package io.cellery.observability.auth;

import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import io.cellery.observability.auth.exception.AuthProviderException;
import io.cellery.observability.auth.internal.AuthConfig;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import org.apache.http.HttpResponse;
import org.apache.http.ParseException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
import org.wso2.carbon.config.ConfigurationException;

/* loaded from: input_file:io/cellery/observability/auth/DcrProvider.class */
public class DcrProvider {
    private static final Logger logger = Logger.getLogger(DcrProvider.class);
    private static final Gson gson = new Gson();
    private static final JsonParser jsonParser = new JsonParser();
    private static final String ERROR = "error";
    private String clientId;
    private char[] clientSecret;

    public DcrProvider() {
        try {
            retrieveClientCredentials();
        } catch (AuthProviderException | ConfigurationException e) {
            logger.warn("Fetching Client Credentials failed due to IDP unavailability, will be re-attempted when a user logs in", e);
        }
    }

    public String getClientId() throws AuthProviderException, ConfigurationException {
        if (this.clientId == null) {
            synchronized (this) {
                retrieveClientCredentials();
            }
        }
        return this.clientId;
    }

    public String getClientSecret() throws AuthProviderException, ConfigurationException {
        if (this.clientSecret == null) {
            synchronized (this) {
                retrieveClientCredentials();
            }
        }
        return String.valueOf(this.clientSecret);
    }

    private void retrieveClientCredentials() throws AuthProviderException, ConfigurationException {
        if (this.clientId == null || this.clientSecret == null) {
            JsonObject createNewClient = createNewClient();
            if (createNewClient.has(ERROR)) {
                createNewClient = retrieveExistingClientCredentials();
                logger.info("Fetched the credentials of the already existing client " + AuthConfig.getInstance().getDcrClientName());
            } else {
                logger.info("Created new Client " + AuthConfig.getInstance().getDcrClientName());
            }
            this.clientId = createNewClient.get(Constants.OIDC_CLIENT_ID_KEY).getAsString();
            this.clientSecret = createNewClient.get(Constants.OIDC_CLIENT_SECRET_KEY).getAsString().toCharArray();
        }
    }

    private JsonObject createNewClient() throws AuthProviderException {
        try {
            JsonArray jsonArray = new JsonArray(1);
            jsonArray.add(AuthConfig.getInstance().getPortalHomeUrl());
            JsonArray jsonArray2 = new JsonArray(1);
            jsonArray2.add(Constants.OIDC_AUTHORIZATION_CODE_KEY);
            String str = AuthConfig.getInstance().getIdpUrl() + AuthConfig.getInstance().getIdpDcrRegisterEndpoint();
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(Constants.OIDC_EXT_PARAM_CLIENT_ID_KEY, AuthConfig.getInstance().getDcrClientId());
            jsonObject.addProperty(Constants.OIDC_CLIENT_NAME_KEY, AuthConfig.getInstance().getDcrClientName());
            jsonObject.add(Constants.OIDC_CALLBACK_URL_KEY, jsonArray);
            jsonObject.add(Constants.OIDC_GRANT_TYPES_KEY, jsonArray2);
            StringEntity stringEntity = new StringEntity(gson.toJson(jsonObject), ContentType.APPLICATION_JSON);
            HttpPost httpPost = new HttpPost(str);
            httpPost.setHeader(Constants.HEADER_AUTHORIZATION, AuthUtils.generateBasicAuthHeaderValue(AuthConfig.getInstance().getIdpUsername(), AuthConfig.getInstance().getIdpPassword()));
            httpPost.setHeader(Constants.HEADER_CONTENT_TYPE, Constants.CONTENT_TYPE_APPLICATION_JSON);
            httpPost.setEntity(stringEntity);
            return jsonParser.parse(EntityUtils.toString(AuthUtils.getTrustAllClient().execute(httpPost).getEntity())).getAsJsonObject();
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException | ParseException | ConfigurationException e) {
            throw new AuthProviderException("Error occurred while registering client", e);
        }
    }

    private JsonObject retrieveExistingClientCredentials() throws AuthProviderException, ConfigurationException {
        try {
            HttpGet httpGet = new HttpGet((AuthConfig.getInstance().getIdpUrl() + AuthConfig.getInstance().getIdpDcrRegisterEndpoint()) + "?" + Constants.OIDC_CLIENT_NAME_KEY + "=" + AuthConfig.getInstance().getDcrClientName());
            httpGet.setHeader(Constants.HEADER_AUTHORIZATION, AuthUtils.generateBasicAuthHeaderValue(AuthConfig.getInstance().getIdpUsername(), AuthConfig.getInstance().getIdpPassword()));
            HttpResponse execute = AuthUtils.getTrustAllClient().execute(httpGet);
            String entityUtils = EntityUtils.toString(execute.getEntity());
            if (execute.getStatusLine().getStatusCode() == 200 && entityUtils.contains(Constants.OIDC_CLIENT_ID_KEY)) {
                return jsonParser.parse(entityUtils).getAsJsonObject();
            }
            throw new AuthProviderException("Error while retrieving client credentials. Expected client credentials are not found in the response");
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException | ParseException | ConfigurationException e) {
            throw new AuthProviderException("Error occurred while retrieving the client credentials with name " + AuthConfig.getInstance().getDcrClientName(), e);
        }
    }
}
