package de.retest.recheck.auth;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URI;
import java.util.Collections;
import java.util.UUID;
import okhttp3.HttpUrl;
import org.apache.commons.lang3.StringUtils;
import org.keycloak.OAuthErrorException;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.adapters.rotation.AdapterTokenVerifier;
import org.keycloak.common.VerificationException;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/retest/recheck/auth/RetestAuthentication.class */
public class RetestAuthentication {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RetestAuthentication.class);
    public static final String AUTH_SERVER_PROPERTY = "de.retest.auth.server";
    private static final String AUTH_SERVER_PROPERTY_DEFAULT = "https://sso.prod.cloud.retest.org/auth";
    public static final String RESOURCE_PROPERTY = "de.retest.auth.resource";
    private static final String RESOURCE_PROPERTY_DEFAULT = "review";
    private final KeycloakDeployment deployment;
    private String refreshToken;
    private AccessToken accessToken;
    private String accessTokenString;
    private static RetestAuthentication instance;

    /* loaded from: input_file:de/retest/recheck/auth/RetestAuthentication$CallbackListener.class */
    private class CallbackListener extends Thread {
        private final ServerSocket server = new ServerSocket(0);
        private KeycloakResult result;

        public CallbackListener() throws IOException {
        }

        /* JADX WARN: Finally extract failed */
        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                Socket accept = this.server.accept();
                Throwable th = null;
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(accept.getInputStream()));
                    try {
                        this.result = RetestAuthentication.getRequestParameters(bufferedReader.readLine());
                        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(accept.getOutputStream());
                        try {
                            PrintWriter printWriter = new PrintWriter(outputStreamWriter);
                            try {
                                if (this.result.getError() == null) {
                                    printWriter.println("HTTP/1.1 302 Found");
                                    printWriter.println("Location: " + RetestAuthentication.this.deployment.getTokenUrl().replace("/token", "/delegated"));
                                } else {
                                    printWriter.println("HTTP/1.1 302 Found");
                                    printWriter.println("Location: " + RetestAuthentication.this.deployment.getTokenUrl().replace("/token", "/delegated?error=true"));
                                }
                                if (Collections.singletonList(printWriter).get(0) != null) {
                                    printWriter.close();
                                }
                                if (Collections.singletonList(outputStreamWriter).get(0) != null) {
                                    outputStreamWriter.close();
                                }
                                if (Collections.singletonList(bufferedReader).get(0) != null) {
                                    bufferedReader.close();
                                }
                                if (accept != null) {
                                    if (0 != 0) {
                                        try {
                                            accept.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        accept.close();
                                    }
                                }
                            } catch (Throwable th3) {
                                if (Collections.singletonList(printWriter).get(0) != null) {
                                    printWriter.close();
                                }
                                throw th3;
                            }
                        } catch (Throwable th4) {
                            if (Collections.singletonList(outputStreamWriter).get(0) != null) {
                                outputStreamWriter.close();
                            }
                            throw th4;
                        }
                    } catch (Throwable th5) {
                        if (Collections.singletonList(bufferedReader).get(0) != null) {
                            bufferedReader.close();
                        }
                        throw th5;
                    }
                } finally {
                }
            } catch (IOException e) {
                RetestAuthentication.log.error("Error during communication with sso.cloud.retest.org", (Throwable) e);
            }
        }
    }

    private RetestAuthentication() {
        AdapterConfig adapterConfig = new AdapterConfig();
        adapterConfig.setRealm("customer");
        adapterConfig.setAuthServerUrl(System.getProperty(AUTH_SERVER_PROPERTY, AUTH_SERVER_PROPERTY_DEFAULT));
        adapterConfig.setSslRequired("external");
        adapterConfig.setResource(System.getProperty(RESOURCE_PROPERTY, RESOURCE_PROPERTY_DEFAULT));
        adapterConfig.setPublicClient(true);
        this.deployment = KeycloakDeploymentBuilder.build(adapterConfig);
    }

    public static RetestAuthentication getInstance() {
        if (instance == null) {
            instance = new RetestAuthentication();
        }
        return instance;
    }

    public URI getAccountUrl() {
        return URI.create(this.deployment.getAccountUrl());
    }

