package de.samply.auth.client;

import de.samply.auth.client.jwt.JwtAccessToken;
import de.samply.auth.client.jwt.JwtException;
import de.samply.auth.client.jwt.JwtIdToken;
import de.samply.auth.client.jwt.JwtRefreshToken;
import de.samply.auth.client.jwt.KeyLoader;
import de.samply.auth.rest.AccessTokenDto;
import de.samply.auth.rest.AccessTokenRequestDto;
import de.samply.auth.rest.KeyIdentificationDto;
import de.samply.auth.rest.LocationDto;
import de.samply.auth.rest.LocationListDto;
import de.samply.auth.rest.OAuth2Discovery;
import de.samply.auth.rest.RegistrationRequestDto;
import de.samply.auth.rest.RoleDto;
import de.samply.auth.rest.RoleListDto;
import de.samply.auth.rest.SignRequestDto;
import de.samply.auth.rest.UserListDto;
import de.samply.auth.utils.HashUtils;
import de.samply.common.config.OAuth2Client;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:de/samply/auth/client/SamplyAuthClient.class */
public class SamplyAuthClient extends AuthClient {
    private static final String OAUTH2_PATH = "oauth2";

    public SamplyAuthClient(JwtAccessToken jwtAccessToken, JwtIdToken jwtIdToken, JwtRefreshToken jwtRefreshToken, OAuth2Client oAuth2Client, Client client, String str) {
        super(oAuth2Client.getHost(), jwtAccessToken, jwtIdToken, jwtRefreshToken, oAuth2Client, KeyLoader.loadKey(oAuth2Client.getHostPublicKey()), null, null, client, str, null, null, null, null);
    }

    public SamplyAuthClient(String str, OAuth2Client oAuth2Client, Client client, String str2) {
        super(oAuth2Client.getHost(), null, null, null, oAuth2Client, KeyLoader.loadKey(oAuth2Client.getHostPublicKey()), null, str, client, str2, null, null, null, null);
    }

    public SamplyAuthClient(PrivateKey privateKey, OAuth2Client oAuth2Client, Client client, String str) {
        super(oAuth2Client.getHost(), null, null, null, oAuth2Client, KeyLoader.loadKey(oAuth2Client.getHostPublicKey()), privateKey, null, client, str, null, null, null, null);
    }

    @Override // de.samply.auth.client.AuthClient
    public JwtIdToken getIdToken() throws InvalidTokenException {
        if (this.code == null) {
            return null;
        }
        return super.getIdToken();
    }

    @Override // de.samply.auth.client.AuthClient
    public UserListDto searchUser(String str) throws InvalidTokenException {
        return (UserListDto) getSearchUserRequestBuilder(str).header("Authorization", getAccessToken().getHeader()).get(UserListDto.class);
    }

    @Override // de.samply.auth.client.AuthClient
    public List<LocationDto> getLocations() {
        return ((LocationListDto) getLocationsRequestBuilder().header("Authorization", getAuthorizationHeader()).get(LocationListDto.class)).getLocations();
    }

    @Override // de.samply.auth.client.AuthClient
    public Response register(RegistrationWrapper registrationWrapper) {
        RegistrationRequestDto regReq = registrationWrapper.getRegReq();
        if (regReq == null) {
            return null;
        }
        regReq.setBase64EncodedPublicKey(Base64.encodeBase64String(KeyLoader.loadPublicRsaKey(this.privateKey).getEncoded()));
        return getRegisterRequestBuilder().accept(new String[]{"application/json"}).post(Entity.json(regReq));
    }

