package net.cnri.cordra.api;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Supplier;
import net.cnri.cordra.util.GsonUtility;
import net.handle.hdllib.NamespaceInfo;
import net.handle.hdllib.trust.JsonWebSignature;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:net/cnri/cordra/api/TokenUsingHttpCordraClient.class */
public class TokenUsingHttpCordraClient extends HttpCordraClient {
    private final ClientAuthCache authCache;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/cnri/cordra/api/TokenUsingHttpCordraClient$TokenStatus.class */
    public static class TokenStatus {
        final String token;
        final boolean isCached;

        public TokenStatus(String str, boolean z) {
            this.token = str;
            this.isCached = z;
        }
    }

    public TokenUsingHttpCordraClient(String str, String str2, String str3) throws CordraException {
        super(str, str2, str3);
        this.authCache = new ClientAuthCache();
    }

    public TokenUsingHttpCordraClient(String str, String str2, String str3, long j) throws CordraException {
        super(str, str2, str3);
        this.authCache = new ClientAuthCache(j);
    }

    @Override // net.cnri.cordra.api.HttpCordraClient
    protected CloseableHttpResponse sendHttpRequestWithCredentials(Supplier<HttpUriRequest> supplier, Options options) throws IOException, ClientProtocolException, CordraException {
        String str;
        boolean z;
        if (options.authHeader != null) {
            return super.sendHttpRequestWithCredentials(supplier, options);
        }
        String str2 = null;
        if (options.useDefaultCredentials) {
            str = this.username;
            str2 = this.password;
        } else if (options.userId != null) {
            str = options.userId;
            if (options.token == null && options.privateKey == null) {
                str2 = options.password;
            }
        } else {
            str = options.username;
            if (options.token == null && options.privateKey == null) {
                str2 = options.password;
            }
        }
        HttpUriRequest httpUriRequest = supplier.get();
        if (!options.useDefaultCredentials && options.token != null) {
            addCredentials(httpUriRequest, options);
            z = false;
        } else if (!options.useDefaultCredentials && str != null && options.privateKey != null) {
            TokenStatus tokenStatus = tokenFor(str, options.privateKey, options.requestContext);
            z = tokenStatus.isCached;
            httpUriRequest.addHeader("Authorization", "Bearer " + tokenStatus.token);
        } else if (str == null || str2 == null) {
            z = false;
        } else {
            TokenStatus tokenStatus2 = tokenFor(str, str2, options.requestContext);
            z = tokenStatus2.isCached;
            httpUriRequest.addHeader("Authorization", "Bearer " + tokenStatus2.token);
        }
        if (options.asUserId != null) {
            addAsUserHeader(httpUriRequest, options.asUserId);
        }
        CloseableHttpResponse execute = this.httpClient.execute(httpUriRequest);
        if (z && execute.getStatusLine().getStatusCode() == 401) {
            this.authCache.removeToken(str);
            HttpUriRequest httpUriRequest2 = supplier.get();
            if (httpUriRequest2 != null) {
                EntityUtils.consumeQuietly(execute.getEntity());
                execute.close();
                if (options.useDefaultCredentials || options.privateKey == null) {
                    httpUriRequest2.addHeader("Authorization", "Bearer " + tokenFor(str, str2, options.requestContext).token);
                } else {
                    httpUriRequest2.addHeader("Authorization", "Bearer " + tokenFor(str, options.privateKey, options.requestContext).token);
                }
                if (options.asUserId != null) {
                    addAsUserHeader(httpUriRequest2, options.asUserId);
                }
                execute = this.httpClient.execute(httpUriRequest2);
            }
        }
        return execute;
    }

    private TokenStatus tokenFor(String str, PrivateKey privateKey, JsonObject jsonObject) throws CordraException {
        String cachedToken = this.authCache.getCachedToken(str, null);
        if (cachedToken != null) {
            return new TokenStatus(cachedToken, true);
        }
        String acquireNewToken = acquireNewToken(str, privateKey, jsonObject);
        this.authCache.storeToken(str, null, acquireNewToken);
        return new TokenStatus(acquireNewToken, false);
    }

    private TokenStatus tokenFor(String str, String str2, JsonObject jsonObject) throws CordraException {
        String cachedToken = this.authCache.getCachedToken(str, str2);
        if (cachedToken != null) {
            return new TokenStatus(cachedToken, true);
        }
        String acquireNewToken = acquireNewToken(str, str2, jsonObject);
        this.authCache.storeToken(str, str2, acquireNewToken);
        return new TokenStatus(acquireNewToken, false);
    }

    private String acquireNewToken(String str, PrivateKey privateKey, JsonObject jsonObject) throws CordraException {
        JsonWebSignature generateJwt = generateJwt(str, privateKey);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"));
        arrayList.add(new BasicNameValuePair("assertion", generateJwt.serialize()));
        if (jsonObject != null) {
            arrayList.add(new BasicNameValuePair("requestContext", GsonUtility.getGson().toJson((JsonElement) jsonObject)));
        }
        return acquireNewTokenForParams(arrayList);
    }

    private String acquireNewToken(String str, String str2, JsonObject jsonObject) throws CordraException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", "password"));
        arrayList.add(new BasicNameValuePair("username", str));
        arrayList.add(new BasicNameValuePair("password", str2));
        if (jsonObject != null) {
            arrayList.add(new BasicNameValuePair("requestContext", GsonUtility.getGson().toJson((JsonElement) jsonObject)));
        }
        return acquireNewTokenForParams(arrayList);
    }

    private String acquireNewTokenForParams(List<NameValuePair> list) throws UnauthorizedCordraException, InternalErrorCordraException {
        HttpPost httpPost = new HttpPost(getBaseUri() + "auth/token");
        httpPost.setEntity(new UrlEncodedFormEntity(list, StandardCharsets.UTF_8));
        try {
            CloseableHttpResponse execute = this.httpClient.execute((HttpUriRequest) httpPost);
            try {
                JsonObject asJsonObject = JsonParser.parseString(EntityUtils.toString(execute.getEntity())).getAsJsonObject();
                if (execute.getStatusLine().getStatusCode() != 200) {
                    throw new UnauthorizedCordraException(asJsonObject);
                }
                JsonElement jsonElement = asJsonObject.get(NamespaceInfo.STATUS_ACTIVE);
                if (jsonElement == null || !jsonElement.isJsonPrimitive() || !jsonElement.getAsJsonPrimitive().isBoolean() || !jsonElement.getAsBoolean()) {
                    throw new UnauthorizedCordraException(asJsonObject);
                }
                String asString = asJsonObject.get("access_token").getAsString();
                if (execute != null) {
                    execute.close();
                }
                return asString;
            } finally {
            }
        } catch (IOException e) {
            throw new InternalErrorCordraException(e);
        }
    }
}
