package net.trajano.ms.example.authn;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jwt.JWTClaimsSet;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Base64;
import java.util.Date;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import net.trajano.ms.common.beans.JwksProvider;
import net.trajano.ms.common.oauth.GrantHandler;
import net.trajano.ms.common.oauth.GrantTypes;
import net.trajano.ms.common.oauth.OAuthTokenResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;

@Configuration
@Component
/* loaded from: input_file:BOOT-INF/classes/net/trajano/ms/example/authn/SimpleAuthenticationGrantHandler.class */
public class SimpleAuthenticationGrantHandler implements GrantHandler {
    private static final String BASIC = "Basic";

    @Value("${authorizationEndpoint}")
    private URI authorizationEndpoint;

    @Value("${issuer}")
    private URI issuer;

    @Autowired
    private JwksProvider jwksProvider;

    @Value("${passwordRequired}")
    private String passwordRequired;

    @Override // net.trajano.ms.common.oauth.GrantHandler
    public String getGrantTypeHandled() {
        return GrantTypes.CLIENT_CREDENTIALS;
    }

    @Override // net.trajano.ms.common.oauth.GrantHandler
    public OAuthTokenResponse handler(Client client, HttpHeaders httpHeaders, MultivaluedMap<String, String> multivaluedMap) {
        String headerString = httpHeaders.getHeaderString("Authorization");
        if (headerString == null || !headerString.startsWith("Basic ")) {
            throw new NotAuthorizedException("Missing Authorization", "Basic", new Object[0]);
        }
        String[] split = new String(Base64.getDecoder().decode(headerString.substring(6)), StandardCharsets.US_ASCII).split(":");
        try {
            String decode = URLDecoder.decode(split[0], "UTF-8");
            if (!URLDecoder.decode(split[1], "UTF-8").equals(this.passwordRequired)) {
                throw new NotAuthorizedException("Invalid username/password", "Basic", new Object[0]);
            }
            String serialize = this.jwksProvider.sign(new JWTClaimsSet.Builder().audience(this.authorizationEndpoint.toASCIIString()).subject(decode).issuer(this.issuer.toASCIIString()).issueTime(Date.from(Instant.now())).expirationTime(Date.from(Instant.now().plus(60L, (TemporalUnit) ChronoUnit.SECONDS))).build()).serialize();
            Form form = new Form();
            form.param("grant_type", GrantTypes.JWT_ASSERTION);
            form.param("client_id", multivaluedMap.getFirst("client_id"));
            form.param("client_secret", multivaluedMap.getFirst("client_secret"));
            form.param("assertion", serialize);
            System.out.println(form.asMap());
            return (OAuthTokenResponse) client.target(this.authorizationEndpoint).request().accept("application/json").post(Entity.form(form), OAuthTokenResponse.class);
        } catch (JOSEException | UnsupportedEncodingException e) {
            throw new InternalServerErrorException(e);
        }
    }
}
