package org.kathra.utils.security;

import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.HttpClient;
import org.kathra.core.model.Assignation;
import org.kathra.core.model.User;
import org.kathra.utils.KathraApiResponse;
import org.kathra.utils.KathraException;
import org.kathra.utils.Session;
import org.kathra.utils.serialization.GsonUtils;
import org.keycloak.authorization.client.AuthorizationDeniedException;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.authorization.client.representation.TokenIntrospectionResponse;
import org.keycloak.authorization.client.resource.ProtectedResource;
import org.keycloak.authorization.client.util.HttpResponseException;
import org.keycloak.representations.idm.authorization.AuthorizationRequest;
import org.keycloak.representations.idm.authorization.Permission;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.slf4j.Logger;

/* loaded from: input_file:org/kathra/utils/security/KeycloakUtils.class */
public class KeycloakUtils {
    static KeycloakConfig config = new KeycloakConfig();
    static AuthzClient authzClient;
    static ProtectedResource resourceClient;

    public static String login(String str, String str2) {
        return authzClient.obtainAccessToken(str, str2).getToken();
    }

    public static void init() {
    }

    public static Map getUserInfos(String str) throws Exception {
        URLConnection openConnection = new URL(authzClient.getConfiguration().getAuthServerUrl() + "/realms/" + authzClient.getConfiguration().getRealm() + "/protocol/openid-connect/userinfo").openConnection();
        openConnection.setRequestProperty("Authorization", "Bearer " + str);
        return (Map) GsonUtils.gson.fromJson(IOUtils.toString(openConnection.getInputStream(), "UTF-8"), HashMap.class);
    }

    public static void handleAuthentication(Session session, Logger logger, String str) throws Exception {
        String substring;
        KathraException errorCode = new KathraException("Unauthorized. It appears that you don't have permission to access this page. Please make sure you're authorized to view this content.").errorCode(KathraException.ErrorCode.UNAUTHORIZED);
        if (!str.isEmpty() && (substring = str.substring(7)) != null && !substring.isEmpty()) {
            try {
                Map userInfos = getUserInfos(substring);
                User name = new User().firstName((String) userInfos.get("given_name")).lastName((String) userInfos.get("family_name")).id((String) userInfos.get("sub")).email((String) userInfos.get("email")).name((String) userInfos.get("preferred_username"));
                session.userObject(name).callerName(name.getName());
                Stream map = ((List) userInfos.get("groups")).stream().filter(str2 -> {
                    return str2.startsWith("/kathra-projects");
                }).map(str3 -> {
                    return new Assignation().id(str3);
                });
                Objects.requireNonNull(name);
                map.forEach(name::addGroupsItem);
                if (name.getGroups() == null) {
                    name.groups(new ArrayList());
                }
                session.accessToken(substring);
                session.authenticated(true);
            } catch (IOException e) {
                e.printStackTrace();
                if (!e.getMessage().contains("401")) {
                    throw new KathraException(e.getMessage()).errorCode(KathraException.ErrorCode.INTERNAL_SERVER_ERROR);
                }
                session.setCallerName("Unauthorized user");
                logger.info("{} - {} \"{}\" {}", new Object[]{session.getCallerAddress(), session.getCallerName(), session.getRequestedOperation(), session.getUserAgent()});
                throw errorCode;
            }
        }
        if (session.isAuthenticated()) {
            return;
        }
        session.setCallerName("Unauthenticated user");
        logger.info("{} - {} \"{}\" {}", new Object[]{session.getCallerAddress(), session.getCallerName(), session.getRequestedOperation(), session.getUserAgent()});
        throw errorCode;
    }

    public static String createResource(Session session, String str, String str2, List<String> list, String str3) throws Exception {
        HashSet hashSet = new HashSet();
        String simpleTypeFromType = getSimpleTypeFromType(str);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(new ScopeRepresentation(it.next()));
        }
        return createResourceAllParams(session, str, str2, hashSet, Map.of("owner-group", str3), str2, "/" + simpleTypeFromType + "/" + str2);
    }

    public static String createResource(Session session, String str, String str2, List<String> list, Map<String, String> map) throws Exception {
        HashSet hashSet = new HashSet();
        String simpleTypeFromType = getSimpleTypeFromType(str);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(new ScopeRepresentation(it.next()));
        }
        return createResourceAllParams(session, str, str2, hashSet, map, str2, "/" + simpleTypeFromType + "/" + str2);
    }

    private static String getSimpleTypeFromType(String str) {
        String[] split = str.split(":");
        return split[split.length - 1];
    }

    private static String createResourceAllParams(Session session, String str, String str2, Set<ScopeRepresentation> set, Map<String, String> map, String str3, String str4) throws Exception {
        if (resourceClient.findByName(str3) != null) {
            throw new KathraException("Protected resource " + str3 + " already exists");
        }
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setType(str);
        resourceRepresentation.setName(str3);
        resourceRepresentation.setOwner(session.getCallerName());
        resourceRepresentation.setId(str2);
        resourceRepresentation.setUris(Set.of(str4));
        resourceRepresentation.setScopes(set);
        HashMap hashMap = new HashMap();
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                hashMap.put(entry.getKey(), Arrays.asList(entry.getValue()));
            }
        }
        resourceRepresentation.setAttributes(hashMap);
        return resourceClient.create(resourceRepresentation).getName();
    }

