package org.glassfish.soteria.mechanisms.openid.controller;

import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.json.Json;
import jakarta.json.JsonObject;
import jakarta.json.JsonReader;
import jakarta.security.enterprise.authentication.mechanism.http.openid.OpenIdConstant;
import jakarta.security.enterprise.identitystore.openid.AccessToken;
import jakarta.security.enterprise.identitystore.openid.OpenIdContext;
import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.io.StringReader;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.eclipse.persistence.config.ResultSetType;
import org.glassfish.soteria.mechanisms.openid.domain.OpenIdConfiguration;

@RequestScoped
/* loaded from: input_file:org/glassfish/soteria/mechanisms/openid/controller/UserInfoController.class */
public class UserInfoController {

    @Inject
    private OpenIdContext context;
    private static final String APPLICATION_JWT = "application/jwt";
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String BEARER_TYPE = "Bearer ";
    private static final Logger LOGGER = Logger.getLogger(UserInfoController.class.getName());

    public JsonObject getUserInfo(OpenIdConfiguration openIdConfiguration, AccessToken accessToken) {
        LOGGER.finest("Sending the request to the userinfo endpoint");
        Response response = ClientBuilder.newClient().target(openIdConfiguration.getProviderMetadata().getUserinfoEndpoint()).request().accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + accessToken).get();
        String str = (String) response.readEntity(String.class);
        String headerString = response.getHeaderString(HttpHeaders.CONTENT_TYPE);
        if (response.getStatus() != Response.Status.OK.getStatusCode()) {
            JsonObject readObject = Json.createReader(new StringReader(str)).readObject();
            LOGGER.log(Level.WARNING, "Error occurred in fetching user info: {0} caused by {1}", new Object[]{readObject.getString("error", "Unknown Error"), readObject.getString(OpenIdConstant.ERROR_DESCRIPTION_PARAM, ResultSetType.Unknown)});
            throw new IllegalStateException("Error occurred in fetching user info");
        }
        if (!Objects.nonNull(headerString) || !headerString.contains(MediaType.APPLICATION_JSON)) {
            if (Objects.nonNull(headerString) && headerString.contains(APPLICATION_JWT)) {
                throw new UnsupportedOperationException("application/jwt content-type not supported for userinfo endpoint");
            }
            throw new IllegalStateException("Invalid response received from userinfo endpoint with content-type : " + headerString);
        }
        JsonReader createReader = Json.createReader(new StringReader(str));
        try {
            JsonObject readObject2 = createReader.readObject();
            if (createReader != null) {
                createReader.close();
            }
            validateUserInfoClaims(readObject2);
            return readObject2;
        } catch (Throwable th) {
            if (createReader != null) {
                try {
                    createReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void validateUserInfoClaims(JsonObject jsonObject) {
        if (!this.context.getSubject().equals(jsonObject.getString(OpenIdConstant.SUBJECT_IDENTIFIER))) {
            throw new IllegalStateException("UserInfo Response is invalid as sub claim must match with the sub Claim in the ID Token");
        }
    }
}
