package com.veertu.ankaMgmtSdk;

import com.veertu.ankaMgmtSdk.exceptions.AnkaMgmtException;
import com.veertu.ankaMgmtSdk.exceptions.ClientException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpResponseException;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.ssl.SSLContextBuilder;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/anka-build.jar:com/veertu/ankaMgmtSdk/OpenIdConnectAuthenticator.class */
public class OpenIdConnectAuthenticator {
    private final String mgmtUrl;
    private final String clientId;
    private final String clientSecret;
    private String userNameField;
    private String groupsField;
    private String providerUrl;
    private String displayName;
    private String refreshToken;
    private String accessToken;
    private long refreshExpires;
    private long expireIn;
    private long requestTime;
    private String tokenUrl;
    private int timeout = 100;
    private int maxRetries = 20;
    private String wellKnownPath = ".well-known/openid-configuration";
    private final String grantTypeClientCredentials = "client_credentials";
    private final String grantTypeRefreshToken = "refresh_token";

    public OpenIdConnectAuthenticator(String str, String str2, String str3) {
        this.mgmtUrl = str;
        this.clientId = str2;
        this.clientSecret = str3;
    }

    public void getControllerConfig() throws AnkaMgmtException, ClientException {
        JSONObject jSONObject = new JSONObject(doGetRequest(String.format("%s/config/v1/auth", this.mgmtUrl)));
        if (!jSONObject.has("status") || !jSONObject.getString("status").equals("OK")) {
            String str = "";
            if (jSONObject.has("message") && jSONObject.getString("message") != null) {
                str = jSONObject.getString("message");
            }
            throw new AnkaMgmtException(str);
        }
        JSONObject jSONObject2 = jSONObject.getJSONObject("body");
        if (!jSONObject2.has("oidc")) {
            throw new AnkaMgmtException("no oidc configuration in controller");
        }
        JSONObject jSONObject3 = jSONObject2.getJSONObject("oidc");
        try {
            this.userNameField = jSONObject3.getString("user_name_field");
            this.groupsField = jSONObject3.getString("groups_field");
            this.providerUrl = jSONObject3.getString("provider_url");
            this.displayName = jSONObject3.getString("display_name");
        } catch (JSONException e) {
            throw new AnkaMgmtException(e);
        }
    }

    public void doDiscovery() throws AnkaMgmtException, ClientException {
        JSONObject jSONObject = new JSONObject(doGetRequest(String.format("%s/%s", this.providerUrl, this.wellKnownPath)));
        if (!jSONObject.has("token_endpoint")) {
            throw new AnkaMgmtException("no token endpoint on openid provider");
        }
        this.tokenUrl = jSONObject.getString("token_endpoint");
    }

    public String authorizeWithProvider() throws AnkaMgmtException, ClientException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeAuthorization());
        arrayList.add(new BasicNameValuePair("Content-Type", URLEncodedUtils.CONTENT_TYPE));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new BasicNameValuePair("grant_type", "client_credentials"));
        ArrayList arrayList3 = new ArrayList();
        if (isClaimInProfile(this.userNameField) || isClaimInProfile(this.groupsField)) {
            arrayList3.add("profile");
        }
        if (!isClaimInProfile(this.userNameField)) {
            arrayList3.add(this.userNameField);
        }
        if (!isClaimInProfile(this.groupsField)) {
            arrayList3.add(this.groupsField);
        }
        if (!arrayList3.isEmpty()) {
            arrayList2.add(new BasicNameValuePair("scope", StringUtils.join(arrayList3, " ")));
        }
        return processResponse(doPostRequest(this.tokenUrl, arrayList2, arrayList));
    }

    public NameValuePair getAuthorization() throws AnkaMgmtException, ClientException {
        if (this.providerUrl == null || this.providerUrl.isEmpty()) {
            getControllerConfig();
        }
        if (this.tokenUrl == null || this.tokenUrl.isEmpty()) {
            doDiscovery();
        }
        if (this.accessToken == null || this.accessToken.isEmpty()) {
            authorizeWithProvider();
        } else {
            long timeNow = timeNow() - this.requestTime;
            if (timeNow > this.expireIn) {
                if (timeNow >= this.refreshExpires || this.refreshToken == null || this.refreshToken.isEmpty()) {
                    authorizeWithProvider();
                } else {
                    try {
                        refreshWithRefreshToken();
                    } catch (Exception e) {
                        authorizeWithProvider();
                    }
                }
            }
        }
        return tokenToValuePair(this.accessToken);
    }

    private NameValuePair tokenToValuePair(String str) {
        return new BasicNameValuePair("Authorization", String.format("Bearer %s", str));
    }

