package io.nessus.actions.core.service;

import com.fasterxml.jackson.databind.node.ArrayNode;
import io.nessus.actions.core.NessusConfig;
import io.nessus.actions.core.types.KeycloakTokenInfo;
import io.nessus.actions.core.types.KeycloakUserInfo;
import io.nessus.actions.core.utils.ApiUtils;
import io.nessus.actions.core.utils.KeycloakUtils;
import io.nessus.common.AssertArg;
import io.nessus.common.AssertState;
import java.net.URI;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.Response;

/* loaded from: input_file:io/nessus/actions/core/service/KeycloakService.class */
public class KeycloakService extends AbstractService<NessusConfig> {
    public KeycloakService(NessusConfig nessusConfig) {
        super(nessusConfig);
    }

    public String getMasterAccessToken() {
        return refreshMasterAccessToken(getMasterRefreshToken());
    }

    public String refreshMasterAccessToken(String str) {
        String refreshMasterAccessTokenInternal = refreshMasterAccessTokenInternal(str);
        if (refreshMasterAccessTokenInternal == null) {
            refreshMasterAccessTokenInternal = refreshMasterAccessTokenInternal(createMasterRefreshToken());
        }
        return refreshMasterAccessTokenInternal;
    }

    private String refreshMasterAccessTokenInternal(String str) {
        AssertArg.notNull(str, "Null refreshToken");
        logInfo("Refresh master access token ...", new Object[0]);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.add("client_id", "admin-cli");
        multivaluedHashMap.add("refresh_token", str);
        multivaluedHashMap.add("grant_type", "refresh_token");
        Response withClient = withClient(ApiUtils.keycloakUri(this.config, KeycloakUtils.keycloakRealmTokenPath("master")), webTarget -> {
            return webTarget.request().post(Entity.form(multivaluedHashMap));
        });
        if (ApiUtils.hasStatus(withClient, Response.Status.OK)) {
            return (String) ((Map) withClient.readEntity(LinkedHashMap.class)).get("access_token");
        }
        return null;
    }

    public String getMasterRefreshToken() {
        String keycloakRefreshToken = this.config.getKeycloakRefreshToken();
        if (keycloakRefreshToken == null) {
            keycloakRefreshToken = createMasterRefreshToken();
        }
        return keycloakRefreshToken;
    }

    private String createMasterRefreshToken() {
        logInfo("Create master refresh token ...", new Object[0]);
        String masterUser = this.config.getMasterUser();
        String masterPassword = this.config.getMasterPassword();
        AssertState.isTrue(Boolean.valueOf((masterUser == null || masterPassword == null) ? false : true), "Master username/massword required");
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.add("client_id", "admin-cli");
        multivaluedHashMap.add("username", masterUser);
        multivaluedHashMap.add("password", masterPassword);
        multivaluedHashMap.add("grant_type", "password");
        Response withClient = withClient(ApiUtils.keycloakUri(this.config, KeycloakUtils.keycloakRealmTokenPath("master")), webTarget -> {
            return webTarget.request().post(Entity.form(multivaluedHashMap));
        });
        if (!ApiUtils.hasStatus(withClient, Response.Status.OK)) {
            return null;
        }
        String str = (String) ((Map) withClient.readEntity(LinkedHashMap.class)).get("refresh_token");
        this.config.putParameter("masterRefreshToken", str);
        return str;
    }

    public String refreshAccessToken(String str) {
        return refreshAccessToken(this.config.getKeycloakRealmId(), this.config.getKeycloakClientId(), str);
    }

    public String refreshAccessToken(String str, String str2, String str3) {
        AssertArg.notNull(str, "Null realm");
        AssertArg.notNull(str2, "Null clientId");
        AssertArg.notNull(str3, "Null refreshToken");
        logInfo("Refresh access token [realm={}, client={}] ...", new Object[]{str, str2});
        String clientSecret = getClientSecret(str, str2);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.add("client_id", str2);
        multivaluedHashMap.add("client_secret", clientSecret);
        multivaluedHashMap.add("refresh_token", str3);
        multivaluedHashMap.add("grant_type", "refresh_token");
        Response withClient = withClient(ApiUtils.keycloakUri(this.config, KeycloakUtils.keycloakRealmTokenPath(str)), webTarget -> {
            return webTarget.request().post(Entity.form(multivaluedHashMap));
        });
        if (ApiUtils.hasStatus(withClient, Response.Status.OK)) {
            return (String) ((Map) withClient.readEntity(LinkedHashMap.class)).get("access_token");
        }
        return null;
    }

