package io.deephaven.authentication.oidc;

import io.deephaven.auth.AuthContext;
import io.deephaven.auth.AuthenticationException;
import io.deephaven.auth.AuthenticationRequestHandler;
import io.deephaven.configuration.Configuration;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.oidc.client.KeycloakOidcClient;
import org.pac4j.oidc.config.KeycloakOidcConfiguration;

/* loaded from: input_file:io/deephaven/authentication/oidc/OidcAuthenticationHandler.class */
public class OidcAuthenticationHandler implements AuthenticationRequestHandler {
    private static final String KEYCLOAK_BASE_URL = Configuration.getInstance().getProperty("authentication.oidc.keycloak.url");
    private static final String KEYCLOAK_REALM = Configuration.getInstance().getProperty("authentication.oidc.keycloak.realm");
    private static final String KEYCLOAK_CLIENT_ID = Configuration.getInstance().getProperty("authentication.oidc.keycloak.clientId");
    private Config pac4jConfig;

    public void initialize(String str) {
        KeycloakOidcConfiguration keycloakOidcConfiguration = new KeycloakOidcConfiguration();
        keycloakOidcConfiguration.setClientId(KEYCLOAK_CLIENT_ID);
        keycloakOidcConfiguration.setRealm(KEYCLOAK_REALM);
        keycloakOidcConfiguration.setBaseUri(KEYCLOAK_BASE_URL);
        keycloakOidcConfiguration.setScope("openid email profile");
        KeycloakOidcClient keycloakOidcClient = new KeycloakOidcClient(keycloakOidcConfiguration);
        keycloakOidcClient.setName("deephaven-app-client");
        keycloakOidcClient.setConfiguration(keycloakOidcConfiguration);
        keycloakOidcClient.setCallbackUrl("unused");
        keycloakOidcClient.init();
        this.pac4jConfig = new Config("/unused", new FlightTokenClient(keycloakOidcClient.getProfileCreator()));
    }

    public String getAuthType() {
        return getClass().getName();
    }

    public Optional<AuthContext> login(long j, ByteBuffer byteBuffer, AuthenticationRequestHandler.HandshakeResponseListener handshakeResponseListener) throws AuthenticationException {
        return validate(StandardCharsets.US_ASCII.decode(byteBuffer).toString());
    }

    public Optional<AuthContext> login(String str, AuthenticationRequestHandler.MetadataResponseListener metadataResponseListener) throws AuthenticationException {
        return validate(str);
    }

    private Optional<AuthContext> validate(String str) {
        FlightTokenWebContext flightTokenWebContext = new FlightTokenWebContext(str);
        Client client = this.pac4jConfig.getClients().getClients().get(0);
        return client.getCredentials(flightTokenWebContext, null).map(credentials -> {
            return client.getUserProfile(credentials, flightTokenWebContext, null);
        }).map(optional -> {
            return new AuthContext.SuperUser();
        });
    }
}
