package org.endeavourhealth.common.security.keycloak.client;

import com.mysql.cj.core.conf.PropertyDefinitions;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import javax.ws.rs.core.MediaType;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicNameValuePair;
import org.keycloak.admin.client.resource.BearerAuthFilter;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.util.JsonSerialization;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/security-1.0-20170818.142221-3.jar:org/endeavourhealth/common/security/keycloak/client/KeycloakClient.class
 */
/* loaded from: input_file:WEB-INF/lib/security-1.0-SNAPSHOT.jar:org/endeavourhealth/common/security/keycloak/client/KeycloakClient.class */
public class KeycloakClient {
    protected static final Logger LOG = LoggerFactory.getLogger((Class<?>) KeycloakClient.class);
    private static KeycloakClient instance;
    private String baseUrl;
    private String realm;
    private String username;
    private String password;
    private String clientId;
    private AccessTokenResponse currentToken;
    private Date expirationTime;
    private Date refreshTokenExpirationTime;

    public KeycloakClient(String str, String str2, String str3, String str4, String str5) {
        this.baseUrl = str;
        this.realm = str2;
        this.username = str3;
        this.password = str4;
        this.clientId = str5;
    }

    public static void init(String str, String str2, String str3, String str4, String str5) {
        instance = new KeycloakClient(str, str2, str3, str4, str5);
    }

    public static KeycloakClient instance() {
        return instance;
    }

    public AccessTokenResponse getToken() throws IOException {
        if (this.currentToken == null || refreshTokenExpired()) {
            LOG.trace("No token set or refresh token has expired, getting a new one...");
            this.currentToken = getTokenInternal();
            setExpirationTime();
            setRefreshExpirationTime();
        } else if (tokenExpired()) {
            LOG.trace("Token has expired, refreshing now...");
            this.currentToken = refreshToken();
            setExpirationTime();
        }
        return this.currentToken;
    }

    private void setExpirationTime() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, (int) this.currentToken.getExpiresIn());
        this.expirationTime = calendar.getTime();
        if (LOG.isTraceEnabled()) {
            LOG.trace("Access token expires: '{}'", this.expirationTime.toString());
        }
    }

    private void setRefreshExpirationTime() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, (int) this.currentToken.getRefreshExpiresIn());
        this.refreshTokenExpirationTime = calendar.getTime();
        if (LOG.isTraceEnabled()) {
            LOG.trace("Refresh token expires: '{}'", this.refreshTokenExpirationTime.toString());
        }
    }

    private boolean refreshTokenExpired() {
        return new Date().after(this.refreshTokenExpirationTime);
    }

    private boolean tokenExpired() {
        return new Date().after(this.expirationTime);
    }

    public Header getAuthorizationHeader() throws IOException {
        return new BasicHeader("Authorization", BearerAuthFilter.AUTH_HEADER_PREFIX + getToken().getToken());
    }

    AccessTokenResponse getTokenInternal() throws IOException {
        CloseableHttpClient build = HttpClientBuilder.create().build();
        try {
            LOG.debug("Building keycloak connection from base : [" + this.baseUrl + "], path : [/realms/{realm-name}/protocol/openid-connect/token], realm : [" + this.realm + "]");
            String uri = KeycloakUriBuilder.fromUri(this.baseUrl).path("/realms/{realm-name}/protocol/openid-connect/token").build(new Object[]{this.realm}).toString();
            LOG.debug("Built url : [" + uri + "]");
            HttpPost httpPost = new HttpPost(uri);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("username", this.username));
            arrayList.add(new BasicNameValuePair(PropertyDefinitions.PNAME_password, this.password));
            arrayList.add(new BasicNameValuePair("grant_type", PropertyDefinitions.PNAME_password));
            arrayList.add(new BasicNameValuePair("client_id", this.clientId));
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            LOG.debug("POST URL reporting : [" + httpPost.getURI().toString() + "]");
            CloseableHttpResponse execute = build.execute((HttpUriRequest) httpPost);
            int statusCode = execute.getStatusLine().getStatusCode();
            HttpEntity entity = execute.getEntity();
            if (statusCode != 200) {
                String content = getContent(entity);
                LOG.trace("Failed to log in: '{}'", content);
                throw new IOException("Bad status: " + statusCode + " response: " + content);
            }
            if (entity == null) {
                LOG.trace("Failed to log in, no entity");
                throw new IOException("No Entity");
            }
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) JsonSerialization.readValue(getContent(entity), AccessTokenResponse.class);
            build.close();
            return accessTokenResponse;
        } catch (Throwable th) {
            build.close();
            throw th;
        }
    }

    AccessTokenResponse refreshToken() throws IOException {
        CloseableHttpClient createDefault = HttpClients.createDefault();
        try {
            HttpPost httpPost = new HttpPost(KeycloakUriBuilder.fromUri(this.baseUrl).path("/realms/{realm-name}/protocol/openid-connect/token").build(new Object[]{this.realm}));
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("grant_type", "refresh_token"));
            arrayList.add(new BasicNameValuePair("client_id", this.clientId));
            arrayList.add(new BasicNameValuePair("refresh_token", this.currentToken.getRefreshToken()));
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            CloseableHttpResponse execute = createDefault.execute((HttpUriRequest) httpPost);
            int statusCode = execute.getStatusLine().getStatusCode();
            HttpEntity entity = execute.getEntity();
            if (statusCode != 200) {
                throw new IOException("Bad status: " + statusCode + " response: " + getContent(entity));
            }
            if (entity == null) {
                throw new IOException("No Entity");
            }
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) JsonSerialization.readValue(getContent(entity), AccessTokenResponse.class);
            createDefault.close();
            return accessTokenResponse;
        } catch (Throwable th) {
            createDefault.close();
            throw th;
        }
    }

    public String getContent(HttpEntity httpEntity) throws IOException {
        if (httpEntity == null) {
            return null;
        }
        InputStream content = httpEntity.getContent();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = content.read();
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(read);
            }
            return new String(byteArrayOutputStream.toByteArray());
        } finally {
            try {
                content.close();
            } catch (IOException e) {
            }
        }
    }

    public UserRepresentation getUserAccount() throws IOException {
        CloseableHttpClient createDefault = HttpClients.createDefault();
        try {
            HttpGet httpGet = new HttpGet(KeycloakUriBuilder.fromUri(this.baseUrl).path("/realms/{realm-name}/account").build(new Object[]{this.realm}));
            System.out.println(httpGet.getURI().toString());
            httpGet.setHeader(getAuthorizationHeader());
            httpGet.setHeader("Accept", MediaType.APPLICATION_JSON);
            CloseableHttpResponse execute = createDefault.execute((HttpUriRequest) httpGet);
            int statusCode = execute.getStatusLine().getStatusCode();
            HttpEntity entity = execute.getEntity();
            if (statusCode != 200) {
                throw new IOException("Bad status: " + statusCode + " response: " + getContent(entity));
            }
            if (entity == null) {
                throw new IOException("No Entity");
            }
            UserRepresentation userRepresentation = (UserRepresentation) JsonSerialization.readValue(getContent(entity), UserRepresentation.class);
            createDefault.close();
            return userRepresentation;
        } catch (Throwable th) {
            createDefault.close();
            throw th;
        }
    }
}
