package com.mapr.baseutils.sso.providers.keycloak;

import com.auth0.jwk.JwkException;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.mapr.baseutils.audit.AuditConstants;
import com.mapr.baseutils.sso.JwtValidator;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidParameterException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/baseutils/sso/providers/keycloak/KeyCloakJwtValidator.class */
public class KeyCloakJwtValidator implements JwtValidator {
    private static HashSet<String> allowedIsses = new HashSet<>();
    private static Logger LOG = LoggerFactory.getLogger(KeyCloakJwtValidator.class);

    public KeyCloakJwtValidator() {
    }

    public KeyCloakJwtValidator(String str) {
        setIssuers(str);
    }

    public String getTokenUrl(DecodedJWT decodedJWT) {
        return decodedJWT.getIssuer() + "/protocol/openid-connect/token";
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public void setIssuers(String str) {
        allowedIsses.clear();
        String[] split = str.split(AuditConstants.COMMA);
        for (int i = 0; i < split.length; i++) {
            LOG.debug("Got issuer: " + split[i]);
            allowedIsses.add(split[i]);
        }
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public String getCertificateUrl(DecodedJWT decodedJWT) {
        return decodedJWT.getIssuer() + "/protocol/openid-connect/certs";
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public String getIntrospectionURL(DecodedJWT decodedJWT) {
        return decodedJWT.getIssuer() + "/protocol/openid-connect/token/introspect";
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public RSAPublicKey loadPublicKey(DecodedJWT decodedJWT) throws JwkException, MalformedURLException {
        return (RSAPublicKey) new UrlJwkProvider(new URL(getCertificateUrl(decodedJWT))).get(decodedJWT.getKeyId()).getPublicKey();
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public DecodedJWT validate(String str) throws InvalidParameterException {
        try {
            DecodedJWT decode = JWT.decode(str);
            if (allowedIsses.contains(decode.getIssuer())) {
                JWT.require(Algorithm.RSA256(loadPublicKey(decode), (RSAPrivateKey) null)).withIssuer(decode.getIssuer()).build().verify(str);
                return decode;
            }
            LOG.error("Unkown Issuer");
            throw new InvalidParameterException(String.format("Unknown Issuer %s", decode.getIssuer()));
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                e.printStackTrace();
            }
            LOG.error("JWT validation failed: " + e.getMessage());
            throw new InvalidParameterException("JWT validation failed: " + e.getMessage());
        }
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public long expiresIn(String str) throws InvalidParameterException {
        try {
            return (JWT.decode(str).getExpiresAt().getTime() - new Date().getTime()) / 1000;
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                e.printStackTrace();
            }
            throw new InvalidParameterException("JWT validation failed: " + e.getMessage());
        }
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public String getUserName(String str) throws InvalidParameterException {
        return getClaim(str, "preferred_username");
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public String getClaim(String str, String str2) throws InvalidParameterException {
        try {
            DecodedJWT decode = JWT.decode(str);
            if (allowedIsses.contains(decode.getIssuer())) {
                return decode.getClaim(str2).asString();
            }
            throw new InvalidParameterException(String.format("Unknown Issuer %s", decode.getIssuer()));
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                e.printStackTrace();
            }
            throw new InvalidParameterException("JWT validation failed: " + e.getMessage());
        }
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public List<String> getClaimAsList(String str, String str2) throws InvalidParameterException {
        try {
            DecodedJWT decode = JWT.decode(str);
            if (allowedIsses.contains(decode.getIssuer())) {
                return decode.getClaim(str2).asList(String.class);
            }
            throw new InvalidParameterException(String.format("Unknown Issuer %s", decode.getIssuer()));
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                e.printStackTrace();
            }
            throw new InvalidParameterException("JWT validation failed while getting claimList: " + e.getMessage());
        }
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public boolean introspect(String str, String str2, String str3) {
        try {
            CloseableHttpClient build = HttpClientBuilder.create().build();
            HttpPost httpPost = new HttpPost(getIntrospectionURL(JWT.decode(str)));
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("token", str));
            arrayList.add(new BasicNameValuePair("client_id", str2));
            arrayList.add(new BasicNameValuePair("client_secret", str3));
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                HttpResponse execute = build.execute(httpPost);
                int statusCode = execute.getStatusLine().getStatusCode();
                if (statusCode != 200) {
                    LOG.error("response failed with error code " + statusCode);
                } else if (new JSONObject(EntityUtils.toString(execute.getEntity(), "UTF-8")).getBoolean("active")) {
                    LOG.debug("Token is Active");
                    return true;
                }
            } catch (Exception e) {
                LOG.error("Exception while executing http request {}", e.getMessage());
                if (LOG.isDebugEnabled()) {
                    e.printStackTrace();
                }
            }
            return false;
        } catch (Exception e2) {
            LOG.error("Exception while preparing http request {}", e2.getMessage());
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            e2.printStackTrace();
            return false;
        }
    }

    @Override // com.mapr.baseutils.sso.JwtValidator
    public String refreshToken(String str, String str2, String str3, String str4) {
        HttpResponse execute;
        int statusCode;
        try {
            CloseableHttpClient build = HttpClientBuilder.create().build();
            HttpPost httpPost = new HttpPost(getTokenUrl(JWT.decode(str)));
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("grant_type", "refresh_token"));
            arrayList.add(new BasicNameValuePair("refresh_token", str2));
            arrayList.add(new BasicNameValuePair("client_id", str3));
            arrayList.add(new BasicNameValuePair("client_secret", str4));
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                execute = build.execute(httpPost);
                statusCode = execute.getStatusLine().getStatusCode();
            } catch (Exception e) {
                LOG.error("Exception while executing http request {}", e.getMessage());
                if (LOG.isDebugEnabled()) {
                    e.printStackTrace();
                }
            }
            if (statusCode == 200) {
                LOG.debug("refreshToken: Got Valid Response");
                return new JSONObject(EntityUtils.toString(execute.getEntity(), "UTF-8")).getString("access_token");
            }
            LOG.error("response failed with error code " + statusCode);
            return AuditConstants.EMPTY_STRING;
        } catch (Exception e2) {
            LOG.error("Exception while preparing http request {}", e2.getMessage());
            if (!LOG.isDebugEnabled()) {
                return AuditConstants.EMPTY_STRING;
            }
            e2.printStackTrace();
            return AuditConstants.EMPTY_STRING;
        }
    }
}
