package de.hsrm.sls.subato.intellij.core.api.http.auth;

import com.intellij.openapi.components.Service;
import de.hsrm.sls.subato.intellij.core.common.config.Config;
import de.hsrm.sls.subato.intellij.core.common.config.ConfigService;
import java.time.Instant;
import java.util.Map;
import org.keycloak.OAuth2Constants;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.authorization.client.util.Http;
import org.keycloak.authorization.client.util.HttpResponseException;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;

@Service
/* loaded from: input_file:de/hsrm/sls/subato/intellij/core/api/http/auth/KeycloakAuthProvider.class */
public final class KeycloakAuthProvider implements AuthProvider {
    private Http http = new Http(buildKeycloakConfig(), (map, map2) -> {
    });

    private Configuration buildKeycloakConfig() {
        ConfigService configService = ConfigService.getInstance();
        Configuration configuration = new Configuration(configService.getConfig().keycloak().url(), configService.getConfig().keycloak().realm(), configService.getConfig().keycloak().clientId(), Map.of(CredentialRepresentation.SECRET, configService.getConfig().keycloak().clientSecret()), null);
        configuration.setConnectionTimeout(configService.getConfig().keycloak().timeout() * 1000);
        configuration.setSocketTimeout(configService.getConfig().keycloak().timeout() * 1000);
        return configuration;
    }

    @Override // de.hsrm.sls.subato.intellij.core.api.http.auth.AuthProvider
    public TokenState authenticate(String str, char[] cArr) {
        return parseToken(getAccessToken(str, cArr));
    }

    private TokenState parseToken(AccessTokenResponse accessTokenResponse) {
        String token = accessTokenResponse.getToken();
        Instant plusSeconds = Instant.now().plusSeconds(accessTokenResponse.getExpiresIn());
        String refreshToken = accessTokenResponse.getRefreshToken();
        Instant plusSeconds2 = Instant.now().plusSeconds(accessTokenResponse.getRefreshExpiresIn());
        TokenState tokenState = new TokenState();
        tokenState.setAccessToken(token);
        tokenState.setAccessTokenExpiration(plusSeconds);
        tokenState.setRefreshToken(refreshToken);
        tokenState.setRefreshTokenExpiration(plusSeconds2);
        return tokenState;
    }

    private AccessTokenResponse getAccessToken(String str, char[] cArr) {
        try {
            return AuthzClient.create(buildKeycloakConfig()).obtainAccessToken(str, String.valueOf(cArr));
        } catch (HttpResponseException e) {
            if (e.getStatusCode() == 401) {
                throw new InvalidCredentialsException();
            }
            throw e;
        } catch (Exception e2) {
            throw new AuthCommunicationException(e2);
        }
    }

    @Override // de.hsrm.sls.subato.intellij.core.api.http.auth.AuthProvider
    public TokenState refresh(TokenState tokenState) {
        if (tokenState.isRefreshTokenExpired()) {
            throw new SessionExpiredException(SessionExpiredReason.REFRESH_TOKEN_EXPIRED);
        }
        Config.KeycloakConfig keycloak = ConfigService.getInstance().getConfig().keycloak();
        return parseToken(refreshToken(keycloak.url() + "/realms/" + keycloak.realm() + "/protocol/openid-connect/token", tokenState.getRefreshToken()));
    }

    private AccessTokenResponse refreshToken(String str, String str2) {
        try {
            Config.KeycloakConfig keycloak = ConfigService.getInstance().getConfig().keycloak();
            return (AccessTokenResponse) this.http.post(str).authentication().client().form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN).param(OAuth2Constants.REFRESH_TOKEN, str2).param(OAuth2Constants.CLIENT_ID, keycloak.clientId()).param(OAuth2Constants.CLIENT_SECRET, keycloak.clientSecret()).response().json(AccessTokenResponse.class).execute();
        } catch (Exception e) {
            throw new AuthCommunicationException(e);
        }
    }
}
