package de.adorsys.ledgers.keycloak.client.impl;

import de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService;
import de.adorsys.ledgers.keycloak.client.mapper.KeycloakAuthMapper;
import de.adorsys.ledgers.keycloak.client.model.TokenConfiguration;
import de.adorsys.ledgers.keycloak.client.rest.KeycloakTokenRestClient;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Service;
import org.springframework.util.LinkedMultiValueMap;

@Service
/* loaded from: input_file:BOOT-INF/lib/keycloak-client-4.15.jar:de/adorsys/ledgers/keycloak/client/impl/KeycloakTokenServiceImpl.class */
public class KeycloakTokenServiceImpl implements KeycloakTokenService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeycloakTokenServiceImpl.class);

    @Value("${keycloak.resource:}")
    private String clientId;

    @Value("${keycloak.credentials.secret:}")
    private String clientSecret;
    private final KeycloakTokenRestClient keycloakTokenRestClient;
    private final KeycloakAuthMapper authMapper;

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService
    public BearerTokenTO login(String str, String str2) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add(OAuth2Constants.GRANT_TYPE, "password");
        linkedMultiValueMap.add("username", str);
        linkedMultiValueMap.add("password", str2);
        linkedMultiValueMap.add(OAuth2Constants.CLIENT_ID, this.clientId);
        linkedMultiValueMap.add(OAuth2Constants.CLIENT_SECRET, this.clientSecret);
        ResponseEntity<Map<String, ?>> login = this.keycloakTokenRestClient.login(linkedMultiValueMap);
        if (HttpStatus.OK != login.getStatusCode()) {
            log.error("Could not obtain token by user credentials [{}]", str);
        }
        Map map = (Map) ((ResponseEntity) Objects.requireNonNull(login)).getBody();
        BearerTokenTO bearerTokenTO = new BearerTokenTO();
        bearerTokenTO.setAccess_token((String) ((Map) Objects.requireNonNull(map)).get("access_token"));
        bearerTokenTO.setRefresh_token((String) ((Map) Objects.requireNonNull(map)).get(OAuth2Constants.REFRESH_TOKEN));
        return bearerTokenTO;
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService
    public BearerTokenTO exchangeToken(String str, Integer num, String str2) {
        return validate((String) Optional.ofNullable(this.keycloakTokenRestClient.exchangeToken("Bearer " + str, new TokenConfiguration(num.intValue(), str2)).getBody()).map((v0) -> {
            return v0.getToken();
        }).orElse(""));
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService
    public BearerTokenTO validate(String str) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("token", str);
        linkedMultiValueMap.add(OAuth2Constants.CLIENT_ID, this.clientId);
        linkedMultiValueMap.add(OAuth2Constants.CLIENT_SECRET, this.clientSecret);
        ResponseEntity<AccessToken> validate = this.keycloakTokenRestClient.validate(linkedMultiValueMap);
        if (HttpStatus.OK != validate.getStatusCode()) {
            log.error("Could not validate token");
        }
        if (((Map) Optional.ofNullable(validate.getBody()).map((v0) -> {
            return v0.getOtherClaims();
        }).orElse(new HashMap())).get("active").equals(false)) {
            throw new AccessDeniedException("Token Expired!");
        }
        return this.authMapper.toBearer(validate.getBody(), str);
    }

    @Override // de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService
    public BearerTokenTO refreshToken(String str) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN);
        linkedMultiValueMap.add(OAuth2Constants.CLIENT_ID, this.clientId);
        linkedMultiValueMap.add(OAuth2Constants.CLIENT_SECRET, this.clientSecret);
        linkedMultiValueMap.add(OAuth2Constants.REFRESH_TOKEN, str);
        ResponseEntity<Map<String, ?>> login = this.keycloakTokenRestClient.login(linkedMultiValueMap);
        if (HttpStatus.OK != login.getStatusCode()) {
            log.error("Could not obtain token by refresh token  [{}]", str);
            throw new AccessDeniedException("Invalid Refresh token");
        }
        Map map = (Map) ((ResponseEntity) Objects.requireNonNull(login)).getBody();
        BearerTokenTO bearerTokenTO = new BearerTokenTO();
        bearerTokenTO.setAccess_token((String) ((Map) Objects.requireNonNull(map)).get("access_token"));
        bearerTokenTO.setRefresh_token((String) ((Map) Objects.requireNonNull(map)).get(OAuth2Constants.REFRESH_TOKEN));
        return bearerTokenTO;
    }

    public KeycloakTokenServiceImpl(KeycloakTokenRestClient keycloakTokenRestClient, KeycloakAuthMapper keycloakAuthMapper) {
        this.keycloakTokenRestClient = keycloakTokenRestClient;
        this.authMapper = keycloakAuthMapper;
    }
}
