package gluu.scim2.client;

import com.fasterxml.jackson.databind.ObjectMapper;
import gluu.scim2.client.exception.ScimInitializationException;
import java.net.URL;
import java.nio.file.Path;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.core.Response;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.gluu.oxauth.client.TokenClient;
import org.gluu.oxauth.client.TokenRequest;
import org.gluu.oxauth.client.TokenResponse;
import org.gluu.oxauth.model.common.AuthenticationMethod;
import org.gluu.oxauth.model.common.GrantType;
import org.gluu.oxauth.model.crypto.OxAuthCryptoProvider;
import org.gluu.util.StringHelper;

/* loaded from: input_file:gluu/scim2/client/OAuthScimClient.class */
public class OAuthScimClient<T> extends AbstractScimClient<T> {
    private static final long serialVersionUID = 3141592672017122134L;
    private static final String SCOPES = (String) Stream.of((Object[]) new String[]{"https://gluu.org/scim/users.read", "https://gluu.org/scim/users.write", "https://gluu.org/scim/groups.read", "https://gluu.org/scim/groups.write", "https://gluu.org/scim/fido.read", "https://gluu.org/scim/fido.write", "https://gluu.org/scim/fido2.read", "https://gluu.org/scim/fido2.write", "https://gluu.org/scim/all-resources.search", "https://gluu.org/scim/bulk"}).collect(Collectors.joining(" "));
    private Logger logger;
    private String access_token;
    private String tokenEndpoint;
    private String clientId;
    private String password;
    private AuthenticationMethod tokenEndpointAuthnMethod;
    private String keyId;
    private ObjectMapper mapper;
    private OxAuthCryptoProvider cryptoProvider;

    public OAuthScimClient(Class<T> cls, String str, String str2, String str3, String str4, boolean z) throws Exception {
        super(str, cls);
        this.logger = LogManager.getLogger(getClass());
        this.mapper = new ObjectMapper();
        checkRequiredness(str3, str4, str2);
        this.clientId = str3;
        this.password = str4;
        this.tokenEndpoint = getTokenEndpoint(str2);
        this.tokenEndpointAuthnMethod = z ? AuthenticationMethod.CLIENT_SECRET_POST : AuthenticationMethod.CLIENT_SECRET_BASIC;
        updateTokens();
    }

    public OAuthScimClient(Class<T> cls, String str, String str2, String str3, Path path, String str4, String str5) throws Exception {
        super(str, cls);
        this.logger = LogManager.getLogger(getClass());
        this.mapper = new ObjectMapper();
        checkRequiredness(str3, str4, str2);
        try {
            this.cryptoProvider = new OxAuthCryptoProvider(path.toString(), str4, (String) null);
            if (StringHelper.isEmpty(str5)) {
                List keys = this.cryptoProvider.getKeys();
                if (keys.size() <= 0) {
                    throw new ScimInitializationException("No keys found in keystore");
                }
                str5 = (String) keys.get(0);
            }
            this.clientId = str3;
            this.tokenEndpoint = getTokenEndpoint(str2);
            this.tokenEndpointAuthnMethod = AuthenticationMethod.PRIVATE_KEY_JWT;
            this.keyId = str5;
            updateTokens();
        } catch (Exception e) {
            throw new ScimInitializationException("Failed to initialize crypto provider");
        }
    }

    private void checkRequiredness(String... strArr) throws ScimInitializationException {
        if (Stream.of((Object[]) strArr).anyMatch(StringHelper::isEmpty)) {
            throw new ScimInitializationException("One or more required values are missing");
        }
    }

    private String getTokenEndpoint(String str) throws Exception {
        return this.mapper.readTree(new URL(str)).get("token_endpoint").asText();
    }

    private void updateTokens() throws Exception {
        this.access_token = getTokens().getAccessToken();
        this.logger.debug("Got token: " + this.access_token);
    }

    private TokenResponse getTokens() throws Exception {
        TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
        tokenRequest.setAuthenticationMethod(this.tokenEndpointAuthnMethod);
        tokenRequest.setScope(SCOPES);
        tokenRequest.setAuthUsername(this.clientId);
        if (this.keyId == null) {
            tokenRequest.setAuthPassword(this.password);
        } else {
            tokenRequest.setCryptoProvider(this.cryptoProvider);
            tokenRequest.setAlgorithm(this.cryptoProvider.getSignatureAlgorithm(this.keyId));
            tokenRequest.setKeyId(this.keyId);
            tokenRequest.setAudience(this.tokenEndpoint);
        }
        TokenClient tokenClient = new TokenClient(this.tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        return tokenClient.exec();
    }

    @Override // gluu.scim2.client.AbstractScimClient
    String getAuthenticationHeader() {
        return "Bearer " + this.access_token;
    }

    @Override // gluu.scim2.client.AbstractScimClient
    boolean authorize(Response response) {
        try {
            updateTokens();
            return this.access_token != null;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            return false;
        }
    }
}
