package pro.gravit.launchserver.auth.core.openid;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JweHeader;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.LocatorAdapter;
import io.jsonwebtoken.io.Parser;
import io.jsonwebtoken.security.JwkSet;
import io.jsonwebtoken.security.Jwks;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.Key;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Collectors;
import pro.gravit.launcher.base.ClientPermissions;
import pro.gravit.launcher.base.Launcher;
import pro.gravit.launcher.base.events.request.GetAvailabilityAuthRequestEvent;
import pro.gravit.launcher.base.request.auth.details.AuthWebViewDetails;
import pro.gravit.launcher.base.request.auth.password.AuthCodePassword;
import pro.gravit.launchserver.auth.AuthException;
import pro.gravit.launchserver.auth.core.AuthCoreProvider;
import pro.gravit.launchserver.auth.core.User;
import pro.gravit.launchserver.auth.core.UserSession;
import pro.gravit.utils.helper.CommonHelper;
import pro.gravit.utils.helper.QueryHelper;

/* loaded from: input_file:pro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator.class */
public class OpenIDAuthenticator {
    private static final HttpClient CLIENT = HttpClient.newBuilder().build();
    private final OpenIDConfig openIDConfig;
    private final JwtParser jwtParser;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:pro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$KeyLocator.class */
    public static class KeyLocator extends LocatorAdapter<Key> {
        private final Map<String, Key> keys;

        public KeyLocator(JwkSet jwkSet) {
            this.keys = (Map) jwkSet.getKeys().stream().collect(Collectors.toMap(jwk -> {
                return String.valueOf(jwk.get("kid"));
            }, (v0) -> {
                return v0.toKey();
            }));
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: locate, reason: merged with bridge method [inline-methods] */
        public Key m13locate(JweHeader jweHeader) {
            return (Key) super.locate(jweHeader);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: locate, reason: merged with bridge method [inline-methods] */
        public Key m12locate(JwsHeader jwsHeader) {
            return this.keys.get(jwsHeader.getKeyId());
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: doLocate, reason: merged with bridge method [inline-methods] */
        public Key m11doLocate(Header header) {
            return (Key) super.doLocate(header);
        }
    }

    /* loaded from: input_file:pro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession.class */
    static final class OpenIDUserSession extends Record implements UserSession {
        private final User user;
        private final String token;
        private final long expiresIn;

        OpenIDUserSession(User user, String str, long j) {
            this.user = user;
            this.token = str;
            this.expiresIn = j;
        }

        @Override // pro.gravit.launchserver.auth.core.UserSession
        public String getID() {
            return this.user.getUsername();
        }

        @Override // pro.gravit.launchserver.auth.core.UserSession
        public User getUser() {
            return this.user;
        }

        @Override // pro.gravit.launchserver.auth.core.UserSession
        public String getMinecraftAccessToken() {
            return this.token;
        }

        @Override // pro.gravit.launchserver.auth.core.UserSession
        public long getExpireIn() {
            return this.expiresIn;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, OpenIDUserSession.class), OpenIDUserSession.class, "user;token;expiresIn", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->user:Lpro/gravit/launchserver/auth/core/User;", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->token:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->expiresIn:J").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, OpenIDUserSession.class), OpenIDUserSession.class, "user;token;expiresIn", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->user:Lpro/gravit/launchserver/auth/core/User;", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->token:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->expiresIn:J").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, OpenIDUserSession.class, Object.class), OpenIDUserSession.class, "user;token;expiresIn", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->user:Lpro/gravit/launchserver/auth/core/User;", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->token:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator$OpenIDUserSession;->expiresIn:J").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public User user() {
            return this.user;
        }

        public String token() {
            return this.token;
        }

        public long expiresIn() {
            return this.expiresIn;
        }
    }

    public OpenIDAuthenticator(OpenIDConfig openIDConfig) {
        this.openIDConfig = openIDConfig;
        this.jwtParser = Jwts.parser().keyLocator(loadKeyLocator(openIDConfig)).requireIssuer(openIDConfig.issuer()).require("azp", openIDConfig.clientId()).build();
    }

    public List<GetAvailabilityAuthRequestEvent.AuthAvailabilityDetails> getDetails() {
        return List.of(new AuthWebViewDetails(QueryBuilder.get(this.openIDConfig.authorizationEndpoint()).addQuery("response_type", "code").addQuery("client_id", this.openIDConfig.clientId()).addQuery("redirect_uri", this.openIDConfig.redirectUri()).addQuery("scope", this.openIDConfig.scopes()).addQuery("state", UUID.randomUUID().toString()).toUriString(), this.openIDConfig.redirectUri()));
    }

