package org.vaulttec.sonarqube.auth.oidc;

import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import org.sonar.api.server.ServerSide;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;

@ServerSide
/* loaded from: input_file:org/vaulttec/sonarqube/auth/oidc/OidcIdentityProvider.class */
public class OidcIdentityProvider implements OAuth2IdentityProvider {
    private static final Logger LOGGER = Loggers.get(OidcIdentityProvider.class);
    public static final String KEY = "oidc";
    private final OidcConfiguration config;
    private final OidcClient client;
    private final UserIdentityFactory userIdentityFactory;

    public OidcIdentityProvider(OidcConfiguration oidcConfiguration, OidcClient oidcClient, UserIdentityFactory userIdentityFactory) {
        this.config = oidcConfiguration;
        this.client = oidcClient;
        this.userIdentityFactory = userIdentityFactory;
    }

    public String getKey() {
        return KEY;
    }

    public String getName() {
        return this.config.loginButtonText();
    }

    public Display getDisplay() {
        return Display.builder().setIconPath(this.config.iconPath()).setBackgroundColor(this.config.backgroundColor()).build();
    }

    public boolean isEnabled() {
        return this.config.isEnabled();
    }

    public boolean allowsUsersToSignUp() {
        return this.config.allowUsersToSignUp();
    }

    public void init(OAuth2IdentityProvider.InitContext initContext) {
        LOGGER.trace("Starting authentication workflow");
        if (!isEnabled()) {
            throw new IllegalStateException("OpenID Connect authentication is disabled");
        }
        AuthenticationRequest createAuthenticationRequest = this.client.createAuthenticationRequest(initContext.getCallbackUrl(), initContext.generateCsrfState());
        LOGGER.trace("Redirecting to authentication endpoint");
        initContext.redirectTo(createAuthenticationRequest.toURI().toString());
    }

    public void callback(OAuth2IdentityProvider.CallbackContext callbackContext) {
        LOGGER.trace("Handling authentication response");
        callbackContext.verifyCsrfState();
        UserIdentity create = this.userIdentityFactory.create(this.client.getUserInfo(this.client.getAuthorizationCode(callbackContext.getRequest()), callbackContext.getCallbackUrl()));
        LOGGER.debug("Authenticating user '{}' with groups {}", create.getProviderLogin(), create.getGroups());
        callbackContext.authenticate(create);
        LOGGER.trace("Redirecting to requested page");
        callbackContext.redirectToRequestedPage();
    }
}
