package de.retest.recheck.auth;

import com.auth0.jwk.JwkException;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.MalformedURLException;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import kong.unirest.HttpResponse;
import kong.unirest.JsonNode;
import kong.unirest.Unirest;
import kong.unirest.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.client.utils.URLEncodedUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/retest/recheck/auth/RetestAuthentication.class */
public class RetestAuthentication {
    private static final Logger log = LoggerFactory.getLogger(RetestAuthentication.class);
    private static final String REALM = "customer";
    private static final String KEYCLOAK_URL = "https://login.retest.de/auth";
    private static final String BASE_URL = "https://login.retest.de/auth/realms/customer/protocol/openid-connect";
    private static final String AUTH_URL = "https://login.retest.de/auth/realms/customer/protocol/openid-connect/auth";
    private static final String TOKEN_URL = "https://login.retest.de/auth/realms/customer/protocol/openid-connect/token";
    private static final String CERTS_URL = "https://login.retest.de/auth/realms/customer/protocol/openid-connect/certs";
    private static final String LOGOUT_URL = "https://login.retest.de/auth/realms/customer/protocol/openid-connect/logout";
    private static final String OAUTH_ACCESS_TOKEN = "access_token";
    private static final String OAUTH_REFRESH_TOKEN = "refresh_token";
    private static final String OAUTH_GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code";
    private static final String OAUTH_GRANT_TYPE = "grant_type";
    private static final String OAUTH_SCOPE_OFFLINE_ACCESS = "offline_access";
    private static final String OAUTH_SCOPE = "scope";
    private static final String OAUTH_STATE = "state";
    private static final String OAUTH_REDIRECT_URI = "redirect_uri";
    private static final String OAUTH_CLIENT_ID = "client_id";
    private static final String OAUTH_RESPONSE_TYPE_CODE = "code";
    private static final String OAUTH_RESPONSE_TYPE = "response_type";
    private static final String PUBLIC_KEY_ID = "cXdlj_AlGVf-TbXyauXYM2XairgNUahzgOXHAuAxAmQ";
    private DecodedJWT accessToken;
    private final AuthenticationHandler handler;
    private final String client;
    private final JWTVerifier verifier = getJwtVerifier();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/retest/recheck/auth/RetestAuthentication$CallbackListener.class */
    public class CallbackListener extends Thread {
        private final ServerSocket server = new ServerSocket(0);
        private KeycloakResult result;

        public CallbackListener() throws IOException {
        }

        /* JADX WARN: Finally extract failed */
        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                Socket accept = this.server.accept();
                Throwable th = null;
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(accept.getInputStream()));
                    try {
                        this.result = RetestAuthentication.getRequestParameters(bufferedReader.readLine());
                        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(accept.getOutputStream());
                        try {
                            PrintWriter printWriter = new PrintWriter(outputStreamWriter);
                            try {
                                if (this.result.getError() == null) {
                                    printWriter.println("HTTP/1.1 302 Found");
                                    printWriter.println("Location: " + RetestAuthentication.TOKEN_URL.replace("/token", "/delegated"));
                                } else {
                                    printWriter.println("HTTP/1.1 302 Found");
                                    printWriter.println("Location: " + RetestAuthentication.TOKEN_URL.replace("/token", "/delegated?error=true"));
                                }
                                if (Collections.singletonList(printWriter).get(0) != null) {
                                    printWriter.close();
                                }
                                if (Collections.singletonList(outputStreamWriter).get(0) != null) {
                                    outputStreamWriter.close();
                                }
                                if (Collections.singletonList(bufferedReader).get(0) != null) {
                                    bufferedReader.close();
                                }
                                if (accept != null) {
                                    if (0 != 0) {
                                        try {
                                            accept.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        accept.close();
                                    }
                                }
                            } catch (Throwable th3) {
                                if (Collections.singletonList(printWriter).get(0) != null) {
                                    printWriter.close();
                                }
                                throw th3;
                            }
                        } catch (Throwable th4) {
                            if (Collections.singletonList(outputStreamWriter).get(0) != null) {
                                outputStreamWriter.close();
                            }
                            throw th4;
                        }
                    } catch (Throwable th5) {
                        if (Collections.singletonList(bufferedReader).get(0) != null) {
                            bufferedReader.close();
                        }
                        throw th5;
                    }
                } finally {
                }
            } catch (IOException e) {
                RetestAuthentication.log.error("Error during communication with {}", RetestAuthentication.KEYCLOAK_URL, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/retest/recheck/auth/RetestAuthentication$TokenBundle.class */
    public static class TokenBundle {
        private String accessToken;
        private String refreshToken;

