package leap.oauth2.webapp.user;

import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.lang.http.ContentTypes;
import leap.lang.http.client.HttpClient;
import leap.lang.http.client.HttpRequest;
import leap.lang.http.client.HttpResponse;
import leap.lang.json.JSON;
import leap.lang.json.JsonObject;
import leap.lang.json.JsonValue;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.oauth2.OAuth2InternalServerException;
import leap.oauth2.OAuth2Params;
import leap.oauth2.rs.OAuth2ResServerConfig;
import leap.oauth2.webapp.token.AccessToken;
import leap.web.security.user.SimpleUserDetails;
import leap.web.security.user.UserDetails;
import leap.web.security.user.UserManager;

/* loaded from: input_file:leap/oauth2/webapp/user/DefaultUserDetailsLookup.class */
public class DefaultUserDetailsLookup implements UserDetailsLookup {
    private static final Log log = LogFactory.get(DefaultUserDetailsLookup.class);

    @Inject
    protected OAuth2ResServerConfig config;

    @Inject
    protected HttpClient httpClient;

    @Inject
    protected UserManager userManager;

    @Override // leap.oauth2.webapp.user.UserDetailsLookup
    public UserDetails lookupUserDetails(AccessToken accessToken, String str) {
        if (!this.config.isUseRemoteUserInfo()) {
            return this.userManager.loadUserDetails(str);
        }
        if (Strings.isEmpty(this.config.getRemoteUserInfoEndpointUrl())) {
            throw new IllegalStateException("The userInfoEndpointUrl must be configured when use remote authz server");
        }
        HttpRequest addQueryParam = this.httpClient.request(this.config.getRemoteUserInfoEndpointUrl()).addQueryParam(OAuth2Params.ACCESS_TOKEN, accessToken.getToken());
        if (null != this.config.getResourceServerId()) {
            addQueryParam.addHeader("Authorization", "Basic " + Base64.encode(this.config.getResourceServerId() + ":" + this.config.getResourceServerSecret()));
        }
        HttpResponse httpResponse = addQueryParam.get();
        if (!ContentTypes.APPLICATION_JSON_TYPE.isCompatible(httpResponse.getContentType())) {
            throw new OAuth2InternalServerException("Invalid response from auth server");
        }
        String string = httpResponse.getString();
        log.debug("Received response : {}", new Object[]{string});
        try {
            JsonValue parse = JSON.parse(string);
            if (!parse.isMap()) {
                throw new OAuth2InternalServerException("Invalid response from auth server : not a json map");
            }
            JsonObject asJsonObject = parse.asJsonObject();
            if (Strings.isEmpty(asJsonObject.getString(OAuth2Params.ERROR))) {
                return newUserDetails(asJsonObject);
            }
            return null;
        } catch (Exception e) {
            log.error(e);
            throw new OAuth2InternalServerException(e.getMessage());
        }
    }

    protected UserDetails newUserDetails(JsonObject jsonObject) {
        SimpleUserDetails simpleUserDetails = new SimpleUserDetails();
        simpleUserDetails.setId(jsonObject.getString("sub"));
        simpleUserDetails.setName(jsonObject.getString("name"));
        simpleUserDetails.setLoginName(jsonObject.getString("login_name"));
        return simpleUserDetails;
    }
}
