package io.jans.configapi.auth.service;

import io.jans.as.common.service.common.EncryptionService;
import io.jans.as.model.uma.UmaMetadata;
import io.jans.as.model.uma.wrapper.Token;
import io.jans.configapi.auth.client.UmaClient;
import io.jans.configapi.configuration.ConfigurationFactory;
import io.jans.configapi.service.ConfigurationService;
import io.jans.util.StringHelper;
import io.jans.util.security.StringEncrypter;
import java.util.Calendar;
import java.util.concurrent.locks.ReentrantLock;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import org.slf4j.Logger;

@ApplicationScoped
@Named("patService")
/* loaded from: input_file:io/jans/configapi/auth/service/PatService.class */
public class PatService {

    @Inject
    Logger log;

    @Inject
    ConfigurationService configurationService;

    @Inject
    ConfigurationFactory configurationFactory;

    @Inject
    private EncryptionService encryptionService;

    @Inject
    UmaMetadata umaMetadata;
    private Token umaPat;
    private long umaPatAccessTokenExpiration = 0;
    private final ReentrantLock lock = new ReentrantLock();

    public Token getPatToken() throws Exception {
        if (isValidPatToken(this.umaPat, this.umaPatAccessTokenExpiration)) {
            return this.umaPat;
        }
        this.lock.lock();
        try {
            if (isValidPatToken(this.umaPat, this.umaPatAccessTokenExpiration)) {
                return this.umaPat;
            }
            retrievePatToken();
            return this.umaPat;
        } finally {
            this.lock.unlock();
        }
    }

    protected boolean isEnabledUmaAuthentication() {
        return this.umaMetadata != null && isExistPatToken();
    }

    public boolean isExistPatToken() {
        try {
            return getPatToken() != null;
        } catch (Exception e) {
            this.log.error("Failed to check UMA PAT token status", e);
            return false;
        }
    }

    public String getIssuer() {
        return this.umaMetadata == null ? "" : this.umaMetadata.getIssuer();
    }

    private void retrievePatToken() throws Exception {
        this.umaPat = null;
        if (this.umaMetadata == null) {
            return;
        }
        try {
            ConfigurationFactory configurationFactory = this.configurationFactory;
            String apiClientId = ConfigurationFactory.getApiClientId();
            ConfigurationFactory configurationFactory2 = this.configurationFactory;
            String apiClientPassword = ConfigurationFactory.getApiClientPassword();
            if (StringHelper.isEmpty(apiClientId) || StringHelper.isEmpty(apiClientPassword)) {
                this.log.error("Internal clientId or password is empty!!!");
                throw new Exception("Internal clientId or password is empty!!!");
            }
            if (apiClientPassword != null) {
                try {
                    apiClientPassword = this.encryptionService.decrypt(apiClientPassword);
                } catch (StringEncrypter.EncryptionException e) {
                    this.log.error("Failed to decrypt UmaClientKeyStorePassword password", e);
                }
            }
            this.umaPat = UmaClient.requestPat(this.umaMetadata.getTokenEndpoint(), apiClientId, apiClientPassword, null);
            if (this.umaPat == null) {
                this.umaPatAccessTokenExpiration = 0L;
            } else {
                this.umaPatAccessTokenExpiration = computeAccessTokenExpirationTime(this.umaPat.getExpiresIn());
            }
            if (this.umaPat == null || this.umaPat.getAccessToken() == null) {
                throw new Exception("Failed to obtain valid UMA PAT token");
            }
        } catch (Exception e2) {
            throw new Exception("Failed to obtain valid UMA PAT token", e2);
        }
    }

    protected long computeAccessTokenExpirationTime(Integer num) {
        Calendar calendar = Calendar.getInstance();
        if (num != null) {
            calendar.add(13, num.intValue());
            calendar.add(13, -10);
        }
        return calendar.getTimeInMillis();
    }

    private boolean isValidPatToken(Token token, long j) {
        return (token == null || token.getAccessToken() == null || j <= System.currentTimeMillis()) ? false : true;
    }

    protected String getClientKeyStorePassword() {
        return this.configurationService.find().getKeyStoreSecret();
    }

    protected String getClientKeyStoreFile() {
        return this.configurationService.find().getKeyStoreFile();
    }

    private String getClientId() {
        ConfigurationFactory configurationFactory = this.configurationFactory;
        return ConfigurationFactory.getApiClientId();
    }

    private String getClientKeyId() {
        return null;
    }
}
