package org.casbin.casdoor.service;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.SignedJWT;
import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.LinkedHashMap;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.casbin.casdoor.config.CasdoorConfig;
import org.casbin.casdoor.entity.CasdoorUser;
import org.casbin.casdoor.exception.CasdoorAuthException;
import org.casbin.casdoor.util.QueryUtils;

/* loaded from: input_file:org/casbin/casdoor/service/CasdoorAuthService.class */
public class CasdoorAuthService {
    private final CasdoorConfig casdoorConfig;
    private final ObjectMapper objectMapper = new ObjectMapper();

    public CasdoorAuthService(CasdoorConfig casdoorConfig) {
        this.casdoorConfig = casdoorConfig;
        this.objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    }

    public String getOAuthToken(String str, String str2) {
        try {
            return new OAuthClient(new URLConnectionClient()).accessToken(OAuthClientRequest.tokenLocation(String.format("%s/api/login/oauth/access_token", this.casdoorConfig.getEndpoint())).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(this.casdoorConfig.getClientId()).setClientSecret(this.casdoorConfig.getClientSecret()).setRedirectURI(String.format("%s/api/login/oauth/authorize", this.casdoorConfig.getEndpoint())).setCode(str).buildQueryMessage(), "POST").getAccessToken();
        } catch (OAuthSystemException | OAuthProblemException e) {
            throw new CasdoorAuthException("Cannot get OAuth token.", e);
        }
    }

    public CasdoorUser parseJwtToken(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            try {
                if (!parse.verify(new RSASSAVerifier((RSAPublicKey) ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(this.casdoorConfig.getCertificate().getBytes()))).getPublicKey()))) {
                    throw new CasdoorAuthException("Cannot verify signature.");
                }
                try {
                    return (CasdoorUser) this.objectMapper.readValue(parse.getPayload().toString(), CasdoorUser.class);
                } catch (JsonProcessingException e) {
                    throw new CasdoorAuthException("Cannot convert claims to CasdoorUser", e);
                }
            } catch (CertificateException | JOSEException e2) {
                throw new CasdoorAuthException("Cannot verify signature.", e2);
            }
        } catch (ParseException e3) {
            throw new CasdoorAuthException("Cannot parse jwt token.", e3);
        }
    }

    public String getSigninUrl(String str) {
        return getSigninUrl(str, this.casdoorConfig.getApplicationName());
    }

    public String getSigninUrl(String str, String str2) {
        try {
            return String.format("%s/login/oauth/authorize?client_id=%s&response_type=code&redirect_uri=%s&scope=%s&state=%s", this.casdoorConfig.getEndpoint(), this.casdoorConfig.getClientId(), URLEncoder.encode(str, StandardCharsets.UTF_8.toString()), "read", str2);
        } catch (UnsupportedEncodingException e) {
            throw new CasdoorAuthException(e);
        }
    }

    public String getSignupUrl() {
        return getSignupUrl(true, "");
    }

    public String getSignupUrl(String str) {
        return getSignupUrl(false, str);
    }

    private String getSignupUrl(boolean z, String str) {
        return z ? String.format("%s/signup/%s", this.casdoorConfig.getEndpoint(), this.casdoorConfig.getApplicationName()) : getSigninUrl(str).replace("/login/oauth/authorize", "/signup/oauth/authorize");
    }

    public String getUserProfileUrl(String str, String str2) {
        return getUserProfileUrl(str, str2, null);
    }

    public String getUserProfileUrl(String str, String str2, String str3) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (str2 != null && str2.trim().length() > 0) {
            linkedHashMap.put("access_token", str2);
        }
        if (str3 != null && str3.trim().length() > 0) {
            linkedHashMap.put("returnUrl", str3);
        }
        if (str == null || str.trim().length() == 0) {
            Object[] objArr = new Object[2];
            objArr[0] = this.casdoorConfig.getEndpoint();
            objArr[1] = linkedHashMap.size() == 0 ? "" : "?" + QueryUtils.buildQuery(linkedHashMap);
            return String.format("%s/account%s", objArr);
        }
        Object[] objArr2 = new Object[3];
        objArr2[0] = this.casdoorConfig.getEndpoint();
        objArr2[1] = str;
        objArr2[2] = linkedHashMap.size() == 0 ? "" : "?" + QueryUtils.buildQuery(linkedHashMap);
        return String.format("%s/user/%s%s", objArr2);
    }

    public String getMyProfileUrl(String str) {
        return getMyProfileUrl(str, null);
    }

    public String getMyProfileUrl(String str, String str2) {
        return getUserProfileUrl(null, str, str2);
    }
}
