package de.samply.auth.client;

import com.nimbusds.jose.JWSAlgorithm;
import de.samply.auth.client.jwt.AbstractJwt;
import de.samply.auth.client.jwt.JwtAccessToken;
import de.samply.auth.client.jwt.JwtException;
import de.samply.auth.client.jwt.JwtIdToken;
import de.samply.auth.client.jwt.JwtRefreshToken;
import de.samply.auth.client.jwt.KeyLoader;
import de.samply.auth.rest.AccessTokenDto;
import de.samply.auth.rest.ClientListDto;
import de.samply.auth.rest.LocationDto;
import de.samply.auth.rest.LocationListDto;
import de.samply.auth.rest.OAuth2Discovery;
import de.samply.auth.rest.UserListDto;
import de.samply.auth.utils.OAuth2ClientConfig;
import de.samply.common.config.OAuth2Client;
import java.io.UnsupportedEncodingException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.client.ResponseProcessingException;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import javax.xml.bind.DatatypeConverter;
import net.minidev.json.JSONObject;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:de/samply/auth/client/KeycloakAuthClient.class */
public class KeycloakAuthClient extends AuthClient {
    public KeycloakAuthClient(JwtAccessToken jwtAccessToken, JwtIdToken jwtIdToken, JwtRefreshToken jwtRefreshToken, OAuth2Client oAuth2Client, Client client, String str) {
        super(oAuth2Client.getHost(), jwtAccessToken, jwtIdToken, jwtRefreshToken, oAuth2Client, KeyLoader.loadKey(oAuth2Client.getHostPublicKey()), null, null, client, str, null, null, null, null);
    }

    public KeycloakAuthClient(String str, OAuth2Client oAuth2Client, Client client, String str2) {
        super(oAuth2Client.getHost(), null, null, null, oAuth2Client, KeyLoader.loadKey(oAuth2Client.getHostPublicKey()), null, str, client, str2, null, null, null, null);
    }

    public KeycloakAuthClient(OAuth2Client oAuth2Client, Client client, String str) {
        super(oAuth2Client.getHost(), null, null, null, oAuth2Client, KeyLoader.loadKey(oAuth2Client.getHostPublicKey()), null, null, client, str, null, null, null, null);
    }

    public KeycloakAuthClient(OAuth2Client oAuth2Client, Client client) {
        super(oAuth2Client.getHost(), null, null, null, oAuth2Client, KeyLoader.loadKey(oAuth2Client.getHostPublicKey()), null, null, client, null, null, null, null, null);
    }

    @Override // de.samply.auth.client.AuthClient
    public ClientListDto getClients() {
        return (ClientListDto) getClientBuilder().get(ClientListDto.class);
    }

    @Override // de.samply.auth.client.AuthClient
    public UserListDto searchUser(String str) {
        return AuthClientUtils.keycloakUsersToSamply((UserRepresentation[]) getUserBuilder(str).header("Authorization", getRestAccessToken().getHeader()).get(UserRepresentation[].class));
    }

    @Override // de.samply.auth.client.AuthClient
    public List<LocationDto> getLocations() {
        return ((LocationListDto) getLocationsBuilder().header("Authorization", getAuthorizationHeader()).get(LocationListDto.class)).getLocations();
    }

    @Override // de.samply.auth.client.AuthClient
    public Response register(RegistrationWrapper registrationWrapper) {
        UserRepresentation usrRep = registrationWrapper.getUsrRep();
        if (usrRep == null) {
            return null;
        }
        return getRegisterBuilder().header("Authorization", getRestAccessToken().getHeader()).post(Entity.json(usrRep));
    }

