package org.jboss.pnc.bacon.auth;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.time.Instant;
import java.util.Optional;
import javax.net.ssl.SSLHandshakeException;
import kong.unirest.MultipartBody;
import kong.unirest.Unirest;
import kong.unirest.UnirestException;
import kong.unirest.jackson.JacksonObjectMapper;
import org.jboss.pnc.bacon.auth.model.CacheFile;
import org.jboss.pnc.bacon.auth.model.Credential;
import org.jboss.pnc.bacon.auth.model.KeycloakResponse;
import org.jboss.pnc.bacon.auth.spi.KeycloakClient;
import org.jboss.pnc.bacon.common.exception.FatalException;
import org.keycloak.adapters.installed.KeycloakInstalled;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jboss/pnc/bacon/auth/KeycloakClientImpl.class */
public class KeycloakClientImpl implements KeycloakClient {
    private static final Logger log = LoggerFactory.getLogger(KeycloakClientImpl.class);
    private static final int MAX_RETRIES = 10;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/pnc/bacon/auth/KeycloakClientImpl$Credentials.class */
    public class Credentials {
        private String secret;

        public String getSecret() {
            return this.secret;
        }

        public void setSecret(String str) {
            this.secret = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Credentials)) {
                return false;
            }
            Credentials credentials = (Credentials) obj;
            if (!credentials.canEqual(this)) {
                return false;
            }
            String secret = getSecret();
            String secret2 = credentials.getSecret();
            return secret == null ? secret2 == null : secret.equals(secret2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof Credentials;
        }

        public int hashCode() {
            String secret = getSecret();
            return (1 * 59) + (secret == null ? 43 : secret.hashCode());
        }

        public String toString() {
            return "KeycloakClientImpl.Credentials(secret=" + getSecret() + ")";
        }

        public Credentials(String str) {
            this.secret = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @JsonInclude(JsonInclude.Include.NON_NULL)
    /* loaded from: input_file:org/jboss/pnc/bacon/auth/KeycloakClientImpl$KeycloakSettings.class */
    public class KeycloakSettings {
        private String realm;

        @JsonProperty("auth-server-url")
        private String authServerUrl;

        @JsonProperty("ssl-required")
        private String sslRequired;
        private String resource;

        @JsonProperty("confidential-port")
        private String confidentialPort;

        @JsonProperty("public-client")
        private Boolean publicClient;
        private Credentials credentials;

        @JsonProperty("enable-basic-auth")
        private Boolean basicAuth;

        public KeycloakSettings() {
        }

        public String getRealm() {
            return this.realm;
        }

        public String getAuthServerUrl() {
            return this.authServerUrl;
        }

        public String getSslRequired() {
            return this.sslRequired;
        }

        public String getResource() {
            return this.resource;
        }

        public String getConfidentialPort() {
            return this.confidentialPort;
        }

        public Boolean getPublicClient() {
            return this.publicClient;
        }

        public Credentials getCredentials() {
            return this.credentials;
        }

        public Boolean getBasicAuth() {
            return this.basicAuth;
        }

        public void setRealm(String str) {
            this.realm = str;
        }

        @JsonProperty("auth-server-url")
        public void setAuthServerUrl(String str) {
            this.authServerUrl = str;
        }

        @JsonProperty("ssl-required")
        public void setSslRequired(String str) {
            this.sslRequired = str;
        }

        public void setResource(String str) {
            this.resource = str;
        }

        @JsonProperty("confidential-port")
        public void setConfidentialPort(String str) {
            this.confidentialPort = str;
        }

        @JsonProperty("public-client")
        public void setPublicClient(Boolean bool) {
            this.publicClient = bool;
        }

        public void setCredentials(Credentials credentials) {
            this.credentials = credentials;
        }

