package io.vertx.ext.web.handler.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.web.Route;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.Session;
import io.vertx.ext.web.handler.AuthHandler;
import io.vertx.ext.web.handler.OAuth2AuthHandler;
import io.vertx.ext.web.handler.impl.AuthorizationAuthHandler;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.fontbox.ttf.OS2WindowsMetricsTable;

/* loaded from: input_file:BOOT-INF/lib/vertx-web-3.8.5.jar:io/vertx/ext/web/handler/impl/OAuth2AuthHandlerImpl.class */
public class OAuth2AuthHandlerImpl extends AuthorizationAuthHandler implements OAuth2AuthHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OAuth2AuthHandlerImpl.class);
    private final String host;
    private final String callbackPath;
    private final Set<String> scopes;
    private Route callback;
    private JsonObject extraParams;
    private boolean bearerOnly;

    private static AuthProvider verifyProvider(AuthProvider authProvider) {
        if (!(authProvider instanceof OAuth2Auth) || ((OAuth2Auth) authProvider).getFlowType() == OAuth2FlowType.AUTH_CODE) {
            return authProvider;
        }
        throw new IllegalArgumentException("OAuth2Auth + Bearer Auth requires OAuth2 AUTH_CODE flow");
    }

    public OAuth2AuthHandlerImpl(OAuth2Auth oAuth2Auth, String str) {
        super(verifyProvider(oAuth2Auth), AuthorizationAuthHandler.Type.BEARER);
        this.scopes = new HashSet();
        this.bearerOnly = true;
        try {
            if (str != null) {
                URL url = new URL(str);
                this.host = url.getProtocol() + "://" + url.getHost() + (url.getPort() == -1 ? "" : ":" + url.getPort());
                this.callbackPath = url.getPath();
            } else {
                this.host = null;
                this.callbackPath = null;
            }
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // io.vertx.ext.web.handler.impl.AuthHandlerImpl, io.vertx.ext.web.handler.AuthHandler
    public AuthHandler addAuthority(String str) {
        this.scopes.add(str);
        return this;
    }

    @Override // io.vertx.ext.web.handler.impl.AuthHandlerImpl, io.vertx.ext.web.handler.AuthHandler
    public AuthHandler addAuthorities(Set<String> set) {
        this.scopes.addAll(set);
        return this;
    }

    @Override // io.vertx.ext.web.handler.AuthHandler
    public void parseCredentials(RoutingContext routingContext, Handler<AsyncResult<JsonObject>> handler) {
        parseAuthorization(routingContext, !this.bearerOnly, asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            String str = (String) asyncResult.result();
            if (str != null) {
                this.authProvider.decodeToken(str, asyncResult -> {
                    if (asyncResult.failed()) {
                        handler.handle(Future.failedFuture(new HttpStatusException(401, asyncResult.cause().getMessage())));
                    } else {
                        routingContext.setUser((User) asyncResult.result());
                        handler.handle(Future.succeededFuture());
                    }
                });
                return;
            }
            if (this.callback == null) {
                handler.handle(Future.failedFuture("callback route is not configured."));
                return;
            }
            if (routingContext.request().method() != HttpMethod.GET || !routingContext.normalisedPath().equals(this.callback.getPath())) {
                handler.handle(Future.failedFuture(new HttpStatusException(302, authURI(routingContext.request().uri()))));
                return;
            }
            if (log.isWarnEnabled()) {
                log.warn("The callback route is shaded by the OAuth2AuthHandler, ensure the callback route is added BEFORE the OAuth2AuthHandler route!");
            }
            handler.handle(Future.failedFuture(new HttpStatusException(500, "Infinite redirect loop [oauth2 callback]")));
        });
    }

    private String authURI(String str) {
        JsonObject put = new JsonObject().put("state", str);
        if (this.host != null) {
            put.put("redirect_uri", this.host + this.callback.getPath());
        }
        if (this.extraParams != null) {
            put.mergeIn(this.extraParams);
        }
        if (this.scopes.size() > 0) {
            JsonArray jsonArray = new JsonArray();
            Iterator<String> it = this.scopes.iterator();
            while (it.hasNext()) {
                jsonArray.add(it.next());
            }
            put.put("scopes", jsonArray);
        }
        return this.authProvider.authorizeURL(put);
    }

    @Override // io.vertx.ext.web.handler.OAuth2AuthHandler
    public OAuth2AuthHandler extraParams(JsonObject jsonObject) {
        this.extraParams = jsonObject;
        return this;
    }

    @Override // io.vertx.ext.web.handler.OAuth2AuthHandler
    public OAuth2AuthHandler setupCallback(Route route) {
        if (this.callbackPath != null && !"".equals(this.callbackPath)) {
            route.path(this.callbackPath);
        }
        route.method(HttpMethod.GET);
        route.handler(routingContext -> {
            String param = routingContext.request().getParam("code");
            if (param == null) {
                routingContext.fail(OS2WindowsMetricsTable.WEIGHT_CLASS_NORMAL);
                return;
            }
            String param2 = routingContext.request().getParam("state");
            JsonObject put = new JsonObject().put("code", param);
            if (this.host != null) {
                put.put("redirect_uri", this.host + route.getPath());
            }
            if (this.extraParams != null) {
                put.mergeIn(this.extraParams);
            }
            this.authProvider.authenticate(put, asyncResult -> {
                if (asyncResult.failed()) {
                    routingContext.fail(asyncResult.cause());
                    return;
                }
                routingContext.setUser((User) asyncResult.result());
                Session session = routingContext.session();
                if (session == null) {
                    routingContext.reroute(param2 != null ? param2 : "/");
                } else {
                    session.regenerateId();
                    routingContext.response().putHeader(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, must-revalidate").putHeader("Pragma", "no-cache").putHeader(HttpHeaders.EXPIRES, "0").putHeader(HttpHeaders.LOCATION, param2 != null ? param2 : "/").setStatusCode(302).end("Redirecting to " + (param2 != null ? param2 : "/") + ".");
                }
            });
        });
        this.bearerOnly = false;
        this.callback = route;
        return this;
    }
}
