package gitbucket.core.service;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jwt.JWT;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.OIDCScopeValue;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator;
import gitbucket.core.model.Account;
import gitbucket.core.service.SystemSettingsService;
import java.net.URI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.SeqLike;
import scala.collection.immutable.Map;
import scala.collection.immutable.Set;
import scala.reflect.ScalaSignature;
import slick.jdbc.JdbcBackend;

/* compiled from: OpenIDConnectService.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005uh!C\b\u0011!\u0003\r\taFAf\u0011\u0015q\u0002\u0001\"\u0001 \u0011\u001d\u0019\u0003A1A\u0005\n\u0011Bq!\f\u0001C\u0002\u0013%a\u0006C\u00043\u0001\t\u0007I\u0011B\u001a\t\u000b\u0001\u0003A\u0011A!\t\u000b\t\u0004A\u0011A2\t\u000f\u0005U\u0004\u0001\"\u0001\u0002x!9\u0011q\u0011\u0001\u0005\u0002\u0005%\u0005bBAU\u0001\u0011\u0005\u00111V\u0004\b\u00033\u0004\u0002\u0012AAn\r\u0019y\u0001\u0003#\u0001\u0002^\"9\u0011q\\\u0006\u0005\u0002\u0005\u0005\b\"CAr\u0017\t\u0007I\u0011AAs\u0011!\tYp\u0003Q\u0001\n\u0005\u001d(\u0001F(qK:LEiQ8o]\u0016\u001cGoU3sm&\u001cWM\u0003\u0002\u0012%\u000591/\u001a:wS\u000e,'BA\n\u0015\u0003\u0011\u0019wN]3\u000b\u0003U\t\u0011bZ5uEV\u001c7.\u001a;\u0004\u0001M\u0011\u0001\u0001\u0007\t\u00033qi\u0011A\u0007\u0006\u00027\u0005)1oY1mC&\u0011QD\u0007\u0002\u0007\u0003:L(+\u001a4\u0002\r\u0011Jg.\u001b;%)\u0005\u0001\u0003CA\r\"\u0013\t\u0011#D\u0001\u0003V]&$\u0018A\u00027pO\u001e,'/F\u0001&!\t13&D\u0001(\u0015\tA\u0013&A\u0003tY\u001a$$NC\u0001+\u0003\ry'oZ\u0005\u0003Y\u001d\u0012a\u0001T8hO\u0016\u0014\u0018a\u0005&X\u0017~\u0013V)U+F'R{F+S'F\u001fV#V#A\u0018\u0011\u0005e\u0001\u0014BA\u0019\u001b\u0005\rIe\u000e^\u0001\u000b\u001f&#5iX*D\u001fB+U#\u0001\u001b\u0011\u0005UrT\"\u0001\u001c\u000b\u0005]B\u0014aA:eW*\u0011\u0011HO\u0001\u0007_\u0006,H\u000f\u001b\u001a\u000b\u0005mb\u0014\u0001\u00038j[\n,8\u000fZ:\u000b\u0003u\n1aY8n\u0013\tydGA\u0003TG>\u0004X-A\u0010de\u0016\fG/Z(J\t\u000e\u000bU\u000f\u001e5f]RL7-\u0019;j_:\u0014V-];fgR$BAQ&T1B\u00111)S\u0007\u0002\t*\u0011q'\u0012\u0006\u0003\r\u001e\u000bqaY8o]\u0016\u001cGO\u0003\u0002Iu\u00051q\u000e]3oS\u0012L!A\u0013#\u0003+\u0005+H\u000f[3oi&\u001c\u0017\r^5p]J+\u0017/^3ti\")A*\u0002a\u0001\u001b\u00061\u0011n]:vKJ\u0004\"AT)\u000e\u0003=S!