package ch.elexis.mednet.webapi.core.auth;

import ch.elexis.core.services.IConfigService;
import ch.elexis.mednet.webapi.core.IMednetAuthService;
import ch.elexis.mednet.webapi.core.IMednetAuthUi;
import ch.elexis.mednet.webapi.core.constants.ApiConstants;
import ch.elexis.mednet.webapi.core.constants.PreferenceConstants;
import ch.elexis.mednet.webapi.core.messages.Messages;
import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.Random;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.slf4j.LoggerFactory;

@Component
/* loaded from: input_file:ch/elexis/mednet/webapi/core/auth/MednetAuthService.class */
public class MednetAuthService implements IMednetAuthService {

    @Reference
    private IConfigService configService;

    @Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY)
    private IMednetAuthUi authUi;
    private boolean useQueryParam = true;
    private String currentState;
    private String currentCodeVerifier;

    @Override // ch.elexis.mednet.webapi.core.IMednetAuthService
    public Optional<String> getToken(Map<String, Object> map) {
        if (this.configService == null) {
            LoggerFactory.getLogger(getClass()).error("configService is null!");
            return Optional.empty();
        }
        String str = (String) map.get(PreferenceConstants.TOKEN_GROUP);
        if (StringUtils.isNotBlank(str)) {
            Optional<String> validateToken = validateToken(this.configService.getActiveMandator("mednet/auth/token/" + str, (String) null), str);
            if (validateToken.isEmpty() && this.authUi != null) {
                return getToken(str, this.authUi);
            }
            if (validateToken.isPresent()) {
                return validateToken;
            }
        }
        return Optional.empty();
    }

    @Override // ch.elexis.mednet.webapi.core.IMednetAuthService
    public Optional<String> delToken(Map<String, Object> map) {
        BundleContext bundleContext = FrameworkUtil.getBundle(getClass()).getBundleContext();
        ServiceReference serviceReference = bundleContext.getServiceReference(IMednetAuthService.class);
        if (serviceReference != null) {
            try {
                this.configService.setActiveMandator("mednet/auth/token/" + PreferenceConstants.TOKEN_GROUP_KEY, (String) null);
                this.configService.setActiveMandator("mednet/auth/tokenexpires/" + PreferenceConstants.TOKEN_GROUP_KEY, (String) null);
                this.configService.setActiveMandator("mednet/auth/refreshtoken/" + PreferenceConstants.TOKEN_GROUP_KEY, (String) null);
            } catch (Exception e) {
                LoggerFactory.getLogger(getClass()).error("Error when removing token", e);
            } finally {
                bundleContext.ungetService(serviceReference);
            }
        }
        return Optional.empty();
    }

    private Optional<String> getToken(String str, IMednetAuthUi iMednetAuthUi) {
        Optional<String> authCode = getAuthCode(str, iMednetAuthUi);
        if (authCode.isPresent()) {
            return getAccessToken(str, authCode.get(), getOauthRestUrl());
        }
        LoggerFactory.getLogger(getClass()).warn("No auth code for [" + str + "]");
        return Optional.empty();
    }

    private String getOauthRestUrl() {
        return this.configService.get(PreferenceConstants.PREF_RESTBASEURL, ApiConstants.BASE_URI);
    }

    private Optional<String> getAccessTokenWithRefresh(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "refresh_token");
        hashMap.put("refresh_token", str2);
        hashMap.put("client_id", getClientId());
        hashMap.put("client_secret", getClientSecret());
        try {
            HttpResponse send = HttpClient.newHttpClient().send(HttpRequest.newBuilder().uri(URI.create(str3 + "GetAccessToken")).headers(new String[]{"Content-Type", "application/x-www-form-urlencoded"}).POST(HttpRequest.BodyPublishers.ofString((String) hashMap.entrySet().stream().map(entry -> {
                return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8);
            }).collect(Collectors.joining("&")))).build(), HttpResponse.BodyHandlers.ofString());
            if (send.statusCode() < 200 || send.statusCode() >= 300) {
                LoggerFactory.getLogger(getClass()).error("Getting refreshed access token failed [" + send.statusCode() + " " + ((String) send.body()) + "]");
            } else {
                try {
                    Map map = (Map) new Gson().fromJson((String) send.body(), Map.class);
                    String str4 = (String) map.get("access_token");
                    this.configService.setActiveMandator("mednet/auth/token/" + str, str4);
                    String str5 = (String) map.get("refresh_token");
                    if (StringUtils.isNotBlank(str5)) {
                        this.configService.setActiveMandator("mednet/auth/refreshtoken/" + str, str5);
                    }
                    Long valueOf = Long.valueOf(System.currentTimeMillis() + (((Double) map.get("expires_in")).longValue() * 1000));
                    this.configService.setActiveMandator("mednet/auth/tokenexpires/" + str, Long.toString(valueOf.longValue()));
                    LoggerFactory.getLogger(getClass()).info("Got refreshed access token for [{}] expires [{}]", str, Long.toString(valueOf.longValue()));
                    return Optional.of(str4);
                } catch (JsonSyntaxException e) {
                    LoggerFactory.getLogger(getClass()).error("The answer is not a valid JSON: " + send.statusCode(), e);
                }
            }
        } catch (IOException | InterruptedException e2) {
            LoggerFactory.getLogger(getClass()).error("Error getting refreshed access token", e2);
        }
        return Optional.empty();
    }

