package info.elexis.server.core.security.oauth2.internal;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import info.elexis.server.core.Host;
import info.elexis.server.core.common.util.CoreUtil;
import java.io.IOException;
import java.nio.file.Files;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.Consts;
import org.apache.http.HttpEntity;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/elexis/server/core/security/oauth2/internal/OAuth2ClientService.class */
public class OAuth2ClientService {
    private Logger logger = LoggerFactory.getLogger(OAuth2ClientService.class);
    private Map<String, TokenCacheObject> authCache = new HashMap();
    private int defaultExpireTime = 300000;
    private boolean forceCacheExpireTime = false;
    private boolean cacheNonExpiringTokens = false;
    private boolean cacheTokens = true;
    private String introspectionEndpointBasicAuthHeaderValue;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:info/elexis/server/core/security/oauth2/internal/OAuth2ClientService$TokenCacheObject.class */
    public class TokenCacheObject {
        OAuth2AccessToken token;
        Date cacheExpire;

        private TokenCacheObject(OAuth2AccessToken oAuth2AccessToken) {
            this.token = oAuth2AccessToken;
            if (this.token.getExpiration() != null && (!OAuth2ClientService.this.forceCacheExpireTime || (OAuth2ClientService.this.forceCacheExpireTime && this.token.getExpiration().getTime() - System.currentTimeMillis() <= OAuth2ClientService.this.defaultExpireTime))) {
                this.cacheExpire = this.token.getExpiration();
                return;
            }
            Calendar calendar = Calendar.getInstance();
            calendar.add(14, OAuth2ClientService.this.defaultExpireTime);
            this.cacheExpire = calendar.getTime();
        }

        /* synthetic */ TokenCacheObject(OAuth2ClientService oAuth2ClientService, OAuth2AccessToken oAuth2AccessToken, TokenCacheObject tokenCacheObject) {
            this(oAuth2AccessToken);
        }
    }

    public boolean checkAccessToken(String str, HttpServletRequest httpServletRequest) {
        return (checkCache(str) == null && parseToken(str) == null) ? false : true;
    }

    public Set<String> getScopes(String str) {
        TokenCacheObject checkCache = checkCache(str);
        if (checkCache != null) {
            return checkCache.token.getScope();
        }
        TokenCacheObject parseToken = parseToken(str);
        return parseToken != null ? parseToken.token.getScope() : Collections.emptySet();
    }

    private String queryIntrospectEndpoint(String str) {
        try {
            if (this.introspectionEndpointBasicAuthHeaderValue == null) {
                initIntrospectionEndpointBasicAuthHeaderValue();
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("token", str));
            UrlEncodedFormEntity urlEncodedFormEntity = new UrlEncodedFormEntity(arrayList, Consts.UTF_8);
            Throwable th = null;
            try {
                CloseableHttpClient build = HttpClientBuilder.create().build();
                try {
                    HttpPost httpPost = new HttpPost(String.valueOf(Host.getLocalhostBaseUrl()) + "openid/introspect");
                    httpPost.setHeader("Authorization", this.introspectionEndpointBasicAuthHeaderValue);
                    httpPost.setEntity(urlEncodedFormEntity);
                    String str2 = (String) build.execute(httpPost, httpResponse -> {
                        if (httpResponse.getStatusLine().getStatusCode() != 200) {
                            this.logger.warn("queryIntrospectEndpoint [{}]", httpResponse);
                            return null;
                        }
                        HttpEntity entity = httpResponse.getEntity();
                        if (entity != null) {
                            return EntityUtils.toString(entity);
                        }
                        return null;
                    });
                    if (build != null) {
                        build.close();
                    }
                    return str2;
                } catch (Throwable th2) {
                    if (build != null) {
                        build.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            this.logger.warn("queryIntrospectEndpoint", e);
            return null;
        }
    }

    private void initIntrospectionEndpointBasicAuthHeaderValue() throws IOException {
        for (String str : Files.readAllLines(CoreUtil.getHomeDirectory().resolve("es-introspection-client.auth"))) {
            if (!str.startsWith("#")) {
                this.introspectionEndpointBasicAuthHeaderValue = "Basic " + Base64.encodeBase64String(str.getBytes());
            }
        }
    }

    private TokenCacheObject checkCache(String str) {
        if (!this.cacheTokens || !this.authCache.containsKey(str)) {
            return null;
        }
        TokenCacheObject tokenCacheObject = this.authCache.get(str);
        if (tokenCacheObject != null && tokenCacheObject.cacheExpire != null && tokenCacheObject.cacheExpire.after(new Date())) {
            return tokenCacheObject;
        }
        this.authCache.remove(str);
        return null;
    }

    private TokenCacheObject parseToken(String str) {
        String queryIntrospectEndpoint = queryIntrospectEndpoint(str);
        if (queryIntrospectEndpoint == null) {
            return null;
        }
        JsonElement parse = new JsonParser().parse(queryIntrospectEndpoint);
        if (!parse.isJsonObject()) {
            return null;
        }
        JsonObject asJsonObject = parse.getAsJsonObject();
        if (asJsonObject.get("error") != null) {
            this.logger.error("Got an error back: " + asJsonObject.get("error") + ", " + asJsonObject.get("error_description"));
            return null;
        }
        if (!asJsonObject.get("active").getAsBoolean()) {
            this.logger.info("Server returned non-active token");
            return null;
        }
        OAuth2AccessToken createAccessToken = createAccessToken(asJsonObject, str);
        if (createAccessToken.getExpiration() != null && !createAccessToken.getExpiration().after(new Date())) {
            return null;
        }
        TokenCacheObject tokenCacheObject = new TokenCacheObject(this, createAccessToken, null);
        if (this.cacheTokens && (this.cacheNonExpiringTokens || createAccessToken.getExpiration() != null)) {
            this.authCache.put(str, tokenCacheObject);
        }
        return tokenCacheObject;
    }

    private OAuth2AccessToken createAccessToken(JsonObject jsonObject, String str) {
        return new OAuth2AccessTokenImpl(jsonObject, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth2AccessToken getIntrospectionToken(String str) {
        TokenCacheObject checkCache = checkCache(str);
        if (checkCache != null) {
            return checkCache.token;
        }
        TokenCacheObject parseToken = parseToken(str);
        if (parseToken != null) {
            return parseToken.token;
        }
        throw new IllegalStateException("Could not find OAuth2AccessToken in cache");
    }
}