    @Override // de.samply.auth.client.AuthClient
    protected JwtAccessToken getNewAccessToken() throws JwtException, InvalidTokenException {
        this.logger.debug("Requesting new access token, base URL: " + this.baseUrl);
        if (this.code != null || this.refreshToken != null) {
            Invocation.Builder accessTokenRequestBuilder = getAccessTokenRequestBuilder();
            AccessTokenRequestDto accessTokenRequestDto = new AccessTokenRequestDto();
            if (this.refreshToken == null) {
                this.logger.debug("No refresh token available yet");
                accessTokenRequestDto.setClientId(this.config.getClientId());
                accessTokenRequestDto.setClientSecret(this.config.getClientSecret());
                accessTokenRequestDto.setCode(this.code);
            } else {
                this.logger.debug("Using the refresh token");
                accessTokenRequestDto.setRefreshToken(this.refreshToken.getSerialized());
            }
            AccessTokenDto accessTokenDto = (AccessTokenDto) accessTokenRequestBuilder.post(Entity.json(accessTokenRequestDto), AccessTokenDto.class);
            this.accessToken = new JwtAccessToken(this.publicKey, accessTokenDto.getAccessToken());
            this.idToken = new JwtIdToken(this.config.getClientId(), this.publicKey, accessTokenDto.getIdToken());
            this.refreshToken = new JwtRefreshToken(this.publicKey, accessTokenDto.getRefreshToken());
            if (this.accessToken.isValid() && this.idToken.isValid() && this.refreshToken.isValid()) {
                this.logger.debug("Got new valid access token using a code!");
                return this.accessToken;
            }
            this.logger.debug("The token we got was not valid. Throw an exception.");
            throw new InvalidTokenException();
        }
        if (this.privateKey == null) {
            throw new UnsupportedOperationException();
        }
        this.logger.debug("Requesting a code to sign");
        try {
            PublicKey loadPublicRsaKey = KeyLoader.loadPublicRsaKey(this.privateKey);
            KeyIdentificationDto keyIdentificationDto = new KeyIdentificationDto();
            keyIdentificationDto.setSha512Hash(HashUtils.sha512(loadPublicRsaKey.getEncoded()));
            SignRequestDto signRequestDto = (SignRequestDto) getSignRequestBuilder().post(Entity.json(keyIdentificationDto), SignRequestDto.class);
            Signature signature = Signature.getInstance(signRequestDto.getAlgorithm());
            signature.initSign(this.privateKey);
            signature.update(signRequestDto.getCode().getBytes(StandardCharsets.UTF_8));
            this.logger.debug("Signing code:" + signRequestDto.getCode());
            AccessTokenRequestDto accessTokenRequestDto2 = new AccessTokenRequestDto();
            accessTokenRequestDto2.setCode(signRequestDto.getCode());
            accessTokenRequestDto2.setSignature(Base64.encodeBase64String(signature.sign()));
            this.accessToken = new JwtAccessToken(this.publicKey, ((AccessTokenDto) getAccessTokenRequestBuilder().post(Entity.json(accessTokenRequestDto2), AccessTokenDto.class)).getAccessToken());
            this.idToken = null;
            this.refreshToken = null;
            if (this.accessToken.isValid()) {
                this.logger.debug("Got new valid access token using a private key!");
                return this.accessToken;
            }
            this.logger.debug("The token we got was not valid. Throw an exception.");
            throw new InvalidTokenException();
        } catch (java.security.InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            this.logger.debug("Apparently this is not a valid RSA key!");
            throw new InvalidTokenException();
        }
    }

    @Override // de.samply.auth.client.AuthClient
    public OAuth2Discovery getDiscovery() {
        return (OAuth2Discovery) getDiscoveryRequestBuilder().get(OAuth2Discovery.class);
    }

    private WebTarget getUriPrefix() {
        return this.client.target(this.baseUrl).path(OAUTH2_PATH);
    }

    @Override // de.samply.auth.client.AuthClient
    protected Invocation.Builder getAccessTokenBuilder() {
        return getUriPrefix().path("access_token").request(new String[]{"application/json"});
    }

    private Invocation.Builder getAccessTokenRequestBuilder() {
        return getUriPrefix().path("access_token").request(new String[]{"application/json"});
    }

    private Invocation.Builder getSignRequestBuilder() {
        return this.client.target(this.baseUrl).path(OAUTH2_PATH).path("sign_request").request(new String[]{"application/json"});
    }

    private Invocation.Builder getRegisterRequestBuilder() {
        return getUriPrefix().path("register").request(new String[]{"application/json"});
    }

    private Invocation.Builder getDiscoveryRequestBuilder() {
        return getUriPrefix().path(".well-known").path("openid-configuration").request(new String[]{"application/json"});
    }

    private Invocation.Builder getSearchUserRequestBuilder(String str) {
        return getUriPrefix().path("users").path("search").queryParam("query", new Object[]{str}).request(new String[]{"application/json"});
    }

    private Invocation.Builder getLocationsRequestBuilder() {
        return getUriPrefix().path("locations").request(new String[]{"application/json"});
    }

    @Override // de.samply.auth.client.AuthClient
    protected Invocation.Builder getClientBuilder() {
        return getUriPrefix().path("clients").request(new String[]{"application/json"});
    }

    private Invocation.Builder getClientsRequestBuilder() {
        return getUriPrefix().path("clients").request(new String[]{"application/json"});
    }

    private Invocation.Builder getRoleRequestBuilder() {
        return this.client.target(this.baseUrl).path(OAUTH2_PATH).path("roles").request(new String[]{"application/json"});
    }

    private Invocation.Builder getRoleRequestBuilder(String str) {
        return this.client.target(this.baseUrl).path(OAUTH2_PATH).path("roles").path(str).request(new String[]{"application/json"});
    }

    public RoleListDto getRoles() {
        return (RoleListDto) getRoleRequestBuilder().header("Authorization", getAuthorizationHeader()).get(RoleListDto.class);
    }

    public RoleDto getRole(String str) {
        return (RoleDto) getRoleRequestBuilder(str).header("Authorization", getAuthorizationHeader()).get(RoleDto.class);
    }
}