    public Optional<String> getAuthCode(String str, IMednetAuthUi iMednetAuthUi) {
        String generateCodeVerifier = generateCodeVerifier();
        String generateCodeChallenge = generateCodeChallenge(generateCodeVerifier);
        this.currentCodeVerifier = generateCodeVerifier;
        String currentState = getCurrentState(true);
        String queryParamUrl = getQueryParamUrl(str, generateCodeChallenge, currentState);
        iMednetAuthUi.openBrowser(queryParamUrl);
        LoggerFactory.getLogger(getClass()).info("Browser opened with URL: {}", queryParamUrl);
        Object withCancelableProgress = iMednetAuthUi.getWithCancelableProgress(Messages.MednetAuthService_browserAuthorizationPrompt, new GetAuthCodeWithStateSupplier(currentState));
        if (withCancelableProgress instanceof String) {
            LoggerFactory.getLogger(getClass()).info("Authorization Code received: {}", withCancelableProgress);
            return Optional.of((String) withCancelableProgress);
        }
        LoggerFactory.getLogger(getClass()).warn("No authorization code received.");
        return Optional.empty();
    }

    private String getQueryParamUrl(String str, String str2, String str3) {
        String oauthRestUrl = getOauthRestUrl();
        if (!oauthRestUrl.endsWith("/")) {
            oauthRestUrl = oauthRestUrl + "/";
        }
        StringBuilder sb = new StringBuilder();
        sb.append(oauthRestUrl);
        sb.append("connect/authorize?");
        sb.append("response_type=code");
        sb.append("&client_id=").append(URLEncoder.encode(getClientId(), StandardCharsets.UTF_8));
        sb.append("&redirect_uri=").append(URLEncoder.encode(getRedirectUri(), StandardCharsets.UTF_8));
        sb.append("&scope=").append(URLEncoder.encode("openid profile mednet-web is-api email role offline_access", StandardCharsets.UTF_8));
        sb.append("&state=").append(URLEncoder.encode(str3, StandardCharsets.UTF_8));
        sb.append("&code_challenge=").append(URLEncoder.encode(str2, StandardCharsets.UTF_8));
        sb.append("&code_challenge_method=S256");
        sb.append("&login_hint=").append(URLEncoder.encode(getLoginHint(), StandardCharsets.UTF_8));
        LoggerFactory.getLogger(getClass()).info("Authorization URL: {}", sb.toString());
        return sb.toString();
    }

    private String getLoginHint() {
        if (this.configService == null) {
            throw new IllegalStateException("IConfigService ist nicht initialisiert.");
        }
        String activeUserContact = this.configService.getActiveUserContact(PreferenceConstants.MEDNET_USER_STRING, "");
        if (activeUserContact == null || activeUserContact.trim().isEmpty()) {
            LoggerFactory.getLogger(getClass()).warn("Kein Login-Hinweis in den Einstellungen gefunden.");
        } else {
            LoggerFactory.getLogger(getClass()).info("Login-Hinweis abgerufen: {}", activeUserContact);
        }
        return activeUserContact;
    }

    private Optional<String> getAccessToken(String str, String str2, String str3) {
        HttpResponse send;
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str2);
        hashMap.put("redirect_uri", getRedirectUri());
        hashMap.put("client_id", getClientId());
        hashMap.put("client_secret", getClientSecret());
        hashMap.put("code_verifier", this.currentCodeVerifier);
        String str4 = (String) hashMap.entrySet().stream().map(entry -> {
            return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8);
        }).collect(Collectors.joining("&"));
        try {
            send = HttpClient.newHttpClient().send(HttpRequest.newBuilder().uri(URI.create(str3 + "/connect/token")).header("Content-Type", "application/x-www-form-urlencoded").POST(HttpRequest.BodyPublishers.ofString(str4)).build(), HttpResponse.BodyHandlers.ofString());
        } catch (IOException | InterruptedException e) {
            LoggerFactory.getLogger(getClass()).error("Error getting access token", e);
        }
        if (send.statusCode() < 200 || send.statusCode() >= 300) {
            LoggerFactory.getLogger(getClass()).error("Getting access token failed [{} {}]", Integer.valueOf(send.statusCode()), send.body());
            return Optional.empty();
        }
        Map map = (Map) new Gson().fromJson((String) send.body(), Map.class);
        String str5 = (String) map.get("access_token");
        this.configService.setActiveMandator("mednet/auth/token/" + str, str5);
        String str6 = (String) map.get("refresh_token");
        if (StringUtils.isNotBlank(str6)) {
            this.configService.setActiveMandator("mednet/auth/refreshtoken/" + str, str6);
        }
        Long valueOf = Long.valueOf(System.currentTimeMillis() + (((Double) map.get("expires_in")).longValue() * 1000));
        this.configService.setActiveMandator("mednet/auth/tokenexpires/" + str, Long.toString(valueOf.longValue()));
        LoggerFactory.getLogger(getClass()).info("Got access token for [{}] expires [{}]", str, valueOf);
        return Optional.of(str5);
    }

