package io.cellery.observability.api.auth;

import io.cellery.observability.api.Constants;
import io.cellery.observability.api.Utils;
import io.cellery.observability.api.bean.CelleryConfig;
import io.cellery.observability.api.exception.OIDCProviderException;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpResponse;
import org.apache.http.ParseException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
import org.json.JSONObject;
import org.wso2.carbon.config.ConfigurationException;

/* loaded from: input_file:io/cellery/observability/api/auth/OIDCOauthManager.class */
public class OIDCOauthManager {
    private static final Logger logger = Logger.getLogger(OIDCOauthManager.class);
    private static final String ERROR = "error";
    private static final String ACTIVE_STATUS = "active";
    private static final String BASIC_AUTH = "Basic ";
    private String clientId;
    private char[] clientSecret;

    public OIDCOauthManager() {
        try {
            retrieveClientCredentials();
        } catch (OIDCProviderException e) {
            logger.warn("Fetching Client Credentials failed due to IDP unavailability, will be re-attempted when a user logs in");
        }
    }

    public String getClientId() throws OIDCProviderException {
        if (this.clientId == null) {
            synchronized (this) {
                retrieveClientCredentials();
            }
        }
        return this.clientId;
    }

    public String getClientSecret() throws OIDCProviderException {
        if (this.clientSecret == null) {
            synchronized (this) {
                retrieveClientCredentials();
            }
        }
        return String.valueOf(this.clientSecret);
    }

    private void retrieveClientCredentials() throws OIDCProviderException {
        if (this.clientId == null || this.clientSecret == null) {
            JSONObject createClientWithDcr = createClientWithDcr();
            if (createClientWithDcr.has(ERROR)) {
                logger.info("Fetching the credentials of the already existing client cellery-observability-portal");
                createClientWithDcr = retrieveExistingClientCredentials();
            }
            this.clientId = createClientWithDcr.getString(Constants.CLIENT_ID_TXT);
            this.clientSecret = createClientWithDcr.getString(Constants.CLIENT_SECRET_TXT).toCharArray();
        }
    }

    private JSONObject createClientWithDcr() throws OIDCProviderException {
        try {
            List singletonList = Collections.singletonList(CelleryConfig.getInstance().getDashboardURL());
            List singletonList2 = Collections.singletonList(Constants.AUTHORIZATION_CODE);
            String str = CelleryConfig.getInstance().getIdpURL() + Constants.IDP_REGISTERATION_ENDPOINT;
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(Constants.CALL_BACK_URL, (Collection) singletonList);
            jSONObject.put("client_name", Constants.APPLICATION_NAME);
            jSONObject.put(Constants.GRANT_TYPE, (Collection) singletonList2);
            jSONObject.put(Constants.EXT_PARAM_CLIENT_ID, Constants.STANDARD_CLIENT_ID);
            StringEntity stringEntity = new StringEntity(jSONObject.toString(), ContentType.APPLICATION_JSON);
            HttpPost httpPost = new HttpPost(str);
            httpPost.setHeader(Constants.AUTHORIZATION, getEncodedIdpAdminCredentials());
            httpPost.setHeader(Constants.CONTENT_TYPE, Constants.APPLICATION_JSON);
            httpPost.setEntity(stringEntity);
            HttpClient trustAllClient = Utils.getTrustAllClient();
            if (logger.isDebugEnabled()) {
                logger.debug("Creating new Client cellery-observability-portal");
            }
            return new JSONObject(EntityUtils.toString(trustAllClient.execute(httpPost).getEntity()));
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException | ParseException | ConfigurationException e) {
            throw new OIDCProviderException("Error occurred while registering client", e);
        }
    }

    private JSONObject retrieveExistingClientCredentials() throws OIDCProviderException {
        try {
            HttpGet httpGet = new HttpGet((CelleryConfig.getInstance().getIdpURL() + Constants.IDP_REGISTERATION_ENDPOINT) + "?client_name=" + Constants.APPLICATION_NAME);
            httpGet.setHeader(Constants.AUTHORIZATION, getEncodedIdpAdminCredentials());
            HttpResponse execute = Utils.getTrustAllClient().execute(httpGet);
            String entityUtils = EntityUtils.toString(execute.getEntity());
            if (execute.getStatusLine().getStatusCode() == 200 && entityUtils.contains(Constants.CLIENT_ID_TXT)) {
                return new JSONObject(entityUtils);
            }
            throw new OIDCProviderException("Error while retrieving client credentials. Expected client credentials are not found in the response");
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException | ParseException | ConfigurationException e) {
            throw new OIDCProviderException("Error occurred while retrieving the client credentials with name cellery-observability-portal", e);
        }
    }

    public boolean validateToken(String str) throws OIDCProviderException {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("token", str));
            HttpPost httpPost = new HttpPost(CelleryConfig.getInstance().getIdpURL() + Constants.INTROSPECT_ENDPOINT);
            httpPost.setHeader(Constants.AUTHORIZATION, getEncodedIdpAdminCredentials());
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, StandardCharsets.UTF_8.name()));
            HttpResponse execute = Utils.getTrustAllClient().execute(httpPost);
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode >= 200 && statusCode < 400) {
                return new JSONObject(EntityUtils.toString(execute.getEntity())).getBoolean(ACTIVE_STATUS);
            }
            logger.error("Failed to connect to Introspect endpoint in Identity Provider server. Exited with Status Code " + statusCode);
            return false;
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException | ParseException | ConfigurationException e) {
            throw new OIDCProviderException("Error occurred while calling the introspect endpoint", e);
        }
    }

    private String getEncodedIdpAdminCredentials() throws ConfigurationException {
        return BASIC_AUTH + new String(Base64.encodeBase64((CelleryConfig.getInstance().getIdpAdminUsername() + ":" + CelleryConfig.getInstance().getIdpAdminPassword()).getBytes(Charset.forName(StandardCharsets.UTF_8.name()))), Charset.forName(StandardCharsets.UTF_8.name()));
    }
}