        @JsonProperty("enable-basic-auth")
        public void setBasicAuth(Boolean bool) {
            this.basicAuth = bool;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof KeycloakSettings)) {
                return false;
            }
            KeycloakSettings keycloakSettings = (KeycloakSettings) obj;
            if (!keycloakSettings.canEqual(this)) {
                return false;
            }
            Boolean publicClient = getPublicClient();
            Boolean publicClient2 = keycloakSettings.getPublicClient();
            if (publicClient == null) {
                if (publicClient2 != null) {
                    return false;
                }
            } else if (!publicClient.equals(publicClient2)) {
                return false;
            }
            Boolean basicAuth = getBasicAuth();
            Boolean basicAuth2 = keycloakSettings.getBasicAuth();
            if (basicAuth == null) {
                if (basicAuth2 != null) {
                    return false;
                }
            } else if (!basicAuth.equals(basicAuth2)) {
                return false;
            }
            String realm = getRealm();
            String realm2 = keycloakSettings.getRealm();
            if (realm == null) {
                if (realm2 != null) {
                    return false;
                }
            } else if (!realm.equals(realm2)) {
                return false;
            }
            String authServerUrl = getAuthServerUrl();
            String authServerUrl2 = keycloakSettings.getAuthServerUrl();
            if (authServerUrl == null) {
                if (authServerUrl2 != null) {
                    return false;
                }
            } else if (!authServerUrl.equals(authServerUrl2)) {
                return false;
            }
            String sslRequired = getSslRequired();
            String sslRequired2 = keycloakSettings.getSslRequired();
            if (sslRequired == null) {
                if (sslRequired2 != null) {
                    return false;
                }
            } else if (!sslRequired.equals(sslRequired2)) {
                return false;
            }
            String resource = getResource();
            String resource2 = keycloakSettings.getResource();
            if (resource == null) {
                if (resource2 != null) {
                    return false;
                }
            } else if (!resource.equals(resource2)) {
                return false;
            }
            String confidentialPort = getConfidentialPort();
            String confidentialPort2 = keycloakSettings.getConfidentialPort();
            if (confidentialPort == null) {
                if (confidentialPort2 != null) {
                    return false;
                }
            } else if (!confidentialPort.equals(confidentialPort2)) {
                return false;
            }
            Credentials credentials = getCredentials();
            Credentials credentials2 = keycloakSettings.getCredentials();
            return credentials == null ? credentials2 == null : credentials.equals(credentials2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof KeycloakSettings;
        }

        public int hashCode() {
            Boolean publicClient = getPublicClient();
            int hashCode = (1 * 59) + (publicClient == null ? 43 : publicClient.hashCode());
            Boolean basicAuth = getBasicAuth();
            int hashCode2 = (hashCode * 59) + (basicAuth == null ? 43 : basicAuth.hashCode());
            String realm = getRealm();
            int hashCode3 = (hashCode2 * 59) + (realm == null ? 43 : realm.hashCode());
            String authServerUrl = getAuthServerUrl();
            int hashCode4 = (hashCode3 * 59) + (authServerUrl == null ? 43 : authServerUrl.hashCode());
            String sslRequired = getSslRequired();
            int hashCode5 = (hashCode4 * 59) + (sslRequired == null ? 43 : sslRequired.hashCode());
            String resource = getResource();
            int hashCode6 = (hashCode5 * 59) + (resource == null ? 43 : resource.hashCode());
            String confidentialPort = getConfidentialPort();
            int hashCode7 = (hashCode6 * 59) + (confidentialPort == null ? 43 : confidentialPort.hashCode());
            Credentials credentials = getCredentials();
            return (hashCode7 * 59) + (credentials == null ? 43 : credentials.hashCode());
        }

        public String toString() {
            return "KeycloakClientImpl.KeycloakSettings(realm=" + getRealm() + ", authServerUrl=" + getAuthServerUrl() + ", sslRequired=" + getSslRequired() + ", resource=" + getResource() + ", confidentialPort=" + getConfidentialPort() + ", publicClient=" + getPublicClient() + ", credentials=" + getCredentials() + ", basicAuth=" + getBasicAuth() + ")";
        }
    }

    @Override // org.jboss.pnc.bacon.auth.spi.KeycloakClient
    public Credential getCredential(String str, String str2, String str3, String str4) throws KeycloakClientException {
        Optional<Credential> credentialFromCacheFile = CacheFile.getCredentialFromCacheFile(str, str2, str4);
        KeycloakInstalled keycloakInstalled = null;
        if (credentialFromCacheFile.isPresent()) {
            Credential credential = credentialFromCacheFile.get();
            if (credential.isValid()) {
                Credential credential2 = credential;
                keycloakInstalled = new KeycloakInstalled(constructKeycloakSettings(str2, str, str3, false, credential.getRefreshToken(), true));
                try {
                    if (credential.needsNewAccessToken()) {
                        keycloakInstalled.refreshToken(credential.getRefreshToken());
                        credential2 = tokenToCredential(keycloakInstalled, str, str3, str2);
                    }
                    if (!credential2.needsNewAccessToken()) {
                        return credential2;
                    }
                    log.info("Refresh token is close to expiry or has expired. Will request new access token");
                } catch (Exception e) {
                    throw new KeycloakClientException(e);
                }
            }
        }
        if (keycloakInstalled == null) {
            keycloakInstalled = new KeycloakInstalled(constructKeycloakSettings(str2, str, str3, true, null, false));
        }
        try {
            keycloakInstalled.loginManual();
            keycloakInstalled.refreshToken();
            Credential credential3 = tokenToCredential(keycloakInstalled, str, str3, str2);
            CacheFile.writeCredentialToCacheFile(str, str2, keycloakInstalled.getToken().getPreferredUsername(), credential3);
            return credential3;
        } catch (Exception e2) {
            throw new FatalException("Failed to login:", e2);
        }
    }

