package io.cellery.observability.api.auth;

import io.cellery.observability.api.Constants;
import io.cellery.observability.api.Utils;
import io.cellery.observability.api.bean.CelleryConfig;
import io.cellery.observability.api.exception.oidc.OIDCProviderException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
import org.json.JSONObject;
import org.wso2.carbon.config.ConfigurationException;

/* loaded from: input_file:io/cellery/observability/api/auth/OIDCOauthManager.class */
public class OIDCOauthManager {
    private static final Logger log = Logger.getLogger(OIDCOauthManager.class);
    private static final String ERROR = "error";
    private static final String ACTIVE_STATUS = "active";
    private static final String BASIC_AUTH = "Basic ";
    private String clientId;
    private char[] clientSecret;

    public String getClientId() {
        return this.clientId;
    }

    public String getClientSecret() {
        return String.valueOf(this.clientSecret);
    }

    public OIDCOauthManager() throws OIDCProviderException {
        JSONObject clientCredentials = getClientCredentials();
        this.clientId = clientCredentials.getString(Constants.CLIENT_ID_TXT);
        this.clientSecret = clientCredentials.getString(Constants.CLIENT_SECRET_TXT).toCharArray();
    }

    private JSONObject getClientCredentials() throws OIDCProviderException {
        try {
            ArrayList<String> arrayList = new ArrayList<>(Arrays.asList(CelleryConfig.getInstance().getDashboardURL()));
            ArrayList<String> arrayList2 = new ArrayList<>(Arrays.asList(Constants.AUTHORIZATION_CODE));
            HttpClient allSSLClient = Utils.getAllSSLClient();
            String str = CelleryConfig.getInstance().getIdpURL() + Constants.IDP_REGISTERATION_ENDPOINT;
            JSONObject jSONObject = new JSONObject(getResponseString(allSSLClient.execute(constructDCRRequestBody(str, arrayList, arrayList2))).toString());
            if (jSONObject.has(ERROR)) {
                try {
                    jSONObject = retrieveClientCredentials(str, allSSLClient);
                    log.info("Client with name Cellery-Observability-Portal already exists.");
                } catch (OIDCProviderException e) {
                    throw new OIDCProviderException("Error while checking for existing client application in IDP. Unable to retrieve existing client", e);
                }
            }
            return jSONObject;
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException | ConfigurationException e2) {
            throw new OIDCProviderException("Error occured while registering client", e2);
        }
    }

    private HttpPost constructDCRRequestBody(String str, ArrayList<String> arrayList, ArrayList<String> arrayList2) throws ConfigurationException {
        HttpPost httpPost = new HttpPost(str);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(Constants.CALL_BACK_URL, (Collection) arrayList);
        jSONObject.put("client_name", Constants.APPLICATION_NAME);
        jSONObject.put(Constants.GRANT_TYPE, (Collection) arrayList2);
        jSONObject.put(Constants.EXT_PARAM_CLIENT_ID, Constants.STANDARD_CLIENT_ID);
        StringEntity stringEntity = new StringEntity(jSONObject.toString(), ContentType.APPLICATION_JSON);
        httpPost.setHeader(Constants.AUTHORIZATION, getEncodedAuthCredentials());
        httpPost.setHeader(Constants.CONTENT_TYPE, Constants.APPLICATION_JSON);
        httpPost.setEntity(stringEntity);
        return httpPost;
    }

    private String getEncodedAuthCredentials() throws ConfigurationException {
        return BASIC_AUTH + new String(Base64.encodeBase64((CelleryConfig.getInstance().getIdpAdminUsername() + ":" + CelleryConfig.getInstance().getIdpAdminPassword()).getBytes(Charset.forName(StandardCharsets.UTF_8.name()))), Charset.forName(StandardCharsets.UTF_8.name()));
    }

    private JSONObject retrieveClientCredentials(String str, HttpClient httpClient) throws OIDCProviderException {
        try {
            HttpGet httpGet = new HttpGet(str + "?client_name=" + Constants.APPLICATION_NAME);
            httpGet.setHeader(Constants.AUTHORIZATION, getEncodedAuthCredentials());
            HttpResponse execute = httpClient.execute(httpGet);
            String entityUtils = EntityUtils.toString(execute.getEntity(), Charset.forName(StandardCharsets.UTF_8.name()));
            if (execute.getStatusLine().getStatusCode() == 200 && entityUtils.contains(Constants.CLIENT_ID_TXT)) {
                return new JSONObject(entityUtils);
            }
            throw new OIDCProviderException("Error while retrieving client credentials. Expected client credentials are not found in the response");
        } catch (IOException | ConfigurationException e) {
            throw new OIDCProviderException("Error occured while checking for client with name Cellery-Observability-Portal", e);
        }
    }

    public boolean validateToken(String str) throws OIDCProviderException {
        try {
            HttpResponse makeRequestForTokenValidation = makeRequestForTokenValidation(str);
            JSONObject jSONObject = new JSONObject(getResponseString(makeRequestForTokenValidation).toString());
            int statusCode = makeRequestForTokenValidation.getStatusLine().getStatusCode();
            if (statusCode >= 200 && statusCode < 400) {
                return jSONObject.getBoolean(ACTIVE_STATUS);
            }
            log.error("Failed to connect to Introspect endpoint in Identity Provider server. Exited with Status Code " + statusCode);
            return false;
        } catch (IOException e) {
            log.error("Error occured while reading data from Introspect endpoint", e);
            return false;
        }
    }

    private HttpResponse makeRequestForTokenValidation(String str) throws OIDCProviderException {
        try {
            HttpClient allSSLClient = Utils.getAllSSLClient();
            HttpPost httpPost = new HttpPost(CelleryConfig.getInstance().getIdpURL() + Constants.INTROSPECT_ENDPOINT);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("token", str));
            httpPost.setHeader(Constants.AUTHORIZATION, getEncodedAuthCredentials());
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, StandardCharsets.UTF_8.name()));
            return allSSLClient.execute(httpPost);
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException | ConfigurationException e) {
            throw new OIDCProviderException("Error occured while making request to Introspect endpoint", e);
        }
    }

    private void closeResources(InputStreamReader inputStreamReader, BufferedReader bufferedReader) {
        if (bufferedReader != null) {
            try {
                bufferedReader.close();
            } catch (IOException e) {
                log.debug("Error occured while closing buffered reader ", e);
            }
        }
        if (inputStreamReader != null) {
            try {
                inputStreamReader.close();
            } catch (IOException e2) {
                log.debug("Error occured while closing input stream reader ", e2);
            }
        }
    }

    private StringBuilder getResponseString(HttpResponse httpResponse) throws IOException {
        InputStreamReader inputStreamReader = new InputStreamReader(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8);
        BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
        StringBuilder sb = new StringBuilder();
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return sb;
                }
                sb.append(readLine);
                sb.append(System.lineSeparator());
            } finally {
                closeResources(inputStreamReader, bufferedReader);
            }
        }
    }
}