    public String refreshWithRefreshToken() throws AnkaMgmtException, ClientException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("Content-Type", URLEncodedUtils.CONTENT_TYPE));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new BasicNameValuePair("grant_type", "refresh_token"));
        arrayList2.add(new BasicNameValuePair("refresh_token", this.refreshToken));
        arrayList2.add(new BasicNameValuePair("client_id", this.clientId));
        arrayList2.add(new BasicNameValuePair("client_secret", this.clientSecret));
        return processResponse(doPostRequest(this.tokenUrl, arrayList2, arrayList));
    }

    private NameValuePair makeAuthorization() {
        return new BasicNameValuePair("Authorization", String.format("Basic %s", DatatypeConverter.printBase64Binary(String.format("%s:%s", this.clientId, this.clientSecret).getBytes())));
    }

    public String doPostRequest(String str, Iterable<NameValuePair> iterable, Iterable<NameValuePair> iterable2) throws AnkaMgmtException, ClientException {
        RequestBuilder post = RequestBuilder.post();
        post.setUri(str);
        for (NameValuePair nameValuePair : iterable2) {
            post.setHeader(nameValuePair.getName(), nameValuePair.getValue());
        }
        post.setEntity(new UrlEncodedFormEntity(iterable));
        return doRequest((HttpRequestBase) post.build());
    }

    protected String doGetRequest(String str) throws AnkaMgmtException, ClientException {
        return doRequest(new HttpGet(str));
    }

    protected String doRequest(HttpRequestBase httpRequestBase) throws AnkaMgmtException, ClientException {
        CloseableHttpResponse execute;
        int i = 0;
        while (true) {
            try {
                try {
                    i++;
                    System.out.println("getUri: " + httpRequestBase.getMethod());
                    System.out.println("getUri: " + httpRequestBase.getRequestLine().toString());
                    System.out.println("getUri: " + httpRequestBase.getURI().toString());
                    execute = makeHttpClient().execute((HttpUriRequest) httpRequestBase);
                } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                    e.printStackTrace();
                    throw new AnkaMgmtException(e);
                }
            } catch (HttpResponseException e2) {
                throw new ClientException(httpRequestBase.getMethod() + httpRequestBase.getURI().toString() + "Bad Request");
            } catch (Exception e3) {
                if (i < this.maxRetries) {
                    throw new AnkaMgmtException(e3);
                }
                try {
                    Thread.sleep(3000L);
                } catch (InterruptedException e4) {
                    e4.printStackTrace();
                }
            }
            if (!checkIfNeedsContinue(execute)) {
                return readResponse(execute);
            }
        }
    }

    private CloseableHttpClient makeHttpClient() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        RequestConfig.Builder connectionRequestTimeout = RequestConfig.custom().setConnectTimeout(this.timeout).setConnectionRequestTimeout(this.timeout);
        HttpClientBuilder create = HttpClientBuilder.create();
        create.setSSLContext(new SSLContextBuilder().loadTrustMaterial((KeyStore) null, utils.strategyLambda()).build());
        return create.setDefaultRequestConfig(connectionRequestTimeout.build()).build();
    }

    private boolean checkIfNeedsContinue(HttpResponse httpResponse) throws HttpResponseException {
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        if (statusCode < 400 || statusCode >= 500) {
            return statusCode >= 500;
        }
        throw new HttpResponseException(statusCode, httpResponse.getStatusLine().getReasonPhrase());
    }

    private String readResponse(HttpResponse httpResponse) throws IOException {
        HttpEntity entity = httpResponse.getEntity();
        if (entity == null) {
            return null;
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent()));
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return stringBuffer.toString();
            }
            stringBuffer.append(readLine);
        }
    }

    private boolean isClaimInProfile(String str) {
        return Arrays.asList("name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at").contains(str);
    }

    private long timeNow() {
        return System.currentTimeMillis() / 1000;
    }

    private String processResponse(String str) {
        this.requestTime = timeNow();
        JSONObject jSONObject = new JSONObject(str);
        if (jSONObject.has("access_token")) {
            this.accessToken = jSONObject.getString("access_token");
        }
        if (jSONObject.has("refresh_token")) {
            this.refreshToken = jSONObject.getString("refresh_token");
        }
        if (jSONObject.has("refresh_expires_in")) {
            this.refreshExpires = jSONObject.getLong("refresh_expires_in");
        }
        if (jSONObject.has("expires_in")) {
            this.expireIn = jSONObject.getLong("expires_in");
        }
        return this.accessToken;
    }
}
