package org.zowe.apiml.gateway.security.service.token;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Service;
import org.zowe.apiml.security.common.token.OIDCProvider;
import org.zowe.apiml.util.UrlUtils;

@ConditionalOnProperty(value = {"apiml.security.oidc.enabled"}, havingValue = "true")
@Service
/* loaded from: input_file:org/zowe/apiml/gateway/security/service/token/OIDCTokenProvider.class */
public class OIDCTokenProvider implements OIDCProvider {

    @Value("${apiml.security.oidc.introspectUrl:}")
    String introspectUrl;

    @Value("${apiml.security.oidc.clientId:}")
    String clientId;

    @Value("${apiml.security.oidc.clientSecret:}")
    String clientSecret;

    @NonNull
    @Autowired
    @Qualifier("secureHttpClientWithoutKeystore")
    private final CloseableHttpClient httpClient;

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OIDCTokenProvider.class);
    private static final ObjectMapper mapper = new ObjectMapper();

    public boolean isValid(String str) {
        OIDCTokenClaims introspect = introspect(str);
        if (introspect != null) {
            return introspect.getActive().booleanValue();
        }
        return false;
    }

    private OIDCTokenClaims introspect(String str) {
        if (StringUtils.isBlank(str)) {
            log.debug("No token has been provided.");
            return null;
        }
        if (StringUtils.isBlank(this.introspectUrl) || !UrlUtils.isValidUrl(this.introspectUrl)) {
            log.warn("Missing or invalid introspectUrl configuration. Cannot proceed with token validation.");
            return null;
        }
        if (StringUtils.isBlank(this.clientId) || StringUtils.isBlank(this.clientSecret)) {
            log.warn("Missing clientId or clientSecret configuration. Cannot proceed with token validation.");
            return null;
        }
        HttpPost httpPost = new HttpPost(this.introspectUrl);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("token", str));
        arrayList.add(new BasicNameValuePair("token_type_hint", "access_token"));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, StandardCharsets.UTF_8));
        httpPost.setHeader(new BasicHeader("Authorization", "Basic " + new String(Base64.getEncoder().encode((this.clientId + ":" + this.clientSecret).getBytes()))));
        httpPost.setHeader(new BasicHeader("Content-Type", "application/x-www-form-urlencoded"));
        httpPost.setHeader(new BasicHeader("Accept", "application/json"));
        try {
            CloseableHttpResponse execute = this.httpClient.execute(httpPost);
            int statusCode = execute.getStatusLine() != null ? execute.getStatusLine().getStatusCode() : 0;
            HttpEntity entity = execute.getEntity();
            String entityUtils = entity != null ? EntityUtils.toString(entity, StandardCharsets.UTF_8) : "";
            if (statusCode == 200 && !entityUtils.isEmpty()) {
                return (OIDCTokenClaims) mapper.readValue(entityUtils, OIDCTokenClaims.class);
            }
            log.error("Failed to validate the OIDC access token. Unexpected response: {}", Integer.valueOf(statusCode));
            return null;
        } catch (IOException e) {
            log.error("Failed to validate the OIDC access token. ", e);
            return null;
        }
    }

    @Generated
    public OIDCTokenProvider(@NonNull @Qualifier("secureHttpClientWithoutKeystore") CloseableHttpClient closeableHttpClient) {
        if (closeableHttpClient == null) {
            throw new NullPointerException("httpClient is marked non-null but is null");
        }
        this.httpClient = closeableHttpClient;
    }
}
