package edu.internet2.middleware.grouper.app.boxProvisioner;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.RSAKeyProvider;
import com.fasterxml.jackson.databind.JsonNode;
import edu.internet2.middleware.grouper.app.config.GrouperConfigurationModuleAttribute;
import edu.internet2.middleware.grouper.app.externalSystem.GrouperExternalSystem;
import edu.internet2.middleware.grouper.cfg.dbConfig.ConfigFileName;
import edu.internet2.middleware.grouper.cfg.text.GrouperTextContainer;
import edu.internet2.middleware.grouper.util.GrouperHttpClient;
import edu.internet2.middleware.grouper.util.GrouperHttpMethod;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.collections.MultiKey;
import edu.internet2.middleware.grouperClient.util.ExpirableCache;
import edu.internet2.middleware.grouperClient.util.GrouperClientConfig;
import edu.internet2.middleware.morphString.Morph;
import java.io.File;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;

/* loaded from: input_file:WEB-INF/lib/grouper-4.1.3.jar:edu/internet2/middleware/grouper/app/boxProvisioner/BoxGrouperExternalSystem.class */
public class BoxGrouperExternalSystem extends GrouperExternalSystem {
    private static ExpirableCache<String, MultiKey> configKeyToExpiresOnAndBearerToken = new ExpirableCache<>(60);

    /* loaded from: input_file:WEB-INF/lib/grouper-4.1.3.jar:edu/internet2/middleware/grouper/app/boxProvisioner/BoxGrouperExternalSystem$BoxRsaKeyProvider.class */
    static class BoxRsaKeyProvider implements RSAKeyProvider {
        private RSAPrivateKey privateKey;
        private String publicKeyId;

        BoxRsaKeyProvider(PrivateKey privateKey, String str) {
            this.privateKey = (RSAPrivateKey) privateKey;
            this.publicKeyId = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.auth0.jwt.interfaces.KeyProvider
        public RSAPublicKey getPublicKeyById(String str) {
            throw new RuntimeException("not implemented");
        }

        @Override // com.auth0.jwt.interfaces.KeyProvider
        public String getPrivateKeyId() {
            return this.publicKeyId;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.auth0.jwt.interfaces.KeyProvider
        public RSAPrivateKey getPrivateKey() {
            return this.privateKey;
        }
    }

    public static void clearCache() {
        configKeyToExpiresOnAndBearerToken.clear();
    }

    @Override // edu.internet2.middleware.grouper.app.config.GrouperConfigurationModuleBase
    public ConfigFileName getConfigFileName() {
        return ConfigFileName.GROUPER_CLIENT_PROPERTIES;
    }

    @Override // edu.internet2.middleware.grouper.app.config.GrouperConfigurationModuleBase
    public String getConfigItemPrefix() {
        if (StringUtils.isBlank(getConfigId())) {
            throw new RuntimeException("Must have configId!");
        }
        return "grouperClient.boxConnector." + getConfigId() + ".";
    }

    @Override // edu.internet2.middleware.grouper.app.config.GrouperConfigurationModuleBase
    public String getConfigIdRegex() {
        return "^(grouperClient\\.boxConnector)\\.([^.]+)\\.(.*)$";
    }

    @Override // edu.internet2.middleware.grouper.app.config.GrouperConfigurationModuleBase
    public String getConfigIdThatIdentifiesThisConfig() {
        return "myConnector";
    }

