package de.cuioss.portal.authentication.oauth.impl;

import de.cuioss.portal.authentication.AuthenticatedUserInfo;
import de.cuioss.portal.authentication.model.BaseAuthenticatedUserInfo;
import de.cuioss.portal.authentication.oauth.Oauth2AuthenticationFacade;
import de.cuioss.portal.authentication.oauth.Oauth2Configuration;
import de.cuioss.portal.authentication.oauth.Oauth2Service;
import de.cuioss.portal.authentication.oauth.Token;
import de.cuioss.portal.restclient.CuiRestClientBuilder;
import de.cuioss.tools.base.Preconditions;
import de.cuioss.tools.logging.CuiLogger;
import de.cuioss.tools.net.UrlParameter;
import de.cuioss.tools.string.MoreStrings;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.inject.Provider;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.client.ClientRequestContext;
import jakarta.ws.rs.client.ClientRequestFilter;
import java.io.Closeable;
import java.io.IOException;
import java.io.Serializable;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;

@ApplicationScoped
/* loaded from: input_file:de/cuioss/portal/authentication/oauth/impl/Oauth2ServiceImpl.class */
public class Oauth2ServiceImpl implements Serializable, Oauth2Service {
    private static final CuiLogger log = new CuiLogger(Oauth2ServiceImpl.class);
    private static final long serialVersionUID = 470127601291147747L;
    private static final String RETRIEVE_CLIENT_TOKEN_FAILED_MSG = "Portal-135: Retrieving client token failed";

    @Inject
    private Provider<Oauth2Configuration> configurationProvider;

    /* loaded from: input_file:de/cuioss/portal/authentication/oauth/impl/Oauth2ServiceImpl$AcceptJsonHeaderFilter.class */
    public static class AcceptJsonHeaderFilter implements ClientRequestFilter {
        public void filter(ClientRequestContext clientRequestContext) {
            clientRequestContext.getHeaders().putSingle("Accept", "application/json");
        }
    }

    /* loaded from: input_file:de/cuioss/portal/authentication/oauth/impl/Oauth2ServiceImpl$RequestClientToken.class */
    public interface RequestClientToken extends Closeable {
        @POST
        @Produces({"application/x-www-form-urlencoded"})
        Token requestToken(@FormParam("grant_type") String str);
    }

    /* loaded from: input_file:de/cuioss/portal/authentication/oauth/impl/Oauth2ServiceImpl$RequestRefreshToken.class */
    public interface RequestRefreshToken extends Closeable {
        @POST
        @Produces({"application/x-www-form-urlencoded"})
        Token requestToken(@FormParam("grant_type") String str, @FormParam("refresh_token") String str2);
    }

    /* loaded from: input_file:de/cuioss/portal/authentication/oauth/impl/Oauth2ServiceImpl$RequestToken.class */
    public interface RequestToken extends Closeable {
        @POST
        @Produces({"application/x-www-form-urlencoded"})
        Token requestToken(@FormParam("grant_type") String str, @FormParam("code") String str2, @FormParam("state") String str3, @FormParam("code_verifier") String str4, @FormParam("redirect_uri") String str5);
    }

    /* loaded from: input_file:de/cuioss/portal/authentication/oauth/impl/Oauth2ServiceImpl$RequestUserInfo.class */
    public interface RequestUserInfo extends Closeable {
        @GET
        Map<String, Object> getUserInfo();
    }

