package org.jahiacommunity.modules.jahiaoauth.keycloak.usergroupprovider.client;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URISyntaxException;
import java.time.LocalDateTime;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.locks.ReentrantLock;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hc.core5.net.URIBuilder;
import org.jahia.services.notification.HttpClientService;
import org.jahiacommunity.modules.jahiaoauth.keycloak.usergroupprovider.KeycloakConfiguration;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {KeycloakClientService.class})
/* loaded from: input_file:org/jahiacommunity/modules/jahiaoauth/keycloak/usergroupprovider/client/KeycloakClientService.class */
public class KeycloakClientService {
    private static final Logger logger = LoggerFactory.getLogger(KeycloakClientService.class);
    private HttpClientService httpClientService;
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final ReentrantLock lock;

    public KeycloakClientService() {
        this.objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        this.lock = new ReentrantLock();
    }

    @Reference
    private void setHttpClientService(HttpClientService httpClientService) {
        this.httpClientService = httpClientService;
    }

    public Optional<KeycloakUser> getUser(KeycloakConfiguration keycloakConfiguration, String str) {
        return callEndpoint(keycloakConfiguration, "/users/" + str, Collections.emptyMap(), -1L, -1L, this.objectMapper.constructType(KeycloakUser.class));
    }

    public Optional<List<KeycloakUser>> getUsers(KeycloakConfiguration keycloakConfiguration, String str, long j, long j2) {
        return callEndpoint(keycloakConfiguration, "/users", Collections.singletonMap("search", str), j, j2, this.objectMapper.getTypeFactory().constructCollectionType(List.class, KeycloakUser.class));
    }

    public Optional<KeycloakGroup> getGroup(KeycloakConfiguration keycloakConfiguration, String str) {
        return callEndpoint(keycloakConfiguration, "/groups/" + str, Collections.emptyMap(), -1L, -1L, this.objectMapper.constructType(KeycloakGroup.class));
    }

    public Optional<List<KeycloakGroup>> getGroups(KeycloakConfiguration keycloakConfiguration, String str, long j, long j2) {
        return callEndpoint(keycloakConfiguration, "/groups", Collections.singletonMap("search", str), j, j2, this.objectMapper.getTypeFactory().constructCollectionType(List.class, KeycloakGroup.class)).map(obj -> {
            return (List) ((List) obj).stream().flatMap(this::flatMapRecursive).collect(Collectors.toList());
        });
    }

    private Stream<KeycloakGroup> flatMapRecursive(KeycloakGroup keycloakGroup) {
        return Stream.concat(Stream.of(keycloakGroup), ((List) Optional.ofNullable(keycloakGroup.getSubGroups()).orElseGet(Collections::emptyList)).stream().flatMap(this::flatMapRecursive));
    }

    public Optional<List<KeycloakUser>> getGroupMembers(KeycloakConfiguration keycloakConfiguration, String str) {
        return callEndpoint(keycloakConfiguration, "/groups/" + str + "/members", null, -1L, -1L, this.objectMapper.getTypeFactory().constructCollectionType(List.class, KeycloakUser.class));
    }

    public Optional<List<KeycloakGroup>> getMembership(KeycloakConfiguration keycloakConfiguration, String str) {
        return callEndpoint(keycloakConfiguration, "/users/" + str + "/groups", null, -1L, -1L, this.objectMapper.getTypeFactory().constructCollectionType(List.class, KeycloakGroup.class));
    }

    private <T> Optional<T> callEndpoint(KeycloakConfiguration keycloakConfiguration, String str, Map<String, String> map, long j, long j2, JavaType javaType) {
        this.lock.lock();
        try {
            refreshToken(keycloakConfiguration);
            HashMap hashMap = new HashMap();
            hashMap.put("Accept", "application/json");
            hashMap.put("Cache-Control", "no-cache");
            hashMap.put("Authorization", "Bearer " + keycloakConfiguration.getAccessToken());
            StringBuilder sb = new StringBuilder();
            sb.append(keycloakConfiguration.getBaseUrl()).append("/admin/realms/").append(keycloakConfiguration.getRealm());
            sb.append(str);
            try {
                URIBuilder uRIBuilder = new URIBuilder(sb.toString());
                if (MapUtils.isNotEmpty(map)) {
                    uRIBuilder.getClass();
                    map.forEach(uRIBuilder::addParameter);
                }
                if (j > 0) {
                    uRIBuilder.addParameter("first", String.valueOf(j));
                }
                if (j2 > 0) {
                    uRIBuilder.addParameter("max", String.valueOf(j2));
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Call: {}", uRIBuilder);
                }
                Optional<T> map2 = Optional.ofNullable(this.httpClientService.executeGet(uRIBuilder.toString(), hashMap)).map(str2 -> {
                    if (logger.isDebugEnabled()) {
                        logger.debug(str2);
                    }
                    try {
                        return this.objectMapper.readValue(str2, javaType);
                    } catch (JsonProcessingException e) {
                        logger.error("Invalid json data: {}", str2, e);
                        return null;
                    }
                });
                this.lock.unlock();
                return map2;
            } catch (IllegalArgumentException | URISyntaxException e) {
                logger.error("", e);
                Optional<T> empty = Optional.empty();
                this.lock.unlock();
                return empty;
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    private void refreshToken(KeycloakConfiguration keycloakConfiguration) {
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", keycloakConfiguration.getClientId());
        hashMap.put("client_secret", keycloakConfiguration.getClientSecret());
        if (keycloakConfiguration.isRefreshPossible()) {
            hashMap.put("grant_type", "refresh_token");
            hashMap.put("refresh_token", keycloakConfiguration.getRefreshToken());
        } else {
            hashMap.put("grant_type", "client_credentials");
            hashMap.put("username", keycloakConfiguration.getClientId());
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put("Accept", "application/json");
        hashMap2.put("Content-Type", "application/x-www-form-urlencoded");
        String executePost = this.httpClientService.executePost(keycloakConfiguration.getBaseUrl() + "/realms/" + keycloakConfiguration.getRealm() + "/protocol/openid-connect/token", hashMap, hashMap2);
        if (StringUtils.isNotBlank(executePost)) {
            try {
                Map map = (Map) this.objectMapper.readValue(executePost, this.objectMapper.getTypeFactory().constructMapType(Map.class, String.class, Object.class));
                if (map != null && map.containsKey("access_token")) {
                    keycloakConfiguration.setAccessToken((String) map.get("access_token"));
                }
                if (map != null && map.containsKey("refresh_token")) {
                    keycloakConfiguration.setRefreshToken((String) map.get("refresh_token"));
                }
                if (map != null && map.containsKey("expires_in")) {
                    keycloakConfiguration.setRefreshExpirationDateTime(LocalDateTime.now().plusSeconds(((Integer) map.get("expires_in")).intValue() - 60));
                }
            } catch (JsonProcessingException e) {
                logger.error("Invalid json token: {}", executePost, e);
            }
        }
    }
}
