package leap.oauth2.webapp.user;

import java.util.Map;
import leap.core.annotation.Inject;
import leap.core.el.ElConfig;
import leap.core.security.SimpleUserPrincipal;
import leap.core.security.UserPrincipal;
import leap.core.security.token.jwt.JWT;
import leap.lang.New;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.lang.http.ContentTypes;
import leap.lang.http.Headers;
import leap.lang.http.client.HttpClient;
import leap.lang.http.client.HttpRequest;
import leap.lang.http.client.HttpResponse;
import leap.lang.json.JSON;
import leap.lang.json.JsonObject;
import leap.lang.json.JsonValue;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.oauth2.webapp.OAuth2Config;
import leap.oauth2.webapp.OAuth2InternalServerException;
import leap.oauth2.webapp.OAuth2Params;

/* loaded from: input_file:leap/oauth2/webapp/user/DefaultUserInfoLookup.class */
public class DefaultUserInfoLookup implements UserInfoLookup {
    private static final Log log = LogFactory.get((Class<?>) DefaultUserInfoLookup.class);

    @Inject
    protected OAuth2Config config;

    @Inject
    protected HttpClient httpClient;

    @Override // leap.oauth2.webapp.user.UserInfoLookup
    public UserPrincipal lookupUserInfo(String str, String str2) {
        return requestUserInfo(New.hashMap("access_token", str));
    }

    protected UserPrincipal requestUserInfo(Map<String, String> map) {
        if (Strings.isEmpty(this.config.getUserInfoUrl())) {
            throw new IllegalStateException("The userInfoEndpointUrl must be configured when use remote authz server");
        }
        HttpRequest request = this.httpClient.request(this.config.getUserInfoUrl());
        if (null != map) {
            request.getClass();
            map.forEach(request::addQueryParam);
        }
        if (null != this.config.getClientId()) {
            request.addHeader(Headers.AUTHORIZATION, "Basic " + Base64.encode(this.config.getClientId() + ElConfig.FUNCTION_NAME_SEPERATOR + this.config.getClientSecret()));
        }
        HttpResponse httpResponse = request.get();
        if (!ContentTypes.APPLICATION_JSON_TYPE.isCompatible(httpResponse.getContentType())) {
            throw new OAuth2InternalServerException("Invalid response from auth server");
        }
        String string = httpResponse.getString();
        log.debug("Received response : {}", string);
        try {
            JsonValue parse = JSON.parse(string);
            if (!parse.isMap()) {
                throw new OAuth2InternalServerException("Invalid response from auth server : not a json map");
            }
            JsonObject asJsonObject = parse.asJsonObject();
            String string2 = asJsonObject.getString(OAuth2Params.ERROR);
            if (Strings.isEmpty(string2)) {
                return newUserInfo(asJsonObject);
            }
            log.warn("Auth server response error '{}' : {}", string2, asJsonObject.getString(OAuth2Params.ERROR_DESCRIPTION));
            return null;
        } catch (Exception e) {
            log.error(e);
            throw new OAuth2InternalServerException(e.getMessage());
        }
    }

    protected UserPrincipal newUserInfo(JsonObject jsonObject) {
        SimpleUserPrincipal simpleUserPrincipal = new SimpleUserPrincipal();
        simpleUserPrincipal.setId(jsonObject.getString(JWT.CLAIM_SUBJECT));
        simpleUserPrincipal.setName(jsonObject.getString("name"));
        simpleUserPrincipal.setLoginName(jsonObject.getString("login_name"));
        simpleUserPrincipal.setProperties(jsonObject.asMap());
        return simpleUserPrincipal;
    }
}
