package io.camunda.tasklist.webapp.security.identity;

import io.camunda.identity.sdk.Identity;
import io.camunda.identity.sdk.authentication.Tokens;
import io.camunda.identity.sdk.authentication.dto.AuthCodeDto;
import io.camunda.identity.sdk.exception.IdentityException;
import io.camunda.tasklist.property.TasklistProperties;
import io.camunda.tasklist.webapp.security.TasklistProfileService;
import io.camunda.tasklist.webapp.security.TasklistURIs;
import jakarta.servlet.http.HttpServletRequest;
import java.time.Duration;
import java.util.UUID;
import net.jodah.failsafe.Failsafe;
import net.jodah.failsafe.RetryPolicy;
import net.jodah.failsafe.function.CheckedSupplier;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Profile({TasklistProfileService.IDENTITY_AUTH_PROFILE})
@Component
/* loaded from: input_file:BOOT-INF/classes/io/camunda/tasklist/webapp/security/identity/IdentityService.class */
public class IdentityService {
    private static final int DELAY_IN_MILLISECONDS = 500;
    private static final int MAX_ATTEMPTS = 10;

    @Autowired
    private Identity identity;

    @Autowired
    private TasklistProperties tasklistProperties;

    public String getRedirectUrl(HttpServletRequest httpServletRequest) {
        return this.identity.authentication().authorizeUriBuilder(getRedirectURI(httpServletRequest, TasklistURIs.IDENTITY_CALLBACK_URI)).build().toString();
    }

    public void logout() {
        this.identity.authentication().revokeToken(((IdentityAuthentication) SecurityContextHolder.getContext().getAuthentication()).getTokens().getRefreshToken());
    }

    public static <T> T requestWithRetry(CheckedSupplier<T> checkedSupplier) {
        return (T) Failsafe.with(new RetryPolicy().handle(IdentityException.class).withDelay(Duration.ofMillis(500L)).withMaxAttempts(10), new RetryPolicy[0]).get(checkedSupplier);
    }

    public String getRedirectURI(HttpServletRequest httpServletRequest, String str) {
        String str2;
        String str3;
        String redirectRootUrl = this.tasklistProperties.getIdentity().getRedirectRootUrl();
        if (StringUtils.isNotBlank(redirectRootUrl)) {
            str2 = redirectRootUrl;
        } else {
            str2 = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName();
            if ((httpServletRequest.getScheme().equals("http") && httpServletRequest.getServerPort() != 80) || (httpServletRequest.getScheme().equals("https") && httpServletRequest.getServerPort() != 443)) {
                str2 = str2 + ":" + httpServletRequest.getServerPort();
            }
        }
        if (contextPathIsUUID(httpServletRequest.getContextPath())) {
            str3 = str2 + str + "?uuid=" + httpServletRequest.getContextPath().replace("/", "");
        } else {
            str3 = str2 + httpServletRequest.getContextPath() + str;
        }
        return str3;
    }

    private boolean contextPathIsUUID(String str) {
        try {
            UUID.fromString(str.replace("/", ""));
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public IdentityAuthentication getAuthenticationFor(HttpServletRequest httpServletRequest, AuthCodeDto authCodeDto) {
        Tokens tokens = (Tokens) requestWithRetry(() -> {
            return this.identity.authentication().exchangeAuthCode(authCodeDto, getRedirectURI(httpServletRequest, TasklistURIs.IDENTITY_CALLBACK_URI));
        });
        IdentityAuthentication identityAuthentication = new IdentityAuthentication();
        identityAuthentication.authenticate(tokens);
        return identityAuthentication;
    }
}