    @Override // de.samply.auth.client.AuthClient
    protected JwtAccessToken getNewAccessToken() throws JwtException, InvalidTokenException {
        boolean contains;
        this.logger.debug("Requesting new access token, base URL: " + this.baseUrl);
        Invocation.Builder accessTokenBuilder = getAccessTokenBuilder();
        Form form = new Form();
        if (this.refreshToken != null) {
            form.param("refresh_token", this.refreshToken.getSerialized());
        } else if (this.code != null) {
            form.param("grant_type", GrantType.AUTHORIZATION_CODE);
            form.param("code", this.code);
            form.param("redirect_uri", this.redirectUrl);
            form.param("client_id", this.config.getClientId());
            form.param("client_secret", this.config.getClientSecret());
            form.param("state", this.state);
        } else if (this.grantType.equals(GrantType.CLIENT_CREDENTIALS)) {
            form.param("grant_type", this.grantType);
            form.param("client_id", this.config.getClientId());
            form.param("client_secret", this.config.getClientSecret());
            form.param("scope", "openid");
        } else if (this.grantType.equals(GrantType.PASSWORD)) {
            form.param("grant_type", this.grantType);
            form.param("client_id", this.config.getClientId());
            form.param("client_secret", this.config.getClientSecret());
            form.param("username", this.username);
            form.param(GrantType.PASSWORD, this.password);
            form.param("scope", "openid");
        }
        try {
            contains = ((List) Stream.concat(getDiscovery().getSupportedIdTokenSigningAlgs().stream(), getDiscovery().getSupportedSigningAlgs().stream()).collect(Collectors.toList())).contains(JWSAlgorithm.HS256.getName());
            AccessTokenDto accessTokenDto = (AccessTokenDto) accessTokenBuilder.post(Entity.form(form), AccessTokenDto.class);
            this.accessToken = new JwtAccessToken(this.publicKey, accessTokenDto.getAccessToken(), contains);
            this.idToken = new JwtIdToken(this.config.getClientId(), this.publicKey, accessTokenDto.getIdToken(), contains);
            this.refreshToken = new JwtRefreshToken(this.publicKey, accessTokenDto.getRefreshToken(), contains);
        } catch (ResponseProcessingException e) {
            this.logger.error("Error processing the response: " + e.getMessage());
        } catch (ProcessingException e2) {
            this.logger.error("General processing error: " + e2.getMessage());
        }
        if (checkTokenValidity(this.accessToken, contains) && checkTokenValidity(this.idToken, contains) && checkTokenValidity(this.refreshToken, contains)) {
            this.logger.debug("Got new valid access token using a code!");
            return this.accessToken;
        }
        this.logger.debug("The token we got was not valid. Throw an exception.");
        throw new InvalidTokenException();
    }

    public boolean checkTokenValidity(AbstractJwt abstractJwt, boolean z) {
        if (!z) {
            return abstractJwt.isValid();
        }
        Invocation.Builder tokenIntrospectionBuilder = getTokenIntrospectionBuilder();
        tokenIntrospectionBuilder.header("Authorization", getBasicAuthentication());
        Form form = new Form();
        form.param("token", abstractJwt.getSerialized());
        return ((Boolean) ((JSONObject) tokenIntrospectionBuilder.post(Entity.form(form), JSONObject.class)).getOrDefault("active", false)).booleanValue();
    }

    @Override // de.samply.auth.client.AuthClient
    public OAuth2Discovery getDiscovery() {
        return (OAuth2Discovery) getDiscoveryBuilder().get(OAuth2Discovery.class);
    }

    private WebTarget getUriPrefix() {
        return this.client.target(this.baseUrl).path(OAuth2ClientConfig.getEndpointPrefix(this.config.getRealm()));
    }

    @Override // de.samply.auth.client.AuthClient
    protected Invocation.Builder getAccessTokenBuilder() {
        return getUriPrefix().path("token").request(new String[]{"application/json"});
    }

    protected Invocation.Builder getTokenIntrospectionBuilder() {
        return this.client.target(this.baseUrl).path(OAuth2ClientConfig.getEndpointPrefix(this.config.getRealm())).path("token").path("introspect").request(new String[]{"application/json"});
    }

    private Invocation.Builder getRegisterBuilder() {
        return this.client.target(this.baseUrl).path("admin").path("realms").path(this.config.getRealm()).path("users").request(new String[]{"application/json"});
    }

    private Invocation.Builder getDiscoveryBuilder() {
        return this.client.target(this.baseUrl).path("realms").path(this.config.getRealm()).path(".well-known").path("openid-configuration").request(new String[]{"application/json"});
    }

    private Invocation.Builder getUserBuilder(String str) {
        return this.client.target(this.baseUrl).path("admin").path("realms").path(this.config.getRealm()).path("users").queryParam("search", new Object[]{str}).request(new String[]{"application/json"});
    }

    private Invocation.Builder getLocationsBuilder() {
        return getUriPrefix().path("???").request(new String[]{"application/json"});
    }

    @Override // de.samply.auth.client.AuthClient
    protected Invocation.Builder getClientBuilder() {
        return getUriPrefix().path("token").request(new String[]{"application/json"});
    }

    private String getBasicAuthentication() {
        try {
            return "BASIC " + DatatypeConverter.printBase64Binary((this.config.getClientId() + ":" + this.config.getClientSecret()).getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Cannot encode with UTF-8", e);
        }
    }
}
