package gitbucket.core.service;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jwt.JWT;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.OIDCScopeValue;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator;
import gitbucket.core.model.Account;
import gitbucket.core.service.SystemSettingsService;
import java.net.URI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.SeqLike;
import scala.collection.immutable.Map;
import scala.collection.immutable.Set;
import scala.reflect.ScalaSignature;
import slick.jdbc.JdbcBackend;

/* compiled from: OpenIDConnectService.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005uh!C\u0001\u0003!\u0003\r\t!CAa\u0005Qy\u0005/\u001a8J\t\u000e{gN\\3diN+'O^5dK*\u00111\u0001B\u0001\bg\u0016\u0014h/[2f\u0015\t)a!\u0001\u0003d_J,'\"A\u0004\u0002\u0013\u001dLGOY;dW\u0016$8\u0001A\n\u0003\u0001)\u0001\"a\u0003\b\u000e\u00031Q\u0011!D\u0001\u0006g\u000e\fG.Y\u0005\u0003\u001f1\u0011a!\u00118z%\u00164\u0007\"B\t\u0001\t\u0003\u0011\u0012A\u0002\u0013j]&$H\u0005F\u0001\u0014!\tYA#\u0003\u0002\u0016\u0019\t!QK\\5u\u0011\u001d9\u0002A1A\u0005\na\ta\u0001\\8hO\u0016\u0014X#A\r\u0011\u0005iyR\"A\u000e\u000b\u0005qi\u0012!B:mMRR'\"\u0001\u0010\u0002\u0007=\u0014x-\u0003\u0002!7\t1Aj\\4hKJDqA\t\u0001C\u0002\u0013%1%A\nK/.{&+R)V\u000bN#v\fV%N\u000b>+F+F\u0001%!\tYQ%\u0003\u0002'\u0019\t\u0019\u0011J\u001c;\t\u000f!\u0002!\u0019!C\u0005S\u0005Qq*\u0013#D?N\u001bu\nU#\u0016\u0003)\u0002\"a\u000b\u001b\u000e\u00031R!!\f\u0018\u0002\u0007M$7N\u0003\u00020a\u00051q.Y;uQJR!!\r\u001a\u0002\u00119LWNY;tINT\u0011aM\u0001\u0004G>l\u0017BA\u001b-\u0005\u0015\u00196m\u001c9f\u0011\u00159\u0004\u0001\"\u00019\u0003}\u0019'/Z1uK>KEiQ!vi\",g\u000e^5dCRLwN\u001c*fcV,7\u000f\u001e\u000b\u0005s\tSu\n\u0005\u0002;\u00016\t1H\u0003\u0002.y)\u0011QHP\u0001\bG>tg.Z2u\u0015\ty\u0004'\u0001\u0004pa\u0016t\u0017\u000eZ\u0005\u0003\u0003n\u0012Q#Q;uQ\u0016tG/[2bi&|gNU3rk\u0016\u001cH\u000fC\u0003Dm\u0001\u0007A)\u0001\u0004jgN,XM\u001d\t\u0003\u000b\"k\u0011A\u0012\u0006\u0003\u000f2\n!!\u001b3\n\u0005%3%AB%tgV,'\u000fC\u0003Lm\u0001\u0007A*\u0001\u0005dY&,g\u000e^%E!\t)U*\u0003\u0002O\r\nA1\t\\5f]RLE\tC\u0003Qm\u0001\u0007\u0011+A\u0006sK\u0012L'/Z2u+JK\u0005C\u0001*X\u001b\u0005\u0019&B\u0001+V\u0003\rqW\r\u001e\u0006\u0002-\u0006!!.