package at.medevit.elexis.hin.auth.core.internal;

import at.medevit.elexis.hin.auth.core.GetAuthCodeWithStateSupplier;
import at.medevit.elexis.hin.auth.core.IHinAuthService;
import at.medevit.elexis.hin.auth.core.IHinAuthUi;
import ch.elexis.core.services.IConfigService;
import com.google.gson.Gson;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.slf4j.LoggerFactory;

@Component
/* loaded from: input_file:at/medevit/elexis/hin/auth/core/internal/HinAuthService.class */
public class HinAuthService implements IHinAuthService {

    @Reference
    private IConfigService configService;

    @Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY)
    private IHinAuthUi authUi;
    private boolean useQueryParam = true;
    private String currentState;

    @Override // at.medevit.elexis.hin.auth.core.IHinAuthService
    public Optional<String> getToken(Map<String, Object> map) {
        String str = (String) map.get(IHinAuthService.TOKEN_GROUP);
        if (StringUtils.isNotBlank(str)) {
            Optional<String> validateToken = validateToken(this.configService.getActiveMandator("hin/auth/token/" + str, (String) null), str);
            if (validateToken.isEmpty() && this.authUi != null) {
                return getToken(str, this.authUi);
            }
            if (validateToken.isPresent()) {
                return validateToken;
            }
        }
        return Optional.empty();
    }

    private Optional<String> getToken(String str, IHinAuthUi iHinAuthUi) {
        Optional<String> authCode = getAuthCode(str, iHinAuthUi);
        if (authCode.isPresent()) {
            return getAccessToken(str, authCode.get(), getOauthRestUrl());
        }
        LoggerFactory.getLogger(getClass()).warn("No auth code for [" + str + "]");
        return Optional.empty();
    }

    private String getOauthRestUrl() {
        return this.configService.get(IHinAuthService.PREF_RESTBASEURL, "https://oauth2.hin.ch/REST/v1/OAuth/");
    }

    private Optional<String> getAccessTokenWithRefresh(String str, String str2, String str3) {
        HttpResponse send;
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "refresh_token");
        hashMap.put("refresh_token", str2);
        hashMap.put("client_id", getClientId());
        hashMap.put("client_secret", getClientSecret());
        try {
            send = HttpClient.newHttpClient().send(HttpRequest.newBuilder().uri(URI.create(str3 + "GetAccessToken")).headers(new String[]{"Content-Type", "application/x-www-form-urlencoded"}).POST(HttpRequest.BodyPublishers.ofString((String) hashMap.entrySet().stream().map(entry -> {
                return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8);
            }).collect(Collectors.joining("&")))).build(), HttpResponse.BodyHandlers.ofString());
        } catch (IOException | InterruptedException e) {
            LoggerFactory.getLogger(getClass()).error("Error getting refreshed access token", e);
        }
        if (send.statusCode() < 200 || send.statusCode() >= 300) {
            LoggerFactory.getLogger(getClass()).error("Getting refreshed access token failed [" + send.statusCode() + " " + send.body().toString() + "]");
            return Optional.empty();
        }
        Map map = (Map) new Gson().fromJson(send.body().toString(), Map.class);
        String str4 = (String) map.get("access_token");
        this.configService.setActiveMandator("hin/auth/token/" + str, str4);
        String str5 = (String) map.get("refresh_token");
        if (StringUtils.isNotBlank(str5)) {
            this.configService.setActiveMandator("hin/auth/refreshtoken/" + str, str5);
        }
        Long valueOf = Long.valueOf(Long.valueOf(System.currentTimeMillis()).longValue() + (((Double) map.get("expires_in")).longValue() * 1000));
        this.configService.setActiveMandator("hin/auth/tokenexpires/" + str, Long.toString(valueOf.longValue()));
        LoggerFactory.getLogger(getClass()).info("Got refreshed access token for [" + str + "] expires [" + Long.toString(valueOf.longValue()) + "]");
        return Optional.of(str4);
    }

    private Optional<String> getAccessToken(String str, String str2, String str3) {
        HttpResponse send;
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str2);
        hashMap.put("redirect_uri", getRedirectUri());
        hashMap.put("client_id", getClientId());
        hashMap.put("client_secret", getClientSecret());
        try {
            send = HttpClient.newHttpClient().send(HttpRequest.newBuilder().uri(URI.create(str3 + "GetAccessToken")).headers(new String[]{"Content-Type", "application/x-www-form-urlencoded"}).POST(HttpRequest.BodyPublishers.ofString((String) hashMap.entrySet().stream().map(entry -> {
                return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8);
            }).collect(Collectors.joining("&")))).build(), HttpResponse.BodyHandlers.ofString());
        } catch (IOException | InterruptedException e) {
            LoggerFactory.getLogger(getClass()).error("Error getting access token", e);
        }
        if (send.statusCode() < 200 || send.statusCode() >= 300) {
            LoggerFactory.getLogger(getClass()).error("Getting access token failed [" + send.statusCode() + " " + send.body().toString() + "]");
            return Optional.empty();
        }
        Map map = (Map) new Gson().fromJson(send.body().toString(), Map.class);
        String str4 = (String) map.get("access_token");
        this.configService.setActiveMandator("hin/auth/token/" + str, str4);
        String str5 = (String) map.get("refresh_token");
        if (StringUtils.isNotBlank(str5)) {
            this.configService.setActiveMandator("hin/auth/refreshtoken/" + str, str5);
        }
        Long valueOf = Long.valueOf(Long.valueOf(System.currentTimeMillis()).longValue() + (((Double) map.get("expires_in")).longValue() * 1000));
        this.configService.setActiveMandator("hin/auth/tokenexpires/" + str, Long.toString(valueOf.longValue()));
        LoggerFactory.getLogger(getClass()).info("Got access token for [" + str + "] expires [" + Long.toString(valueOf.longValue()) + "]");
        return Optional.of(str4);
    }

