/openid-configuration";
        long connectionRetryCount = OidcCommonUtils.getConnectionRetryCount(oidcClientConfig);
        long connectionDelayInMillis = OidcCommonUtils.getConnectionDelayInMillis(oidcClientConfig);
        if (connectionRetryCount > 1) {
            LOG.infof("Connecting to IDP for up to %d times every 2 seconds", Long.valueOf(connectionRetryCount));
        }
        return webClient.getAbs(str2).send().onItem().transform(httpResponse -> {
            if (httpResponse.statusCode() == 200) {
                return httpResponse.bodyAsJsonObject().getString("token_endpoint");
            }
            LOG.tracef("Discovery has failed, status code: %d", httpResponse.statusCode());
            return null;
        }).onFailure(ConnectException.class).retry().withBackOff(INITIAL_BACKOFF_DURATION, INITIAL_BACKOFF_DURATION).expireIn(connectionDelayInMillis);
    }

    protected static OidcClientException toOidcClientException(String str, Throwable th) {
        return new OidcClientException(OidcCommonUtils.formatConnectionErrorMessage(str), th);
    }
}
