package io.weaviate.client.v1.auth.nimbus;

import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.RefreshTokenGrant;
import com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import io.weaviate.client.Config;
import io.weaviate.client.v1.auth.exception.AuthException;
import io.weaviate.client.v1.auth.nimbus.BaseAuth;
import io.weaviate.client.v1.auth.provider.AccessTokenProvider;
import io.weaviate.client.v1.auth.provider.AuthClientCredentialsTokenProvider;
import io.weaviate.client.v1.auth.provider.AuthRefreshTokenProvider;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;

/* loaded from: input_file:io/weaviate/client/v1/auth/nimbus/NimbusAuth.class */
public class NimbusAuth extends BaseAuth {
    public AccessTokenProvider getAccessTokenProvider(Config config, String str, String str2, String str3, List<String> list, AuthType authType) throws AuthException {
        BaseAuth.AuthResponse idAndTokenEndpoint = getIdAndTokenEndpoint(config);
        OIDCTokenResponse oIDCTokenResponse = getOIDCTokenResponse(config, idAndTokenEndpoint, str, str2, str3, "", list, authType);
        AccessToken accessToken = oIDCTokenResponse.getOIDCTokens().getAccessToken();
        RefreshToken refreshToken = oIDCTokenResponse.getOIDCTokens().getRefreshToken();
        String str4 = null;
        if (refreshToken != null) {
            str4 = refreshToken.getValue();
        } else {
            logNoRefreshTokenWarning(accessToken.getLifetime());
        }
        return getTokenProvider(config, idAndTokenEndpoint, list, accessToken.getValue(), accessToken.getLifetime(), str4, str, authType);
    }

    protected AccessTokenProvider getTokenProvider(Config config, BaseAuth.AuthResponse authResponse, List<String> list, String str, long j, String str2, String str3, AuthType authType) {
        return authType == AuthType.CLIENT_CREDENTIALS ? new AuthClientCredentialsTokenProvider(config, authResponse, list, str, j, str3) : new AuthRefreshTokenProvider(config, authResponse, str, j, str2);
    }

    public String refreshToken(Config config, BaseAuth.AuthResponse authResponse, String str) {
        try {
            return getOIDCTokenResponse(config, authResponse, "", "", "", str, null, AuthType.REFRESH_TOKEN).getOIDCTokens().getAccessToken().getValue();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public String refreshClientCredentialsToken(Config config, BaseAuth.AuthResponse authResponse, List<String> list, String str) {
        try {
            return getOIDCTokenResponse(config, authResponse, str, "", "", "", list, AuthType.CLIENT_CREDENTIALS).getOIDCTokens().getAccessToken().getValue();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void logNoRefreshTokenWarning(long j) {
        log(String.format("Auth002: Your access token is valid for %s and no refresh token was provided.", getAccessTokenExpireDate(Long.valueOf(j))));
    }

    private OIDCTokenResponse getOIDCTokenResponse(Config config, BaseAuth.AuthResponse authResponse, String str, String str2, String str3, String str4, List<String> list, AuthType authType) throws AuthException {
        try {
            OIDCProviderMetadata parse = OIDCProviderMetadata.parse(authResponse.getConfiguration());
            ClientID clientID = new ClientID(authResponse.getClientId());
            Secret secret = new Secret(str);
            String format = String.format("%s%s", config.getBaseURL(), BaseAuth.OIDC_URL);
            Scope scopes = getScopes(authResponse, list, clientID, parse);
            HashMap hashMap = new HashMap();
            hashMap.put("response_type", Collections.singletonList("code id_token"));
            hashMap.put("response_mode", Collections.singletonList("fragment"));
            hashMap.put("redirect_url", Collections.singletonList(format));
            TokenErrorResponse parse2 = OIDCTokenResponseParser.parse(new TokenRequest(parse.getTokenEndpointURI(), new ClientSecretPost(clientID, secret), getAuthorizationGrant(authType, str2, str3, str4), scopes, (List) null, hashMap).toHTTPRequest().send());
            if (parse2 instanceof TokenErrorResponse) {
                throw new RuntimeException(parse2.getErrorObject().getDescription());
            }
            return (OIDCTokenResponse) parse2;
        } catch (Throwable th) {
            throw new AuthException(th.getMessage(), th);
        }
    }

    private Scope getScopes(BaseAuth.AuthResponse authResponse, List<String> list, ClientID clientID, OIDCProviderMetadata oIDCProviderMetadata) {
        Scope scope = new Scope();
        if (authResponse.getScopes() != null) {
            Stream stream = Arrays.stream(authResponse.getScopes());
            Objects.requireNonNull(scope);
            stream.forEach(scope::add);
        }
        if (list != null) {
            Objects.requireNonNull(scope);
            list.forEach(scope::add);
        }
        if (scope.isEmpty() && oIDCProviderMetadata.getTokenEndpointURI().getHost().equals("login.microsoftonline.com")) {
            scope.add(clientID + "/.default");
        }
        return scope;
    }

    private AuthorizationGrant getAuthorizationGrant(AuthType authType, String str, String str2, String str3) {
        switch (authType) {
            case USER_PASSWORD:
                return new ResourceOwnerPasswordCredentialsGrant(str, new Secret(str2));
            case CLIENT_CREDENTIALS:
                return new ClientCredentialsGrant();
            default:
                return new RefreshTokenGrant(new RefreshToken(str3));
        }
    }

    private String getAccessTokenExpireDate(Long l) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, l.intValue());
        return simpleDateFormat.format(calendar.getTime());
    }

    private void log(String str) {
        System.out.println(str);
    }
}
