package org.apache.sling.auth.oauth_client.impl;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import net.minidev.json.JSONValue;
import org.apache.sling.auth.oauth_client.spi.OidcAuthCredentials;
import org.apache.sling.auth.oauth_client.spi.UserInfoProcessor;
import org.apache.sling.commons.crypto.CryptoService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(service = {UserInfoProcessor.class}, property = {"service.ranking:Integer=10"})
/* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.class */
public class SlingUserInfoProcessorImpl implements UserInfoProcessor {
    private static final Logger logger = LoggerFactory.getLogger(SlingUserInfoProcessorImpl.class);
    private final CryptoService cryptoService;
    private final boolean storeAccessToken;
    private final boolean storeRefreshToken;

    @ObjectClassDefinition(name = "Apache Sling Oidc UserInfo Processor", description = "Apache Sling Oidc UserInfo Processor Service")
    /* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl$Config.class */
    @interface Config {
        @AttributeDefinition(name = "storeAccessToken", description = "Store access Token under User Node")
        boolean storeAccessToken() default false;

        @AttributeDefinition(name = "storeRefreshToken", description = "Store access Refresh under User Node")
        boolean storeRefreshToken() default false;
    }

    @Activate
    public SlingUserInfoProcessorImpl(@Reference(policyOption = ReferencePolicyOption.GREEDY) CryptoService cryptoService, Config config) {
        this.cryptoService = cryptoService;
        this.storeAccessToken = config.storeAccessToken();
        this.storeRefreshToken = config.storeRefreshToken();
    }

    @Override // org.apache.sling.auth.oauth_client.spi.UserInfoProcessor
    @NotNull
    public OidcAuthCredentials process(@Nullable String str, @NotNull String str2, @NotNull String str3, @NotNull String str4) {
        TokenResponse parseTokenResponse = parseTokenResponse(str2);
        UserInfo parseUserInfo = parseUserInfo(str);
        OAuthTokens slingOAuthTokens = Converter.toSlingOAuthTokens(parseTokenResponse.toSuccessResponse().getTokens());
        OidcAuthCredentials oidcAuthCredentials = new OidcAuthCredentials(str3, str4);
        oidcAuthCredentials.setAttribute(".token", "");
        if (parseUserInfo != null) {
            logger.debug("Preferred Username: {}", parseUserInfo.getPreferredUsername());
            logger.debug("Subject: {}", parseUserInfo.getSubject());
            logger.debug("Email: {}", parseUserInfo.getEmailAddress());
            logger.debug("Name: {}", parseUserInfo.getGivenName());
            logger.debug("FamilyName: {}", parseUserInfo.getFamilyName());
            Object remove = parseUserInfo.toJSONObject().remove("groups");
            if (remove instanceof JSONArray) {
                logger.debug("Groups: {}", remove);
                ((JSONArray) remove).forEach(obj -> {
                    oidcAuthCredentials.addGroup(obj.toString());
                });
            }
            parseUserInfo.toJSONObject().forEach((str5, obj2) -> {
                if (obj2 != null) {
                    oidcAuthCredentials.setAttribute("profile/" + str5, obj2.toString());
                }
            });
        }
        String accessToken = slingOAuthTokens.accessToken();
        if (!this.storeAccessToken || accessToken == null) {
            logger.debug("Access Token is null, omit adding as credentials attribute '{}'", OAuthTokenStore.PROPERTY_NAME_ACCESS_TOKEN);
        } else {
            oidcAuthCredentials.setAttribute(OAuthTokenStore.PROPERTY_NAME_ACCESS_TOKEN, this.cryptoService.encrypt(accessToken));
        }
        String accessToken2 = slingOAuthTokens.accessToken();
        if (!this.storeRefreshToken || accessToken2 == null) {
            logger.debug("Refresh Token is null, omit adding as credentials attribute '{}'", OAuthTokenStore.PROPERTY_NAME_REFRESH_TOKEN);
        } else {
            oidcAuthCredentials.setAttribute(OAuthTokenStore.PROPERTY_NAME_ACCESS_TOKEN, this.cryptoService.encrypt(accessToken2));
        }
        return oidcAuthCredentials;
    }

    @Nullable
    private static UserInfo parseUserInfo(@Nullable String str) {
        if (str == null) {
            return null;
        }
        try {
            return UserInfo.parse(str);
        } catch (ParseException e) {
            throw new RuntimeException("Failed to parse UserInfo in UserInfoProcessor", e);
        }
    }

    @NotNull
    private static TokenResponse parseTokenResponse(@NotNull String str) {
        try {
            return TokenResponse.parse((JSONObject) JSONValue.parse(str));
        } catch (ParseException e) {
            throw new RuntimeException("Failed to parse TokenResponse in UserInfoProcessor", e);
        }
    }
}