        public String getAccessToken() {
            return this.accessToken;
        }

        public String getRefreshToken() {
            return this.refreshToken;
        }

        public void setAccessToken(String str) {
            this.accessToken = str;
        }

        public void setRefreshToken(String str) {
            this.refreshToken = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof TokenBundle)) {
                return false;
            }
            TokenBundle tokenBundle = (TokenBundle) obj;
            if (!tokenBundle.canEqual(this)) {
                return false;
            }
            String accessToken = getAccessToken();
            String accessToken2 = tokenBundle.getAccessToken();
            if (accessToken == null) {
                if (accessToken2 != null) {
                    return false;
                }
            } else if (!accessToken.equals(accessToken2)) {
                return false;
            }
            String refreshToken = getRefreshToken();
            String refreshToken2 = tokenBundle.getRefreshToken();
            return refreshToken == null ? refreshToken2 == null : refreshToken.equals(refreshToken2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof TokenBundle;
        }

        public int hashCode() {
            String accessToken = getAccessToken();
            int hashCode = (1 * 59) + (accessToken == null ? 43 : accessToken.hashCode());
            String refreshToken = getRefreshToken();
            return (hashCode * 59) + (refreshToken == null ? 43 : refreshToken.hashCode());
        }

        public String toString() {
            return "RetestAuthentication.TokenBundle(accessToken=" + getAccessToken() + ", refreshToken=" + getRefreshToken() + ")";
        }
    }

    public RetestAuthentication(AuthenticationHandler authenticationHandler, String str) {
        this.handler = authenticationHandler;
        this.client = str;
    }

    private JWTVerifier getJwtVerifier() {
        try {
            return JWT.require(Algorithm.RSA256((RSAPublicKey) new UrlJwkProvider(URI.create(CERTS_URL).toURL()).get(PUBLIC_KEY_ID).getPublicKey(), (RSAPrivateKey) null)).acceptLeeway(3L).build();
        } catch (JwkException | MalformedURLException e) {
            throw new RuntimeException("Error accessing keycloak JWK information", e);
        }
    }

    public void authenticate() {
        if (this.handler.getOfflineToken() != null) {
            refreshTokens();
        } else {
            log.info("No active token found, initiating authentication");
            login();
        }
    }

    private void login() {
        try {
            CallbackListener callbackListener = new CallbackListener();
            callbackListener.start();
            String str = "http://localhost:" + callbackListener.server.getLocalPort();
            String uuid = UUID.randomUUID().toString();
            URIBuilder uRIBuilder = new URIBuilder(AUTH_URL);
            uRIBuilder.addParameter(OAUTH_RESPONSE_TYPE, OAUTH_RESPONSE_TYPE_CODE);
            uRIBuilder.addParameter(OAUTH_CLIENT_ID, this.client);
            uRIBuilder.addParameter(OAUTH_REDIRECT_URI, str);
            uRIBuilder.addParameter(OAUTH_STATE, uuid);
            uRIBuilder.addParameter(OAUTH_SCOPE, OAUTH_SCOPE_OFFLINE_ACCESS);
            this.handler.showWebLoginUri(URI.create(uRIBuilder.build().toString()));
            callbackListener.join();
            if (loginSuccessful(uuid, callbackListener.result)) {
                TokenBundle accessCodeToToken = accessCodeToToken(callbackListener.result.getCode(), str);
                this.accessToken = this.verifier.verify(accessCodeToToken.accessToken);
                this.handler.loginPerformed(accessCodeToToken.refreshToken);
            } else {
                this.handler.loginFailed(retrieveError(callbackListener.result));
            }
        } catch (IOException | InterruptedException | URISyntaxException e) {
            log.error("Error during authentication", e);
            Thread.currentThread().interrupt();
        }
    }