\u0019<b\u0013\tA6KA\u0002V%&CQA\u0017\u0001\u0005\u0002m\u000bA\"Y;uQ\u0016tG/[2bi\u0016$2\u0002XA\u0011\u0003w\ti$a\u0012\u0002RQ\u0011QL\u001a\t\u0004\u0017y\u0003\u0017BA0\r\u0005\u0019y\u0005\u000f^5p]B\u0011\u0011\rZ\u0007\u0002E*\u00111\rB\u0001\u0006[>$W\r\\\u0005\u0003K\n\u0014q!Q2d_VtG\u000fC\u0003h3\u0002\u000f\u0001.A\u0001t!\rI\u0017q\u0002\b\u0003Unt!a[<\u000f\u00051,hBA7u\u001d\tq7O\u0004\u0002pe6\t\u0001O\u0003\u0002r\u0011\u00051AH]8pizJ\u0011aB\u0005\u0003\u000b\u0019I!a\u0019\u0003\n\u0005Y\u0014\u0017a\u0002)s_\u001aLG.Z\u0005\u0003qf\fq\u0001\u001d:pM&dW-\u0003\u0002{E\ny\u0001K]8gS2,\u0007K]8wS\u0012,'/\u0003\u0002}{\u0006Y!\r\\8dW&tw-\u00119j\u0013\tqxPA\nCY>\u001c7.\u001b8h\u0015\u0012\u00147\r\u0015:pM&dWM\u0003\u0003\u0002\u0002\u0005\r\u0011\u0001\u00032m_\u000e\\\u0017N\\4\u000b\t\u0005\u0015\u0011qA\u0001\u0006g2L7m\u001b\u0006\u0005\u0003\u0013\tY!A\u0004uC.,'p\\3\u000b\u0007\u00055!'\u0001\u0004hSRDWOY\u0005\u0005\u0003#\t\u0019BA\u0004TKN\u001c\u0018n\u001c8\n\t\u0005U\u0011q\u0003\u0002\u0004\u0003BK\u0015\u0002BA\r\u00037\u0011ABQ1tS\u000e\u0004&o\u001c4jY\u0016TA!!\b\u0002 \u0005)!-Y:jG*\u0011\u0011Q\u0001\u0005\b\u0003GI\u0006\u0019AA\u0013\u0003\u0019\u0001\u0018M]1ngBA\u0011qEA\u0018\u0003k\t)D\u0004\u0003\u0002*\u0005-\u0002CA8\r\u0013\r\ti\u0003D\u0001\u0007!J,G-\u001a4\n\t\u0005E\u00121\u0007\u0002\u0004\u001b\u0006\u0004(bAA\u0017\u0019A!\u0011qEA\u001c\u0013\u0011\tI$a\r\u0003\rM#(/\u001b8h\u0011\u0015\u0001\u0016\f1\u0001R\u0011\u001d\ty$\u0017a\u0001\u0003\u0003\nQa\u001d;bi\u0016\u00042!RA\"\u0013\r\t)E\u0012\u0002\u0006'R\fG/\u001a\u0005\b\u0003\u0013J\u0006\u0019AA&\u0003\u0015qwN\\2f!\rQ\u0014QJ\u0005\u0004\u0003\u001fZ$!\u0002(p]\u000e,\u0007bBA*3\u0002\u0007\u0011QK\u0001\u0005_&$7\r\u0005\u0003\u0002X\u0005}c\u0002BA-\u00037j\u0011AA\u0005\u0004\u0003;\u0012\u0011!F*zgR,WnU3ui&twm]*feZL7-Z\u0005\u0005\u0003C\n\u0019G\u0001\u0003P\u0013\u0012\u001b%bAA/\u0005!9\u0011q\r\u0001\u0005\u0002\u0005%\u0014A\t<bY&$\u0017\r^3P\u0013\u0012\u001b\u0015)\u001e;iK:$\u0018nY1uS>t'+Z:q_:\u001cX\r\u0006\u0005\u0002l\u0005M\u0014QOA<!\u0011Ya,!\u001c\u0011\u0007i\ny'C\u0002\u0002rm\u0012Q$Q;uQ\u0016tG/[2bi&|gnU;dG\u0016\u001c8OU3ta>t7/\u001a\u0005\t\u0003G\t)\u00071\u0001\u0002&!A\u0011qHA3\u0001\u0004\t\t\u0005\u0003\u0004Q\u0003K\u0002\r!