    public TokenResponse refreshAccessToken(String str) {
        AccessTokenResponse requestToken = requestToken(QueryBuilder.post().addQuery("grant_type", "refresh_token").addQuery("refresh_token", str).addQuery("client_id", this.openIDConfig.clientId()).addQuery("client_secret", this.openIDConfig.clientSecret()).toString());
        String accessToken = requestToken.accessToken();
        String refreshToken = requestToken.refreshToken();
        try {
            readAndVerifyToken(accessToken);
            return new TokenResponse(accessToken, ((Long) Objects.requireNonNullElse(requestToken.expiresIn(), 0L)).longValue(), refreshToken, ((Long) Objects.requireNonNullElse(requestToken.refreshExpiresIn(), 0L)).longValue());
        } catch (AuthException e) {
            throw new RuntimeException(e);
        }
    }

    public UserSession getUserSessionByOAuthAccessToken(String str) throws AuthCoreProvider.OAuthAccessTokenExpired {
        try {
            Jws<Claims> readAndVerifyToken = readAndVerifyToken(str);
            User createUserFromToken = createUserFromToken(readAndVerifyToken);
            long j = 0;
            Date expiration = ((Claims) readAndVerifyToken.getPayload()).getExpiration();
            if (expiration != null) {
                j = expiration.toInstant().toEpochMilli();
            }
            return new OpenIDUserSession(createUserFromToken, str, j);
        } catch (AuthException e) {
            throw new AuthCoreProvider.OAuthAccessTokenExpired("Can't read token", e);
        }
    }

    public TokenResponse authorize(AuthCodePassword authCodePassword) throws IOException {
        Map splitUriQuery = QueryHelper.splitUriQuery(URI.create(authCodePassword.uri));
        String str = (String) CommonHelper.multimapFirstOrNullValue("code", splitUriQuery);
        String str2 = (String) CommonHelper.multimapFirstOrNullValue("error", splitUriQuery);
        String str3 = (String) CommonHelper.multimapFirstOrNullValue("error_description", splitUriQuery);
        if (str2 != null && !str2.isBlank()) {
            throw new AuthException("Auth error. Error: %s, description: %s".formatted(str2, str3));
        }
        AccessTokenResponse requestToken = requestToken(QueryBuilder.post().addQuery("grant_type", "authorization_code").addQuery("code", str).addQuery("redirect_uri", this.openIDConfig.redirectUri()).addQuery("client_id", this.openIDConfig.clientId()).addQuery("client_secret", this.openIDConfig.clientSecret()).toString());
        String accessToken = requestToken.accessToken();
        String refreshToken = requestToken.refreshToken();
        readAndVerifyToken(accessToken);
        return new TokenResponse(accessToken, ((Long) Objects.requireNonNullElse(requestToken.expiresIn(), 0L)).longValue(), refreshToken, ((Long) Objects.requireNonNullElse(requestToken.refreshExpiresIn(), 0L)).longValue());
    }

    public User createUserFromToken(String str) throws AuthException {
        return createUserFromToken(readAndVerifyToken(str));
    }

    private Jws<Claims> readAndVerifyToken(String str) throws AuthException {
        if (str == null) {
            throw new AuthException("Token is null");
        }
        try {
            return this.jwtParser.parseSignedClaims(str);
        } catch (JwtException e) {
            throw new AuthException("Bad token", e);
        }
    }

    private User createUserFromToken(Jws<Claims> jws) {
        return new UserEntity((String) ((Claims) jws.getPayload()).get(this.openIDConfig.extractorConfig().usernameClaim(), String.class), UUID.fromString((String) ((Claims) jws.getPayload()).get(this.openIDConfig.extractorConfig().uuidClaim(), String.class)), new ClientPermissions());
    }

    private AccessTokenResponse requestToken(String str) {
        try {
            return (AccessTokenResponse) Launcher.gsonManager.gson.fromJson((String) CLIENT.send(HttpRequest.newBuilder().uri(this.openIDConfig.tokenUri()).header("Content-Type", "application/x-www-form-urlencoded").header("Accept", "application/json").POST(HttpRequest.BodyPublishers.ofString(str)).build(), HttpResponse.BodyHandlers.ofString()).body(), AccessTokenResponse.class);
        } catch (IOException | InterruptedException e) {
            throw new RuntimeException(e);
        }
    }

    private static KeyLocator loadKeyLocator(OpenIDConfig openIDConfig) {
        try {
            return new KeyLocator((JwkSet) ((Parser) Jwks.setParser().build()).parse((CharSequence) CLIENT.send(HttpRequest.newBuilder(openIDConfig.jwksUri()).GET().build(), HttpResponse.BodyHandlers.ofString()).body()));
        } catch (IOException | InterruptedException e) {
            throw new RuntimeException(e);
        }
    }
}
