package org.apache.nifi.oauth2;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.OkHttpClientUtils;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StringUtils;

@CapabilityDescription("This controller service provides a way of working with access and refresh tokens via the password and client_credential grant flows in the OAuth2 specification. It is meant to provide a way for components to get a token from an oauth2 provider and pass that token as a part of a header to another service.")
@Tags({"oauth2", "provider", "authorization"})
/* loaded from: input_file:org/apache/nifi/oauth2/OAuth2TokenProviderImpl.class */
public class OAuth2TokenProviderImpl extends AbstractControllerService implements OAuth2TokenProvider {
    private String resourceServerUrl;
    private SSLContext sslContext;
    private SSLContextService sslService;
    private static final ObjectMapper MAPPER = new ObjectMapper();
    public static final String KEY_ACCESS_TOKEN = "access_token";
    public static final String KEY_REFRESH_TOKEN = "refresh_token";
    public static final String KEY_EXPIRES = "expires_in";
    public static final String KEY_TOKEN_TYPE = "token_type";
    public static final String KEY_SCOPE = "scope";

    public List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTIES;
    }

    @OnEnabled
    public void onEnabled(ConfigurationContext configurationContext) {
        this.resourceServerUrl = configurationContext.getProperty(ACCESS_TOKEN_URL).evaluateAttributeExpressions().getValue();
        this.sslService = configurationContext.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
        this.sslContext = this.sslService == null ? null : this.sslService.createSSLContext(ClientAuth.NONE);
    }

    public AccessToken getAccessTokenByPassword(String str, String str2, String str3, String str4) throws AccessTokenAcquisitionException {
        return executePost(getClientBuilder().build(), new Request.Builder().url(this.resourceServerUrl).post(new FormBody.Builder().add("username", str3).add("password", str4).add("client_id", str).add("client_secret", str2).add("grant_type", "password").build()).build());
    }

    private OkHttpClient.Builder getClientBuilder() {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        if (this.sslService != null) {
            OkHttpClientUtils.applyTlsToOkHttpClientBuilder(this.sslService.createTlsConfiguration(), builder);
        }
        return builder;
    }

    private AccessToken executePost(OkHttpClient okHttpClient, Request request) throws AccessTokenAcquisitionException {
        try {
            Response execute = okHttpClient.newCall(request).execute();
            String string = execute.body().string();
            if (execute.code() < 300) {
                return parseTokenResponse(string);
            }
            getLogger().error(String.format("Bad response from the server during oauth2 request:\n%s", string));
            throw new AccessTokenAcquisitionException(String.format("Got HTTP %d during oauth2 request.", Integer.valueOf(execute.code())));
        } catch (IOException e) {
            throw new AccessTokenAcquisitionException(e);
        }
    }

    public AccessToken getAccessTokenByClientCredentials(String str, String str2) throws AccessTokenAcquisitionException {
        return executePost(getClientBuilder().build(), new Request.Builder().url(this.resourceServerUrl).post(new FormBody.Builder().add("grant_type", "client_credentials").add("client_id", str).add("client_secret", str2).build()).build());
    }

    public AccessToken refreshToken(AccessToken accessToken) throws AccessTokenAcquisitionException {
        if (StringUtils.isEmpty(accessToken.getRefreshToken())) {
            throw new ProcessException("Missing refresh token. Refresh cannot happen.");
        }
        return executePost(getClientBuilder().build(), new Request.Builder().url(this.resourceServerUrl).post(new FormBody.Builder().add("grant_type", KEY_REFRESH_TOKEN).add(KEY_REFRESH_TOKEN, accessToken.getRefreshToken()).build()).build());
    }

    public AccessToken parseTokenResponse(String str) {
        try {
            Map map = (Map) MAPPER.readValue(str, Map.class);
            String str2 = (String) map.get(KEY_ACCESS_TOKEN);
            String str3 = (String) map.get(KEY_REFRESH_TOKEN);
            Integer num = (Integer) map.get(KEY_EXPIRES);
            String str4 = (String) map.get(KEY_TOKEN_TYPE);
            String str5 = (String) map.get(KEY_SCOPE);
            if (StringUtils.isEmpty(str2)) {
                throw new Exception(String.format("Missing value for %s", KEY_ACCESS_TOKEN));
            }
            if (StringUtils.isEmpty(str4)) {
                throw new Exception(String.format("Missing value for %s", KEY_TOKEN_TYPE));
            }
            return new AccessToken(str2, str3, str4, num, str5);
        } catch (Exception e) {
            throw new ProcessException(e);
        }
    }
}
