package io.camunda.identity.sdk.impl.auth0.authentication;

import com.auth0.client.auth.AuthAPI;
import com.auth0.exception.Auth0Exception;
import com.auth0.json.auth.TokenHolder;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwk.JwkProviderBuilder;
import com.auth0.jwt.RegisteredClaims;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.camunda.identity.sdk.IdentityConfiguration;
import io.camunda.identity.sdk.authentication.AbstractAuthentication;
import io.camunda.identity.sdk.authentication.AuthorizeUriBuilder;
import io.camunda.identity.sdk.authentication.Tokens;
import io.camunda.identity.sdk.authentication.dto.AuthCodeDto;
import io.camunda.identity.sdk.authentication.dto.OrganizationDto;
import io.camunda.identity.sdk.authentication.exception.CodeExchangeException;
import io.camunda.identity.sdk.exception.IdentityException;
import io.camunda.identity.sdk.impl.dto.WellKnownConfiguration;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.commons.lang3.NotImplementedException;
import org.apache.commons.lang3.Validate;

/* loaded from: input_file:BOOT-INF/lib/identity-sdk-8.4.3.jar:io/camunda/identity/sdk/impl/auth0/authentication/Auth0Authentication.class */
public class Auth0Authentication extends AbstractAuthentication {
    private AuthAPI authApi;
    private JwkProvider jwkProvider;

    public Auth0Authentication(IdentityConfiguration identityConfiguration) {
        super(identityConfiguration);
    }

    private AuthAPI authApi() {
        if (this.authApi == null) {
            this.authApi = new AuthAPI(this.configuration.getIssuer(), this.configuration.getClientId(), this.configuration.getClientSecret());
        }
        return this.authApi;
    }

    @Override // io.camunda.identity.sdk.authentication.Authentication
    public AuthorizeUriBuilder authorizeUriBuilder(String str) {
        return new Auth0AuthorizeUriBuilder(this.configuration, authApi(), str);
    }

    @Override // io.camunda.identity.sdk.authentication.Authentication
    public Tokens exchangeAuthCode(AuthCodeDto authCodeDto, String str) throws CodeExchangeException {
        Validate.notNull(authCodeDto, "authCodeDto must not be null", new Object[0]);
        Validate.notNull(str, "redirectUri must not be null", new Object[0]);
        if (authCodeDto.getError() != null && !authCodeDto.getError().isBlank()) {
            throw new CodeExchangeException(authCodeDto.getError());
        }
        try {
            return fromTokenHolder(authApi().exchangeCode(authCodeDto.getCode(), str).setAudience(this.configuration.getAudience()).execute());
        } catch (Auth0Exception e) {
            throw new CodeExchangeException("Auth0 Code exchange failed", e);
        }
    }

    @Override // io.camunda.identity.sdk.authentication.AbstractAuthentication
    protected Tokens requestFreshToken(String str) {
        try {
            return fromTokenHolder(authApi().requestToken(str).execute());
        } catch (Auth0Exception e) {
            throw new IdentityException("Auth0 token request failed", e);
        }
    }

    @Override // io.camunda.identity.sdk.authentication.Authentication
    public Tokens renewToken(String str) {
        Validate.notEmpty(str, "refreshToken can not be empty", new Object[0]);
        try {
            return fromTokenHolder(authApi().renewAuth(str).execute());
        } catch (Auth0Exception e) {
            throw new IdentityException("Auth0 refresh failed", e);
        }
    }

    @Override // io.camunda.identity.sdk.authentication.Authentication
    public void revokeToken(String str) {
        try {
            authApi().revokeToken(str).execute();
        } catch (Auth0Exception e) {
            throw new IdentityException("Auth0 token revocation failed", e);
        }
    }

    @Override // io.camunda.identity.sdk.authentication.Authentication
    public boolean isM2MToken(String str) {
        return decodeJWT(str).getClaim(RegisteredClaims.SUBJECT).asString().contains("@clients");
    }

    @Override // io.camunda.identity.sdk.authentication.Authentication
    public String getClientId(String str) {
        return decodeJWT(str).getClaim("azp").asString();
    }

    @Override // io.camunda.identity.sdk.authentication.AbstractAuthentication
    protected List<String> getPermissions(DecodedJWT decodedJWT, String str) {
        Claim claim = decodedJWT.getClaim("permissions");
        return claim.isMissing() ? Collections.emptyList() : claim.asList(String.class);
    }

    @Override // io.camunda.identity.sdk.authentication.AbstractAuthentication
    protected List<String> getGroups(DecodedJWT decodedJWT) {
        return Collections.emptyList();
    }

    @Override // io.camunda.identity.sdk.authentication.AbstractAuthentication
    protected Map<String, Set<String>> getAssignedOrganizations(DecodedJWT decodedJWT) {
        Claim claim = decodedJWT.getClaim("https://camunda.com/orgs");
        return claim.isMissing() ? Collections.emptyMap() : (Map) claim.asList(OrganizationDto.class).stream().collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, (v0) -> {
            return v0.getRoles();
        }));
    }

    @Override // io.camunda.identity.sdk.authentication.AbstractAuthentication
    protected JwkProvider jwkProvider() {
        if (this.jwkProvider == null) {
            this.jwkProvider = new JwkProviderBuilder(this.configuration.getIssuer()).cached(5L, 7L, TimeUnit.DAYS).build();
        }
        return this.jwkProvider;
    }

    @Override // io.camunda.identity.sdk.authentication.AbstractAuthentication
    protected WellKnownConfiguration wellKnownConfiguration() {
        throw new NotImplementedException();
    }

    private Tokens fromTokenHolder(TokenHolder tokenHolder) {
        return new Tokens(tokenHolder.getAccessToken(), tokenHolder.getRefreshToken(), tokenHolder.getExpiresIn(), tokenHolder.getScope(), tokenHolder.getTokenType());
    }
}
