package org.flowable.ui.idm.service.keycloak;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import org.apache.activemq.security.SecurityAdminMBean;
import org.flowable.common.engine.api.FlowableException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:WEB-INF/lib/flowable-ui-idm-logic-6.7.2.jar:org/flowable/ui/idm/service/keycloak/KeycloakConfiguration.class */
public class KeycloakConfiguration implements InitializingBean {
    protected String server;
    protected String authenticationPassword;
    protected String realm;
    protected RestTemplate restTemplate;
    protected String authenticationRealm = "master";
    protected String authenticationUser = SecurityAdminMBean.OPERATION_ADMIN;
    protected Duration clockSkew = Duration.ofSeconds(60);
    protected Clock clock = Clock.systemUTC();

    /* loaded from: input_file:WEB-INF/lib/flowable-ui-idm-logic-6.7.2.jar:org/flowable/ui/idm/service/keycloak/KeycloakConfiguration$AccessToken.class */
    public static class AccessToken {
        protected final String value;
        protected final Instant expiresAt;

        public AccessToken(String str, Instant instant) {
            this.value = str;
            this.expiresAt = instant;
        }

        public String getValue() {
            return this.value;
        }

        public Instant getExpiresAt() {
            return this.expiresAt;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/flowable-ui-idm-logic-6.7.2.jar:org/flowable/ui/idm/service/keycloak/KeycloakConfiguration$AuthenticationTokenInterceptor.class */
    public class AuthenticationTokenInterceptor implements ClientHttpRequestInterceptor {
        protected final RestTemplate tokenRestTemplate = new RestTemplate();
        protected AccessToken accessToken;

        public AuthenticationTokenInterceptor() {
            this.accessToken = new AccessToken(null, KeycloakConfiguration.this.clock.instant().minusSeconds(10L));
        }

        @Override // org.springframework.http.client.ClientHttpRequestInterceptor
        public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bArr, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
            HttpHeaders headers = httpRequest.getHeaders();
            if (!headers.containsKey("Authorization")) {
                headers.setBearerAuth(getAccessTokenValue());
            }
            return clientHttpRequestExecution.execute(httpRequest, bArr);
        }

        public String getAccessTokenValue() {
            String value;
            if (hasTokenExpired()) {
                AccessToken fetchAccessToken = fetchAccessToken();
                this.accessToken = fetchAccessToken;
                value = fetchAccessToken.getValue();
            } else {
                value = this.accessToken.getValue();
            }
            return value;
        }

        /* JADX WARN: Multi-variable type inference failed */
        public AccessToken fetchAccessToken() {
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.add("username", KeycloakConfiguration.this.getAuthenticationUser());
            linkedMultiValueMap.add("password", KeycloakConfiguration.this.getAuthenticationPassword());
            linkedMultiValueMap.add(OAuth2ParameterNames.GRANT_TYPE, "password");
            linkedMultiValueMap.add("client_id", "admin-cli");
            ResponseEntity postForEntity = this.tokenRestTemplate.postForEntity(KeycloakConfiguration.this.getServer() + "auth/realms/{realm}/protocol/openid-connect/token", new HttpEntity(linkedMultiValueMap, httpHeaders), JsonNode.class, KeycloakConfiguration.this.getAuthenticationRealm());
            HttpStatus statusCode = postForEntity.getStatusCode();
            if (!statusCode.is2xxSuccessful()) {
                throw new FlowableException("Could not get access token. Status code: " + statusCode + ". Token response: " + postForEntity.getBody());
            }
            JsonNode jsonNode = (JsonNode) postForEntity.getBody();
            if (jsonNode == null) {
                throw new FlowableException("Could not get access token");
            }
            String asText = jsonNode.path(OAuth2ParameterNames.ACCESS_TOKEN).asText(null);
            long asLong = jsonNode.path(OAuth2ParameterNames.EXPIRES_IN).asLong(0L);
            return new AccessToken(asText, Instant.now().plusSeconds(asLong > 0 ? asLong : 1L));
        }

        protected boolean hasTokenExpired() {
            return KeycloakConfiguration.this.clock.instant().isAfter(this.accessToken.getExpiresAt().minus((TemporalAmount) KeycloakConfiguration.this.clockSkew));
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.hasText(this.server, "server must be set");
        Assert.hasText(this.authenticationPassword, "authenticationPassword must be set");
        Assert.hasText(this.realm, "realm must be set");
        if (this.restTemplate == null) {
            this.restTemplate = new RestTemplate();
            this.restTemplate.getInterceptors().add(new AuthenticationTokenInterceptor());
        }
    }

    public String getServer() {
        return this.server;
    }

    public void setServer(String str) {
        Assert.notNull(this.clock, "authenticationServer cannot be null");
        if (str.endsWith("/")) {
            this.server = str;
        } else {
            this.server = str + "/";
        }
    }

    public String getAuthenticationRealm() {
        return this.authenticationRealm;
    }

    public void setAuthenticationRealm(String str) {
        Assert.notNull(this.clock, "authenticationRealm cannot be null");
        this.authenticationRealm = str;
    }

    public String getAuthenticationUser() {
        return this.authenticationUser;
    }

    public void setAuthenticationUser(String str) {
        Assert.notNull(this.clock, "authenticationUser cannot be null");
        this.authenticationUser = str;
    }

    public String getAuthenticationPassword() {
        return this.authenticationPassword;
    }

    public void setAuthenticationPassword(String str) {
        Assert.notNull(this.clock, "authenticationPassword cannot be null");
        this.authenticationPassword = str;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        Assert.notNull(this.clock, "realm cannot be null");
        this.realm = str;
    }

    public RestTemplate getRestTemplate() {
        return this.restTemplate;
    }

    public void setRestTemplate(RestTemplate restTemplate) {
        Assert.notNull(this.clock, "restTemplate cannot be null");
        this.restTemplate = restTemplate;
    }

    public Duration getClockSkew() {
        return this.clockSkew;
    }

    public void setClockSkew(Duration duration) {
        Assert.notNull(duration, "clockSkew cannot be null");
        Assert.isTrue(duration.getSeconds() >= 0, "clockSkew must be >= 0");
        this.clockSkew = duration;
    }

    public Clock getClock() {
        return this.clock;
    }

    public void setClock(Clock clock) {
        Assert.notNull(clock, "clock cannot be null");
        this.clock = clock;
    }
}
