package ch.elexis.core.ui.eenv.login;

import ch.elexis.core.eenv.KeycloakUser;
import ch.elexis.core.model.IContact;
import ch.elexis.core.model.IUser;
import ch.elexis.core.services.holder.CoreModelServiceHolder;
import com.github.scribejava.apis.KeycloakApi;
import com.github.scribejava.apis.openid.OpenIdOAuth2AccessToken;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.oauth.OAuth20Service;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import org.eclipse.jface.dialogs.Dialog;
import org.eclipse.swt.browser.LocationAdapter;
import org.eclipse.swt.browser.LocationEvent;
import org.eclipse.swt.chromium.Browser;
import org.eclipse.swt.graphics.Point;
import org.eclipse.swt.layout.GridData;
import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Control;
import org.eclipse.swt.widgets.Shell;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ch/elexis/core/ui/eenv/login/ElexisEnvironmentLoginDialog.class */
public class ElexisEnvironmentLoginDialog extends Dialog {
    private final String CALLBACK_URL = "http://localhost:11223/elexis-rcp-callback";
    private Logger logger;
    private final OAuth20Service oauthService;
    private JwtParser jwtParser;
    private IUser user;
    private Browser browser;

    public ElexisEnvironmentLoginDialog(Shell shell, String str, String str2, String str3) {
        super(shell);
        this.CALLBACK_URL = "http://localhost:11223/elexis-rcp-callback";
        this.logger = LoggerFactory.getLogger(getClass());
        this.oauthService = new ServiceBuilder("elexis-rcp-openid").apiSecret(str).defaultScope("openid").callback("http://localhost:11223/elexis-rcp-callback").build(KeycloakApi.instance(str2, "ElexisEnvironment"));
        try {
            this.jwtParser = Jwts.parserBuilder().setSigningKey((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str3)))).build();
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            this.logger.error("Initialization error", e);
        }
    }

    protected Control createDialogArea(Composite composite) {
        this.browser = new Browser(composite, 0);
        this.browser.setLayoutData(new GridData(4, 4, true, true, 1, 1));
        this.browser.setUrl(this.oauthService.getAuthorizationUrl());
        this.browser.addLocationListener(new LocationAdapter() { // from class: ch.elexis.core.ui.eenv.login.ElexisEnvironmentLoginDialog.1
            public void changing(LocationEvent locationEvent) {
                if (locationEvent.location.contains("localhost:11223/elexis-rcp-callback")) {
                    ElexisEnvironmentLoginDialog.this.browser.setText("<HTML>Logging in ...</HTML>");
                    ElexisEnvironmentLoginDialog.this.parseCallback(locationEvent.location);
                    locationEvent.doit = false;
                }
                super.changing(locationEvent);
            }
        });
        return composite;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void parseCallback(String str) {
        String replace = str.replace("http://", "").replace("https://", "").replace("localhost:11223/elexis-rcp-callback?", "");
        for (String str2 : replace.split("&")) {
            String[] split = str2.split("=");
            if (split.length == 2 && "code".equals(split[0])) {
                handleExchange(split[1]);
                return;
            }
        }
        this.browser.setText("<HTML><B>Invalid callback url</B> " + replace + "</HTML>");
        this.logger.warn("Invalid callback url [{}]", replace);
    }

    private void handleExchange(String str) {
        try {
            OpenIdOAuth2AccessToken openIdOAuth2AccessToken = (OpenIdOAuth2AccessToken) this.oauthService.getAccessToken(str);
            Jws<Claims> parseClaimsJws = this.jwtParser.parseClaimsJws(openIdOAuth2AccessToken.getAccessToken());
            this.logger.debug("accessToken [{}]", openIdOAuth2AccessToken.getAccessToken());
            String str2 = (String) parseClaimsJws.getBody().get("preferred_username", String.class);
            String str3 = (String) parseClaimsJws.getBody().get("given_name", String.class);
            String str4 = (String) parseClaimsJws.getBody().get("family_name", String.class);
            long time = parseClaimsJws.getBody().getIssuedAt().getTime();
            long time2 = parseClaimsJws.getBody().getExpiration().getTime();
            String str5 = (String) parseClaimsJws.getBody().get("ecid", String.class);
            validateAssignedContactId(str5);
            Set<String> parseRoles = parseRoles(parseClaimsJws);
            if (!parseRoles.contains("user")) {
                throw new IllegalStateException("(Required) User role not assigned");
            }
            this.user = new KeycloakUser(CoreModelServiceHolder.get(), str2, str3, str4, time, time2, str5, parseRoles);
            okPressed();
        } catch (IOException | IllegalStateException | InterruptedException | ExecutionException e) {
            this.logger.error("Error in handling exchange", e);
            cancelPressed();
        }
    }

    private Set<String> parseRoles(Jws<Claims> jws) {
        Map map;
        List list;
        List list2;
        HashSet hashSet = new HashSet();
        Map map2 = (Map) jws.getBody().get("realm_access");
        if (map2 != null && (list2 = (List) map2.get("roles")) != null) {
            hashSet.addAll(list2);
        }
        Map map3 = (Map) jws.getBody().get("resource_access");
        if (map3 != null && (map = (Map) map3.get("elexis-rcp-openid")) != null && (list = (List) map.get("roles")) != null) {
            hashSet.addAll(list);
        }
        return hashSet;
    }

    private void validateAssignedContactId(String str) {
        Optional empty = Optional.empty();
        if (str != null) {
            empty = CoreModelServiceHolder.get().load(str, IContact.class);
        }
        if (!empty.isPresent()) {
            throw new IllegalStateException("Invalid assignedContactId [" + str + "]");
        }
    }

    protected void createButtonsForButtonBar(Composite composite) {
        composite.getLayout().marginHeight = 0;
    }

    protected Point getInitialSize() {
        return new Point(640, 680);
    }

    public IUser getUser() {
        return this.user;
    }
}
