package gluu.scim2.client.auth;

import gluu.scim.client.ScimResponse;
import gluu.scim.client.exception.ScimInitializationException;
import gluu.scim2.client.BaseScim2ClientImpl;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.List;
import java.util.concurrent.locks.ReentrantLock;
import javax.xml.bind.JAXBException;
import org.apache.commons.httpclient.HttpMethodBase;
import org.codehaus.jackson.map.ObjectMapper;
import org.gluu.oxtrust.model.scim2.Group;
import org.gluu.oxtrust.model.scim2.User;
import org.jboss.resteasy.client.ClientExecutor;
import org.jboss.resteasy.client.ClientResponseFailure;
import org.xdi.oxauth.client.TokenRequest;
import org.xdi.oxauth.client.uma.CreateRptService;
import org.xdi.oxauth.client.uma.UmaClientFactory;
import org.xdi.oxauth.client.uma.wrapper.UmaClient;
import org.xdi.oxauth.model.common.AuthenticationMethod;
import org.xdi.oxauth.model.common.GrantType;
import org.xdi.oxauth.model.crypto.OxAuthCryptoProvider;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.uma.PermissionTicket;
import org.xdi.oxauth.model.uma.RPTResponse;
import org.xdi.oxauth.model.uma.RptAuthorizationRequest;
import org.xdi.oxauth.model.uma.UmaConfiguration;
import org.xdi.oxauth.model.uma.wrapper.Token;
import org.xdi.util.StringHelper;

/* loaded from: input_file:gluu/scim2/client/auth/UmaScim2ClientImpl.class */
public class UmaScim2ClientImpl extends BaseScim2ClientImpl {
    private static final long serialVersionUID = 7099883500099353832L;
    private UmaConfiguration metadataConfiguration;
    private Token umaAat;
    private RPTResponse umaRpt;
    private String umaMetaDataUrl;
    private String umaAatClientId;
    private String umaAatClientKeyId;
    private String umaAatClientJksPath;
    private String umaAatClientJksPassword;
    protected ClientExecutor executor;
    private long umaAatAccessTokenExpiration;
    private final ReentrantLock lock;

    public UmaScim2ClientImpl(String str, String str2, String str3, String str4, String str5, String str6) {
        super(str);
        this.umaAatAccessTokenExpiration = 0L;
        this.lock = new ReentrantLock();
        this.umaMetaDataUrl = str2;
        this.umaAatClientId = str3;
        this.umaAatClientJksPath = str4;
        this.umaAatClientJksPassword = str5;
        this.umaAatClientKeyId = str6;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl
    protected void init() {
        initUmaAuthentication();
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl
    protected void addAuthenticationHeader(HttpMethodBase httpMethodBase) {
        httpMethodBase.setRequestHeader("Authorization", "Bearer " + this.umaRpt.getRpt());
    }

    private void initUmaAuthentication() {
        if (isValidToken(System.currentTimeMillis())) {
            return;
        }
        this.lock.lock();
        try {
            try {
                if (!isValidToken(System.currentTimeMillis())) {
                    initUmaRpt();
                    this.umaAatAccessTokenExpiration = computeAccessTokenExpirationTime(this.umaAat.getExpiresIn());
                }
            } catch (Exception e) {
                throw new ScimInitializationException("Could not get accessToken", e);
            }
        } finally {
            this.lock.unlock();
        }
    }

    private boolean isValidToken(long j) {
        return (this.umaAat == null || this.umaAat.getAccessToken() == null || this.umaAatAccessTokenExpiration <= j) ? false : true;
    }