\u0001\u0015\u001c\u0002\u0005%$\u0017B\u0001*P\u0005\u0019I5o];fe\")A+\u0002a\u0001+\u0006A1\r\\5f]RLE\t\u0005\u0002O-&\u0011qk\u0014\u0002\t\u00072LWM\u001c;J\t\")\u0011,\u0002a\u00015\u0006Y!/\u001a3je\u0016\u001cG/\u0016*J!\tY\u0006-D\u0001]\u0015\tif,A\u0002oKRT\u0011aX\u0001\u0005U\u00064\u0018-\u0003\u0002b9\n\u0019QKU%\u0002\u0019\u0005,H\u000f[3oi&\u001c\u0017\r^3\u0015\u0017\u0011\f\t$a\u0013\u0002N\u0005]\u0013\u0011\r\u000b\u0003K:\u00042!\u00074i\u0013\t9'D\u0001\u0004PaRLwN\u001c\t\u0003S2l\u0011A\u001b\u0006\u0003WJ\tQ!\\8eK2L!!\u001c6\u0003\u000f\u0005\u001b7m\\;oi\")qN\u0002a\u0002a\u0006\t1\u000fE\u0002r\u0003?q1A]A\u0004\u001d\t\u0019xP\u0004\u0002u{:\u0011Q\u000f \b\u0003mnt!a\u001e>\u000e\u0003aT!!\u001f\f\u0002\rq\u0012xn\u001c;?\u0013\u0005)\u0012BA\n\u0015\u0013\tY'#\u0003\u0002\u007fU\u00069\u0001K]8gS2,\u0017\u0002BA\u0001\u0003\u0007\tq\u0001\u001d:pM&dW-C\u0002\u0002\u0006)\u0014q\u0002\u0015:pM&dW\r\u0015:pm&$WM]\u0005\u0005\u0003\u0013\tY!A\u0006cY>\u001c7.\u001b8h\u0003BL\u0017\u0002BA\u0007\u0003\u001f\u00111C\u00117pG.Lgn\u001a&eE\u000e\u0004&o\u001c4jY\u0016TA!!\u0005\u0002\u0014\u0005A!\r\\8dW&twM\u0003\u0003\u0002\u0016\u0005]\u0011!B:mS\u000e\\'\u0002BA\r\u00037\tq\u0001^1lKj|WMC\u0002\u0002\u001eq\naaZ5uQV\u0014\u0017\u0002BA\u0011\u0003G\u0011qaU3tg&|g.\u0003\u0003\u0002&\u0005\u001d\"aA!Q\u0013&!\u0011\u0011FA\u0016\u00051\u0011\u0015m]5d!J|g-\u001b7f\u0015\u0011\ti#a\f\u0002\u000b\t\f7/[2\u000b\u0005\u0005U\u0001bBA\u001a\r\u0001\u0007\u0011QG\u0001\u0007a\u0006\u0014\u0018-\\:\u0011\u0011\u0005]\u0012qHA#\u0003\u000brA!!\u000f\u0002<A\u0011qOG\u0005\u0004\u0003{Q\u0012A\u0002)sK\u0012,g-\u0003\u0003\u0002B\u0005\r#aA'ba*\u0019\u0011Q\b\u000e\u0011\t\u0005]\u0012qI\u0005\u0005\u0003\u0013\n\u0019E\u0001\u0004TiJLgn\u001a\u0005\u00063\u001a\u0001\rA\u0017\u0005\b\u0003\u001f2\u0001\u0019AA)\u0003\u0015\u0019H/\u0019;f!\rq\u00151K\u0005\u0004\u0003+z%!B*uCR,\u0007bBA-\r\u0001\u0007\u00111L\u0001\u0006]>t7-\u001a\t\u0004\u0007\u0006u\u0013bAA0\t\n)aj\u001c8dK\"9\u00111\r\u0004A\u0002\u0005\u0015\u0014\u0001B8jI\u000e\u0004B!a\u001a\u0002p9!\u0011\u0011NA6\u001b\u0005\u0001\u0012bAA7!\u0005)2+_:uK6\u001cV\r\u001e;j]\u001e\u001c8+\u001a:wS\u000e,\u0017\u0002BA9\u0003g\u0012AaT%E\u0007*\u0019\u0011Q\u000e\t\u0002EY\fG.