package org.jboss.pnc.auth;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
import org.jboss.logging.Logger;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.adapters.AuthChallenge;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.installed.KeycloakInstalled;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.util.JsonSerialization;
import org.keycloak.util.KeycloakUriBuilder;

/* loaded from: input_file:org/jboss/pnc/auth/ExternalAuthentication.class */
public class ExternalAuthentication {
    public static final Logger log = Logger.getLogger(ExternalAuthentication.class);
    private KeycloakDeployment keycloakDeployment;
    protected AuthChallenge challenge;
    private AccessTokenResponse tokenResponse;
    private String authServerBaseUrl;
    private String realm;
    private String resourceName;

    public ExternalAuthentication(InputStream inputStream) {
        this.keycloakDeployment = new KeycloakInstalled(inputStream).getDeployment();
        this.authServerBaseUrl = this.keycloakDeployment.getAuthServerBaseUrl();
        this.realm = this.keycloakDeployment.getRealm();
        this.resourceName = this.keycloakDeployment.getResourceName();
    }

    public AuthenticationProvider authenticate(String str, String str2) throws IOException {
        AuthenticationProvider authenticationProvider = null;
        try {
            authenticationProvider = new AuthenticationProvider(authenticateToken(authenticateUser(str, str2).getToken()), this.tokenResponse);
        } catch (Exception e) {
            log.error(e.getMessage());
        }
        return authenticationProvider;
    }

    protected AccessTokenResponse authenticateUser(String str, String str2) throws IOException {
        HttpClient build = new HttpClientBuilder().disableTrustManager().build();
        log.debug(">>> keycloakDeployment.getAuthServerBaseUrl():" + getAuthServerBaseUrl());
        log.debug(">>> keycloakDeployment.getRealm():" + getRealm());
        log.debug(">>> keycloakDeployment.getResourceName():" + getResourceName());
        HttpPost httpPost = new HttpPost(KeycloakUriBuilder.fromUri(getAuthServerBaseUrl()).path("/realms/{realm-name}/protocol/openid-connect/token").build(new Object[]{getRealm()}));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", "password"));
        arrayList.add(new BasicNameValuePair("client_id", getResourceName()));
        arrayList.add(new BasicNameValuePair("username", str));
        arrayList.add(new BasicNameValuePair("password", str2));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
        HttpResponse execute = build.execute(httpPost);
        int statusCode = execute.getStatusLine().getStatusCode();
        HttpEntity entity = execute.getEntity();
        if (statusCode != 200) {
            throw new IOException("Bad status: " + statusCode + " response: " + getContent(entity));
        }
        if (entity == null) {
            throw new IOException("No Entity");
        }
        this.tokenResponse = (AccessTokenResponse) JsonSerialization.readValue(getContent(entity), AccessTokenResponse.class);
        log.debug(">>> accessTokenResponse:" + this.tokenResponse.getToken());
        return this.tokenResponse;
    }

    protected AccessToken authenticateToken(String str) {
        try {
            return RSATokenVerifier.verifyToken(str, this.keycloakDeployment.getRealmKey(), this.keycloakDeployment.getRealmInfoUrl());
        } catch (VerificationException e) {
            log.error("Failed to verify token", e);
            return null;
        }
    }

    public static String getContent(HttpEntity httpEntity) throws IOException {
        if (httpEntity == null) {
            return null;
        }
        InputStream content = httpEntity.getContent();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = content.read();
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(read);
            }
            return new String(byteArrayOutputStream.toByteArray());
        } finally {
            try {
                content.close();
            } catch (IOException e) {
            }
        }
    }

    public String getAuthServerBaseUrl() {
        return this.authServerBaseUrl;
    }

    public String getRealm() {
        return this.realm;
    }

    public String getResourceName() {
        return this.resourceName;
    }
}