    private Throwable retrieveError(KeycloakResult keycloakResult) {
        IOException errorException = keycloakResult.getErrorException();
        String error = keycloakResult.getError();
        return errorException != null ? errorException : !StringUtils.isEmpty(error) ? new RuntimeException(error) : new RuntimeException("Error during login");
    }

    private boolean loginSuccessful(String str, KeycloakResult keycloakResult) {
        return str.equals(keycloakResult.getState()) && keycloakResult.getError() == null && keycloakResult.getErrorException() == null;
    }

    private TokenBundle accessCodeToToken(String str, String str2) {
        TokenBundle tokenBundle = new TokenBundle();
        HttpResponse asJson = Unirest.post(TOKEN_URL).field(OAUTH_GRANT_TYPE, OAUTH_GRANT_TYPE_AUTHORIZATION_CODE).field(OAUTH_RESPONSE_TYPE_CODE, str).field(OAUTH_CLIENT_ID, this.client).field(OAUTH_REDIRECT_URI, str2).asJson();
        if (asJson.isSuccess()) {
            JSONObject object = ((JsonNode) asJson.getBody()).getObject();
            tokenBundle.setAccessToken(object.getString(OAUTH_ACCESS_TOKEN));
            tokenBundle.setRefreshToken(object.getString(OAUTH_REFRESH_TOKEN));
        }
        return tokenBundle;
    }

    public void logout() {
        if (this.handler.getOfflineToken() == null) {
            log.error("No offline token provided");
            return;
        }
        HttpResponse asJson = Unirest.post(LOGOUT_URL).field(OAUTH_REFRESH_TOKEN, this.handler.getOfflineToken()).field(OAUTH_CLIENT_ID, this.client).asJson();
        if (asJson.isSuccess()) {
            this.handler.logoutPerformed();
        } else {
            this.handler.logoutFailed(new RuntimeException(asJson.getStatusText()));
        }
    }

    private void refreshTokens() {
        Optional<DecodedJWT> refreshAccessToken = refreshAccessToken();
        if (refreshAccessToken.isPresent()) {
            this.accessToken = refreshAccessToken.get();
        } else {
            login();
        }
    }

    public DecodedJWT getAccessToken() {
        if (!isAccessTokenValid()) {
            refreshTokens();
        }
        return this.accessToken;
    }

    private Optional<DecodedJWT> refreshAccessToken() {
        HttpResponse asJson = Unirest.post(TOKEN_URL).field(OAUTH_GRANT_TYPE, OAUTH_REFRESH_TOKEN).field(OAUTH_REFRESH_TOKEN, this.handler.getOfflineToken()).field(OAUTH_CLIENT_ID, this.client).asJson();
        if (asJson.isSuccess()) {
            try {
                return Optional.of(this.verifier.verify(((JsonNode) asJson.getBody()).getObject().getString(OAUTH_ACCESS_TOKEN)));
            } catch (Exception e) {
                log.error("Error verifying access token: {}", e.getMessage());
                log.debug("Details: ", e);
            }
        }
        log.error("Error retrieving access token: {}", asJson.getStatusText());
        return Optional.empty();
    }

    private boolean isAccessTokenValid() {
        try {
            return (this.accessToken == null || this.verifier.verify(this.accessToken) == null) ? false : true;
        } catch (JWTVerificationException e) {
            log.info("Current token is invalid, requesting new one");
            return false;
        }
    }

    static KeycloakResult getRequestParameters(String str) {
        Map map = (Map) URLEncodedUtils.parse(URI.create("http://localhost/" + str.split(" ")[1]), StandardCharsets.UTF_8).stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getValue();
        }));
        return KeycloakResult.builder().code((String) map.get(OAUTH_RESPONSE_TYPE_CODE)).error((String) map.get("error")).errorDescription((String) map.get("error-description")).state((String) map.get(OAUTH_STATE)).build();
    }
}