\u001b3bi\u0016|\u0015\nR\"BkRDWM\u001c;jG\u0006$\u0018n\u001c8SKN\u0004xN\\:f)!\tI(!!\u0002\u0004\u0006\u0015\u0005\u0003B\rg\u0003w\u00022aQA?\u0013\r\ty\b\u0012\u0002\u001e\u0003V$\b.\u001a8uS\u000e\fG/[8o'V\u001c7-Z:t%\u0016\u001c\bo\u001c8tK\"9\u00111G\u0004A\u0002\u0005U\u0002bBA(\u000f\u0001\u0007\u0011\u0011\u000b\u0005\u00063\u001e\u0001\rAW\u0001\u0010_\n$\u0018-\u001b8P\u0013\u0012\u001bEk\\6f]RQ\u00111RAM\u0003G\u000b)+a*\u0011\te1\u0017Q\u0012\t\u0005\u0003\u001f\u000b)*\u0004\u0002\u0002\u0012*\u0019\u00111\u0013#\u0002\r\rd\u0017-[7t\u0013\u0011\t9*!%\u0003!%#Ek\\6f]\u000ec\u0017-[7t'\u0016$\bbBAN\u0011\u0001\u0007\u0011QT\u0001\u0012CV$\bn\u001c:ju\u0006$\u0018n\u001c8D_\u0012,\u0007cA\u001b\u0002 &\u0019\u0011\u0011\u0015\u001c\u0003#\u0005+H\u000f[8sSj\fG/[8o\u0007>$W\rC\u0004\u0002Z!\u0001\r!a\u0017\t\u000beC\u0001\u0019\u0001.\t\u000f\u0005\r\u0004\u00021\u0001\u0002f\u0005Ib/\u00197jI\u0006$XmT%E\u0007R{7.\u001a8SKN\u0004xN\\:f))\tY)!,\u00028\u0006\u001d\u0017\u0011\u001a\u0005\b\u0003_K\u0001\u0019AAY\u0003!\u0011Xm\u001d9p]N,\u0007cA\"\u00024&\u0019\u0011Q\u0017#\u0003#=KEi\u0011+pW\u0016t'+Z:q_:\u001cX\rC\u0004\u0002:&\u0001\r!a/\u0002\u00115,G/\u00193bi\u0006\u0004B!!0\u0002D6\u0011\u0011q\u0018\u0006\u0004\u0003\u0003$\u0015AA8q\u0013\u0011\t)-a0\u0003)=KEi\u0011)s_ZLG-\u001a:NKR\fG-\u0019;b\u0011\u001d\tI&\u0003a\u0001\u00037Bq!a\u0019\n\u0001\u0004\t)G\u0005\u0004\u0002N\u0006E\u00171\u001b\u0004\u0007\u0003\u001f\u0004\u0001!a3\u0003\u0019q\u0012XMZ5oK6,g\u000e\u001e \u0011\u0007\u0005%\u0004\u0001\u0005\u0003\u0002j\u0005U\u0017bAAl!\tA\u0012iY2pk:$h)\u001a3fe\u0006$\u0018n\u001c8TKJ4\u0018nY3\u0002)=\u0003XM\\%E\u0007>tg.Z2u'\u0016\u0014h/[2f!\r\tIgC\n\u0003\u0017a\ta\u0001P5oSRtDCAAn\u00039QukU0B\u0019\u001e{%+\u0013+I\u001bN+\"!a:\u0011\u0011\u0005]\u0012qHA#\u0003S\u0004b!a\u000e\u0002l\u0006=\u0018\u0002BAw\u0003\u0007\u00121aU3u!\u0011\t\t0a>\u000e\u0005\u0005M(bAA{u\u0005!!n\\:f\u0013\u0011\tI0a=\u0003\u0019);6+\u00117h_JLG\u000f[7\u0002\u001f);6kX!M\u000f>\u0013\u0016\n\u0016%N'\u0002\u0002")
/* loaded from: input_file:gitbucket/core/service/OpenIDConnectService.class */
public interface OpenIDConnectService {
    static Map<String, Set<JWSAlgorithm>> JWS_ALGORITHMS() {
        return OpenIDConnectService$.MODULE$.JWS_ALGORITHMS();
    }

