package net.trajano.ms.example.authn;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jwt.JWTClaimsSet;
import io.vertx.ext.web.handler.FormLoginHandler;
import java.net.URI;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import net.trajano.ms.common.beans.JwksProvider;
import net.trajano.ms.common.oauth.GrantHandler;
import net.trajano.ms.common.oauth.GrantTypes;
import net.trajano.ms.common.oauth.OAuthTokenResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;

@Configuration
@Component
/* loaded from: input_file:BOOT-INF/classes/net/trajano/ms/example/authn/SimpleAuthenticationGrantHandler.class */
public class SimpleAuthenticationGrantHandler implements GrantHandler {
    private static final String BASIC = "Basic";

    @Value("${authorizationEndpoint}")
    private URI authorizationEndpoint;

    @Value("${issuer}")
    private URI issuer;

    @Autowired
    private JwksProvider jwksProvider;

    @Value("${passwordRequired}")
    private String passwordRequired;

    @Override // net.trajano.ms.common.oauth.GrantHandler
    public String getGrantTypeHandled() {
        return "password";
    }

    @Override // net.trajano.ms.common.oauth.GrantHandler
    public OAuthTokenResponse handler(Client client, String str, HttpHeaders httpHeaders, MultivaluedMap<String, String> multivaluedMap) {
        String first = multivaluedMap.getFirst(FormLoginHandler.DEFAULT_USERNAME_PARAM);
        if (!multivaluedMap.getFirst("password").equals(this.passwordRequired)) {
            throw OAuthTokenResponse.unauthorized("invalid_grant", "Invalid username/password", "Basic");
        }
        try {
            String serialize = this.jwksProvider.sign(new JWTClaimsSet.Builder().audience(this.authorizationEndpoint.toASCIIString()).subject(first).issuer(this.issuer.toASCIIString()).issueTime(Date.from(Instant.now())).expirationTime(Date.from(Instant.now().plus(60L, (TemporalUnit) ChronoUnit.SECONDS))).build()).serialize();
            Form form = new Form();
            form.param("grant_type", GrantTypes.JWT_ASSERTION);
            form.param("assertion", serialize);
            return (OAuthTokenResponse) client.target(this.authorizationEndpoint).request().accept("application/json").header("Authorization", httpHeaders.getHeaderString("Authorization")).post(Entity.form(form), OAuthTokenResponse.class);
        } catch (JOSEException e) {
            throw new InternalServerErrorException(e);
        }
    }
}