\u0015\u0005\b\u0003w\u0002A\u0011AA?\u0003=y'\r^1j]>KEi\u0011+pW\u0016tGCCA@\u0003\u001b\u000b9*!'\u0002\u001cB!1BXAA!\u0011\t\u0019)!#\u000e\u0005\u0005\u0015%bAADw\u000511\r\\1j[NLA!a#\u0002\u0006\n\u0001\u0012\n\u0012+pW\u0016t7\t\\1j[N\u001cV\r\u001e\u0005\t\u0003\u001f\u000bI\b1\u0001\u0002\u0012\u0006\t\u0012-\u001e;i_JL'0\u0019;j_:\u001cu\u000eZ3\u0011\u0007-\n\u0019*C\u0002\u0002\u00162\u0012\u0011#Q;uQ>\u0014\u0018N_1uS>t7i\u001c3f\u0011!\tI%!\u001fA\u0002\u0005-\u0003B\u0002)\u0002z\u0001\u0007\u0011\u000b\u0003\u0005\u0002T\u0005e\u0004\u0019AA+\u0011\u001d\ty\n\u0001C\u0001\u0003C\u000b\u0011D^1mS\u0012\fG/Z(J\t\u000e#vn[3o%\u0016\u001c\bo\u001c8tKRQ\u0011qPAR\u0003[\u000bi,a0\t\u0011\u0005\u0015\u0016Q\u0014a\u0001\u0003O\u000b\u0001B]3ta>t7/\u001a\t\u0004u\u0005%\u0016bAAVw\t\tr*\u0013#D)>\\WM\u001c*fgB|gn]3\t\u0011\u0005=\u0016Q\u0014a\u0001\u0003c\u000b\u0001\"\\3uC\u0012\fG/\u0019\t\u0005\u0003g\u000bI,\u0004\u0002\u00026*\u0019\u0011qW\u001e\u0002\u0005=\u0004\u0018\u0002BA^\u0003k\u0013AcT%E\u0007B\u0013xN^5eKJlU\r^1eCR\f\u0007\u0002CA%\u0003;\u0003\r!a\u0013\t\u0011\u0005M\u0013Q\u0014a\u0001\u0003+\u0012b!a1\u0002H\u0006%gABAc\u0001\u0001\t\tM\u0001\u0007=e\u00164\u0017N\\3nK:$h\bE\u0002\u0002Z\u0001\u0001B!!\u0017\u0002L&\u0019\u0011Q\u001a\u0002\u00031\u0005\u001b7m\\;oi\u001a+G-\u001a:bi&|gnU3sm&\u001cWmB\u0004\u0002R\nA\t!a5\u0002)=\u0003XM\\%E\u0007>tg.Z2u'\u0016\u0014h/[2f!\u0011\tI&!6\u0007\r\u0005\u0011\u0001\u0012AAl'\r\t)N\u0003\u0005\t\u00037\f)\u000e\"\u0001\u0002^\u00061A(\u001b8jiz\"\"!a5\t\u0015\u0005\u0005\u0018Q\u001bb\u0001\n\u0003\t\u0019/\u0001\bK/N{\u0016\tT$P%&#\u0006*T*\u0016\u0005\u0005\u0015\b\u0003CA\u0014\u0003_\t)$a:\u0011\r\u0005\u001d\u0012\u0011^Aw\u0013\u0011\tY/a\r\u0003\u0007M+G\u000f\u0005\u0003\u0002p\u0006UXBAAy\u0015\r\t\u0019\u0010M\u0001\u0005U>\u001cX-\u0003\u0003\u0002x\u0006E(\u0001\u0004&X'\u0006cwm\u001c:ji\"l\u0007\"CA~\u0003+\u0004\u000b\u0011BAs\u0003=QukU0B\u0019\u001e{%+\u0013+I\u001bN\u0003\u0003")
/* loaded from: input_file:gitbucket/core/service/OpenIDConnectService.class */
public interface OpenIDConnectService {
    static Map<String, Set<JWSAlgorithm>> JWS_ALGORITHMS() {
        return OpenIDConnectService$.MODULE$.JWS_ALGORITHMS();
    }

