package it.geosolutions.geostore.services.rest.security.oauth2;

import java.util.Optional;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.store.jwk.JwkTokenStore;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:it/geosolutions/geostore/services/rest/security/oauth2/GeoStoreOAuthRestTemplate.class */
public class GeoStoreOAuthRestTemplate extends OAuth2RestTemplate {
    public static final String ID_TOKEN_VALUE = "OpenIdConnect-IdTokenValue";
    private static final Logger LOGGER = LogManager.getLogger(GeoStoreOAuthRestTemplate.class);
    private final String idTokenParam;
    private JwkTokenStore store;

    public GeoStoreOAuthRestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext, OAuth2Configuration oAuth2Configuration) {
        this(oAuth2ProtectedResourceDetails, oAuth2ClientContext, oAuth2Configuration, OAuth2Utils.ID_TOKEN_PARAM);
    }

    public GeoStoreOAuthRestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext, OAuth2Configuration oAuth2Configuration, String str) {
        super(oAuth2ProtectedResourceDetails, oAuth2ClientContext);
        if (oAuth2Configuration.getIdTokenUri() != null) {
            this.store = new JwkTokenStore(oAuth2Configuration.getIdTokenUri());
        }
        this.idTokenParam = str;
    }

    protected OAuth2AccessToken acquireAccessToken(OAuth2ClientContext oAuth2ClientContext) throws UserRedirectRequiredException {
        OAuth2AccessToken oAuth2AccessToken = null;
        try {
            oAuth2AccessToken = super.acquireAccessToken(oAuth2ClientContext);
            if (oAuth2ClientContext != null && oAuth2ClientContext.getAccessTokenRequest() != null) {
                AccessTokenRequest accessTokenRequest = oAuth2ClientContext.getAccessTokenRequest();
                if (accessTokenRequest.getAuthorizationCode() != null && !accessTokenRequest.getAuthorizationCode().isEmpty()) {
                    LOGGER.debug("OIDC: received a CODE from Identity Provider - handing it in for ID/Access Token");
                    LOGGER.debug("OIDC: CODE=" + accessTokenRequest.getAuthorizationCode());
                    if (oAuth2AccessToken != null) {
                        LOGGER.debug("OIDC: Identity Provider returned Token, type=" + oAuth2AccessToken.getTokenType());
                        LOGGER.debug("OIDC: SCOPES=" + String.join(" ", oAuth2AccessToken.getScope()));
                        String saferJWT = saferJWT(oAuth2AccessToken.getValue());
                        LOGGER.debug("OIDC: ACCESS TOKEN:" + saferJWT);
                        RequestContextHolder.getRequestAttributes().setAttribute(OAuth2Utils.ACCESS_TOKEN_PARAM, saferJWT, 0);
                        if (oAuth2AccessToken.getAdditionalInformation().containsKey(OAuth2Utils.REFRESH_TOKEN_PARAM)) {
                            LOGGER.debug("OIDC: REFRESH TOKEN:" + saferJWT((String) oAuth2AccessToken.getAdditionalInformation().get(OAuth2Utils.REFRESH_TOKEN_PARAM)));
                            RequestContextHolder.getRequestAttributes().setAttribute(OAuth2Utils.REFRESH_TOKEN_PARAM, saferJWT, 0);
                        }
                        if (oAuth2AccessToken.getAdditionalInformation().containsKey(OAuth2Utils.ID_TOKEN_PARAM)) {
                            LOGGER.debug("OIDC: ID TOKEN:" + saferJWT((String) oAuth2AccessToken.getAdditionalInformation().get(OAuth2Utils.ID_TOKEN_PARAM)));
                            RequestContextHolder.getRequestAttributes().setAttribute(OAuth2Utils.ID_TOKEN_PARAM, saferJWT, 0);
                        }
                    }
                }
            }
            return oAuth2AccessToken;
        } catch (Throwable th) {
            if (oAuth2ClientContext != null && oAuth2ClientContext.getAccessTokenRequest() != null) {
                AccessTokenRequest accessTokenRequest2 = oAuth2ClientContext.getAccessTokenRequest();
                if (accessTokenRequest2.getAuthorizationCode() != null && !accessTokenRequest2.getAuthorizationCode().isEmpty()) {
                    LOGGER.debug("OIDC: received a CODE from Identity Provider - handing it in for ID/Access Token");
                    LOGGER.debug("OIDC: CODE=" + accessTokenRequest2.getAuthorizationCode());
                    if (oAuth2AccessToken != null) {
                        LOGGER.debug("OIDC: Identity Provider returned Token, type=" + oAuth2AccessToken.getTokenType());
                        LOGGER.debug("OIDC: SCOPES=" + String.join(" ", oAuth2AccessToken.getScope()));
                        String saferJWT2 = saferJWT(oAuth2AccessToken.getValue());
                        LOGGER.debug("OIDC: ACCESS TOKEN:" + saferJWT2);
                        RequestContextHolder.getRequestAttributes().setAttribute(OAuth2Utils.ACCESS_TOKEN_PARAM, saferJWT2, 0);
                        if (oAuth2AccessToken.getAdditionalInformation().containsKey(OAuth2Utils.REFRESH_TOKEN_PARAM)) {
                            LOGGER.debug("OIDC: REFRESH TOKEN:" + saferJWT((String) oAuth2AccessToken.getAdditionalInformation().get(OAuth2Utils.REFRESH_TOKEN_PARAM)));
                            RequestContextHolder.getRequestAttributes().setAttribute(OAuth2Utils.REFRESH_TOKEN_PARAM, saferJWT2, 0);
                        }
                        if (oAuth2AccessToken.getAdditionalInformation().containsKey(OAuth2Utils.ID_TOKEN_PARAM)) {
                            LOGGER.debug("OIDC: ID TOKEN:" + saferJWT((String) oAuth2AccessToken.getAdditionalInformation().get(OAuth2Utils.ID_TOKEN_PARAM)));
                            RequestContextHolder.getRequestAttributes().setAttribute(OAuth2Utils.ID_TOKEN_PARAM, saferJWT2, 0);
                        }
                    }
                }
            }
            throw th;
        }
    }

    String saferJWT(String str) {
        String[] split = str.split("\\.");
        return split.length > 1 ? split[1] : "NOT A JWT";
    }

    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
        OAuth2AccessToken accessToken = super.getAccessToken();
        if (accessToken != null) {
            validate(accessToken);
        }
        return accessToken;
    }

    private void validate(OAuth2AccessToken oAuth2AccessToken) {
        Object obj = oAuth2AccessToken.getAdditionalInformation().get(OAuth2Utils.ID_TOKEN_PARAM);
        if (obj instanceof String) {
            String str = (String) obj;
            setAsRequestAttribute(ID_TOKEN_VALUE, str);
            if (this.store != null) {
                this.store.readAuthentication(str);
            }
        }
    }

    private void setAsRequestAttribute(String str, String str2) {
        Optional.ofNullable(RequestContextHolder.getRequestAttributes()).filter(requestAttributes -> {
            return requestAttributes instanceof ServletRequestAttributes;
        }).map(requestAttributes2 -> {
            return (ServletRequestAttributes) requestAttributes2;
        }).map((v0) -> {
            return v0.getRequest();
        }).ifPresent(httpServletRequest -> {
            httpServletRequest.setAttribute(str, str2);
        });
    }

    public OAuth2Authentication readAuthentication(String str) {
        return this.store.readAuthentication(str);
    }

    public void setTokenStore(JwkTokenStore jwkTokenStore) {
        this.store = jwkTokenStore;
    }
}
