package io.vertx.ext.auth.oauth2.providers;

import io.netty.handler.codec.http.HttpHeaders;
import io.vertx.codegen.annotations.VertxGen;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.JWTOptions;
import io.vertx.ext.auth.impl.http.SimpleHttpClient;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2Options;
import org.custommonkey.xmlunit.XMLConstants;

@VertxGen
/* loaded from: input_file:io/vertx/ext/auth/oauth2/providers/OpenIDConnectAuth.class */
public interface OpenIDConnectAuth {
    static void discover(Vertx vertx, OAuth2Options oAuth2Options, Handler<AsyncResult<OAuth2Auth>> handler) {
        discover(vertx, oAuth2Options).onComplete2(handler);
    }

    static Future<OAuth2Auth> discover(Vertx vertx, OAuth2Options oAuth2Options) {
        if (oAuth2Options.getSite() == null) {
            return Future.failedFuture("issuer cannot be null");
        }
        oAuth2Options.replaceVariables(false);
        String site = oAuth2Options.getSite();
        if (site.endsWith("/.well-known/openid-configuration")) {
            site = site.substring(0, site.length() - "/.well-known/openid-configuration".length());
        }
        return new SimpleHttpClient(vertx, oAuth2Options.getUserAgent(), oAuth2Options.getHttpClientOptions()).fetch(HttpMethod.GET, site + "/.well-known/openid-configuration", new JsonObject().put("Accept", HttpHeaders.Values.APPLICATION_JSON), null).compose(simpleHttpResponse -> {
            if (simpleHttpResponse.statusCode() != 200) {
                return Future.failedFuture("Bad Response [" + simpleHttpResponse.statusCode() + "] " + simpleHttpResponse.body());
            }
            if (!simpleHttpResponse.is(HttpHeaders.Values.APPLICATION_JSON)) {
                return Future.failedFuture("Cannot handle Content-Type: " + simpleHttpResponse.headers().get("Content-Type"));
            }
            JsonObject jsonObject = simpleHttpResponse.jsonObject();
            if (jsonObject == null) {
                return Future.failedFuture("Cannot handle null JSON");
            }
            if (jsonObject.containsKey("error")) {
                return Future.failedFuture(jsonObject.getString("error_description", jsonObject.getString("error")));
            }
            if (oAuth2Options.isValidateIssuer()) {
                String string = jsonObject.getString("issuer");
                if (string != null) {
                    if (string.endsWith("/")) {
                        string = string.substring(0, string.length() - 1);
                    }
                    if (!oAuth2Options.getSite().equals(string)) {
                        return Future.failedFuture("issuer validation failed: received [" + string + XMLConstants.XPATH_NODE_INDEX_END);
                    }
                }
            }
            oAuth2Options.setAuthorizationPath(jsonObject.getString("authorization_endpoint"));
            oAuth2Options.setTokenPath(jsonObject.getString("token_endpoint"));
            oAuth2Options.setLogoutPath(jsonObject.getString("end_session_endpoint"));
            oAuth2Options.setRevocationPath(jsonObject.getString("revocation_endpoint"));
            oAuth2Options.setUserInfoPath(jsonObject.getString("userinfo_endpoint"));
            oAuth2Options.setJwkPath(jsonObject.getString("jwks_uri"));
            oAuth2Options.setIntrospectionPath(jsonObject.getString("introspection_endpoint"));
            if (jsonObject.containsKey("issuer")) {
                JWTOptions jWTOptions = oAuth2Options.getJWTOptions();
                if (jWTOptions == null) {
                    jWTOptions = new JWTOptions();
                    oAuth2Options.setJWTOptions(jWTOptions);
                }
                jWTOptions.setIssuer(jsonObject.getString("issuer"));
            }
            oAuth2Options.setSupportedGrantTypes(null);
            if (jsonObject.containsKey("grant_types_supported") && oAuth2Options.getFlow() != null) {
                JsonArray jsonArray = jsonObject.getJsonArray("grant_types_supported");
                jsonArray.forEach(obj -> {
                    oAuth2Options.addSupportedGrantType((String) obj);
                });
                if (!jsonArray.contains(oAuth2Options.getFlow().getGrantType())) {
                    return Future.failedFuture("unsupported flow: " + oAuth2Options.getFlow().getGrantType() + ", allowed: " + jsonArray);
                }
            }
            try {
                OAuth2Auth create = OAuth2Auth.create(vertx, oAuth2Options);
                return oAuth2Options.getJwkPath() != null ? create.jWKSet().map((Future<Void>) create) : Future.succeededFuture(create);
            } catch (IllegalArgumentException | IllegalStateException e) {
                return Future.failedFuture(e);
            }
        });
    }
}
