package com.liferay.portal.security.sso.openid.connect.internal;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.ListUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.SubjectType;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang3.time.StopWatch;

/* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/OpenIdConnectMetadataFactoryImpl.class */
public class OpenIdConnectMetadataFactoryImpl implements OpenIdConnectMetadataFactory {
    private static final Log _log = LogFactoryUtil.getLog(OpenIdConnectMetadataFactoryImpl.class);
    private final long _cacheInMilliseconds;
    private final URL _discoveryEndPointURL;
    private long _lastRefreshTimestamp;
    private OIDCClientMetadata _oidcClientMetadata;
    private OIDCProviderMetadata _oidcProviderMetadata;
    private final String _providerName;

    public OpenIdConnectMetadataFactoryImpl(String str, String str2, String[] strArr, String str3, String[] strArr2, String str4, String str5, String str6, String str7) throws OpenIdConnectServiceException.ProviderException {
        this._providerName = str;
        this._cacheInMilliseconds = 0L;
        this._discoveryEndPointURL = null;
        try {
            ArrayList arrayList = new ArrayList();
            for (String str8 : strArr2) {
                arrayList.add(SubjectType.parse(str8));
            }
            this._oidcProviderMetadata = new OIDCProviderMetadata(new Issuer(str3), arrayList, new URI(str4));
            this._oidcProviderMetadata.setAuthorizationEndpointURI(new URI(str5));
            ArrayList arrayList2 = new ArrayList();
            for (String str9 : strArr) {
                arrayList2.add(JWSAlgorithm.parse(str9));
            }
            this._oidcProviderMetadata.setIDTokenJWSAlgs(arrayList2);
            this._oidcProviderMetadata.setTokenEndpointURI(new URI(str6));
            this._oidcProviderMetadata.setUserInfoEndpointURI(new URI(str7));
            _initOpenIdConnectClientMetadata(str2);
            refreshClientMetadata(this._oidcProviderMetadata);
        } catch (ParseException e) {
            throw new OpenIdConnectServiceException.ProviderException(StringBundler.concat(new String[]{"Invalid subject types ", StringUtil.merge(strArr2), "for OpenId Connect provider \"", this._providerName, "\": ", e.getMessage()}), e);
        } catch (URISyntaxException e2) {
            throw new OpenIdConnectServiceException.ProviderException(StringBundler.concat(new String[]{"Invalid URLs for OpenId Connect provider \"", this._providerName, "\": ", e2.getMessage()}), e2);
        }
    }

    public OpenIdConnectMetadataFactoryImpl(String str, URL url) {
        this(str, url, 0L, null);
    }

    public OpenIdConnectMetadataFactoryImpl(String str, URL url, long j, String str2) {
        this._providerName = str;
        this._discoveryEndPointURL = url;
        this._cacheInMilliseconds = j;
        _initOpenIdConnectClientMetadata(str2);
    }

    @Override // com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectMetadataFactory
    public OIDCClientMetadata getOIDCClientMetadata() {
        return this._oidcClientMetadata;
    }

    @Override // com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectMetadataFactory
    public OIDCProviderMetadata getOIDCProviderMetadata() throws OpenIdConnectServiceException.ProviderException {
        long currentTimeMillis = System.currentTimeMillis();
        if (needsRefresh(currentTimeMillis)) {
            refresh(currentTimeMillis);
        }
        return this._oidcProviderMetadata;
    }

    protected boolean needsRefresh(long j) {
        if (this._oidcProviderMetadata == null) {
            if (!_log.isInfoEnabled()) {
                return true;
            }
            _log.info("Refreshing new OpenId Connect provider \"" + this._providerName + "\"");
            return true;
        }
        long j2 = j - this._lastRefreshTimestamp;
        if (this._cacheInMilliseconds <= 0 || j2 <= this._cacheInMilliseconds) {
            return false;
        }
        if (!_log.isInfoEnabled()) {
            return true;
        }
        _log.info("Refreshing stale OpenId Connect provider \"" + this._providerName + "\"");
        return true;
    }

    protected synchronized void refresh(long j) throws OpenIdConnectServiceException.ProviderException {
        if (needsRefresh(j)) {
            StopWatch stopWatch = new StopWatch();
            stopWatch.start();
            try {
                try {
                    this._oidcProviderMetadata = OIDCProviderMetadata.parse(new HTTPRequest(HTTPRequest.Method.GET, this._discoveryEndPointURL).send().getContentAsJSONObject());
                    refreshClientMetadata(this._oidcProviderMetadata);
                    this._lastRefreshTimestamp = j;
                    stopWatch.stop();
                    if (_log.isInfoEnabled()) {
                        _log.info(StringBundler.concat(new Object[]{"Getting OpenId Connect provider metadata from ", this._discoveryEndPointURL, " took ", Long.valueOf(stopWatch.getTime()), "ms"}));
                    }
                } catch (ParseException | IOException e) {
                    throw new OpenIdConnectServiceException.ProviderException(StringBundler.concat(new Object[]{"Unable to get metadata for OpenId Connect provider \"", this._providerName, "\" from ", this._discoveryEndPointURL, ": ", e.getMessage()}), e);
                }
            } catch (Throwable th) {
                stopWatch.stop();
                if (_log.isInfoEnabled()) {
                    _log.info(StringBundler.concat(new Object[]{"Getting OpenId Connect provider metadata from ", this._discoveryEndPointURL, " took ", Long.valueOf(stopWatch.getTime()), "ms"}));
                }
                throw th;
            }
        }
    }

    protected synchronized void refreshClientMetadata(OIDCProviderMetadata oIDCProviderMetadata) {
        List<JWEAlgorithm> iDTokenJWEAlgs = oIDCProviderMetadata.getIDTokenJWEAlgs();
        if (ListUtil.isNotEmpty(iDTokenJWEAlgs)) {
            this._oidcClientMetadata.setIDTokenJWEAlg(iDTokenJWEAlgs.get(0));
        }
        this._oidcClientMetadata.setJWKSetURI(oIDCProviderMetadata.getJWKSetURI());
    }

    private void _initOpenIdConnectClientMetadata(String str) {
        this._oidcClientMetadata = new OIDCClientMetadata();
        this._oidcClientMetadata.applyDefaults();
        if (!Validator.isBlank(str)) {
            this._oidcClientMetadata.setIDTokenJWSAlg(JWSAlgorithm.parse(str));
        } else if (_log.isWarnEnabled()) {
            _log.warn("Using the default ID token signing algorithm " + this._oidcClientMetadata.getIDTokenJWSAlg().getName());
        }
    }
}