    private Optional<String> getAuthCode(String str, IHinAuthUi iHinAuthUi) {
        if (!this.useQueryParam) {
            iHinAuthUi.openBrowser(getWebappUrl(str));
            return iHinAuthUi.openInputDialog("HIN oAuth Token", "Bitte geben Sie den oAuth Code von der HIN Webseite hier ein.");
        }
        iHinAuthUi.openBrowser(getQueryParamUrl(str));
        Object withCancelableProgress = iHinAuthUi.getWithCancelableProgress("HIN Berechtigung im Browser bestätigen.", new GetAuthCodeWithStateSupplier(getCurrentState(false)));
        return withCancelableProgress instanceof String ? Optional.of((String) withCancelableProgress) : Optional.empty();
    }

    private String getWebappUrl(String str) {
        return this.configService.get(IHinAuthService.PREF_WEBAPPBASEURL, "http://apps.hin.ch/#app=HinCredMgrOAuth;") + "tokenGroup=" + URLEncoder.encode(str, StandardCharsets.UTF_8);
    }

    private String getQueryParamUrl(String str) {
        return this.configService.get(IHinAuthService.PREF_RESTBASEURL, "http://apps.hin.ch/REST/v1/OAuth/") + "GetAuthCode/" + URLEncoder.encode(str, StandardCharsets.UTF_8) + "?response_type=code&client_id=" + URLEncoder.encode(getClientId(), StandardCharsets.UTF_8) + "&redirect_uri=" + URLEncoder.encode(getRedirectUri(), StandardCharsets.UTF_8) + "&state=" + URLEncoder.encode(getCurrentState(true), StandardCharsets.UTF_8);
    }

    private String getRedirectUri() {
        return this.useQueryParam ? "https://tools.medelexis.ch/hin/ac" : "";
    }

    private String getCurrentState(boolean z) {
        if (z) {
            this.currentState = UUID.randomUUID().toString();
        }
        return this.currentState;
    }

    /* JADX WARN: Finally extract failed */
    private String getClientId() {
        Throwable th = null;
        try {
            try {
                InputStream resourceAsStream = getClass().getResourceAsStream("/rsc/id.properties");
                if (resourceAsStream == null) {
                    if (resourceAsStream == null) {
                        return "";
                    }
                    resourceAsStream.close();
                    return "";
                }
                try {
                    Properties properties = new Properties();
                    properties.load(resourceAsStream);
                    String property = properties.getProperty("client_id");
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return property;
                } catch (Throwable th2) {
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            LoggerFactory.getLogger(getClass()).error("Error loading id properties", e);
            return "";
        }
    }

    /* JADX WARN: Finally extract failed */
    private String getClientSecret() {
        Throwable th = null;
        try {
            try {
                InputStream resourceAsStream = getClass().getResourceAsStream("/rsc/id.properties");
                if (resourceAsStream == null) {
                    if (resourceAsStream == null) {
                        return "";
                    }
                    resourceAsStream.close();
                    return "";
                }
                try {
                    Properties properties = new Properties();
                    properties.load(resourceAsStream);
                    String property = properties.getProperty("client_secret");
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return property;
                } catch (Throwable th2) {
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            LoggerFactory.getLogger(getClass()).error("Error loading id properties", e);
            return "";
        }
    }

    private Optional<String> validateToken(String str, String str2) {
        if (StringUtils.isNotBlank(str)) {
            String activeMandator = this.configService.getActiveMandator("hin/auth/tokenexpires/" + str2, (String) null);
            if (StringUtils.isNotBlank(activeMandator)) {
                if (System.currentTimeMillis() <= Long.valueOf(Long.parseLong(activeMandator)).longValue()) {
                    return Optional.of(str);
                }
                String activeMandator2 = this.configService.getActiveMandator("hin/auth/refreshtoken/" + str2, (String) null);
                if (StringUtils.isNotBlank(activeMandator2)) {
                    Optional<String> accessTokenWithRefresh = getAccessTokenWithRefresh(str2, activeMandator2, getOauthRestUrl());
                    if (accessTokenWithRefresh.isPresent()) {
                        return accessTokenWithRefresh;
                    }
                    this.configService.setActiveMandator("hin/auth/refreshtoken/" + str2, (String) null);
                }
                this.configService.setActiveMandator("hin/auth/token/" + str2, (String) null);
                this.configService.setActiveMandator("hin/auth/tokenexpires/" + str2, (String) null);
            }
        }
        return Optional.empty();
    }

    @Override // at.medevit.elexis.hin.auth.core.IHinAuthService
    public Optional<String> handleException(Exception exc, Map<String, Object> map) {
        if (!exc.getMessage().contains("HTTP response code: 401")) {
            return Optional.empty();
        }
        String str = (String) map.get(IHinAuthService.TOKEN_GROUP);
        LoggerFactory.getLogger(getClass()).info("Got HTTP 401 invalidating token for [" + str + "]");
        this.configService.setActiveMandator("hin/auth/token/" + str, (String) null);
        this.configService.setActiveMandator("hin/auth/tokenexpires/" + str, (String) null);
        return Optional.of("HIN oAuth token für [" + str + "] nicht mehr gültig.");
    }
}
