package it.geosolutions.geoserver.rest.http;

import java.io.IOException;
import net.sf.json.JSONObject;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;

/* loaded from: input_file:it/geosolutions/geoserver/rest/http/KeycloakAuthenticator.class */
public class KeycloakAuthenticator implements GeoServerRestAuthenticator {
    private String username;
    private String pw;
    private String clientId;
    private String clientSecret;
    private String url;
    private String realm;
    private String accessToken;
    private long accessTokenExpired;
    private String refreshToken;
    private long refreshTokenExpired;
    private String proxyHost;
    private int proxyPort;

    public KeycloakAuthenticator(String str, String str2, String str3, String str4, String str5, String str6, String str7, int i) {
        this.username = str;
        this.pw = str2;
        this.clientId = str3;
        this.clientSecret = str4;
        this.url = str5;
        this.realm = str6;
        this.proxyHost = str7;
        this.proxyPort = i;
    }

    private synchronized void getNewToken(HttpClient httpClient) throws IOException {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (currentTimeMillis < this.accessTokenExpired) {
            return;
        }
        PostMethod postMethod = new PostMethod(this.url + "realms/" + this.realm + "/protocol/openid-connect/token");
        if (currentTimeMillis < this.refreshTokenExpired) {
            postMethod.setRequestBody(new NameValuePair[]{new NameValuePair("grant_type", "refresh_token"), new NameValuePair("refresh_token", this.refreshToken), new NameValuePair("client_id", this.clientId), new NameValuePair("client_secret", this.clientSecret), new NameValuePair("scope", "openid")});
        } else {
            postMethod.setRequestBody(new NameValuePair[]{new NameValuePair("grant_type", "password"), new NameValuePair("password", this.pw), new NameValuePair("username", this.username), new NameValuePair("client_id", this.clientId), new NameValuePair("client_secret", this.clientSecret), new NameValuePair("scope", "openid")});
        }
        if (this.proxyHost != null) {
            httpClient.getHostConfiguration().setProxy(this.proxyHost, this.proxyPort);
        }
        httpClient.executeMethod(postMethod);
        JSONObject json = HTTPUtils.json(postMethod.getResponseBodyAsString());
        if (!json.has("access_token")) {
            throw new IOException("error while getting keycloak access token: " + (json.has("error_description") ? json.getString("error_description") : "unknown"));
        }
        this.accessToken = json.getString("access_token");
        this.accessTokenExpired = currentTimeMillis + json.getInt("expires_in");
        this.refreshToken = json.getString("refresh_token");
        this.refreshTokenExpired = currentTimeMillis + json.getInt("refresh_expires_in");
    }

    @Override // it.geosolutions.geoserver.rest.http.GeoServerRestAuthenticator
    public void setAuth(HttpClient httpClient, HttpMethod httpMethod) throws IOException {
        getNewToken(httpClient);
        httpMethod.addRequestHeader("Authorization", "bearer " + this.accessToken);
    }
}