    private void initUmaRpt() {
        this.umaAat = null;
        this.umaRpt = null;
        if (this.executor == null) {
            this.metadataConfiguration = UmaClientFactory.instance().createMetaDataConfigurationService(this.umaMetaDataUrl).getMetadataConfiguration();
        } else {
            this.metadataConfiguration = UmaClientFactory.instance().createMetaDataConfigurationService(this.umaMetaDataUrl, this.executor).getMetadataConfiguration();
        }
        if (this.metadataConfiguration == null || !StringHelper.equals(this.metadataConfiguration.getVersion(), "1.0")) {
            throw new ScimInitializationException("Failed to load valid UMA metadata configuration");
        }
        try {
            if (StringHelper.isEmpty(this.umaAatClientJksPath) || StringHelper.isEmpty(this.umaAatClientJksPassword)) {
                throw new ScimInitializationException("UMA JKS keystore path or password is empty");
            }
            try {
                OxAuthCryptoProvider oxAuthCryptoProvider = new OxAuthCryptoProvider(this.umaAatClientJksPath, this.umaAatClientJksPassword, (String) null);
                String str = this.umaAatClientKeyId;
                if (StringHelper.isEmpty(str)) {
                    List keyAliases = oxAuthCryptoProvider.getKeyAliases();
                    if (keyAliases.size() > 0) {
                        str = (String) keyAliases.get(0);
                    }
                }
                if (StringHelper.isEmpty(str)) {
                    throw new ScimInitializationException("UMA keyId is empty");
                }
                SignatureAlgorithm signatureAlgorithm = oxAuthCryptoProvider.getSignatureAlgorithm(str);
                TokenRequest build = TokenRequest.builder().aat(new String[0]).grantType(GrantType.CLIENT_CREDENTIALS).build();
                build.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
                build.setAuthUsername(this.umaAatClientId);
                build.setCryptoProvider(oxAuthCryptoProvider);
                build.setAlgorithm(signatureAlgorithm);
                build.setKeyId(str);
                build.setAudience(this.metadataConfiguration.getTokenEndpoint());
                this.umaAat = UmaClient.request(this.metadataConfiguration.getTokenEndpoint(), build);
                if (this.umaAat == null) {
                    throw new ScimInitializationException("Failed to get UMA AAT token");
                }
                CreateRptService createRequesterPermissionTokenService = this.executor == null ? UmaClientFactory.instance().createRequesterPermissionTokenService(this.metadataConfiguration) : UmaClientFactory.instance().createRequesterPermissionTokenService(this.metadataConfiguration, this.executor);
                this.umaRpt = null;
                try {
                    this.umaRpt = createRequesterPermissionTokenService.createRPT("Bearer " + this.umaAat.getAccessToken(), getHost(this.metadataConfiguration.getIssuer()));
                    if (this.umaRpt == null) {
                        throw new ScimInitializationException("Failed to get UMA RPT token");
                    }
                } catch (ClientResponseFailure e) {
                    throw new ScimInitializationException("Failed to get RPT token. Error: " + ((String) e.getResponse().getEntity(String.class)), e);
                } catch (MalformedURLException e2) {
                    throw new ScimInitializationException("Failed to determine host by URI", e2);
                }
            } catch (Exception e3) {
                throw new ScimInitializationException("Failed to initialize crypto provider");
            }
        } catch (Exception e4) {
            throw new ScimInitializationException("Failed to get AAT token", e4);
        } catch (ClientResponseFailure e5) {
            throw new ScimInitializationException("Failed to get AAT token. Error: " + ((String) e5.getResponse().getEntity(String.class)), e5);
        }
    }

    private boolean autorizeRpt(ScimResponse scimResponse) {
        if (scimResponse.getStatusCode() != 403) {
            return false;
        }
        try {
            PermissionTicket permissionTicket = (PermissionTicket) new ObjectMapper().readValue(scimResponse.getResponseBody(), PermissionTicket.class);
            authorizeRpt(permissionTicket.getTicket());
            if (StringHelper.isEmpty(permissionTicket.getTicket())) {
                throw new ScimInitializationException("UMA ticket is invalid");
            }
            return true;
        } catch (Exception e) {
            throw new ScimInitializationException("UMA ticket is invalid", e);
        }
    }

