package org.jboss.pnc.bacon.auth;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.mashape.unirest.http.ObjectMapper;
import com.mashape.unirest.http.Unirest;
import java.io.Console;
import java.io.IOException;
import java.time.Instant;
import java.util.Optional;
import org.jboss.pnc.bacon.auth.model.CacheFile;
import org.jboss.pnc.bacon.auth.model.Credential;
import org.jboss.pnc.bacon.auth.model.KeycloakResponse;
import org.jboss.pnc.bacon.auth.spi.KeycloakClient;
import org.jboss.pnc.bacon.common.exception.FatalException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jboss/pnc/bacon/auth/DirectKeycloakClientImpl.class */
public class DirectKeycloakClientImpl implements KeycloakClient {
    private static final Logger log = LoggerFactory.getLogger(DirectKeycloakClientImpl.class);

    private static void setupUnirest() {
        Unirest.setObjectMapper(new ObjectMapper() { // from class: org.jboss.pnc.bacon.auth.DirectKeycloakClientImpl.1
            private com.fasterxml.jackson.databind.ObjectMapper jacksonObjectMapper = new com.fasterxml.jackson.databind.ObjectMapper();

            public <T> T readValue(String str, Class<T> cls) {
                try {
                    return (T) this.jacksonObjectMapper.readValue(str, cls);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }

            public String writeValue(Object obj) {
                try {
                    return this.jacksonObjectMapper.writeValueAsString(obj);
                } catch (JsonProcessingException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }
        });
    }

    @Override // org.jboss.pnc.bacon.auth.spi.KeycloakClient
    public Credential getCredential(String str, String str2, String str3, String str4) throws KeycloakClientException {
        Optional<Credential> credentialFromCacheFile = CacheFile.getCredentialFromCacheFile(str, str2, str4);
        if (credentialFromCacheFile.isPresent()) {
            Credential credential = credentialFromCacheFile.get();
            if (credential.isValid()) {
                log.debug("Using cached credential details");
                return refreshCredentialIfNeededAndReturnNewCredential(str, str2, str4, credential);
            }
        }
        String keycloakEndpoint = keycloakEndpoint(str, str2);
        try {
            log.debug("Getting token via username/password");
            KeycloakResponse keycloakResponse = (KeycloakResponse) Unirest.post(keycloakEndpoint).field("grant_type", "password").field("client_id", str3).field("username", str4).field("password", askForPassword()).asObject(KeycloakResponse.class).getBody();
            Instant now = Instant.now();
            Credential build = Credential.builder().keycloakBaseUrl(str).realm(str2).client(str3).username(str4).accessToken(keycloakResponse.getAccessToken()).accessTokenExpiresIn(now.plusSeconds(keycloakResponse.getExpiresIn())).refreshToken(keycloakResponse.getRefreshToken()).refreshTokenExpiresIn(now.plusSeconds(keycloakResponse.getRefreshExpiresIn())).build();
            CacheFile.writeCredentialToCacheFile(str, str2, str4, build);
            return build;
        } catch (Exception e) {
            throw new KeycloakClientException(e);
        }
    }

    @Override // org.jboss.pnc.bacon.auth.spi.KeycloakClient
    public Credential getCredentialServiceAccount(String str, String str2, String str3, String str4) throws KeycloakClientException {
        String keycloakEndpoint = keycloakEndpoint(str, str2);
        try {
            log.debug("Getting token via clientServiceAccountUsername / secret");
            KeycloakResponse keycloakResponse = (KeycloakResponse) Unirest.post(keycloakEndpoint).field("grant_type", "client_credentials").field("client_id", str3).field("client_secret", str4).asObject(KeycloakResponse.class).getBody();
            Instant now = Instant.now();
            return Credential.builder().keycloakBaseUrl(str).realm(str2).client(str3).accessToken(keycloakResponse.getAccessToken()).accessTokenExpiresIn(now.plusSeconds(keycloakResponse.getExpiresIn())).refreshToken(keycloakResponse.getRefreshToken()).refreshTokenExpiresIn(now.plusSeconds(keycloakResponse.getRefreshExpiresIn())).build();
        } catch (Exception e) {
            throw new KeycloakClientException(e);
        }
    }

    private Credential refreshToken(Credential credential) {
        try {
            KeycloakResponse keycloakResponse = (KeycloakResponse) Unirest.post(keycloakEndpoint(credential.getKeycloakBaseUrl(), credential.getRealm())).field("grant_type", "refresh_token").field("client_id", credential.getClient()).field("refresh_token", credential.getRefreshToken()).asObject(KeycloakResponse.class).getBody();
            Instant now = Instant.now();
            return credential.toBuilder().accessToken(keycloakResponse.getAccessToken()).accessTokenExpiresIn(now.plusSeconds(keycloakResponse.getExpiresIn())).refreshToken(keycloakResponse.getRefreshToken()).refreshTokenExpiresIn(now.plusSeconds(keycloakResponse.getRefreshExpiresIn())).build();
        } catch (Exception e) {
            log.error(e.getMessage());
            return null;
        }
    }

    private static String askForPassword() {
        Console console = System.console();
        if (console == null) {
            throw new FatalException("Couldn't get console instance", new Object[0]);
        }
        return new String(console.readPassword("Enter your password: ", new Object[0]));
    }

    private Credential refreshCredentialIfNeededAndReturnNewCredential(String str, String str2, String str3, Credential credential) {
        if (!credential.needsNewAccessToken()) {
            return credential;
        }
        log.info("Refreshing access token...");
        Credential refreshToken = refreshToken(credential);
        CacheFile.writeCredentialToCacheFile(str, str2, str3, refreshToken);
        return refreshToken;
    }

    static {
        setupUnirest();
    }
}