    void gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$logger_$eq(Logger logger);

    void gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT_$eq(int i);

    void gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE_$eq(Scope scope);

    Logger gitbucket$core$service$OpenIDConnectService$$logger();

    int gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT();

    Scope gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE();

    default AuthenticationRequest createOIDCAuthenticationRequest(Issuer issuer, ClientID clientID, URI uri) {
        return new AuthenticationRequest(OIDCProviderMetadata.resolve(issuer).getAuthorizationEndpointURI(), new ResponseType(new ResponseType.Value[]{ResponseType.Value.CODE}), gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE(), clientID, uri, new State(), new Nonce());
    }

    default Option<Account> authenticate(Map<String, String> map, URI uri, State state, Nonce nonce, SystemSettingsService.OIDC oidc, JdbcBackend.SessionDef sessionDef) {
        return validateOIDCAuthenticationResponse(map, state, uri).flatMap(authenticationSuccessResponse -> {
            return this.obtainOIDCToken(authenticationSuccessResponse.getAuthorizationCode(), nonce, uri, oidc).flatMap(iDTokenClaimsSet -> {
                Option<Account> option;
                Some unapplySeq = Seq$.MODULE$.unapplySeq((Seq) Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"email", "preferred_username", "name"})).map(str -> {
                    return Option$.MODULE$.apply(iDTokenClaimsSet.getStringClaim(str));
                }, Seq$.MODULE$.canBuildFrom()));
                if (!unapplySeq.isEmpty() && unapplySeq.get() != null && ((SeqLike) unapplySeq.get()).lengthCompare(3) == 0) {
                    Some some = (Option) ((SeqLike) unapplySeq.get()).apply(0);
                    Option<String> option2 = (Option) ((SeqLike) unapplySeq.get()).apply(1);
                    Option<String> option3 = (Option) ((SeqLike) unapplySeq.get()).apply(2);
                    if (some instanceof Some) {
                        option = ((AccountFederationService) this).getOrCreateFederatedUser(iDTokenClaimsSet.getIssuer().getValue(), iDTokenClaimsSet.getSubject().getValue(), (String) some.value(), option2, option3, sessionDef);
                        return option;
                    }
                }
                this.gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(47).append("OIDC ID token must have an email claim: claims=").append(iDTokenClaimsSet.toJSONObject()).toString());
                option = None$.MODULE$;
                return option;
            });
        });
    }

    /* JADX WARN: Code restructure failed: missing block: B:16:0x0031, code lost:
    
        if (r0.equals(r7) != false) goto L11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    default scala.Option<com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse> validateOIDCAuthenticationResponse(scala.collection.immutable.Map<java.lang.String, java.lang.String> r6, com.nimbusds.oauth2.sdk.id.State r7, java.net.URI r8) {
        /*
            r5 = this;
            r0 = r8
            scala.collection.JavaConverters$ r1 = scala.collection.JavaConverters$.MODULE$     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r6
            java.util.Map r1 = r1.mapAsJavaMap(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            com.nimbusds.openid.connect.sdk.AuthenticationResponse r0 = com.nimbusds.openid.connect.sdk.AuthenticationResponseParser.parse(r0, r1)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r10 = r0
            r0 = r10
            boolean r0 = r0 instanceof com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            if (r0 == 0) goto L7a
            r0 = r10
            com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse r0 = (com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse) r0     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r11 = r0
            r0 = r11
            com.nimbusds.oauth2.sdk.id.State r0 = r0.getState()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r1 = r0
            if (r1 != 0) goto L2d
        L26:
            r0 = r7
            if (r0 == 0) goto L34
            goto L40
        L2d:
            r1 = r7
            boolean r0 = r0.equals(r1)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            if (r0 == 0) goto L40
        L34:
            scala.Some r0 = new scala.Some     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r1 = r0
            r2 = r11
            r1.<init>(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            goto L75
        L40:
            r0 = r5
            org.slf4j.Logger r0 = r0.gitbucket$core$service$OpenIDConnectService$$logger()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r1
            r3 = 64
            r2.<init>(r3)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r2 = "OIDC authentication state did not match: response("
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r11
            com.nimbusds.oauth2.sdk.id.State r2 = r2.getState()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r2 = ") != session("
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r7
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r2 = ")"
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r1 = r1.toString()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r0.info(r1)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            scala.None$ r0 = scala.None$.MODULE$     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
        L75:
            r9 = r0
            goto Lbf
        L7a:
            r0 = r10
            boolean r0 = r0 instanceof com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            if (r0 == 0) goto Lb5
            r0 = r10
            com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse r0 = (com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse) r0     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r12 = r0
            r0 = r5
            org.slf4j.Logger r0 = r0.gitbucket$core$service$OpenIDConnectService$$logger()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r1
            r3 = 40
            r2.<init>(r3)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r2 = "OIDC authentication response has error: "
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r2 = r12
            com.nimbusds.oauth2.sdk.ErrorObject r2 = r2.getErrorObject()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            java.lang.String r1 = r1.toString()     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r0.info(r1)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            scala.None$ r0 = scala.None$.MODULE$     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r9 = r0
            goto Lbf
        Lb5:
            scala.MatchError r0 = new scala.MatchError     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            r1 = r0
            r2 = r10
            r1.<init>(r2)     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
            throw r0     // Catch: com.nimbusds.oauth2.sdk.ParseException -> Lc2
        Lbf:
            r0 = r9
            return r0
        Lc2:
            r13 = move-exception
            r0 = r5
            org.slf4j.Logger r0 = r0.gitbucket$core$service$OpenIDConnectService$$logger()
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r3 = 40
            r2.<init>(r3)
            java.lang.String r2 = "OIDC authentication response has error: "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r13
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.info(r1)
            scala.None$ r0 = scala.None$.MODULE$
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: gitbucket.core.service.OpenIDConnectService.validateOIDCAuthenticationResponse(scala.collection.immutable.Map, com.nimbusds.oauth2.sdk.id.State, java.net.URI):scala.Option");
    }