    public static String retrieveAccessTokenForBoxConfigId(Map<String, Object> map, String str) {
        PrivateKey generatePrivate;
        long currentTimeMillis = System.currentTimeMillis();
        MultiKey multiKey = configKeyToExpiresOnAndBearerToken.get(str);
        if (multiKey != null) {
            long longValue = ((Long) multiKey.getKey(0)).longValue();
            String str2 = (String) multiKey.getKey(1);
            if (longValue * 1000 > System.currentTimeMillis()) {
                if (map != null) {
                    map.put("boxCachedAccessToken", true);
                }
                return Morph.decrypt(str2);
            }
        }
        String propertyValueString = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".authenticationUrl");
        String propertyValueString2 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".publicKeyId");
        String propertyValueString3 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".privateKeyFileName");
        String propertyValueString4 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".privateKeyContents_0");
        String propertyValueString5 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".privateKeyPass");
        String propertyValueString6 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".clientId");
        String propertyValueString7 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".clientSecret");
        String propertyValueString8 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".enterpriseId");
        boolean z = StringUtils.isNotBlank(propertyValueString3) || StringUtils.isNotBlank(propertyValueString4);
        String str3 = null;
        if (z) {
            String readFileIntoString = StringUtils.isNotBlank(propertyValueString3) ? GrouperUtil.readFileIntoString(new File(propertyValueString3)) : propertyValueString4;
            if (StringUtils.isNotBlank(propertyValueString5)) {
                try {
                    Security.addProvider(new BouncyCastleProvider());
                    generatePrivate = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) new PEMParser(new StringReader(readFileIntoString)).readObject()).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(propertyValueString5.toCharArray())));
                } catch (Exception e) {
                    throw new RuntimeException("Could not construct private key", e);
                }
            } else {
                try {
                    generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(readFileIntoString)));
                } catch (NoSuchAlgorithmException e2) {
                    throw new RuntimeException("Could not reconstruct the private key, the given algorithm could not be found.", e2);
                } catch (InvalidKeySpecException e3) {
                    throw new RuntimeException("Could not reconstruct the private key", e3);
                } catch (Exception e4) {
                    throw new RuntimeException("Could not construct private key from key contents", e4);
                }
            }
            str3 = JWT.create().withIssuer(propertyValueString6).withSubject(propertyValueString8).withAudience(propertyValueString).withClaim("box_sub_type", "enterprise").withIssuedAt(new Date(currentTimeMillis)).withJWTId(UUID.randomUUID().toString()).withExpiresAt(new Date(currentTimeMillis + 45000)).sign(Algorithm.RSA512(new BoxRsaKeyProvider(generatePrivate, propertyValueString2)));
        }
        GrouperHttpClient grouperHttpClient = new GrouperHttpClient();
        grouperHttpClient.assignGrouperHttpMethod(GrouperHttpMethod.post);
        grouperHttpClient.assignUrl(propertyValueString);
        String propertyValueString9 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".proxyHost");
        String propertyValueString10 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".proxyPort");
        String propertyValueString11 = GrouperClientConfig.retrieveConfig().propertyValueString("grouperClient.boxConnector." + str + ".proxyType");
        String str4 = null;
        if (StringUtils.isNotBlank(propertyValueString9)) {
            str4 = propertyValueString9;
            if (StringUtils.isNotBlank(propertyValueString10)) {
                str4 = str4 + ":" + propertyValueString10;
            }
        }
        if (StringUtils.isNotBlank(str4)) {
            grouperHttpClient.assignProxyUrl(str4);
        }
        if (StringUtils.isNotBlank(propertyValueString11)) {
            grouperHttpClient.assignProxyType(propertyValueString11);
        }
        if (z) {
            grouperHttpClient.addBodyParameter("assertion", str3);
            grouperHttpClient.addBodyParameter("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
        } else {
            grouperHttpClient.addBodyParameter("grant_type", "client_credentials");
            grouperHttpClient.addBodyParameter("box_subject_type", "enterprise");
            grouperHttpClient.addBodyParameter("box_subject_id", propertyValueString8);
        }
        grouperHttpClient.addBodyParameter("client_id", propertyValueString6);
        grouperHttpClient.addBodyParameter("client_secret", propertyValueString7);
        try {
            grouperHttpClient.executeRequest();
            int responseCode = grouperHttpClient.getResponseCode();
            String responseBody = grouperHttpClient.getResponseBody();
            if (responseCode != 200) {
                throw new RuntimeException("Cant get access token from '" + propertyValueString + "' " + responseCode + ", " + responseBody);
            }
            JsonNode jsonJacksonNode = GrouperUtil.jsonJacksonNode(responseBody);
            int intValue = GrouperUtil.jsonJacksonGetInteger(jsonJacksonNode, "expires_in").intValue();
            String jsonJacksonGetString = GrouperUtil.jsonJacksonGetString(jsonJacksonNode, "access_token");
            configKeyToExpiresOnAndBearerToken.put(str, new MultiKey(Long.valueOf(((currentTimeMillis / 1000) + intValue) - 5), Morph.encrypt(jsonJacksonGetString)));
            return jsonJacksonGetString;
        } catch (Exception e5) {
            throw new RuntimeException("Error connecting to '" + propertyValueString + "'", e5);
        }
    }

    @Override // edu.internet2.middleware.grouper.app.externalSystem.GrouperExternalSystem
    public void validatePreSave(boolean z, boolean z2, List<String> list, Map<String, String> map) {
        super.validatePreSave(z, z2, list, map);
        GrouperConfigurationModuleAttribute grouperConfigurationModuleAttribute = retrieveAttributes().get("authenticationType");
        if (grouperConfigurationModuleAttribute == null || !StringUtils.equals(grouperConfigurationModuleAttribute.getValueOrExpressionEvaluation(), "JWT")) {
            return;
        }
        GrouperConfigurationModuleAttribute grouperConfigurationModuleAttribute2 = retrieveAttributes().get("privateKeyContents_0");
        GrouperConfigurationModuleAttribute grouperConfigurationModuleAttribute3 = retrieveAttributes().get("privateKeyFileName");
        if (StringUtils.isBlank(grouperConfigurationModuleAttribute2.getValueOrExpressionEvaluation()) && StringUtils.isBlank(grouperConfigurationModuleAttribute3.getValueOrExpressionEvaluation())) {
            map.put(grouperConfigurationModuleAttribute2.getHtmlForElementIdHandle(), GrouperTextContainer.textOrNull("grouperConfigurationValidationBoxFilePathOrPrivateKeyRequired"));
        }
    }
}
