package no.nav.common.sts;

import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Optional;
import no.nav.common.json.JsonUtils;
import no.nav.common.rest.client.RestUtils;
import no.nav.common.utils.AuthUtils;
import no.nav.common.utils.Credentials;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;

/* loaded from: input_file:no/nav/common/sts/OpenAmUtils.class */
public class OpenAmUtils {
    private static final String authenticateUri = "json/authenticate?authIndexType=service&authIndexValue=adminconsoleservice";

    private static String lagHentSessionTokenUrl(String str) {
        return str.replace("oauth2/authorize", authenticateUri);
    }

    public static String getSessionToken(Credentials credentials, String str, OkHttpClient okHttpClient) throws IOException {
        Response execute = okHttpClient.newCall(new Request.Builder().url(lagHentSessionTokenUrl(str)).header("X-OpenAM-Username", credentials.username).header("X-OpenAM-Password", credentials.password).post(RequestBody.create(RestUtils.MEDIA_TYPE_JSON, "{}")).build()).execute();
        try {
            Optional bodyStr = RestUtils.getBodyStr(execute);
            if (!bodyStr.isPresent()) {
                throw new IllegalStateException("Body is missing from response");
            }
            String str2 = (String) Optional.ofNullable(JsonUtils.getMapper().readTree((String) bodyStr.get()).get("tokenId").asText((String) null)).orElseThrow(() -> {
                return new IllegalStateException("Fant ikke 'tokenId' i responsen");
            });
            if (execute != null) {
                execute.close();
            }
            return str2;
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static String getAuthorizationCode(String str, String str2, String str3, String str4, OkHttpClient okHttpClient) throws IOException {
        Response execute = okHttpClient.newCall(new Request.Builder().url(str + String.format("?response_type=code&scope=openid&client_id=%s&redirect_uri=%s", str3, URLEncoder.encode(str4, StandardCharsets.UTF_8))).header("Cookie", "nav-isso=" + str2).build()).execute();
        try {
            if (execute.code() != 302) {
                throw new RuntimeException("Feil ved henting av authorization code, fikk status: " + execute.code() + " forventet 302");
            }
            String header = execute.header("Location");
            String str5 = (String) Arrays.stream(header.substring(header.indexOf("?") + 1).split("&")).filter(str6 -> {
                return str6.contains("code=");
            }).map(str7 -> {
                return str7.replace("code=", "");
            }).findFirst().orElseThrow(() -> {
                return new RuntimeException("Fant ikke authorization code i: " + header);
            });
            if (execute != null) {
                execute.close();
            }
            return str5;
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static String exchangeCodeForToken(String str, String str2, String str3, Credentials credentials, OkHttpClient okHttpClient) throws IOException {
        Response execute = okHttpClient.newCall(new Request.Builder().url(str2).header("Authorization", AuthUtils.basicCredentials(credentials.username, credentials.password)).header("Cache-Control", "no-cache").post(RequestBody.create(MediaType.get("application/x-www-form-urlencoded"), "grant_type=authorization_code&realm=/&redirect_uri=" + URLEncoder.encode(str3, StandardCharsets.UTF_8) + "&code=" + str)).build()).execute();
        try {
            if (execute.code() != 200) {
                throw new RuntimeException("Feil ved utveksling av code mot token, fikk status: " + execute.code() + " forventet 200");
            }
            Optional bodyStr = RestUtils.getBodyStr(execute);
            if (!bodyStr.isPresent()) {
                throw new IllegalStateException("Body is missing from response");
            }
            String str4 = (String) Optional.ofNullable(JsonUtils.getMapper().readTree((String) bodyStr.get()).get("id_token").asText((String) null)).orElseThrow(() -> {
                return new IllegalStateException("Fant ikke 'id_token' i responsen");
            });
            if (execute != null) {
                execute.close();
            }
            return str4;
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