    public boolean isAuthenticated(String str) {
        if (str == null) {
            return false;
        }
        try {
            AccessTokenResponse invokeRefresh = ServerRequest.invokeRefresh(this.deployment, str);
            this.accessToken = AdapterTokenVerifier.verifyToken(invokeRefresh.getToken(), this.deployment);
            this.accessTokenString = invokeRefresh.getToken();
            return true;
        } catch (IOException | ServerRequest.HttpFailure | VerificationException e) {
            log.info("Token not recognized, please authenticate");
            log.debug("Error verifying offline token", e);
            return false;
        }
    }

    public void login(AuthenticationHandler authenticationHandler) throws IOException, ServerRequest.HttpFailure, VerificationException {
        try {
            CallbackListener callbackListener = new CallbackListener();
            callbackListener.start();
            String str = "http://localhost:" + callbackListener.server.getLocalPort();
            String uuid = UUID.randomUUID().toString();
            URI create = URI.create(this.deployment.getAuthUrl().m1133clone().queryParam("response_type", "code").queryParam("client_id", this.deployment.getResourceName()).queryParam("redirect_uri", str).queryParam("state", uuid).queryParam("scope", "offline_access").build(new Object[0]).toString());
            log.debug("Open login URI '{}' in browser to login", create);
            authenticationHandler.showWebLoginUri(create);
            callbackListener.join();
            if (!uuid.equals(callbackListener.result.getState())) {
                authenticationHandler.authenticationFailed(new VerificationException("Invalid state"));
            }
            if (callbackListener.result.getError() != null) {
                authenticationHandler.authenticationFailed(new OAuthErrorException(callbackListener.result.getError(), callbackListener.result.getErrorDescription()));
            }
            if (callbackListener.result.getErrorException() != null) {
                authenticationHandler.authenticationFailed(callbackListener.result.getErrorException());
            }
            processCode(callbackListener.result.getCode(), str);
            authenticationHandler.authenticated();
        } catch (InterruptedException e) {
            log.error("Error during authentication, thread interrupted", (Throwable) e);
            Thread.currentThread().interrupt();
        }
    }

    private void processCode(String str, String str2) throws IOException, ServerRequest.HttpFailure, VerificationException {
        parseAccessToken(ServerRequest.invokeAccessCodeToToken(this.deployment, str, str2, null));
    }

    private void parseAccessToken(AccessTokenResponse accessTokenResponse) throws VerificationException {
        this.accessTokenString = accessTokenResponse.getToken();
        this.refreshToken = accessTokenResponse.getRefreshToken();
        this.accessToken = AdapterTokenVerifier.verifyTokens(this.accessTokenString, accessTokenResponse.getIdToken(), this.deployment).getAccessToken();
    }

    public AccessToken getAccessToken() {
        refreshTokens();
        return this.accessToken;
    }

    public String getAccessTokenString() {
        refreshTokens();
        return this.accessTokenString;
    }

    public String getRefreshTokenString() {
        refreshTokens();
        return this.refreshToken;
    }

    private void refreshTokens() {
        if (isTokenValid()) {
            return;
        }
        try {
            parseAccessToken(ServerRequest.invokeRefresh(this.deployment, this.refreshToken));
        } catch (IOException | ServerRequest.HttpFailure | VerificationException e) {
            log.error("Error refreshing token(s)", e);
        }
    }

    private boolean isTokenValid() {
        try {
            if (this.accessTokenString != null && this.accessToken != null) {
                if (AdapterTokenVerifier.verifyToken(this.accessTokenString, this.deployment).isActive()) {
                    return true;
                }
            }
            return false;
        } catch (VerificationException e) {
            log.error("Error verifying token(s)", (Throwable) e);
            return false;
        }
    }

    static KeycloakResult getRequestParameters(String str) {
        HttpUrl resolve = HttpUrl.parse("http://localhost/").resolve(str.split(StringUtils.SPACE)[1]);
        return KeycloakResult.builder().code(resolve.queryParameter("code")).error(resolve.queryParameter("error")).errorDescription(resolve.queryParameter("error-description")).state(resolve.queryParameter("state")).build();
    }
}
