package org.hawkular.accounts.undertow.filter;

import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.HeaderValues;
import io.undertow.util.HttpString;
import java.io.StringReader;
import java.lang.annotation.Annotation;
import java.net.URLEncoder;
import java.util.Base64;
import java.util.UUID;
import java.util.regex.Pattern;
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.inject.spi.CDI;
import javax.enterprise.util.AnnotationLiteral;
import javax.json.Json;
import javax.json.JsonObject;
import org.hawkular.accounts.common.AuthServerRequestExecutor;
import org.hawkular.accounts.common.AuthServerUrl;
import org.hawkular.accounts.common.RealmName;
import org.hawkular.accounts.secretstore.api.Token;
import org.hawkular.accounts.secretstore.api.TokenService;

/* loaded from: input_file:org/hawkular/accounts/undertow/filter/AgentHttpHandler.class */
public class AgentHttpHandler implements HttpHandler {
    private static final Pattern UUID_PATTERN = Pattern.compile("[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}");
    private final MsgLogger logger = MsgLogger.LOGGER;
    private HttpHandler next;
    private String baseUrl;
    private String realm;

    public AgentHttpHandler(HttpHandler httpHandler) {
        this.next = httpHandler;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (httpServerExchange.isInIoThread()) {
            httpServerExchange.dispatch(this);
            return;
        }
        HeaderValues headerValues = httpServerExchange.getRequestHeaders().get("Authorization");
        if (headerValues == null || headerValues.size() < 1) {
            finish(httpServerExchange);
            return;
        }
        String[] split = headerValues.getFirst().trim().split("\\s+");
        if (split.length != 2) {
            finish(httpServerExchange);
            return;
        }
        if (!split[0].equalsIgnoreCase("Basic")) {
            finish(httpServerExchange);
            return;
        }
        String[] split2 = new String(Base64.getDecoder().decode(split[1])).split(":");
        String str = split2[0];
        String str2 = split2[1];
        if (str == null || str.isEmpty()) {
            finish(httpServerExchange);
            return;
        }
        if (!UUID_PATTERN.matcher(str).matches()) {
            finish(httpServerExchange);
            return;
        }
        try {
            Token validate = getTokenService().validate(UUID.fromString(str), str2);
            if (validate == null) {
                httpServerExchange.setResponseCode(403);
                httpServerExchange.endExchange();
                return;
            }
            String bearerToken = getBearerToken(validate);
            if (bearerToken == null) {
                httpServerExchange.setResponseCode(403);
                httpServerExchange.endExchange();
                return;
            }
            httpServerExchange.getRequestHeaders().remove("Authorization");
            httpServerExchange.getRequestHeaders().remove("Hawkular-Persona");
            httpServerExchange.getRequestHeaders().put(new HttpString("Authorization"), "Bearer " + bearerToken);
            httpServerExchange.getRequestHeaders().put(new HttpString("Hawkular-Persona"), validate.getAttribute("Hawkular-Persona"));
            finish(httpServerExchange);
        } catch (Throwable th) {
            finish(httpServerExchange);
        }
    }

    private void finish(HttpServerExchange httpServerExchange) throws Exception {
        this.next.handleRequest(httpServerExchange);
    }

    private String getBearerToken(Token token) throws Exception {
        JsonObject readObject = Json.createReader(new StringReader(getAuthServerRequestExecutor().execute(getAuthServerUrl() + "/realms/" + URLEncoder.encode(getRealm(), "UTF-8") + "/protocol/openid-connect/token", "scope=offline_access&grant_type=refresh_token&refresh_token=" + URLEncoder.encode(token.getRefreshToken(), "UTF-8"), "POST"))).readObject();
        if (readObject.get("error") != null) {
            this.logger.errorResponseFromServer(readObject.getString("error"));
            return null;
        }
        String string = readObject.getString("token_type");
        String string2 = readObject.getString("access_token");
        if (null == string || string.isEmpty() || !string.equalsIgnoreCase("bearer")) {
            this.logger.invalidResponseFromServer();
            return null;
        }
        if (null != string2 && !string2.isEmpty()) {
            return string2;
        }
        this.logger.invalidBearerTokenFromServer();
        return null;
    }

    private TokenService getTokenService() {
        Thread.currentThread().setContextClassLoader(AgentHttpHandler.class.getClassLoader());
        BeanManager beanManager = CDI.current().getBeanManager();
        Bean bean = (Bean) beanManager.getBeans(TokenService.class, new Annotation[0]).iterator().next();
        return (TokenService) beanManager.getReference(bean, TokenService.class, beanManager.createCreationalContext(bean));
    }

    private AuthServerRequestExecutor getAuthServerRequestExecutor() {
        Thread.currentThread().setContextClassLoader(AgentHttpHandler.class.getClassLoader());
        BeanManager beanManager = CDI.current().getBeanManager();
        Bean bean = (Bean) beanManager.getBeans(AuthServerRequestExecutor.class, new Annotation[0]).iterator().next();
        return (AuthServerRequestExecutor) beanManager.getReference(bean, AuthServerRequestExecutor.class, beanManager.createCreationalContext(bean));
    }

    private String getAuthServerUrl() {
        if (null == this.baseUrl) {
            Thread.currentThread().setContextClassLoader(AgentHttpHandler.class.getClassLoader());
            BeanManager beanManager = CDI.current().getBeanManager();
            Bean bean = (Bean) beanManager.getBeans(String.class, new Annotation[]{new AnnotationLiteral<AuthServerUrl>() { // from class: org.hawkular.accounts.undertow.filter.AgentHttpHandler.1
            }}).iterator().next();
            this.baseUrl = (String) beanManager.getReference(bean, String.class, beanManager.createCreationalContext(bean));
        }
        return this.baseUrl;
    }

    private String getRealm() {
        if (null == this.realm) {
            Thread.currentThread().setContextClassLoader(AgentHttpHandler.class.getClassLoader());
            BeanManager beanManager = CDI.current().getBeanManager();
            Bean bean = (Bean) beanManager.getBeans(String.class, new Annotation[]{new AnnotationLiteral<RealmName>() { // from class: org.hawkular.accounts.undertow.filter.AgentHttpHandler.2
            }}).iterator().next();
            this.realm = (String) beanManager.getReference(bean, String.class, beanManager.createCreationalContext(bean));
        }
        return this.realm;
    }
}