    void gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$logger_$eq(Logger logger);

    void gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT_$eq(int i);

    void gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE_$eq(Scope scope);

    Logger gitbucket$core$service$OpenIDConnectService$$logger();

    int gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT();

    Scope gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE();

    default AuthenticationRequest createOIDCAuthenticationRequest(Issuer issuer, ClientID clientID, URI uri) {
        return new AuthenticationRequest(OIDCProviderMetadata.resolve(issuer).getAuthorizationEndpointURI(), new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE}), gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE(), clientID, uri, new State(), new Nonce());
    }

    default Option<Account> authenticate(Map<String, String> map, URI uri, State state, Nonce nonce, SystemSettingsService.OIDC oidc, JdbcBackend.SessionDef sessionDef) {
        return validateOIDCAuthenticationResponse(map, state, uri).flatMap(authenticationSuccessResponse -> {
            return this.obtainOIDCToken(authenticationSuccessResponse.getAuthorizationCode(), nonce, uri, oidc).flatMap(iDTokenClaimsSet -> {
                Option<Account> option;
                Some unapplySeq = Seq$.MODULE$.unapplySeq((Seq) Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"email", "preferred_username", "name"})).map(str -> {
                    return Option$.MODULE$.apply(iDTokenClaimsSet.getStringClaim(str));
                }, Seq$.MODULE$.canBuildFrom()));
                if (!unapplySeq.isEmpty() && unapplySeq.get() != null && ((SeqLike) unapplySeq.get()).lengthCompare(3) == 0) {
                    Some some = (Option) ((SeqLike) unapplySeq.get()).apply(0);
                    Option<String> option2 = (Option) ((SeqLike) unapplySeq.get()).apply(1);
                    Option<String> option3 = (Option) ((SeqLike) unapplySeq.get()).apply(2);
                    if (some instanceof Some) {
                        option = ((AccountFederationService) this).getOrCreateFederatedUser(iDTokenClaimsSet.getIssuer().getValue(), iDTokenClaimsSet.getSubject().getValue(), (String) some.value(), option2, option3, sessionDef);
                        return option;
                    }
                }
                this.gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(47).append("OIDC ID token must have an email claim: claims=").append(iDTokenClaimsSet.toJSONObject()).toString());
                option = None$.MODULE$;
                return option;
            });
        });
    }

    /* JADX WARN: Code restructure failed: missing block: B:16:0x0031, code lost:
    
        if (r0.equals(r7) != false) goto L11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    default scala.Option<com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse> validateOIDCAuthenticationResponse(scala.collection.immutable.Map<java.lang.String, java.lang.String> r6, com.nimbusds.oauth2.sdk.id.State r7, java.net.URI r8) {
        /*
            r5 = this;
            r0 = r8
            scala.collection.JavaConverters$ r1 = scala.collection.JavaConverters$.MODULE$     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r6
            java.util.Map r1 = r1.mapAsJavaMap(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            com.nimbusds.openid.connect.sdk.AuthenticationResponse r0 = com.nimbusds.openid.connect.sdk.AuthenticationResponseParser.parse(r0, r1)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r10 = r0
            r0 = r10
            boolean r0 = r0 instanceof com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            if (r0 == 0) goto L7a
            r0 = r10
            com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse r0 = (com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse) r0     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r11 = r0
            r0 = r11
            com.nimbusds.oauth2.sdk.id.State r0 = r0.getState()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r1 = r0
            if (r1 != 0) goto L2d
        L26:
            r0 = r7
            if (r0 == 0) goto L34
            goto L40
        L2d:
            r1 = r7
            boolean r0 = r0.equals(r1)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            if (r0 == 0) goto L40
        L34:
            scala.Some r0 = new scala.Some     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r1 = r0
            r2 = r11
            r1.<init>(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            goto L75
        L40:
            r0 = r5
            org.slf4j.Logger r0 = r0.gitbucket$core$service$OpenIDConnectService$$logger()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r1
            r3 = 64
            r2.<init>(r3)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r2 = "OIDC authentication state did not match: response("
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r11
            com.nimbusds.oauth2.sdk.id.State r2 = r2.getState()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r2 = ") != session("
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r7
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r2 = ")"
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r1 = r1.toString()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r0.info(r1)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            scala.None$ r0 = scala.None$.MODULE$     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
        L75:
            r9 = r0
            goto Lbf
        L7a:
            r0 = r10
            boolean r0 = r0 instanceof com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            if (r0 == 0) goto Lb5
            r0 = r10
            com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse r0 = (com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse) r0     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r12 = r0
            r0 = r5
            org.slf4j.Logger r0 = r0.gitbucket$core$service$OpenIDConnectService$$logger()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r1
            r3 = 40
            r2.<init>(r3)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r2 = "OIDC authentication response has error: "
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r12
            com.nimbusds.oauth2.sdk.ErrorObject r2 = r2.getErrorObject()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r1 = r1.toString()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r0.info(r1)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            scala.None$ r0 = scala.None$.MODULE$     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r9 = r0
            goto Lbf
        Lb5:
            scala.MatchError r0 = new scala.MatchError     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r1 = r0
            r2 = r10
            r1.<init>(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            throw r0     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
        Lbf:
            r0 = r9
            return r0
        Lc2:
            r13 = move-exception
            r0 = r5
            org.slf4j.Logger r0 = r0.gitbucket$core$service$OpenIDConnectService$$logger()
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r3 = 40
            r2.<init>(r3)
            java.lang.String r2 = "OIDC authentication response has error: "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r13
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.info(r1)
            scala.None$ r0 = scala.None$.MODULE$
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: gitbucket.core.service.OpenIDConnectService.validateOIDCAuthenticationResponse(scala.collection.immutable.Map, com.nimbusds.oauth2.sdk.id.State, java.net.URI):scala.Option");
    }