    private String generateCodeVerifier() {
        byte[] bArr = new byte[64];
        new Random().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr).substring(0, 43);
    }

    private String generateCodeChallenge(String str) {
        try {
            return Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance("SHA-256").digest(str.getBytes(StandardCharsets.US_ASCII)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("SHA-256 Algorithm not available.", e);
        }
    }

    private String getRedirectUri() {
        return ApiConstants.BASE_REDERICT_URI;
    }

    private String getCurrentState(boolean z) {
        if (z) {
            this.currentState = UUID.randomUUID().toString();
        }
        return this.currentState;
    }

    /* JADX WARN: Finally extract failed */
    private String getClientId() {
        Throwable th = null;
        try {
            try {
                InputStream resourceAsStream = getClass().getResourceAsStream("/rsc/id.properties");
                if (resourceAsStream == null) {
                    if (resourceAsStream == null) {
                        return "";
                    }
                    resourceAsStream.close();
                    return "";
                }
                try {
                    Properties properties = new Properties();
                    properties.load(resourceAsStream);
                    String property = properties.getProperty("client_id");
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return property;
                } catch (Throwable th2) {
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            LoggerFactory.getLogger(getClass()).error("Error loading id properties", e);
            return "";
        }
    }

    /* JADX WARN: Finally extract failed */
    private String getClientSecret() {
        Throwable th = null;
        try {
            try {
                InputStream resourceAsStream = getClass().getResourceAsStream("/rsc/id.properties");
                if (resourceAsStream == null) {
                    if (resourceAsStream == null) {
                        return "";
                    }
                    resourceAsStream.close();
                    return "";
                }
                try {
                    Properties properties = new Properties();
                    properties.load(resourceAsStream);
                    String property = properties.getProperty("client_secret");
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return property;
                } catch (Throwable th2) {
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            LoggerFactory.getLogger(getClass()).error("Error loading id properties", e);
            return "";
        }
    }

    private Optional<String> validateToken(String str, String str2) {
        if (StringUtils.isNotBlank(str)) {
            String activeMandator = this.configService.getActiveMandator("mednet/auth/tokenexpires/" + str2, (String) null);
            if (StringUtils.isNotBlank(activeMandator)) {
                if (System.currentTimeMillis() <= Long.valueOf(Long.parseLong(activeMandator)).longValue()) {
                    return Optional.of(str);
                }
                String activeMandator2 = this.configService.getActiveMandator("mednet/auth/refreshtoken/" + str2, (String) null);
                if (StringUtils.isNotBlank(activeMandator2)) {
                    Optional<String> accessTokenWithRefresh = getAccessTokenWithRefresh(str2, activeMandator2, getOauthRestUrl());
                    if (accessTokenWithRefresh.isPresent()) {
                        return accessTokenWithRefresh;
                    }
                    this.configService.setActiveMandator("mednet/auth/refreshtoken/" + str2, (String) null);
                }
                this.configService.setActiveMandator("mednet/auth/token/" + str2, (String) null);
                this.configService.setActiveMandator("mednet/auth/tokenexpires/" + str2, (String) null);
            }
        }
        return Optional.empty();
    }

    @Override // ch.elexis.mednet.webapi.core.IMednetAuthService
    public Optional<String> handleException(Exception exc, Map<String, Object> map) {
        if (!exc.getMessage().contains("HTTP response code: 401")) {
            return Optional.empty();
        }
        String str = (String) map.get(PreferenceConstants.TOKEN_GROUP);
        LoggerFactory.getLogger(getClass()).info("Got HTTP 401 invalidating token for [{}]", str);
        this.configService.setActiveMandator("mednet/auth/token/" + str, (String) null);
        this.configService.setActiveMandator("mednet/auth/tokenexpires/" + str, (String) null);
        return Optional.of("HIN oAuth token für [" + str + "] ist nicht mehr gültig.");
    }
}