    private boolean authorizeRpt(String str) {
        try {
            if ((this.executor == null ? UmaClientFactory.instance().createAuthorizationRequestService(this.metadataConfiguration) : UmaClientFactory.instance().createAuthorizationRequestService(this.metadataConfiguration, this.executor)).requestRptPermissionAuthorization("Bearer " + this.umaAat.getAccessToken(), getHost(this.metadataConfiguration.getIssuer()), new RptAuthorizationRequest(this.umaRpt.getRpt(), str)) == null) {
                throw new ScimInitializationException("UMA ticket authorization response is invalid");
            }
            return true;
        } catch (MalformedURLException e) {
            throw new ScimInitializationException("Failed to determine host by URI", e);
        } catch (ClientResponseFailure e2) {
            throw new ScimInitializationException("Failed to authorize UMA ticket. Error: " + ((String) e2.getResponse().getEntity(String.class)), e2);
        } catch (Exception e3) {
            throw new ScimInitializationException(e3.getMessage(), e3);
        }
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse retrievePerson(String str, String str2) throws IOException {
        return retrieveUser(str, new String[0]);
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse retrieveUser(String str, String[] strArr) throws IOException {
        ScimResponse retrieveUser = super.retrieveUser(str, strArr);
        if (autorizeRpt(retrieveUser)) {
            retrieveUser = super.retrieveUser(str, strArr);
        }
        return retrieveUser;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse createPerson(User user, String str) throws IOException, JAXBException {
        return createUser(user, new String[0]);
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse createUser(User user, String[] strArr) throws IOException {
        ScimResponse createUser = super.createUser(user, strArr);
        if (autorizeRpt(createUser)) {
            createUser = super.createUser(user, strArr);
        }
        return createUser;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse updatePerson(User user, String str, String str2) throws IOException, JAXBException {
        return updateUser(user, str, new String[0]);
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse updateUser(User user, String str, String[] strArr) throws IOException {
        ScimResponse updateUser = super.updateUser(user, str, strArr);
        if (autorizeRpt(updateUser)) {
            updateUser = super.updateUser(user, str, strArr);
        }
        return updateUser;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse deletePerson(String str) throws IOException {
        ScimResponse deletePerson = super.deletePerson(str);
        if (autorizeRpt(deletePerson)) {
            deletePerson = super.deletePerson(str);
        }
        return deletePerson;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse retrieveGroup(String str, String str2) throws IOException {
        return retrieveGroup(str, new String[0]);
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse retrieveGroup(String str, String[] strArr) throws IOException {
        ScimResponse retrieveGroup = super.retrieveGroup(str, strArr);
        if (autorizeRpt(retrieveGroup)) {
            retrieveGroup = super.retrieveGroup(str, strArr);
        }
        return retrieveGroup;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse createGroup(Group group, String str) throws IOException, JAXBException {
        return createGroup(group, new String[0]);
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse createGroup(Group group, String[] strArr) throws IOException {
        ScimResponse createGroup = super.createGroup(group, strArr);
        if (autorizeRpt(createGroup)) {
            createGroup = super.createGroup(group, strArr);
        }
        return createGroup;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse updateGroup(Group group, String str, String str2) throws IOException, JAXBException {
        return updateGroup(group, str, new String[0]);
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse updateGroup(Group group, String str, String[] strArr) throws IOException {
        ScimResponse updateGroup = super.updateGroup(group, str, strArr);
        if (autorizeRpt(updateGroup)) {
            updateGroup = super.updateGroup(group, str, strArr);
        }
        return updateGroup;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse deleteGroup(String str) throws IOException {
        ScimResponse deleteGroup = super.deleteGroup(str);
        if (autorizeRpt(deleteGroup)) {
            deleteGroup = super.deleteGroup(str);
        }
        return deleteGroup;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse createPersonString(String str, String str2) throws IOException, JAXBException {
        ScimResponse createPersonString = super.createPersonString(str, str2);
        if (autorizeRpt(createPersonString)) {
            createPersonString = super.createPersonString(str, str2);
        }
        return createPersonString;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse updatePersonString(String str, String str2, String str3) throws IOException, JAXBException {
        ScimResponse updatePersonString = super.updatePersonString(str, str2, str3);
        if (autorizeRpt(updatePersonString)) {
            updatePersonString = super.updatePersonString(str, str2, str3);
        }
        return updatePersonString;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse createGroupString(String str, String str2) throws IOException, JAXBException {
        ScimResponse createGroupString = super.createGroupString(str, str2);
        if (autorizeRpt(createGroupString)) {
            createGroupString = super.createGroupString(str, str2);
        }
        return createGroupString;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse updateGroupString(String str, String str2, String str3) throws IOException, JAXBException {
        ScimResponse updateGroupString = super.updateGroupString(str, str2, str3);
        if (autorizeRpt(updateGroupString)) {
            updateGroupString = super.updateGroupString(str, str2, str3);
        }
        return updateGroupString;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse bulkOperationString(String str, String str2) throws IOException {
        ScimResponse bulkOperationString = super.bulkOperationString(str, str2);
        if (autorizeRpt(bulkOperationString)) {
            bulkOperationString = super.bulkOperationString(str, str2);
        }
        return bulkOperationString;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse retrieveAllUsers() throws IOException {
        ScimResponse retrieveAllUsers = super.retrieveAllUsers();
        if (autorizeRpt(retrieveAllUsers)) {
            retrieveAllUsers = super.retrieveAllUsers();
        }
        return retrieveAllUsers;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse searchUsers(String str, int i, int i2, String str2, String str3, String[] strArr) throws IOException {
        ScimResponse searchUsers = super.searchUsers(str, i, i2, str2, str3, strArr);
        if (autorizeRpt(searchUsers)) {
            searchUsers = super.searchUsers(str, i, i2, str2, str3, strArr);
        }
        return searchUsers;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse retrieveAllGroups() throws IOException {
        ScimResponse retrieveAllGroups = super.retrieveAllGroups();
        if (autorizeRpt(retrieveAllGroups)) {
            retrieveAllGroups = super.retrieveAllGroups();
        }
        return retrieveAllGroups;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    public ScimResponse searchGroups(String str, int i, int i2, String str2, String str3, String[] strArr) throws IOException {
        ScimResponse searchGroups = super.searchGroups(str, i, i2, str2, str3, strArr);
        if (autorizeRpt(searchGroups)) {
            searchGroups = super.searchGroups(str, i, i2, str2, str3, strArr);
        }
        return searchGroups;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse personSearch(String str, String str2, String str3) throws IOException, JAXBException {
        ScimResponse personSearch = super.personSearch(str, str2, str3);
        if (autorizeRpt(personSearch)) {
            personSearch = super.personSearch(str, str2, str3);
        }
        return personSearch;
    }

    @Override // gluu.scim2.client.BaseScim2ClientImpl, gluu.scim2.client.BaseScim2Client
    @Deprecated
    public ScimResponse personSearchByObject(String str, Object obj, String str2, String str3) throws IOException, JAXBException {
        ScimResponse personSearchByObject = super.personSearchByObject(str, obj, str2, str3);
        if (autorizeRpt(personSearchByObject)) {
            personSearchByObject = super.personSearchByObject(str, obj, str2, str3);
        }
        return personSearchByObject;
    }

    public ClientExecutor getExecutor() {
        return this.executor;
    }

    public void setExecutor(ClientExecutor clientExecutor) {
        this.executor = clientExecutor;
    }
}
