package net.trajano.ms.example.authn;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Info;
import io.swagger.annotations.SwaggerDefinition;
import io.vertx.ext.web.handler.FormLoginHandler;
import java.net.URI;
import javax.annotation.security.PermitAll;
import javax.ws.rs.Consumes;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import net.trajano.ms.auth.token.GrantTypes;
import net.trajano.ms.auth.token.OAuthTokenResponse;
import net.trajano.ms.auth.util.HttpAuthorizationHeaders;
import net.trajano.ms.core.CryptoOps;
import net.trajano.ms.core.ErrorCodes;
import net.trajano.ms.core.ErrorResponse;
import net.trajano.ms.core.ErrorResponses;
import org.jose4j.jwt.JwtClaims;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Api
@SwaggerDefinition(info = @Info(title = "Sample Authn Microservice", version = "1.0"))
@Path("/authn")
@PermitAll
@Component
/* loaded from: input_file:BOOT-INF/classes/net/trajano/ms/example/authn/AuthnResource.class */
public class AuthnResource {

    @Value("${authorizationEndpoint}")
    private URI authorizationEndpoint;

    @Context
    private Client client;

    @Autowired
    private CryptoOps cryptoOps;

    @ApiResponses({@ApiResponse(code = 401, message = "Unauthorized Response", response = ErrorResponse.class)})
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public Response json(UsernamePassword usernamePassword, @HeaderParam("Authorization") String str) {
        if (!FormLoginHandler.DEFAULT_PASSWORD_PARAM.equals(usernamePassword.getPassword())) {
            throw ErrorResponses.unauthorized(ErrorCodes.UNAUTHORIZED_CLIENT, "invalid username/password combination", SecurityContext.FORM_AUTH);
        }
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject(usernamePassword.getUsername());
        jwtClaims.setAudience(HttpAuthorizationHeaders.parseBasicAuthorization(str)[0]);
        Form form = new Form();
        form.param("grant_type", GrantTypes.JWT_ASSERTION);
        form.param("assertion", this.cryptoOps.sign(jwtClaims));
        return Response.ok(this.client.target(this.authorizationEndpoint).request(MediaType.APPLICATION_JSON_TYPE).header("Authorization", str).post(Entity.form(form), OAuthTokenResponse.class)).build();
    }
}