    @Override // de.cuioss.portal.authentication.oauth.Oauth2Service
    public AuthenticatedUserInfo createAuthenticatedUserInfo(HttpServletRequest httpServletRequest, UrlParameter urlParameter, UrlParameter urlParameter2, String str, String str2) {
        Objects.requireNonNull(httpServletRequest);
        Objects.requireNonNull(urlParameter);
        Objects.requireNonNull(urlParameter2);
        Objects.requireNonNull(MoreStrings.emptyToNull(str));
        Oauth2Configuration oauth2Configuration = (Oauth2Configuration) this.configurationProvider.get();
        CuiRestClientBuilder register = new CuiRestClientBuilder(log).basicAuth(oauth2Configuration.getClientId(), oauth2Configuration.getClientSecret()).register(new AcceptJsonHeaderFilter());
        String trim = oauth2Configuration.getTokenUri().trim();
        String str3 = oauth2Configuration.getExternalContextPath().trim() + httpServletRequest.getRequestURI();
        log.debug("creating auth user info with scopes='{}', tokenUri='{}', redirectUri='{}'", new Object[]{str, trim, str3});
        try {
            RequestToken requestToken = (RequestToken) register.url(trim).build(RequestToken.class);
            try {
                Token requestToken2 = requestToken.requestToken("authorization_code", urlParameter.getValue(), urlParameter2.getValue(), str2, str3);
                log.trace("received token='{}' for scopes='{}', requestUri={}", new Object[]{requestToken2, str, httpServletRequest.getRequestURI()});
                if (requestToken != null) {
                    requestToken.close();
                }
                return retrieveAuthenticatedUser(str, oauth2Configuration, requestToken2, (int) (System.currentTimeMillis() / 1000));
            } catch (Throwable th) {
                if (requestToken != null) {
                    try {
                        requestToken.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (WebApplicationException e) {
            log.warn("Portal-106: Retrieving request token failed", e);
            CuiRestClientBuilder.debugResponse(e.getResponse(), log);
            return null;
        } catch (IOException e2) {
            log.error("Portal-540: IO Exception during request", e2);
            return null;
        } catch (IllegalArgumentException e3) {
            log.warn("Portal-106: Retrieving request token failed", e3);
            return null;
        }
    }

    @Override // de.cuioss.portal.authentication.oauth.Oauth2Service
    public AuthenticatedUserInfo retrieveAuthenticatedUser(String str, Token token, int i) {
        return retrieveAuthenticatedUser(str, (Oauth2Configuration) this.configurationProvider.get(), token, i);
    }

    private AuthenticatedUserInfo retrieveAuthenticatedUser(String str, Oauth2Configuration oauth2Configuration, Token token, int i) {
        String trim = oauth2Configuration.getUserInfoUri().trim();
        CuiRestClientBuilder bearerAuthToken = new CuiRestClientBuilder(log).register(new AcceptJsonHeaderFilter()).bearerAuthToken(token.getAccess_token());
        log.trace("retrieving userinfo for authenticated user. userInfoUri={}, access_token={}", new Object[]{trim, token.getAccess_token()});
        try {
            RequestUserInfo requestUserInfo = (RequestUserInfo) bearerAuthToken.url(trim).build(RequestUserInfo.class);
            try {
                Map<String, Object> userInfo = requestUserInfo.getUserInfo();
                log.debug("successfully retrieved userinfo");
                log.trace("userinfo: {}", new Object[]{userInfo});
                BaseAuthenticatedUserInfo.BaseAuthenticatedUserInfoBuilder contextMapElement = BaseAuthenticatedUserInfo.builder().authenticated(true).contextMapElement("tokenScopes", str).contextMapElement("token", token).contextMapElement("tokenTimestamp", Integer.valueOf(i));
                for (Map.Entry<String, Object> entry : userInfo.entrySet()) {
                    if ("preferred_username".equals(entry.getKey())) {
                        contextMapElement.displayName(entry.getValue().toString());
                    } else if ("sub".equals(entry.getKey())) {
                        contextMapElement.identifier(entry.getValue().toString());
                    } else if (Oauth2AuthenticationFacade.EMAIL_KEY.equals(entry.getKey())) {
                        contextMapElement.contextMapElement(Oauth2AuthenticationFacade.EMAIL_KEY, entry.getValue().toString());
                    } else if (oauth2Configuration.getRoleMapperClaims().contains(entry.getKey())) {
                        contextMapElement.roles(asStringList(entry.getValue()));
                    } else {
                        contextMapElement.contextMapElement("userinfo_" + entry.getKey(), entry.getValue().toString());
                    }
                }
                BaseAuthenticatedUserInfo build = contextMapElement.build();
                if (requestUserInfo != null) {
                    requestUserInfo.close();
                }
                return build;
            } catch (Throwable th) {
                if (requestUserInfo != null) {
                    try {
                        requestUserInfo.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Exception e) {
            log.warn("Portal-107: Get userinfo failed", e);
            return null;
        } catch (WebApplicationException e2) {
            log.warn("Portal-107: Get userinfo failed", e2);
            CuiRestClientBuilder.debugResponse(e2.getResponse(), log);
            return null;
        }
    }

    private static List<String> asStringList(Object obj) {
        if (null == obj) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        if (obj instanceof Iterable) {
            ((Iterable) obj).forEach(obj2 -> {
                arrayList.addAll(asStringList(obj2));
            });
        } else {
            arrayList.add(obj.toString());
        }
        return arrayList;
    }

