package be.atbash.ee.security.octopus.oauth2.adapter;

import be.atbash.ee.security.octopus.authc.AuthenticationInfo;
import be.atbash.ee.security.octopus.authc.AuthenticationStrategy;
import be.atbash.ee.security.octopus.authz.AuthorizationInfo;
import be.atbash.ee.security.octopus.authz.permission.PermissionJSONProvider;
import be.atbash.ee.security.octopus.config.Debug;
import be.atbash.ee.security.octopus.config.OctopusCoreConfiguration;
import be.atbash.ee.security.octopus.realm.AuthorizationInfoBuilder;
import be.atbash.ee.security.octopus.realm.SecurityDataProvider;
import be.atbash.ee.security.octopus.sso.client.ClientCustomization;
import be.atbash.ee.security.octopus.sso.client.OpenIdVariableClientData;
import be.atbash.ee.security.octopus.sso.client.SSOAuthenticationInfoBuilder;
import be.atbash.ee.security.octopus.sso.client.config.OctopusSSOServerClientConfiguration;
import be.atbash.ee.security.octopus.sso.client.requestor.CustomUserInfoValidator;
import be.atbash.ee.security.octopus.sso.client.requestor.OctopusUserRequestor;
import be.atbash.ee.security.octopus.sso.client.requestor.PermissionRequestor;
import be.atbash.ee.security.octopus.sso.core.OctopusRetrievalException;
import be.atbash.ee.security.octopus.sso.core.rest.DefaultPrincipalUserInfoJSONProvider;
import be.atbash.ee.security.octopus.sso.core.token.OctopusSSOToken;
import be.atbash.ee.security.octopus.sso.core.token.OctopusSSOTokenConverter;
import be.atbash.ee.security.octopus.subject.PrincipalCollection;
import be.atbash.ee.security.octopus.token.AuthenticationToken;
import be.atbash.ee.security.octopus.token.UsernamePasswordToken;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import java.net.URISyntaxException;
import java.text.ParseException;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
import javax.ws.rs.core.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/atbash/ee/security/octopus/oauth2/adapter/ClientAuthenticationInfoProvider.class */
public class ClientAuthenticationInfoProvider extends SecurityDataProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(ClientAuthenticationInfoProvider.class.getName());
    private OctopusCoreConfiguration coreConfiguration;
    private OctopusSSOServerClientConfiguration configuration;
    private PermissionRequestor permissionRequestor;

    private void init() {
        if (this.coreConfiguration == null) {
            this.coreConfiguration = OctopusCoreConfiguration.getInstance();
            this.configuration = OctopusSSOServerClientConfiguration.getInstance();
            OctopusSSOServerClientConfiguration octopusSSOServerClientConfiguration = OctopusSSOServerClientConfiguration.getInstance();
            PermissionJSONProvider permissionJSONProvider = getPermissionJSONProvider();
            ClientCustomization clientCustomization = getClientCustomization();
            if (clientCustomization == null) {
                this.permissionRequestor = new PermissionRequestor(this.coreConfiguration, octopusSSOServerClientConfiguration, (ClientCustomization) null, (Configuration) null, permissionJSONProvider);
            } else {
                this.permissionRequestor = new PermissionRequestor(this.coreConfiguration, octopusSSOServerClientConfiguration, clientCustomization, clientCustomization.getConfiguration(PermissionRequestor.class), permissionJSONProvider);
            }
        }
    }

    private ClientCustomization getClientCustomization() {
        ClientCustomization clientCustomization = null;
        Iterator it = ServiceLoader.load(ClientCustomization.class).iterator();
        if (it.hasNext()) {
            clientCustomization = (ClientCustomization) it.next();
        }
        return clientCustomization;
    }

    private PermissionJSONProvider getPermissionJSONProvider() {
        PermissionJSONProvider permissionJSONProvider = null;
        Iterator it = ServiceLoader.load(PermissionJSONProvider.class).iterator();
        if (it.hasNext()) {
            permissionJSONProvider = (PermissionJSONProvider) it.next();
        }
        if (permissionJSONProvider == null) {
            permissionJSONProvider = new PermissionJSONProvider();
        }
        return permissionJSONProvider;
    }

    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) {
        init();
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            return null;
        }
        TokenErrorResponse token = TokenRequestor.getInstance(this.coreConfiguration, this.configuration).getToken((UsernamePasswordToken) authenticationToken);
        if (!token.indicatesSuccess()) {
            return null;
        }
        AccessTokenResponse accessTokenResponse = (AccessTokenResponse) token;
        try {
            OctopusSSOToken octopusSSOToken = new OctopusUserRequestor(this.coreConfiguration, this.configuration, new OctopusSSOTokenConverter(), new DefaultPrincipalUserInfoJSONProvider(), (CustomUserInfoValidator) null).getOctopusSSOToken(new OpenIdVariableClientData(), accessTokenResponse.getTokens().getBearerAccessToken());
            octopusSSOToken.setLogoutHandlerAsRequired();
            return new SSOAuthenticationInfoBuilder(octopusSSOToken).getAuthenticationInfo();
        } catch (URISyntaxException | JOSEException | ParseException | OctopusRetrievalException | com.nimbusds.oauth2.sdk.ParseException e) {
            e.printStackTrace();
            return null;
        }
    }

    public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principalCollection) {
        init();
        OctopusSSOToken userInfo = principalCollection.getPrimaryPrincipal().getUserInfo("token");
        if (!(userInfo instanceof OctopusSSOToken)) {
            throw new AtbashUnexpectedException("UserPrincipal should be based on OctopusSSOToken. Did you use fakeLogin Module and forget to define Permissions for the fake user?");
        }
        OctopusSSOToken octopusSSOToken = userInfo;
        String accessToken = octopusSSOToken.getAccessToken();
        if (this.coreConfiguration.showDebugFor().contains(Debug.SSO_FLOW)) {
            LOGGER.info(String.format("(SSO Client) Retrieving authorization info for user %s from Octopus SSO Server", octopusSSOToken.getFullName()));
        }
        List retrieveUserPermissions = this.permissionRequestor.retrieveUserPermissions(accessToken);
        AuthorizationInfoBuilder authorizationInfoBuilder = new AuthorizationInfoBuilder();
        authorizationInfoBuilder.addPermissions(retrieveUserPermissions);
        return authorizationInfoBuilder.build();
    }

    public AuthenticationStrategy getAuthenticationStrategy() {
        return AuthenticationStrategy.SUFFICIENT;
    }
}