    public String getClientSecret(String str, String str2) {
        String str3 = (String) this.config.getParameter("clientSecret", String.class);
        if (str3 == null) {
            logInfo("Get client secret [realm={}, client={}] ...", new Object[]{str, str2});
            String masterAccessToken = getMasterAccessToken();
            ArrayNode readJsonNode = ApiUtils.readJsonNode(withClient(ApiUtils.keycloakUri(this.config, String.format("/admin/realms/%s/clients?clientId=%s", str, str2)), webTarget -> {
                return webTarget.request().header("Authorization", "Bearer " + masterAccessToken).get();
            }));
            AssertState.isTrue(Boolean.valueOf(readJsonNode.isArray()), "Not an array node: " + readJsonNode);
            URI keycloakUri = ApiUtils.keycloakUri(this.config, String.format("/admin/realms/%s/clients/%s/client-secret", str, readJsonNode.get(0).findValue("id").asText()));
            Response withClient = withClient(keycloakUri, webTarget2 -> {
                return webTarget2.request().header("Authorization", "Bearer " + masterAccessToken).get();
            });
            if (!ApiUtils.hasStatus(withClient, Response.Status.OK)) {
                return null;
            }
            str3 = (String) ((Map) withClient.readEntity(LinkedHashMap.class)).get("value");
            if (str3.equals("**********")) {
                Response withClient2 = withClient(keycloakUri, webTarget3 -> {
                    return webTarget3.request().header("Authorization", "Bearer " + masterAccessToken).post((Entity) null);
                });
                if (!ApiUtils.hasStatus(withClient2, Response.Status.OK)) {
                    return null;
                }
                str3 = (String) ((Map) withClient2.readEntity(LinkedHashMap.class)).get("value");
            }
            this.config.putParameter("clientSecret", str3);
        }
        return str3;
    }

    public Response getUserTokens(String str, String str2) {
        logInfo("Get user tokens [user={}] ...", new Object[]{str});
        String keycloakRealmId = this.config.getKeycloakRealmId();
        String keycloakClientId = this.config.getKeycloakClientId();
        String clientSecret = getClientSecret(keycloakRealmId, keycloakClientId);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.add("client_id", keycloakClientId);
        multivaluedHashMap.add("client_secret", clientSecret);
        multivaluedHashMap.add("username", str);
        multivaluedHashMap.add("password", str2);
        multivaluedHashMap.add("grant_type", "password");
        Response withClient = withClient(ApiUtils.keycloakUri(this.config, KeycloakUtils.keycloakRealmTokenPath(keycloakRealmId)), webTarget -> {
            return webTarget.request().post(Entity.form(multivaluedHashMap));
        });
        ApiUtils.hasStatus(withClient, Response.Status.OK);
        return withClient;
    }

    public Response getKeycloakUserInfo(String str) {
        Response withClient = withClient(ApiUtils.keycloakUri(this.config, KeycloakUtils.keycloakRealmPath(this.config.getKeycloakRealmId(), "/protocol/openid-connect/userinfo")), webTarget -> {
            return webTarget.request().header("Authorization", "Bearer " + str).get();
        });
        if (!ApiUtils.hasStatus(withClient, Response.Status.OK)) {
            return withClient;
        }
        KeycloakUserInfo keycloakUserInfo = (KeycloakUserInfo) withClient.readEntity(KeycloakUserInfo.class);
        logInfo("KeycloakUserInfo [user={}, email={}]", new Object[]{keycloakUserInfo.username, keycloakUserInfo.email});
        return withClient;
    }

    public Response introspectToken(String str) {
        String keycloakRealmId = this.config.getKeycloakRealmId();
        String keycloakClientId = this.config.getKeycloakClientId();
        String clientSecret = getClientSecret(keycloakRealmId, keycloakClientId);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.add("client_id", keycloakClientId);
        multivaluedHashMap.add("client_secret", clientSecret);
        multivaluedHashMap.add("token", str);
        Response withClient = withClient(ApiUtils.keycloakUri(this.config, KeycloakUtils.keycloakRealmTokenPath(keycloakRealmId, "/introspect")), webTarget -> {
            return webTarget.request().post(Entity.form(multivaluedHashMap));
        });
        if (!ApiUtils.hasStatus(withClient, Response.Status.OK)) {
            return withClient;
        }
        KeycloakTokenInfo keycloakTokenInfo = (KeycloakTokenInfo) withClient.readEntity(KeycloakTokenInfo.class);
        logInfo("Introspect token [user={}, email={}] ...", new Object[]{keycloakTokenInfo.username, keycloakTokenInfo.email});
        if (!keycloakTokenInfo.active) {
            withClient = Response.status(Response.Status.UNAUTHORIZED).type("application/json").entity(new ApiUtils.ErrorMessage("Token is not active")).build();
        }
        return withClient;
    }
}
