package de.retest.recheck.auth;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.http.client.utils.URLEncodedUtils;
import org.keycloak.OAuthErrorException;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.adapters.rotation.AdapterTokenVerifier;
import org.keycloak.common.VerificationException;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/retest/recheck/auth/RetestAuthentication.class */
public class RetestAuthentication {
    private static final Logger log = LoggerFactory.getLogger(RetestAuthentication.class);
    private static final String AUTH_URL = "https://sso.prod.cloud.retest.org/auth";
    private static final String REALM = "customer";
    private final KeycloakDeployment deployment;
    private String accessToken;
    private final AuthenticationHandler handler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/retest/recheck/auth/RetestAuthentication$CallbackListener.class */
    public class CallbackListener extends Thread {
        private final ServerSocket server = new ServerSocket(0);
        private KeycloakResult result;

        public CallbackListener() throws IOException {
        }

        /* JADX WARN: Finally extract failed */
        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                Socket accept = this.server.accept();
                Throwable th = null;
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(accept.getInputStream()));
                    try {
                        this.result = RetestAuthentication.getRequestParameters(bufferedReader.readLine());
                        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(accept.getOutputStream());
                        try {
                            PrintWriter printWriter = new PrintWriter(outputStreamWriter);
                            try {
                                if (this.result.getError() == null) {
                                    printWriter.println("HTTP/1.1 302 Found");
                                    printWriter.println("Location: " + RetestAuthentication.this.deployment.getTokenUrl().replace("/token", "/delegated"));
                                } else {
                                    printWriter.println("HTTP/1.1 302 Found");
                                    printWriter.println("Location: " + RetestAuthentication.this.deployment.getTokenUrl().replace("/token", "/delegated?error=true"));
                                }
                                if (Collections.singletonList(printWriter).get(0) != null) {
                                    printWriter.close();
                                }
                                if (Collections.singletonList(outputStreamWriter).get(0) != null) {
                                    outputStreamWriter.close();
                                }
                                if (Collections.singletonList(bufferedReader).get(0) != null) {
                                    bufferedReader.close();
                                }
                                if (accept != null) {
                                    if (0 != 0) {
                                        try {
                                            accept.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        accept.close();
                                    }
                                }
                            } catch (Throwable th3) {
                                if (Collections.singletonList(printWriter).get(0) != null) {
                                    printWriter.close();
                                }
                                throw th3;
                            }
                        } catch (Throwable th4) {
                            if (Collections.singletonList(outputStreamWriter).get(0) != null) {
                                outputStreamWriter.close();
                            }
                            throw th4;
                        }
                    } catch (Throwable th5) {
                        if (Collections.singletonList(bufferedReader).get(0) != null) {
                            bufferedReader.close();
                        }
                        throw th5;
                    }
                } finally {
                }
            } catch (IOException e) {
                RetestAuthentication.log.error("Error during communication with sso.cloud.retest.org", e);
            }
        }
    }

    public RetestAuthentication(AuthenticationHandler authenticationHandler, String str) {
        this.handler = authenticationHandler;
        AdapterConfig adapterConfig = new AdapterConfig();
        adapterConfig.setRealm(REALM);
        adapterConfig.setAuthServerUrl(AUTH_URL);
        adapterConfig.setSslRequired("external");
        adapterConfig.setResource(str);
        adapterConfig.setPublicClient(true);
        this.deployment = KeycloakDeploymentBuilder.build(adapterConfig);
    }

    public void authenticate() {
        if (this.handler.getOfflineToken() == null) {
            log.info("No active token found, initiating authentication");
            login();
        } else {
            try {
                refreshTokens();
            } catch (IOException | ServerRequest.HttpFailure e) {
                log.info("Token not recognized, initiating authentication");
                login();
            }
        }
    }

    private void login() {
        try {
            CallbackListener callbackListener = new CallbackListener();
            callbackListener.start();
            String str = "http://localhost:" + callbackListener.server.getLocalPort();
            String uuid = UUID.randomUUID().toString();
            this.handler.showWebLoginUri(URI.create(this.deployment.getAuthUrl().clone().queryParam("response_type", new Object[]{"code"}).queryParam("client_id", new Object[]{this.deployment.getResourceName()}).queryParam("redirect_uri", new Object[]{str}).queryParam("state", new Object[]{uuid}).queryParam("scope", new Object[]{"offline_access"}).build(new Object[0]).toString()));
            callbackListener.join();
            if (!uuid.equals(callbackListener.result.getState())) {
                this.handler.loginFailed(new VerificationException("Invalid state"));
            }
            if (callbackListener.result.getError() != null) {
                this.handler.loginFailed(new OAuthErrorException(callbackListener.result.getError(), callbackListener.result.getErrorDescription()));
            }
            if (callbackListener.result.getErrorException() != null) {
                this.handler.loginFailed(callbackListener.result.getErrorException());
            }
            AccessTokenResponse invokeAccessCodeToToken = ServerRequest.invokeAccessCodeToToken(this.deployment, callbackListener.result.getCode(), str, (String) null);
            this.accessToken = invokeAccessCodeToToken.getToken();
            this.handler.loginPerformed(invokeAccessCodeToToken.getRefreshToken());
        } catch (IOException | InterruptedException | ServerRequest.HttpFailure e) {
            log.error("Error during authentication", e);
            Thread.currentThread().interrupt();
        }
    }

    public void logout() {
        String offlineToken = this.handler.getOfflineToken();
        if (offlineToken == null) {
            log.error("No offline token provided");
            return;
        }
        try {
            log.info("Performing logout");
            ServerRequest.invokeLogout(this.deployment, offlineToken);
            this.handler.logoutPerformed();
        } catch (IOException | ServerRequest.HttpFailure e) {
            log.error("Error during logout", e);
            this.handler.logoutFailed(e);
        }
    }

    public String getAccessToken() {
        try {
            refreshTokens();
        } catch (IOException | ServerRequest.HttpFailure e) {
            log.error("Error refreshing token(s)", e);
        }
        return this.accessToken;
    }

    private void refreshTokens() throws IOException, ServerRequest.HttpFailure {
        if (isTokenValid()) {
            return;
        }
        this.accessToken = ServerRequest.invokeRefresh(this.deployment, this.handler.getOfflineToken()).getToken();
    }

    private boolean isTokenValid() {
        try {
            if (this.accessToken != null) {
                if (AdapterTokenVerifier.verifyToken(this.accessToken, this.deployment).isActive()) {
                    return true;
                }
            }
            return false;
        } catch (VerificationException e) {
            log.info("Current token is invalid, requesting new one");
            return false;
        }
    }

    static KeycloakResult getRequestParameters(String str) {
        Map map = (Map) URLEncodedUtils.parse(URI.create("http://localhost/" + str.split(" ")[1]), StandardCharsets.UTF_8).stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getValue();
        }));
        return KeycloakResult.builder().code((String) map.get("code")).error((String) map.get("error")).errorDescription((String) map.get("error-description")).state((String) map.get("state")).build();
    }
}
