package org.wso2.ei.dashboard.core.commons.auth;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import java.util.HashMap;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.ei.dashboard.core.commons.Constants;
import org.wso2.ei.dashboard.core.commons.utils.HttpUtils;
import org.wso2.ei.dashboard.core.exception.DashboardServerException;
import org.wso2.micro.integrator.dashboard.utils.SSOConfig;

/* loaded from: input_file:WEB-INF/classes/org/wso2/ei/dashboard/core/commons/auth/OpaqueTokenSecurityHandler.class */
public class OpaqueTokenSecurityHandler implements SecurityHandler {
    private static final Logger logger = LogManager.getLogger((Class<?>) OpaqueTokenSecurityHandler.class);
    private static final Cache<String, Boolean> adminClaimMap = CacheBuilder.newBuilder().expireAfterWrite(60, TimeUnit.MINUTES).build();

    @Override // org.wso2.ei.dashboard.core.commons.auth.SecurityHandler
    public boolean isAuthenticated(SSOConfig sSOConfig, String str) {
        if (sSOConfig.getIntrospectionEndpoint() == null) {
            sSOConfig.setIntrospectionEndpoint(getIntrospectionEndpointFromWellKnownEndpoint(sSOConfig.getWellKnownEndpoint()));
        }
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.TOKEN, str);
        hashMap.put(Constants.CLIENT_ID, sSOConfig.getOidcAgentConfig().getConsumerKey().getValue());
        hashMap.put(Constants.CLIENT_SECRET, sSOConfig.getOidcAgentConfig().getConsumerSecret().getValue());
        CloseableHttpResponse doPost = HttpUtils.doPost(sSOConfig.getIntrospectionEndpoint(), hashMap);
        if (doPost.getStatusLine().getStatusCode() == 200) {
            return HttpUtils.getJsonResponse(doPost).get(Constants.ACTIVE).getAsBoolean();
        }
        if (!logger.isDebugEnabled()) {
            return false;
        }
        logger.error("Error validating the token using introspection endpoint. ", doPost.getStatusLine().getReasonPhrase());
        return false;
    }

    @Override // org.wso2.ei.dashboard.core.commons.auth.SecurityHandler
    public boolean isAuthorized(SSOConfig sSOConfig, String str) {
        return validateWithCache(str) || validateAdminWithUserInfoEndpoint(sSOConfig, str);
    }

    private boolean validateWithCache(String str) {
        if (adminClaimMap.getIfPresent(str) != null) {
            return adminClaimMap.getIfPresent(str).booleanValue();
        }
        return false;
    }

    private boolean validateAdminWithUserInfoEndpoint(SSOConfig sSOConfig, String str) {
        if (sSOConfig.getUserInfoEndpoint() == null) {
            sSOConfig.setUserInfoEndpoint(getUserInfoEndpointFromWellKnownEndpoint(sSOConfig.getWellKnownEndpoint()));
        }
        CloseableHttpResponse doGet = HttpUtils.doGet(str, sSOConfig.getUserInfoEndpoint());
        if (doGet.getStatusLine().getStatusCode() == 200) {
            Iterator<JsonElement> it = HttpUtils.getJsonResponse(doGet).get(sSOConfig.getAdminGroupAttribute()).getAsJsonArray().iterator();
            while (it.hasNext()) {
                if (sSOConfig.getAllowedAdminGroups().contains(it.next().getAsString())) {
                    adminClaimMap.put(str, true);
                    return true;
                }
            }
            adminClaimMap.put(str, false);
        }
        if (!logger.isDebugEnabled()) {
            return false;
        }
        logger.error("Error validating the token using userInfo endpoint. ", doGet.getStatusLine().getReasonPhrase());
        return false;
    }

    private String getUserInfoEndpointFromWellKnownEndpoint(String str) {
        CloseableHttpResponse doGet = HttpUtils.doGet(new HttpGet(str));
        if (doGet.getStatusLine().getStatusCode() == 200) {
            JsonObject jsonResponse = HttpUtils.getJsonResponse(doGet);
            if (jsonResponse.has(Constants.USERINFO_URI)) {
                return jsonResponse.get(Constants.USERINFO_URI).getAsString();
            }
        }
        throw new DashboardServerException("Cannot find userinfo_endpoint in well known endpoint response. " + doGet.getStatusLine().getReasonPhrase());
    }

    private String getIntrospectionEndpointFromWellKnownEndpoint(String str) {
        CloseableHttpResponse doGet = HttpUtils.doGet(new HttpGet(str));
        if (doGet.getStatusLine().getStatusCode() == 200) {
            JsonObject jsonResponse = HttpUtils.getJsonResponse(doGet);
            if (jsonResponse.has(Constants.INTROSPECTION_URI)) {
                return jsonResponse.get(Constants.INTROSPECTION_URI).getAsString();
            }
        }
        throw new DashboardServerException("Cannot find introspection_endpoint in well known endpoint response. " + doGet.getStatusLine().getReasonPhrase());
    }
}