    public static List<String> getResourcesByType(Session session, String str, String str2) throws Exception {
        List asList;
        ArrayList arrayList = new ArrayList();
        do {
            asList = Arrays.asList(resourceClient.find((String) null, (String) null, (String) null, (String) null, str, StringUtils.isEmpty(str2) ? null : str2, false, Integer.valueOf(arrayList.size()), 500));
            arrayList.addAll(asList);
        } while (asList.size() == 500);
        return (List) getPermissionsForResources(session, arrayList, List.of(str2)).parallelStream().map(permission -> {
            return permission.getResourceName();
        }).collect(Collectors.toList());
    }

    public static String getResourceByName(Session session, String str, String str2) throws Exception {
        LinkedList linkedList = new LinkedList();
        ResourceRepresentation findByName = resourceClient.findByName(str);
        if (findByName == null) {
            throw new KathraException("Requesteds resource " + str + " does not exist");
        }
        linkedList.add(findByName.getId());
        return getPermissionsForResources(session, linkedList, Collections.singletonList(str2)).get(0).getResourceName();
    }

    public static String getResourceById(Session session, String str, String str2) throws Exception {
        LinkedList linkedList = new LinkedList();
        ResourceRepresentation resourceRepresentation = null;
        try {
            resourceRepresentation = resourceClient.findById(str);
        } catch (RuntimeException e) {
            if (e.getCause() != null && HttpResponseException.class.isInstance(e.getCause()) && e.getCause().getStatusCode() == KathraApiResponse.HttpStatusCode.NOT_FOUND.getCode()) {
                throw new KathraException("Resource not found : " + str, e, KathraException.ErrorCode.NOT_FOUND);
            }
        }
        if (resourceRepresentation == null) {
            throw new KathraException("Internal error while requesting resource : " + str);
        }
        linkedList.add(resourceRepresentation.getId());
        List<Permission> permissionsForResources = getPermissionsForResources(session, linkedList, Collections.singletonList(str2));
        if (permissionsForResources.isEmpty()) {
            return null;
        }
        return permissionsForResources.get(0).getResourceName();
    }

    private static List<Permission> getPermissionsForResources(Session session, List<String> list, List<String> list2) throws Exception {
        String accessToken = session.getAccessToken();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            authorizationRequest.addPermission(it.next(), list2);
        }
        try {
            TokenIntrospectionResponse introspectRequestingPartyToken = authzClient.protection().introspectRequestingPartyToken(authzClient.authorization(accessToken).authorize(authorizationRequest).getToken());
            if (introspectRequestingPartyToken == null || !introspectRequestingPartyToken.getActive().booleanValue()) {
                throw new KathraException("RPT is inactive").errorCode(KathraException.ErrorCode.INTERNAL_SERVER_ERROR);
            }
            return introspectRequestingPartyToken.getPermissions();
        } catch (AuthorizationDeniedException e) {
            e.printStackTrace();
            return new ArrayList();
        }
    }

    public static void deleteResource(Session session, String str, String str2) throws Exception {
        LinkedList linkedList = new LinkedList();
        ResourceRepresentation findById = resourceClient.findById(str);
        if (findById == null) {
            throw new KathraException("Requesteds resource with id " + str + " does not exist");
        }
        linkedList.add(findById.getId());
        authzClient.protection().resource().delete(getPermissionsForResources(session, linkedList, Collections.singletonList(str2)).get(0).getResourceId());
    }

    public static void deleteResourceScope(Session session, String str, String str2) throws Exception {
        LinkedList linkedList = new LinkedList();
        ResourceRepresentation findById = resourceClient.findById(str);
        if (findById == null) {
            throw new KathraException("Requesteds resource with id " + str + " does not exist");
        }
        linkedList.add(findById.getId());
        findById.setScopes((Set) findById.getScopes().stream().filter(scopeRepresentation -> {
            return !scopeRepresentation.getName().equals(str2);
        }).collect(Collectors.toSet()));
        authzClient.protection().resource().update(findById);
    }

    static {
        String keycloakAuthUrl = config.getKeycloakAuthUrl();
        String keycloakRealm = config.getKeycloakRealm();
        String keycloakClientId = config.getKeycloakClientId();
        String keycloakClientSecret = config.getKeycloakClientSecret();
        HashMap hashMap = new HashMap();
        hashMap.put("secret", keycloakClientSecret);
        authzClient = AuthzClient.create(new Configuration(keycloakAuthUrl, keycloakRealm, keycloakClientId, hashMap, (HttpClient) null));
        resourceClient = authzClient.protection().resource();
    }
}
