package st.ratpack.auth.springsec;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.netty.handler.codec.http.HttpHeaderNames;
import java.util.Base64;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ratpack.exec.Promise;
import ratpack.http.HttpUrlBuilder;
import ratpack.http.client.HttpClient;
import st.ratpack.auth.OAuthToken;
import st.ratpack.auth.TokenValidator;
import st.ratpack.auth.User;
import st.ratpack.auth.springsec.SpringSecCheckAuthModule;

/* loaded from: input_file:st/ratpack/auth/springsec/SpringSecCheckTokenValidator.class */
public class SpringSecCheckTokenValidator implements TokenValidator {
    private final HttpClient httpClient;
    private final SpringSecCheckAuthModule.Config config;
    private static Logger logger = LoggerFactory.getLogger(SpringSecCheckTokenValidator.class);
    private final ObjectMapper objectMapper;

    public SpringSecCheckTokenValidator(SpringSecCheckAuthModule.Config config, HttpClient httpClient, ObjectMapper objectMapper) {
        this.httpClient = httpClient;
        this.config = config;
        this.objectMapper = objectMapper;
    }

    @Override // st.ratpack.auth.TokenValidator
    public Promise<Optional<OAuthToken>> validate(String str) {
        Promise promise = this.httpClient.get(HttpUrlBuilder.base(this.config.getHost()).path("oauth/check_token").params(new String[]{"token", str}).build(), requestSpec -> {
            requestSpec.redirects(0);
            requestSpec.headers(mutableHeaders -> {
                mutableHeaders.add(HttpHeaderNames.AUTHORIZATION, buildBasicAuthHeader(this.config.getUser(), this.config.getPassword()));
                mutableHeaders.add(HttpHeaderNames.ACCEPT, "application/json");
            });
        });
        return Promise.of(downstream -> {
            promise.onError(th -> {
                logger.error("Failed to check auth token.", th);
                downstream.success(Optional.empty());
            }).then(receivedResponse -> {
                if (receivedResponse.getStatusCode() != 200) {
                    logger.error("Got Status: " + receivedResponse.getStatusCode());
                    downstream.success(Optional.empty());
                    return;
                }
                OAuthToken oAuthToken = null;
                try {
                    CheckTokenResponse checkTokenResponse = (CheckTokenResponse) this.objectMapper.readValue(receivedResponse.getBody().getInputStream(), CheckTokenResponse.class);
                    if (checkTokenResponse.getClient_id() != null && !checkTokenResponse.getClient_id().isEmpty()) {
                        oAuthToken = new OAuthToken();
                        oAuthToken.setClientId(checkTokenResponse.getClient_id());
                        oAuthToken.setScopes(checkTokenResponse.getScope());
                        if (checkTokenResponse.getUser_name() == null || checkTokenResponse.getUser_name().isEmpty()) {
                            oAuthToken.setUser(Optional.empty());
                        } else {
                            User user = new User();
                            user.setUsername(checkTokenResponse.getUser_name());
                            user.setAuthorities(checkTokenResponse.getAuthorities());
                            oAuthToken.setUser(Optional.of(user));
                        }
                    }
                    downstream.success(Optional.ofNullable(oAuthToken));
                } catch (JsonParseException e) {
                    logger.error("Could not parse body");
                    downstream.error(e);
                }
            });
        });
    }

    private String buildBasicAuthHeader(String str, String str2) {
        return "Basic " + Base64.getEncoder().encodeToString((str + ":" + str2).getBytes());
    }
}
