package org.uberfire.ext.security.management.keycloak.client.auth.credentials;

import java.io.IOException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.client.ClientResponse;
import org.jboss.resteasy.client.ProxyFactory;
import org.jboss.resteasy.client.core.BaseClientResponse;
import org.jboss.resteasy.client.core.ClientErrorInterceptor;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.resteasy.util.CaseInsensitiveMap;
import org.keycloak.OAuth2Constants;
import org.keycloak.common.util.Time;
import org.keycloak.util.BasicAuthHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.ext.security.management.keycloak.client.auth.TokenManager;
import org.uberfire.ext.security.management.keycloak.client.auth.TokenService;

/* loaded from: input_file:WEB-INF/lib/uberfire-security-management-keycloak-7.44.0-SNAPSHOT.jar:org/uberfire/ext/security/management/keycloak/client/auth/credentials/AuthTokenManager.class */
public class AuthTokenManager implements TokenManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthTokenManager.class);
    private static final long DEFAULT_MIN_VALIDITY = 30;
    private final AuthSettings config;
    long expirationTime;
    AccessTokenResponse accessTokenResponse;
    long minTokenValidity = DEFAULT_MIN_VALIDITY;
    private final ClientErrorInterceptor clientErrorInterceptor = new ClientErrorInterceptor() { // from class: org.uberfire.ext.security.management.keycloak.client.auth.credentials.AuthTokenManager.1
        public void handle(ClientResponse<?> clientResponse) throws RuntimeException {
            AuthTokenManager.this.accessTokenResponse = null;
            String str = null;
            IOException iOException = null;
            try {
                BaseClientResponse baseClientResponse = (BaseClientResponse) clientResponse;
                baseClientResponse.getStreamFactory().getInputStream().reset();
                if (Response.Status.FORBIDDEN.equals(clientResponse.getResponseStatus())) {
                    str = "Error handling the Keycloak token, status is FORBIDDEN";
                } else if (Response.Status.UNAUTHORIZED.equals(clientResponse.getResponseStatus())) {
                    str = "Error handling the Keycloak token, status is UNAUTHORIZED";
                } else if (Response.Status.BAD_REQUEST.equals(clientResponse.getResponseStatus())) {
                    str = "Error handling the Keycloak token, status is BAD_REQUEST. Response data: " + getResponseData(baseClientResponse);
                } else if (Response.Status.NOT_FOUND.equals(clientResponse.getResponseStatus())) {
                    str = "Error handling the Keycloak token, status is NOT_FOUND.";
                } else if (!Response.Status.OK.equals(clientResponse.getResponseStatus())) {
                    str = "Error handling the Keycloak token. Response status is " + clientResponse.getResponseStatus() + ". Response data: " + getResponseData(baseClientResponse);
                }
                clientResponse.releaseConnection();
            } catch (IOException e) {
                str = "Error handling the Keycloak token.";
                iOException = e;
                clientResponse.releaseConnection();
            } catch (Throwable th) {
                clientResponse.releaseConnection();
                throw th;
            }
            if (null != str) {
                AuthTokenManager.LOG.error(str);
                if (null == iOException) {
                    throw new RuntimeException(str);
                }
                throw new RuntimeException(str, iOException);
            }
        }

        private String getResponseData(BaseClientResponse baseClientResponse) {
            try {
                return (String) baseClientResponse.getEntity(String.class);
            } catch (Exception e) {
                AuthTokenManager.LOG.error("Error trying to obtain response data as String.", (Throwable) e);
                return null;
            }
        }
    };

    public AuthTokenManager(AuthSettings authSettings) {
        this.config = authSettings;
    }

    @Override // org.uberfire.ext.security.management.keycloak.client.auth.TokenManager
    public void grantToken() {
        CaseInsensitiveMap caseInsensitiveMap = new CaseInsensitiveMap();
        caseInsensitiveMap.putSingle(OAuth2Constants.GRANT_TYPE, "password");
        caseInsensitiveMap.putSingle("username", this.config.getUsername());
        caseInsensitiveMap.putSingle("password", this.config.getPassword());
        consumeGrantTokenService(caseInsensitiveMap);
    }

    private void refreshToken() {
        CaseInsensitiveMap caseInsensitiveMap = new CaseInsensitiveMap();
        caseInsensitiveMap.putSingle(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN);
        caseInsensitiveMap.putSingle(OAuth2Constants.REFRESH_TOKEN, this.accessTokenResponse.getRefreshToken());
        consumeGrantTokenService(caseInsensitiveMap);
    }

    protected void consumeGrantTokenService(MultivaluedMap<String, String> multivaluedMap) {
        String str = "";
        if (this.config.isPublicClient()) {
            multivaluedMap.putSingle(OAuth2Constants.CLIENT_ID, this.config.getClientId());
        } else {
            str = BasicAuthHelper.createHeader(this.config.getClientId(), this.config.getClientSecret());
        }
        AccessTokenResponse grantToken = createTokenService().grantToken(this.config.getRealm(), str, multivaluedMap);
        this.expirationTime = Time.currentTime() + grantToken.getExpiresIn();
        this.accessTokenResponse = grantToken;
    }

    @Override // org.uberfire.ext.security.management.keycloak.client.auth.TokenManager
    public String getAccessTokenString() {
        if (null == this.accessTokenResponse) {
            grantToken();
        } else if (tokenExpired()) {
            refreshToken();
        }
        if (this.accessTokenResponse != null) {
            return this.accessTokenResponse.getToken();
        }
        return null;
    }

    @Override // org.uberfire.ext.security.management.keycloak.client.auth.TokenManager
    public String getRealm() {
        return this.config.getRealm();
    }

    TokenService createTokenService() {
        ResteasyProviderFactory.getInstance().addClientErrorInterceptor(this.clientErrorInterceptor);
        return (TokenService) ProxyFactory.create(TokenService.class, this.config.getServerUrl());
    }

    private boolean tokenExpired() {
        return this.accessTokenResponse != null && ((long) Time.currentTime()) + this.minTokenValidity >= this.expirationTime;
    }
}
