package gluu.scim.client.auth;

import gluu.scim.client.BaseScimClientImpl;
import gluu.scim.client.ScimResponse;
import gluu.scim.client.exception.ScimInitializationException;
import gluu.scim.client.model.ScimBulkOperation;
import gluu.scim.client.model.ScimGroup;
import gluu.scim.client.model.ScimPerson;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import javax.ws.rs.core.Response;
import javax.xml.bind.JAXBException;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethodBase;
import org.codehaus.jackson.JsonGenerationException;
import org.codehaus.jackson.JsonParseException;
import org.codehaus.jackson.map.JsonMappingException;
import org.codehaus.jackson.map.ObjectMapper;
import org.jboss.resteasy.client.ClientResponse;
import org.jboss.resteasy.client.ClientResponseFailure;
import org.xdi.oxauth.client.uma.RequesterPermissionTokenService;
import org.xdi.oxauth.client.uma.UmaClientFactory;
import org.xdi.oxauth.client.uma.wrapper.UmaClient;
import org.xdi.oxauth.model.uma.AuthorizationResponse;
import org.xdi.oxauth.model.uma.MetadataConfiguration;
import org.xdi.oxauth.model.uma.RequesterPermissionTokenResponse;
import org.xdi.oxauth.model.uma.ResourceSetPermissionTicket;
import org.xdi.oxauth.model.uma.RptAuthorizationRequest;
import org.xdi.oxauth.model.uma.wrapper.Token;
import org.xdi.util.StringHelper;

/* loaded from: input_file:gluu/scim/client/auth/UmaScimClientImpl.class */
public class UmaScimClientImpl extends BaseScimClientImpl {
    private static final long serialVersionUID = 7099883500099353832L;
    private MetadataConfiguration metadataConfiguration;
    private Token umaAat;
    private RequesterPermissionTokenResponse umaRpt;
    private String umaMetaDataUrl;
    private String umaUserId;
    private String umaUserSecret;
    private String umaAatClientId;
    private String umaAatClientSecret;
    private String umaRedirectUri;
    private long umaAatAccessTokenExpiration;

    public UmaScimClientImpl(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        super(str);
        this.umaAatAccessTokenExpiration = 0L;
        this.umaMetaDataUrl = str2;
        this.umaUserId = str3;
        this.umaUserSecret = str4;
        this.umaAatClientId = str5;
        this.umaAatClientSecret = str6;
        this.umaRedirectUri = str7;
    }

    @Override // gluu.scim.client.BaseScimClientImpl
    protected void init() {
        initUmaAuthentication();
    }

    @Override // gluu.scim.client.BaseScimClientImpl
    protected void addAuthenticationHeader(HttpMethodBase httpMethodBase) {
        httpMethodBase.setRequestHeader("Authorization", "Bearer " + this.umaRpt.getToken());
    }

    private void initUmaAuthentication() {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.umaAat == null || this.umaAat.getAccessToken() == null || this.umaAatAccessTokenExpiration <= currentTimeMillis) {
            try {
                initUmaRpt();
                this.umaAatAccessTokenExpiration = computeAccessTokenExpirationTime(this.umaAat.getExpiresIn());
            } catch (Exception e) {
                throw new ScimInitializationException("Could not get accessToken", e);
            }
        }
    }

    private void initUmaRpt() {
        this.umaAat = null;
        this.umaRpt = null;
        this.metadataConfiguration = UmaClientFactory.instance().createMetaDataConfigurationService(this.umaMetaDataUrl).getMetadataConfiguration();
        if (this.metadataConfiguration == null || !StringHelper.equals(this.metadataConfiguration.getVersion(), "1.0")) {
            throw new ScimInitializationException("Failed to load valid UMA metadata configuration");
        }
        try {
            this.umaAat = UmaClient.requestAat(this.metadataConfiguration.getUserEndpoint(), this.metadataConfiguration.getTokenEndpoint(), this.umaUserId, this.umaUserSecret, this.umaAatClientId, this.umaAatClientSecret, this.umaRedirectUri);
            if (this.umaAat == null) {
                throw new ScimInitializationException("Failed to get UMA AAT token");
            }
            RequesterPermissionTokenService createRequesterPermissionTokenService = UmaClientFactory.instance().createRequesterPermissionTokenService(this.metadataConfiguration);
            this.umaRpt = null;
            try {
                this.umaRpt = createRequesterPermissionTokenService.getRequesterPermissionToken("Bearer " + this.umaAat.getAccessToken(), getHost(this.metadataConfiguration.getIssuer()));
                if (this.umaRpt == null) {
                    throw new ScimInitializationException("Failed to get UMA RPT token");
                }
            } catch (ClientResponseFailure e) {
                throw new ScimInitializationException("Failed to get RPT token. Error: " + ((String) e.getResponse().getEntity(String.class)), e);
            } catch (MalformedURLException e2) {
                throw new ScimInitializationException("Failed to determine host by URI", e2);
            }
        } catch (Exception e3) {
            throw new ScimInitializationException("Failed to get AAT token", e3);
        } catch (ClientResponseFailure e4) {
            throw new ScimInitializationException("Failed to get AAT token. Error: " + ((String) e4.getResponse().getEntity(String.class)), e4);
        }
    }

