package io.helidon.security.providers.oidc.common;

import io.helidon.common.parameters.Parameters;
import io.helidon.http.HeaderNames;
import io.helidon.http.HeaderValues;
import io.helidon.http.Status;
import io.helidon.security.SecurityException;
import io.helidon.security.jwt.jwk.JwkKeys;
import io.helidon.security.providers.oidc.common.OidcConfig;
import io.helidon.webclient.api.HttpClientResponse;
import io.helidon.webclient.api.WebClient;
import jakarta.json.JsonObject;
import java.net.URI;
import java.time.Duration;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/security/providers/oidc/common/IdcsSupport.class */
public class IdcsSupport {
    private IdcsSupport() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwkKeys signJwk(WebClient webClient, WebClient webClient2, URI uri, URI uri2, Duration duration, TenantConfig tenantConfig) {
        Parameters.Builder add = Parameters.builder("idcs-form-params").add("scope", new String[]{"urn:opc:idm:__myscopes__"});
        if (tenantConfig.tokenEndpointAuthentication() == OidcConfig.ClientAuthentication.CLIENT_CERTIFICATE) {
            add.add("grant_type", new String[]{"tls_client_auth"}).add("client_id", new String[]{tenantConfig.clientId()});
        } else {
            add.add("grant_type", new String[]{"client_credentials"});
        }
        try {
            HttpClientResponse submit = webClient.post().uri(uri).header(HeaderValues.ACCEPT_JSON).submit(add.build());
            try {
                if (submit.status().family() != Status.Family.SUCCESSFUL) {
                    throw new SecurityException("Failed to read JWK from IDCS. Status: " + String.valueOf(submit.status()) + ", entity: " + ((String) submit.as(String.class)));
                }
                JwkKeys create = JwkKeys.create((JsonObject) webClient2.get().uri(uri2).header(HeaderNames.AUTHORIZATION, new String[]{"Bearer " + ((JsonObject) submit.as(JsonObject.class)).getString("access_token")}).requestEntity(JsonObject.class));
                if (submit != null) {
                    submit.close();
                }
                return create;
            } catch (Throwable th) {
                if (submit != null) {
                    try {
                        submit.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Exception e) {
            throw new SecurityException("Failed to read JWK from IDCS", e);
        } catch (SecurityException e2) {
            throw e2;
        }
    }
}
