package com.floragunn.dlic.auth.http.jwt.keybyoidc;

import com.floragunn.dlic.auth.http.jwt.AbstractHTTPJwtAuthenticator;
import com.floragunn.dlic.util.SettingsBasedSSLConfigurator;
import com.floragunn.searchsupport.config.proxy.ProxyConfig;
import com.floragunn.searchsupport.rest.Responses;
import java.nio.file.Path;
import java.util.HashMap;
import org.apache.http.HttpResponse;
import org.apache.http.entity.ContentType;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:com/floragunn/dlic/auth/http/jwt/keybyoidc/HTTPJwtKeyByOpenIdConnectAuthenticator.class */
public class HTTPJwtKeyByOpenIdConnectAuthenticator extends AbstractHTTPJwtAuthenticator {
    private static final Logger log = LogManager.getLogger(HTTPJwtKeyByOpenIdConnectAuthenticator.class);
    private ProxyConfig proxyConfig;
    private OpenIdProviderClient openIdProviderClient;

    public HTTPJwtKeyByOpenIdConnectAuthenticator(Settings settings, Path path) {
        super(settings, path);
    }

    @Override // com.floragunn.dlic.auth.http.jwt.AbstractHTTPJwtAuthenticator
    protected KeyProvider initKeyProvider(Settings settings, Path path) throws Exception {
        this.proxyConfig = ProxyConfig.parse(settings, "proxy");
        try {
            this.openIdProviderClient = new OpenIdProviderClient(settings.get("openid_connect_url"), getSSLConfig(settings, path), this.proxyConfig, settings.getAsBoolean("cache_jwks_endpoint", false).booleanValue());
            this.openIdProviderClient.setRequestTimeoutMs(settings.getAsInt("idp_request_timeout_ms", 5000).intValue());
            int intValue = settings.getAsInt("idp_request_timeout_ms", 5000).intValue();
            int intValue2 = settings.getAsInt("idp_queued_thread_timeout_ms", 2500).intValue();
            int intValue3 = settings.getAsInt("refresh_rate_limit_time_window_ms", 10000).intValue();
            int intValue4 = settings.getAsInt("refresh_rate_limit_count", 10).intValue();
            SelfRefreshingKeySet selfRefreshingKeySet = new SelfRefreshingKeySet(new KeySetRetriever(this.openIdProviderClient));
            selfRefreshingKeySet.setRequestTimeoutMs(intValue);
            selfRefreshingKeySet.setQueuedThreadTimeoutMs(intValue2);
            selfRefreshingKeySet.setRefreshRateLimitTimeWindowMs(intValue3);
            selfRefreshingKeySet.setRefreshRateLimitCount(intValue4);
            return selfRefreshingKeySet;
        } catch (SettingsBasedSSLConfigurator.SSLConfigException e) {
            log.error("Error while initializing openid http authenticator", e);
            throw new RuntimeException("Error while initializing openid http authenticator", e);
        }
    }

    private static SettingsBasedSSLConfigurator.SSLConfig getSSLConfig(Settings settings, Path path) throws SettingsBasedSSLConfigurator.SSLConfigException {
        return new SettingsBasedSSLConfigurator(settings, path, "openid_connect_idp").buildSSLConfig();
    }

    public boolean handleMetaRequest(RestRequest restRequest, RestChannel restChannel, String str, String str2, ThreadContext threadContext) {
        try {
            if ("config".equals(str2)) {
                HashMap hashMap = new HashMap(this.openIdProviderClient.getOidcConfiguration().getParsedJson());
                hashMap.put("token_endpoint_proxy", str + "/token");
                Responses.sendJson(restChannel, hashMap);
                return true;
            }
            if (!"token".equals(str2)) {
                Responses.sendError(restChannel, RestStatus.NOT_FOUND, "Invalid endpoint: " + restRequest.path());
                return true;
            }
            HttpResponse callTokenEndpoint = this.openIdProviderClient.callTokenEndpoint(BytesReference.toBytes(restRequest.content()), ContentType.APPLICATION_FORM_URLENCODED);
            restChannel.sendResponse(new BytesRestResponse(RestStatus.fromCode(callTokenEndpoint.getStatusLine().getStatusCode()), callTokenEndpoint.getEntity().getContentType().getValue(), EntityUtils.toByteArray(callTokenEndpoint.getEntity())));
            return true;
        } catch (Exception e) {
            log.error("Error while handling request", e);
            Responses.sendError(restChannel, RestStatus.INTERNAL_SERVER_ERROR, "Error while handling OpenID request");
            return true;
        }
    }

    public String getType() {
        return "openid";
    }
}