    @Override // org.jboss.pnc.bacon.auth.spi.KeycloakClient
    public Credential getCredentialServiceAccount(String str, String str2, String str3, String str4) throws KeycloakClientException {
        String keycloakEndpoint = keycloakEndpoint(str, str2);
        try {
            log.debug("Getting token via clientServiceAccountUsername / secret");
            KeycloakResponse keycloakResponseWithRetries = getKeycloakResponseWithRetries(Unirest.post(keycloakEndpoint).field("grant_type", "client_credentials").field("client_id", str3).field("client_secret", str4));
            Instant now = Instant.now();
            return Credential.builder().keycloakBaseUrl(str).realm(str2).client(str3).accessToken(keycloakResponseWithRetries.getAccessToken()).accessTokenExpiresIn(now.plusSeconds(keycloakResponseWithRetries.getExpiresIn())).refreshToken(keycloakResponseWithRetries.getRefreshToken()).refreshTokenExpiresIn(now.plusSeconds(keycloakResponseWithRetries.getRefreshExpiresIn())).build();
        } catch (Exception e) {
            throw new KeycloakClientException(e);
        }
    }

    private KeycloakResponse getKeycloakResponseWithRetries(MultipartBody multipartBody) throws UnirestException {
        int i = 0;
        while (true) {
            try {
                return (KeycloakResponse) multipartBody.asObject(KeycloakResponse.class).getBody();
            } catch (UnirestException e) {
                if (e.getCause().getClass().equals(SSLHandshakeException.class)) {
                    throw new FatalException("Cannot reach the Keycloak server because of missing TLS certificates", e.getCause());
                }
                i++;
                if (i > MAX_RETRIES) {
                    throw e;
                }
                if (i == 5) {
                    log.info("Having difficulty reaching {}. Retrying again...", multipartBody.getUrl());
                }
                sleepExponentially(i);
                log.debug("Retrying to reach: {}", multipartBody.getUrl());
            }
        }
    }

    private void sleepExponentially(int i) {
        long pow = (long) (100.0d * Math.pow(2.0d, i));
        log.debug("Sleeping for {} seconds", String.format("%.1f", Double.valueOf(pow / 1000.0d)));
        try {
            Thread.sleep(pow);
        } catch (InterruptedException e) {
            throw new RuntimeException(e);
        }
    }

    private InputStream constructKeycloakSettings(String str, String str2, String str3, boolean z, String str4, boolean z2) {
        ObjectMapper objectMapper = new ObjectMapper();
        KeycloakSettings keycloakSettings = new KeycloakSettings();
        keycloakSettings.setRealm(str);
        keycloakSettings.setAuthServerUrl(str2 + "/auth");
        keycloakSettings.setSslRequired("none");
        keycloakSettings.setResource(str3);
        keycloakSettings.setConfidentialPort("0");
        if (z) {
            keycloakSettings.setPublicClient(Boolean.valueOf(z));
        } else {
            keycloakSettings.setCredentials(new Credentials(str4));
        }
        if (z2) {
            keycloakSettings.setBasicAuth(true);
        }
        try {
            return new ByteArrayInputStream(objectMapper.writeValueAsString(keycloakSettings).getBytes());
        } catch (JsonProcessingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private Credential tokenToCredential(KeycloakInstalled keycloakInstalled, String str, String str2, String str3) {
        Instant now = Instant.now();
        return Credential.builder().keycloakBaseUrl(str).accessToken(keycloakInstalled.getTokenString()).refreshToken(keycloakInstalled.getRefreshToken()).client(str2).realm(str3).username(keycloakInstalled.getToken().getPreferredUsername()).accessTokenExpiresIn(now.plusSeconds(keycloakInstalled.getTokenResponse().getExpiresIn())).refreshTokenExpiresIn(now.plusSeconds(keycloakInstalled.getTokenResponse().getRefreshExpiresIn())).build();
    }

    static {
        Unirest.config().setObjectMapper(new JacksonObjectMapper());
    }
}