    private boolean autorizeRpt(ScimResponse scimResponse) throws IOException, JsonParseException, JsonMappingException {
        if (scimResponse.getStatusCode() != 403) {
            return false;
        }
        ResourceSetPermissionTicket resourceSetPermissionTicket = (ResourceSetPermissionTicket) new ObjectMapper().readValue(scimResponse.getResponseBody(), ResourceSetPermissionTicket.class);
        authorizeRpt(resourceSetPermissionTicket.getTicket());
        if (resourceSetPermissionTicket == null || StringHelper.isEmpty(resourceSetPermissionTicket.getTicket())) {
            throw new ScimInitializationException("UMA ticket is invalid");
        }
        return true;
    }

    private boolean authorizeRpt(String str) {
        try {
            ClientResponse requestRptPermissionAuthorization = UmaClientFactory.instance().createAuthorizationRequestService(this.metadataConfiguration).requestRptPermissionAuthorization("Bearer " + this.umaAat.getAccessToken(), getHost(this.metadataConfiguration.getIssuer()), new RptAuthorizationRequest(this.umaRpt.getToken(), str));
            if (((AuthorizationResponse) requestRptPermissionAuthorization.getEntity(AuthorizationResponse.class)) == null || requestRptPermissionAuthorization.getStatus() != Response.Status.OK.getStatusCode()) {
                throw new ScimInitializationException("UMA ticket authorization response is invalid");
            }
            return true;
        } catch (ClientResponseFailure e) {
            throw new ScimInitializationException("Failed to authorize UMA ticket. Error: " + ((String) e.getResponse().getEntity(String.class)), e);
        } catch (MalformedURLException e2) {
            throw new ScimInitializationException("Failed to determine host by URI", e2);
        }
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse retrievePerson(String str, String str2) throws HttpException, IOException {
        ScimResponse retrievePerson = super.retrievePerson(str, str2);
        if (autorizeRpt(retrievePerson)) {
            retrievePerson = super.retrievePerson(str, str2);
        }
        return retrievePerson;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse createPerson(ScimPerson scimPerson, String str) throws JsonGenerationException, JsonMappingException, IOException, JAXBException {
        ScimResponse createPerson = super.createPerson(scimPerson, str);
        if (autorizeRpt(createPerson)) {
            createPerson = super.createPerson(scimPerson, str);
        }
        return createPerson;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse updatePerson(ScimPerson scimPerson, String str, String str2) throws JsonGenerationException, JsonMappingException, UnsupportedEncodingException, IOException, JAXBException {
        ScimResponse updatePerson = super.updatePerson(scimPerson, str, str2);
        if (autorizeRpt(updatePerson)) {
            updatePerson = super.updatePerson(scimPerson, str, str2);
        }
        return updatePerson;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse deletePerson(String str) throws HttpException, IOException {
        ScimResponse deletePerson = super.deletePerson(str);
        if (autorizeRpt(deletePerson)) {
            deletePerson = super.deletePerson(str);
        }
        return deletePerson;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse retrieveGroup(String str, String str2) throws HttpException, IOException {
        ScimResponse retrieveGroup = super.retrieveGroup(str, str2);
        if (autorizeRpt(retrieveGroup)) {
            retrieveGroup = super.retrieveGroup(str, str2);
        }
        return retrieveGroup;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse createGroup(ScimGroup scimGroup, String str) throws JsonGenerationException, JsonMappingException, UnsupportedEncodingException, IOException, JAXBException {
        ScimResponse createGroup = super.createGroup(scimGroup, str);
        if (autorizeRpt(createGroup)) {
            createGroup = super.createGroup(scimGroup, str);
        }
        return createGroup;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse updateGroup(ScimGroup scimGroup, String str, String str2) throws JsonGenerationException, JsonMappingException, UnsupportedEncodingException, IOException, JAXBException {
        ScimResponse updateGroup = super.updateGroup(scimGroup, str, str2);
        if (autorizeRpt(updateGroup)) {
            updateGroup = super.updateGroup(scimGroup, str, str2);
        }
        return updateGroup;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse deleteGroup(String str) throws HttpException, IOException {