    default Option<IDTokenClaimsSet> obtainOIDCToken(AuthorizationCode authorizationCode, Nonce nonce, URI uri, SystemSettingsService.OIDC oidc) {
        Option<IDTokenClaimsSet> option;
        OIDCProviderMetadata resolve = OIDCProviderMetadata.resolve(oidc.issuer());
        try {
            TokenErrorResponse parse = OIDCTokenResponseParser.parse(new TokenRequest(resolve.getTokenEndpointURI(), new ClientSecretBasic(oidc.clientID(), oidc.clientSecret()), new AuthorizationCodeGrant(authorizationCode, uri), gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE()).toHTTPRequest().send());
            if (parse instanceof OIDCTokenResponse) {
                option = validateOIDCTokenResponse((OIDCTokenResponse) parse, resolve, nonce, oidc);
            } else {
                if (!(parse instanceof TokenErrorResponse)) {
                    throw new MatchError(parse);
                }
                gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(31).append("OIDC token response has error: ").append(parse.getErrorObject().toJSONObject()).toString());
                option = None$.MODULE$;
            }
            return option;
        } catch (ParseException e) {
            gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(31).append("OIDC token response has error: ").append(e).toString());
            return None$.MODULE$;
        }
    }

    default Option<IDTokenClaimsSet> validateOIDCTokenResponse(OIDCTokenResponse oIDCTokenResponse, OIDCProviderMetadata oIDCProviderMetadata, Nonce nonce, SystemSettingsService.OIDC oidc) {
        Some some;
        Some some2;
        Some apply = Option$.MODULE$.apply(oIDCTokenResponse.getOIDCTokens().getIDToken());
        if (apply instanceof Some) {
            try {
                some2 = new Some(((IDTokenValidator) oidc.jwsAlgorithm().map(jWSAlgorithm -> {
                    return new IDTokenValidator(oIDCProviderMetadata.getIssuer(), oidc.clientID(), jWSAlgorithm, oIDCProviderMetadata.getJWKSetURI().toURL(), new DefaultResourceRetriever(this.gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT(), this.gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT()));
                }).getOrElse(() -> {
                    return new IDTokenValidator(oIDCProviderMetadata.getIssuer(), oidc.clientID());
                })).validate((JWT) apply.value(), nonce));
            } catch (Throwable th) {
                if (!(th instanceof BadJOSEException ? true : th instanceof JOSEException)) {
                    throw th;
                }
                gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(25).append("OIDC ID token has error: ").append(th).toString());
                some2 = None$.MODULE$;
            }
            some = some2;
        } else {
            if (!None$.MODULE$.equals(apply)) {
                throw new MatchError(apply);
            }
            gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(52).append("OIDC token response does not have a valid ID token: ").append(oIDCTokenResponse.toJSONObject()).toString());
            some = None$.MODULE$;
        }
        return some;
    }

    static void $init$(OpenIDConnectService openIDConnectService) {
        openIDConnectService.gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$logger_$eq(LoggerFactory.getLogger(OpenIDConnectService.class));
        openIDConnectService.gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT_$eq(5000);
        openIDConnectService.gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE_$eq(new Scope(new Scope.Value[]{OIDCScopeValue.OPENID, OIDCScopeValue.EMAIL, OIDCScopeValue.PROFILE}));
    }
}
