package org.pac4j.oidc.profile.creator;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jwt.JWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse;
import com.nimbusds.openid.connect.sdk.UserInfoRequest;
import com.nimbusds.openid.connect.sdk.UserInfoResponse;
import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import java.io.IOException;
import java.util.Map;
import java.util.Optional;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.AttributeLocation;
import org.pac4j.core.profile.ProfileHelper;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.profile.creator.ProfileCreator;
import org.pac4j.core.profile.definition.ProfileDefinitionAware;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
import org.pac4j.oidc.profile.OidcProfile;
import org.pac4j.oidc.profile.OidcProfileDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-oidc-4.5.0.jar:org/pac4j/oidc/profile/creator/OidcProfileCreator.class */
public class OidcProfileCreator<P extends OidcProfile> extends ProfileDefinitionAware<P> implements ProfileCreator<OidcCredentials> {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OidcProfileCreator.class);
    protected OidcConfiguration configuration;
    protected OidcClient client;

    public OidcProfileCreator(OidcConfiguration oidcConfiguration, OidcClient oidcClient) {
        this.configuration = oidcConfiguration;
        this.client = oidcClient;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.pac4j.core.util.InitializableObject
    public void internalInit() {
        CommonHelper.assertNotNull("configuration", this.configuration);
        defaultProfileDefinition(new OidcProfileDefinition());
    }

    @Override // org.pac4j.core.profile.creator.ProfileCreator
    public Optional<UserProfile> create(OidcCredentials oidcCredentials, WebContext webContext) {
        init();
        AccessToken accessToken = oidcCredentials.getAccessToken();
        OidcProfile oidcProfile = (OidcProfile) getProfileDefinition().newProfile(new Object[0]);
        oidcProfile.setAccessToken(accessToken);
        JWT idToken = oidcCredentials.getIdToken();
        oidcProfile.setIdTokenString(idToken.getParsedString());
        RefreshToken refreshToken = oidcCredentials.getRefreshToken();
        if (refreshToken != null && !refreshToken.getValue().isEmpty()) {
            oidcProfile.setRefreshToken(refreshToken);
            logger.debug("Refresh Token successful retrieved");
        }
        try {
            IDTokenClaimsSet validate = this.configuration.findTokenValidator().validate(idToken, this.configuration.isUseNonce() ? new Nonce((String) webContext.getSessionStore().get(webContext, this.client.getNonceSessionAttributeName()).orElse(null)) : null);
            CommonHelper.assertNotNull("claimsSet", validate);
            oidcProfile.setId(ProfileHelper.sanitizeIdentifier(oidcProfile, validate.getSubject()));
            if (this.configuration.findProviderMetadata().getUserInfoEndpointURI() != null && accessToken != null) {
                HTTPRequest hTTPRequest = new UserInfoRequest(this.configuration.findProviderMetadata().getUserInfoEndpointURI(), (BearerAccessToken) accessToken).toHTTPRequest();
                this.configuration.configureHttpRequest(hTTPRequest);
                HTTPResponse send = hTTPRequest.send();
                logger.debug("User info response: status={}, content={}", Integer.valueOf(send.getStatusCode()), send.getContent());
                UserInfoResponse parse = UserInfoResponse.parse(send);
                if (parse instanceof UserInfoErrorResponse) {
                    logger.error("Bad User Info response, error={}", ((UserInfoErrorResponse) parse).getErrorObject());
                } else {
                    UserInfoSuccessResponse userInfoSuccessResponse = (UserInfoSuccessResponse) parse;
                    getProfileDefinition().convertAndAdd(oidcProfile, (userInfoSuccessResponse.getUserInfo() != null ? userInfoSuccessResponse.getUserInfo().toJWTClaimsSet() : userInfoSuccessResponse.getUserInfoJWT().getJWTClaimsSet()).getClaims(), null);
                }
            }
            for (Map.Entry<String, Object> entry : idToken.getJWTClaimsSet().getClaims().entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if (!"sub".equals(key) && oidcProfile.getAttribute(key) == null) {
                    getProfileDefinition().convertAndAdd(oidcProfile, AttributeLocation.PROFILE_ATTRIBUTE, key, value);
                }
            }
            oidcProfile.setTokenExpirationAdvance(this.configuration.getTokenExpirationAdvance());
            String str = (String) validate.getClaim("sid");
            if (CommonHelper.isNotBlank(str)) {
                this.configuration.findLogoutHandler().recordSession(webContext, str);
            }
            return Optional.of(oidcProfile);
        } catch (JOSEException | BadJOSEException | ParseException | IOException | java.text.ParseException e) {
            throw new TechnicalException(e);
        }
    }
}