        ScimResponse deleteGroup = super.deleteGroup(str);
        if (autorizeRpt(deleteGroup)) {
            deleteGroup = super.deleteGroup(str);
        }
        return deleteGroup;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse createPersonString(String str, String str2) throws JsonGenerationException, JsonMappingException, IOException, JAXBException {
        ScimResponse createPersonString = super.createPersonString(str, str2);
        if (autorizeRpt(createPersonString)) {
            createPersonString = super.createPersonString(str, str2);
        }
        return createPersonString;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse updatePersonString(String str, String str2, String str3) throws JsonGenerationException, JsonMappingException, UnsupportedEncodingException, IOException, JAXBException {
        ScimResponse updatePersonString = super.updatePersonString(str, str2, str3);
        if (autorizeRpt(updatePersonString)) {
            updatePersonString = super.updatePersonString(str, str2, str3);
        }
        return updatePersonString;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse createGroupString(String str, String str2) throws JsonGenerationException, JsonMappingException, UnsupportedEncodingException, IOException, JAXBException {
        ScimResponse createGroupString = super.createGroupString(str, str2);
        if (autorizeRpt(createGroupString)) {
            createGroupString = super.createGroupString(str, str2);
        }
        return createGroupString;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse updateGroupString(String str, String str2, String str3) throws JsonGenerationException, JsonMappingException, UnsupportedEncodingException, IOException, JAXBException {
        ScimResponse updateGroupString = super.updateGroupString(str, str2, str3);
        if (autorizeRpt(updateGroupString)) {
            updateGroupString = super.updateGroupString(str, str2, str3);
        }
        return updateGroupString;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse bulkOperation(ScimBulkOperation scimBulkOperation, String str) throws JsonGenerationException, JsonMappingException, UnsupportedEncodingException, IOException, JAXBException {
        ScimResponse bulkOperation = super.bulkOperation(scimBulkOperation, str);
        if (autorizeRpt(bulkOperation)) {
            bulkOperation = super.bulkOperation(scimBulkOperation, str);
        }
        return bulkOperation;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse bulkOperationString(String str, String str2) throws HttpException, IOException {
        ScimResponse bulkOperationString = super.bulkOperationString(str, str2);
        if (autorizeRpt(bulkOperationString)) {
            bulkOperationString = super.bulkOperationString(str, str2);
        }
        return bulkOperationString;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse retrieveAllPersons(String str) throws HttpException, IOException {
        ScimResponse retrieveAllPersons = super.retrieveAllPersons(str);
        if (autorizeRpt(retrieveAllPersons)) {
            retrieveAllPersons = super.retrieveAllPersons(str);
        }
        return retrieveAllPersons;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse retrieveAllGroups(String str) throws HttpException, IOException {
        ScimResponse retrieveAllGroups = super.retrieveAllGroups(str);
        if (autorizeRpt(retrieveAllGroups)) {
            retrieveAllGroups = super.retrieveAllGroups(str);
        }
        return retrieveAllGroups;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse personSearch(String str, String str2, String str3) throws JsonGenerationException, JsonMappingException, IOException, JAXBException {
        ScimResponse personSearch = super.personSearch(str, str2, str3);
        if (autorizeRpt(personSearch)) {
            personSearch = super.personSearch(str, str2, str3);
        }
        return personSearch;
    }

    @Override // gluu.scim.client.BaseScimClientImpl, gluu.scim.client.BaseScimClient
    public ScimResponse personSearchByObject(String str, Object obj, String str2, String str3) throws JsonGenerationException, JsonMappingException, IOException, JAXBException {
        ScimResponse personSearchByObject = super.personSearchByObject(str, obj, str2, str3);
        if (autorizeRpt(personSearchByObject)) {
            personSearchByObject = super.personSearchByObject(str, obj, str2, str3);
        }
        return personSearchByObject;
    }
}