    @Override // de.cuioss.portal.authentication.oauth.Oauth2Service
    public String retrieveClientToken(String str) {
        Oauth2Configuration oauth2Configuration = (Oauth2Configuration) this.configurationProvider.get();
        Preconditions.checkState(null != oauth2Configuration.getTokenUri(), "tokenUri must not be null");
        try {
            RequestClientToken requestClientToken = (RequestClientToken) new CuiRestClientBuilder(log).basicAuth(oauth2Configuration.getClientId(), oauth2Configuration.getClientSecret()).register(new AcceptJsonHeaderFilter()).url(oauth2Configuration.getTokenUri().trim()).build(RequestClientToken.class);
            try {
                String access_token = requestClientToken.requestToken("client_credentials").getAccess_token();
                if (requestClientToken != null) {
                    requestClientToken.close();
                }
                return access_token;
            } catch (Throwable th) {
                if (requestClientToken != null) {
                    try {
                        requestClientToken.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Exception e) {
            log.warn(e, RETRIEVE_CLIENT_TOKEN_FAILED_MSG, new Object[0]);
            return null;
        } catch (WebApplicationException e2) {
            log.warn(e2, RETRIEVE_CLIENT_TOKEN_FAILED_MSG, new Object[0]);
            CuiRestClientBuilder.debugResponse(e2.getResponse(), log);
            return null;
        }
    }

    @Override // de.cuioss.portal.authentication.oauth.Oauth2Service
    public String refreshToken(OauthAuthenticatedUserInfo oauthAuthenticatedUserInfo) {
        Oauth2Configuration oauth2Configuration = (Oauth2Configuration) this.configurationProvider.get();
        try {
            RequestRefreshToken requestRefreshToken = (RequestRefreshToken) new CuiRestClientBuilder(log).basicAuth(oauth2Configuration.getClientId(), oauth2Configuration.getClientSecret()).register(new AcceptJsonHeaderFilter()).url(oauth2Configuration.getTokenUri().trim()).build(RequestRefreshToken.class);
            try {
                Token requestToken = requestRefreshToken.requestToken("refresh_token", oauthAuthenticatedUserInfo.getToken().getRefresh_token());
                if (null == requestToken) {
                    log.debug("no token received");
                    if (requestRefreshToken != null) {
                        requestRefreshToken.close();
                    }
                    return null;
                }
                log.debug("successfully retrieved new token");
                log.trace("new token: {}", new Object[]{requestToken});
                oauthAuthenticatedUserInfo.getContextMap().put("token", requestToken);
                oauthAuthenticatedUserInfo.getContextMap().put("tokenTimestamp", Integer.valueOf((int) (System.currentTimeMillis() / 1000)));
                String access_token = requestToken.getAccess_token();
                if (requestRefreshToken != null) {
                    requestRefreshToken.close();
                }
                return access_token;
            } catch (Throwable th) {
                if (requestRefreshToken != null) {
                    try {
                        requestRefreshToken.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Exception e) {
            log.warn(e, RETRIEVE_CLIENT_TOKEN_FAILED_MSG, new Object[0]);
            return null;
        } catch (WebApplicationException e2) {
            log.warn(e2, RETRIEVE_CLIENT_TOKEN_FAILED_MSG, new Object[0]);
            CuiRestClientBuilder.debugResponse(e2.getResponse(), log);
            return null;
        }
    }

    @Override // de.cuioss.portal.authentication.oauth.Oauth2Service
    public String calcEncodedRedirectUrl(String str) {
        Objects.requireNonNull(str);
        return URLEncoder.encode(((Oauth2Configuration) this.configurationProvider.get()).getExternalContextPath().trim() + str, StandardCharsets.UTF_8);
    }
}
