package com.floragunn.dlic.auth.http.jwt.keybyoidc;

import com.floragunn.codova.config.net.ProxyConfig;
import com.floragunn.dlic.util.SettingsBasedSSLConfigurator;
import com.floragunn.searchguard.TypedComponent;
import com.floragunn.searchguard.authc.legacy.LegacyHTTPAuthenticator;
import com.floragunn.searchguard.legacy.LegacyComponentFactory;
import com.floragunn.searchsupport.action.Responses;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.xcontent.ObjectTreeXContent;
import java.net.URI;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.HashMap;
import org.apache.http.HttpResponse;
import org.apache.http.entity.ContentType;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus;

@Deprecated
/* loaded from: input_file:com/floragunn/dlic/auth/http/jwt/keybyoidc/HTTPJwtKeyByOpenIdConnectAuthenticator.class */
public class HTTPJwtKeyByOpenIdConnectAuthenticator extends AbstractHTTPJwtAuthenticator {
    private ProxyConfig proxyConfig;
    private OpenIdProviderClient openIdProviderClient;
    private final ComponentState componentState;
    private static final Logger log = LogManager.getLogger(HTTPJwtKeyByOpenIdConnectAuthenticator.class);
    public static TypedComponent.Info<LegacyHTTPAuthenticator> INFO = new TypedComponent.Info<LegacyHTTPAuthenticator>() { // from class: com.floragunn.dlic.auth.http.jwt.keybyoidc.HTTPJwtKeyByOpenIdConnectAuthenticator.1
        public Class<LegacyHTTPAuthenticator> getType() {
            return LegacyHTTPAuthenticator.class;
        }

        public String getName() {
            return "openid";
        }

        public TypedComponent.Factory<LegacyHTTPAuthenticator> getFactory() {
            return LegacyComponentFactory.adapt(HTTPJwtKeyByOpenIdConnectAuthenticator::new);
        }
    };

    public HTTPJwtKeyByOpenIdConnectAuthenticator(Settings settings, Path path) {
        super(settings, path);
        this.componentState = new ComponentState(0, "authentication_frontend", "oidc", HTTPJwtKeyByOpenIdConnectAuthenticator.class).initialized().requiresEnterpriseLicense();
    }

    @Override // com.floragunn.dlic.auth.http.jwt.keybyoidc.AbstractHTTPJwtAuthenticator
    protected KeyProvider initKeyProvider(Settings settings, Path path) throws Exception {
        this.proxyConfig = ProxyConfig.parse(ObjectTreeXContent.toMap(settings), "proxy");
        try {
            this.openIdProviderClient = new OpenIdProviderClient(URI.create(settings.get("openid_connect_url")), getSSLConfig(settings, path), this.proxyConfig, settings.getAsBoolean("cache_jwks_endpoint", false).booleanValue());
            this.openIdProviderClient.setRequestTimeoutMs(settings.getAsInt("idp_request_timeout_ms", 5000).intValue());
            int intValue = settings.getAsInt("idp_request_timeout_ms", 5000).intValue();
            int intValue2 = settings.getAsInt("idp_queued_thread_timeout_ms", 2500).intValue();
            int intValue3 = settings.getAsInt("refresh_rate_limit_time_window_ms", 10000).intValue();
            int intValue4 = settings.getAsInt("refresh_rate_limit_count", 10).intValue();
            SelfRefreshingKeySet selfRefreshingKeySet = new SelfRefreshingKeySet(new KeySetRetriever(this.openIdProviderClient));
            selfRefreshingKeySet.setRequestTimeoutMs(intValue);
            selfRefreshingKeySet.setQueuedThreadTimeoutMs(intValue2);
            selfRefreshingKeySet.setRefreshRateLimitTimeWindowMs(intValue3);
            selfRefreshingKeySet.setRefreshRateLimitCount(intValue4);
            return selfRefreshingKeySet;
        } catch (SettingsBasedSSLConfigurator.SSLConfigException e) {
            log.error("Error while initializing openid http authenticator", e);
            throw new RuntimeException("Error while initializing openid http authenticator", e);
        }
    }

    private static SettingsBasedSSLConfigurator.SSLConfig getSSLConfig(Settings settings, Path path) throws SettingsBasedSSLConfigurator.SSLConfigException {
        return new SettingsBasedSSLConfigurator(settings, path, "openid_connect_idp").buildSSLConfig();
    }

    public boolean handleMetaRequest(RestRequest restRequest, RestChannel restChannel, String str, String str2, ThreadContext threadContext) {
        try {
            if ("config".equals(str2)) {
                HashMap hashMap = new HashMap(this.openIdProviderClient.getOidcConfiguration().getParsedJson());
                hashMap.put("token_endpoint_proxy", str + "/token");
                Responses.send(restChannel, RestStatus.OK, hashMap);
                return true;
            }
            if (!"token".equals(str2)) {
                Responses.sendError(restChannel, RestStatus.NOT_FOUND, "Invalid endpoint: " + restRequest.path());
                return true;
            }
            ContentType contentType = ContentType.APPLICATION_FORM_URLENCODED;
            byte[] bytes = BytesReference.toBytes(restRequest.content());
            HttpResponse callTokenEndpoint = this.openIdProviderClient.callTokenEndpoint(bytes, contentType);
            byte[] byteArray = EntityUtils.toByteArray(callTokenEndpoint.getEntity());
            if (callTokenEndpoint.getStatusLine().getStatusCode() >= 400) {
                log.warn("Got error from IDP for token endpoint:\n" + this.openIdProviderClient.getOidcConfiguration().getTokenEndpoint() + "\n" + new String(bytes) + "\n" + String.valueOf(callTokenEndpoint.getStatusLine()) + "\n" + String.valueOf(Arrays.asList(callTokenEndpoint.getAllHeaders())) + "\n" + new String(byteArray));
            }
            restChannel.sendResponse(new RestResponse(RestStatus.fromCode(callTokenEndpoint.getStatusLine().getStatusCode()), callTokenEndpoint.getEntity().getContentType().getValue(), new BytesArray(byteArray)));
            return true;
        } catch (Exception e) {
            log.error("Error while handling request", e);
            Responses.sendError(restChannel, RestStatus.INTERNAL_SERVER_ERROR, "Error while handling OpenID request");
            return true;
        }
    }

    public String getType() {
        return "openid";
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }
}
