package cn.com.dabby.idaas.oidc;

import cn.com.dabby.idaas.oidc.exception.OAuth2Exception;
import cn.com.dabby.idaas.oidc.pojo.IdTokenClaim;
import cn.com.dabby.idaas.oidc.pojo.OidcTokenResponse;
import cn.com.dabby.idaas.oidc.pojo.OidcUserInfo;
import cn.com.dabby.idaas.oidc.utils.Asserts;
import cn.com.dabby.idaas.oidc.utils.JsonUtils;
import cn.com.dabby.idaas.oidc.utils.StringUtils;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.UserInfoRequest;
import com.nimbusds.openid.connect.sdk.UserInfoResponse;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator;
import java.net.URI;

/* loaded from: input_file:cn/com/dabby/idaas/oidc/OidcClient.class */
public class OidcClient {
    private static final Scope DEFAULT_SCOPE = new Scope(new String[]{"openid", "profile", "user_bz"});
    private static final ResponseType DEFAULT_RESPONSE_TYPE = new ResponseType(new String[]{"code"});
    private final OIDCProviderMetadata oidcProviderMetadata;
    private final ClientID clientId;
    private final Secret clientSecret;
    private final URI redirectUri;
    private final Issuer issuer;
    private JWKSet jwkSet;
    private final IDTokenValidator idTokenValidator;

    public OidcClient(String str, String str2, String str3, String str4) throws Exception {
        Asserts.hasText(str, "issuer 不能为空");
        Asserts.hasText(str2, "clientId 不能为空");
        Asserts.hasText(str3, "clientSecret 不能为空");
        Asserts.hasText(str4, "redirectUri 不能为空");
        this.issuer = new Issuer(str);
        this.oidcProviderMetadata = OIDCProviderMetadata.resolve(this.issuer);
        this.jwkSet = JWKSet.load(this.oidcProviderMetadata.getJWKSetURI().toURL());
        this.clientId = new ClientID(str2);
        this.clientSecret = new Secret(str3);
        this.redirectUri = new URI(str4);
        this.idTokenValidator = new IDTokenValidator(this.issuer, this.clientId, JWSAlgorithm.RS256, this.jwkSet);
    }

    public OIDCProviderMetadata getOidcProviderMetadata() {
        return this.oidcProviderMetadata;
    }

    public String buildAuthorizationUrl(String str, String str2) {
        return new AuthenticationRequest.Builder(DEFAULT_RESPONSE_TYPE, DEFAULT_SCOPE, this.clientId, this.redirectUri).endpointURI(this.oidcProviderMetadata.getAuthorizationEndpointURI()).state(new State(str)).nonce(new Nonce(str2)).build().toURI().toASCIIString();
    }

    public OidcTokenResponse getTokenByCode(String str) throws Exception {
        AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant(new AuthorizationCode(str), this.redirectUri);
        TokenResponse parse = OIDCTokenResponseParser.parse(new TokenRequest(this.oidcProviderMetadata.getTokenEndpointURI(), new ClientSecretBasic(this.clientId, this.clientSecret), authorizationCodeGrant).toHTTPRequest().send());
        if (parse.indicatesSuccess()) {
            return (OidcTokenResponse) JsonUtils.fromJson(parse.toSuccessResponse().getTokens().toJSONObject().toJSONString(), OidcTokenResponse.class);
        }
        ErrorObject errorObject = parse.toErrorResponse().getErrorObject();
        throw new OAuth2Exception(errorObject.getCode(), (String) errorObject.getCustomParams().getOrDefault("errorDescription", "未知异常"));
    }

    public IdTokenClaim validateIdToken(String str, String str2) throws Exception {
        JWT parse = JWTParser.parse(str);
        Nonce nonce = null;
        if (!StringUtils.isBlank(str2)) {
            nonce = new Nonce(str2);
        }
        return (IdTokenClaim) JsonUtils.fromJson(this.idTokenValidator.validate(parse, nonce).toJSONString(), IdTokenClaim.class);
    }

    public OidcUserInfo getUserInfo(String str) throws Exception {
        UserInfoResponse parse = UserInfoResponse.parse(new UserInfoRequest(this.oidcProviderMetadata.getUserInfoEndpointURI(), new BearerAccessToken(str)).toHTTPRequest().send());
        if (parse.indicatesSuccess()) {
            return (OidcUserInfo) JsonUtils.fromJson(parse.toSuccessResponse().getUserInfo().toJSONString(), OidcUserInfo.class);
        }
        ErrorObject errorObject = parse.toErrorResponse().getErrorObject();
        throw new OAuth2Exception(errorObject.getCode(), (String) errorObject.getCustomParams().getOrDefault("errorDescription", "未知异常"));
    }
}
