package io.confluent.security.auth.oauth.mockserver.server;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.confluent.security.auth.oauth.mockserver.common.SupportedAlgorithms;
import io.confluent.security.auth.oauth.mockserver.common.TokenInfo;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.Handler;
import io.vertx.core.MultiMap;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.json.JsonObject;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/security/auth/oauth/mockserver/server/AuthServerRequestHandler.class */
public class AuthServerRequestHandler implements Handler<HttpServerRequest> {
    private static final Logger log = LoggerFactory.getLogger("oauth");
    private static final int EXPIRES_IN_SECONDS = 600;
    private final MockOAuthServer verticle;

    public AuthServerRequestHandler(MockOAuthServer mockOAuthServer) {
        this.verticle = mockOAuthServer;
    }

    public void handle(HttpServerRequest httpServerRequest) {
        log.info("> " + httpServerRequest.method().name() + " " + httpServerRequest.path());
        CommonHttp.setContextLog(log);
        if (!CommonHttp.isOneOf(httpServerRequest.method(), HttpMethod.GET, HttpMethod.POST)) {
            CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.METHOD_NOT_ALLOWED);
            return;
        }
        String[] split = httpServerRequest.path().split("/");
        if (split.length != 2) {
            CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.NOT_FOUND);
            return;
        }
        try {
            processRequest(Endpoint.fromString(split[1]), httpServerRequest);
        } catch (Throwable th) {
            CommonHttp.handleFailure(httpServerRequest, th, log);
        }
    }

    private boolean processRequest(Endpoint endpoint, HttpServerRequest httpServerRequest) {
        if (endpoint == Endpoint.JWKS) {
            processJwksRequest(httpServerRequest);
            return true;
        }
        if (endpoint != Endpoint.TOKEN) {
            return false;
        }
        processTokenRequest(httpServerRequest);
        return true;
    }

    private static boolean generateResponse(HttpServerRequest httpServerRequest, Mode mode) {
        boolean z = true;
        switch (mode) {
            case MODE_STALL:
                break;
            case MODE_400:
                CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.BAD_REQUEST);
                break;
            case MODE_401:
                CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.UNAUTHORIZED);
                break;
            case MODE_403:
                CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.FORBIDDEN);
                break;
            case MODE_404:
                CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.NOT_FOUND);
                break;
            case MODE_500:
                CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.INTERNAL_SERVER_ERROR);
                break;
            case MODE_503:
                CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.SERVICE_UNAVAILABLE);
                break;
            default:
                z = false;
                log.error("Unexpected mode: " + String.valueOf(mode));
                break;
        }
        if (z) {
            log.info("Returned mode status: " + String.valueOf(mode));
        }
        return z;
    }

    private void processTokenRequest(HttpServerRequest httpServerRequest) {
        if (httpServerRequest.method() != HttpMethod.POST) {
            CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.METHOD_NOT_ALLOWED);
        } else {
            httpServerRequest.setExpectMultipart(true);
            httpServerRequest.endHandler(r8 -> {
                MultiMap formAttributes = httpServerRequest.formAttributes();
                log.info(formAttributes.toString());
                if (formAttributes.get("grant_type") == null) {
                    CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.BAD_REQUEST);
                    return;
                }
                int parseInt = Integer.parseInt(formAttributes.get("expiry"));
                try {
                    String createSignedAccessToken = createSignedAccessToken(authorizeClient(httpServerRequest.headers().get("Authorization")), parseInt, formAttributes);
                    JsonObject jsonObject = new JsonObject();
                    jsonObject.put("access_token", createSignedAccessToken);
                    jsonObject.put("expires_in", Integer.valueOf(parseInt));
                    jsonObject.put(TokenInfo.SCOPE, "all");
                    CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.OK, jsonObject.encode());
                } catch (Throwable th) {
                    CommonHttp.handleFailure(httpServerRequest, th, log);
                }
            });
        }
    }

    private String createSignedAccessToken(String str, long j, MultiMap multiMap) throws Exception {
        String str2 = multiMap.get("issuer");
        String str3 = multiMap.get("algorithm");
        JWTClaimsSet.Builder expirationTime = new JWTClaimsSet.Builder().subject(multiMap.get("subject")).issuer(multiMap.get("issuer")).expirationTime(new Date(System.currentTimeMillis() + (j * 1000)));
        multiMap.remove("issuer").remove("expiry").remove("subject").remove("grant_type").remove("algorithm");
        String str4 = multiMap.get("clusters");
        expirationTime.claim("clusters", new ArrayList(Arrays.asList(str4.substring(1, str4.length() - 1).split(","))));
        multiMap.remove("clusters");
        multiMap.entries().forEach(entry -> {
            expirationTime.claim((String) entry.getKey(), entry.getValue());
        });
        JWTClaimsSet build = expirationTime.build();
        RSASSASigner rSASSASigner = new RSASSASigner(this.verticle.getSigKey(getAlgo(str3), str2));
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(getAlgo(str3).getAlgorithm()).keyID(str2).type(JOSEObjectType.JWT).jwkURL(URI.create((String) this.verticle.getConfig().get("jwks-url"))).build(), build);
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }

    private String authorizeClient(String str) {
        String base64decode;
        int indexOf;
        if (str == null || !str.startsWith("Basic ") || (indexOf = (base64decode = base64decode(str.substring(6))).indexOf(":")) == -1) {
            return null;
        }
        return base64decode.substring(0, indexOf);
    }

    private void processJwksRequest(HttpServerRequest httpServerRequest) {
        if (httpServerRequest.method() != HttpMethod.GET) {
            CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.METHOD_NOT_ALLOWED);
        } else {
            CommonHttp.sendResponse(httpServerRequest, HttpResponseStatus.OK, jwksets());
        }
    }

    private SupportedAlgorithms getAlgo(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 78252174:
                if (str.equals("RS384")) {
                    z = false;
                    break;
                }
                break;
            case 78253877:
                if (str.equals("RS512")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return SupportedAlgorithms.RS384;
            case true:
                return SupportedAlgorithms.RS512;
            default:
                return SupportedAlgorithms.RS256;
        }
    }

    private String jwksets() {
        ArrayList arrayList = new ArrayList();
        Iterator<Map.Entry<String, JWK>> it = this.verticle.getKeys().entrySet().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getValue());
        }
        return "{\"keys\":" + String.valueOf(arrayList) + "}";
    }

    private String base64decode(String str) {
        return new String(Base64.getUrlDecoder().decode(str), StandardCharsets.UTF_8);
    }
}