    default Option<IDTokenClaimsSet> obtainOIDCToken(AuthorizationCode authorizationCode, Nonce nonce, URI uri, SystemSettingsService.OIDC oidc) {
        Option<IDTokenClaimsSet> option;
        OIDCProviderMetadata resolve = OIDCProviderMetadata.resolve(oidc.issuer());
        try {
            TokenErrorResponse parse = OIDCTokenResponseParser.parse(new TokenRequest(resolve.getTokenEndpointURI(), new ClientSecretBasic(oidc.clientID(), oidc.clientSecret()), new AuthorizationCodeGrant(authorizationCode, uri), gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE()).toHTTPRequest().send());
            if (parse instanceof OIDCTokenResponse) {
                option = validateOIDCTokenResponse((OIDCTokenResponse) parse, resolve, nonce, oidc);
            } else {
                if (!(parse instanceof TokenErrorResponse)) {
                    throw new MatchError(parse);
                }
                gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(31).append("OIDC token response has error: ").append(parse.getErrorObject().toJSONObject()).toString());
                option = None$.MODULE$;
            }
            return option;
        } catch (ParseException e) {
            gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(31).append("OIDC token response has error: ").append(e).toString());
            return None$.MODULE$;
        }
    }

    default Option<IDTokenClaimsSet> validateOIDCTokenResponse(OIDCTokenResponse oIDCTokenResponse, OIDCProviderMetadata oIDCProviderMetadata, Nonce nonce, SystemSettingsService.OIDC oidc) {
        Some some;
        Some some2;
        Some apply = Option$.MODULE$.apply(oIDCTokenResponse.getOIDCTokens().getIDToken());
        if (apply instanceof Some) {
            try {
                some2 = new Some(((IDTokenValidator) oidc.jwsAlgorithm().map(jWSAlgorithm -> {
                    return new IDTokenValidator(oIDCProviderMetadata.getIssuer(), oidc.clientID(), jWSAlgorithm, oIDCProviderMetadata.getJWKSetURI().toURL(), new DefaultResourceRetriever(this.gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT(), this.gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT()));
                }).getOrElse(() -> {
                    return new IDTokenValidator(oIDCProviderMetadata.getIssuer(), oidc.clientID());
                })).validate((JWT) apply.value(), nonce));
            } catch (Throwable th) {
                if (!(th instanceof BadJOSEException ? true : th instanceof JOSEException)) {
                    throw th;
                }
                gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(25).append("OIDC ID token has error: ").append(th).toString());
                some2 = None$.MODULE$;
            }
            some = some2;
        } else {
            if (!None$.MODULE$.equals(apply)) {
                throw new MatchError(apply);
            }
            gitbucket$core$service$OpenIDConnectService$$logger().info(new StringBuilder(52).append("OIDC token response does not have a valid ID token: ").append(oIDCTokenResponse.toJSONObject()).toString());
            some = None$.MODULE$;
        }
        return some;
    }

    static void $init$(OpenIDConnectService openIDConnectService) {
        openIDConnectService.gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$logger_$eq(LoggerFactory.getLogger(OpenIDConnectService.class));
        openIDConnectService.gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$JWK_REQUEST_TIMEOUT_$eq(5000);
        openIDConnectService.gitbucket$core$service$OpenIDConnectService$_setter_$gitbucket$core$service$OpenIDConnectService$$OIDC_SCOPE_$eq(new Scope(new Scope.Value[]{OIDCScopeValue.OPENID, OIDCScopeValue.EMAIL, OIDCScopeValue.PROFILE}));
    }
}
