package de.fraunhofer.iosb.ilt.sta.service;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureException;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Timer;
import java.util.TimerTask;
import javax.xml.bind.DatatypeConverter;
import org.apache.http.Consts;
import org.apache.http.HttpRequest;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/fraunhofer/iosb/ilt/sta/service/TokenManagerOpenIDConnect.class */
public class TokenManagerOpenIDConnect implements TokenManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenManagerOpenIDConnect.class);
    private String tokenServerUrl;
    private String clientId;
    private String userName;
    private String password;
    private CloseableHttpClient client;
    private String keyType;
    private byte[] apiKeyBytes;
    private boolean autoRefresh;
    private Timer timer;
    private TimerTask refreshTask;
    private String accessToken = "";
    private String refreshToken = "";
    private int expireDuration = 300;
    private Calendar expireTime = Calendar.getInstance();
    private int refreshExpireDuration = 1800;
    private Calendar refreshExpireTime = Calendar.getInstance();

    @Override // de.fraunhofer.iosb.ilt.sta.service.TokenManager
    public <T extends HttpRequest> void addAuthHeader(T t) {
        t.addHeader("Authorization", "Bearer " + getToken());
    }

    public boolean isExpired() {
        return this.expireTime.before(Calendar.getInstance());
    }

    private String fetchTokenUsingPassword() {
        String str = null;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                HttpPost httpPost = new HttpPost(this.tokenServerUrl);
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair("grant_type", "password"));
                arrayList.add(new BasicNameValuePair("client_id", this.clientId));
                arrayList.add(new BasicNameValuePair("username", this.userName));
                arrayList.add(new BasicNameValuePair("password", this.password));
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                closeableHttpResponse = this.client.execute(httpPost);
                str = EntityUtils.toString(closeableHttpResponse.getEntity(), Consts.UTF_8);
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e) {
                        LOGGER.error("Exception closing response after exception!", e);
                    }
                }
            } catch (IOException e2) {
                LOGGER.error("Failed to fetch Token.", e2);
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e3) {
                        LOGGER.error("Exception closing response after exception!", e3);
                    }
                }
            }
            return str;
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                try {
                    closeableHttpResponse.close();
                } catch (IOException e4) {
                    LOGGER.error("Exception closing response after exception!", e4);
                }
            }
            throw th;
        }
    }

    private String fetchTokenUsingRefreshToken() {
        String str = null;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                HttpPost httpPost = new HttpPost(this.tokenServerUrl);
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair("grant_type", "refresh_token"));
                arrayList.add(new BasicNameValuePair("refresh_token", this.refreshToken));
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                closeableHttpResponse = this.client.execute(httpPost);
                str = EntityUtils.toString(closeableHttpResponse.getEntity(), Consts.UTF_8);
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e) {
                        LOGGER.error("Exception closing response after exception!", e);
                    }
                }
            } catch (IOException e2) {
                LOGGER.error("Failed to fetch Token.", e2);
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e3) {
                        LOGGER.error("Exception closing response after exception!", e3);
                    }
                }
            }
            return str;
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                try {
                    closeableHttpResponse.close();
                } catch (IOException e4) {
                    LOGGER.error("Exception closing response after exception!", e4);
                }
            }
            throw th;
        }
    }

    public String getToken() {
        String str;
        String str2 = this.accessToken;
        if (!str2.isEmpty() && !isExpired()) {
            return str2;
        }
        synchronized (this) {
            this.accessToken = "";
            String str3 = null;
            if (!this.refreshToken.isEmpty()) {
                str3 = fetchTokenUsingRefreshToken();
            }
            if (str3 == null) {
                str3 = fetchTokenUsingPassword();
            }
            try {
                JsonNode readTree = new ObjectMapper().readTree(str3);
                if (readTree.isObject()) {
                    JsonNode jsonNode = readTree.get("access_token");
                    if (jsonNode == null) {
                        throw new IllegalStateException("Did not receive an access_token. Received: " + str3);
                    }
                    this.accessToken = jsonNode.textValue();
                    validateToken(this.accessToken);
                    this.refreshToken = readTree.get("refresh_token").textValue();
                    validateToken(this.refreshToken);
                    JsonNode jsonNode2 = readTree.get("expires_in");
                    if (jsonNode2.isNumber() && jsonNode2.canConvertToInt()) {
                        this.expireDuration = jsonNode2.intValue();
                    }
                    this.expireTime = Calendar.getInstance();
                    this.expireTime.add(13, Math.max(this.expireDuration - 10, 10));
                    JsonNode jsonNode3 = readTree.get("refresh_expires_in");
                    if (jsonNode3.isNumber() && jsonNode3.canConvertToInt()) {
                        this.refreshExpireDuration = jsonNode3.intValue();
                    }
                    checkAutoRefreshTimer();
                }
                LOGGER.debug("Token: {}", this.accessToken);
                LOGGER.debug("RefreshToken: {}", this.refreshToken);
                str = this.accessToken;
            } catch (IOException e) {
                LOGGER.error("Failed to parse response.", e);
                return null;
            }
        }
        return str;
    }

    private void checkAutoRefreshTimer() {
        if (this.autoRefresh) {
            if (this.timer == null) {
                this.timer = new Timer("Autorefresh", true);
            }
            Calendar calendar = Calendar.getInstance();
            calendar.add(13, Math.max(this.refreshExpireDuration - 20, 20));
            if (this.refreshExpireTime.before(calendar)) {
                this.refreshTask.cancel();
                this.refreshTask = null;
                this.refreshExpireTime = calendar;
            }
            if (this.refreshTask == null) {
                this.refreshTask = new TimerTask() { // from class: de.fraunhofer.iosb.ilt.sta.service.TokenManagerOpenIDConnect.1
                    @Override // java.util.TimerTask, java.lang.Runnable
                    public void run() {
                        TokenManagerOpenIDConnect.this.autoRefresh();
                    }
                };
                this.timer.schedule(this.refreshTask, calendar.getTime());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void autoRefresh() {
        LOGGER.info("Auto-Refreshing the token.");
        getToken();
    }

    public boolean validateToken(String str) {
        try {
            if (!Jwts.parser().isSigned(str)) {
                Jwts.parser().parse(str);
                return true;
            }
            if (this.keyType != null) {
                Jwts.parser().setSigningKey(KeyFactory.getInstance(this.keyType).generatePublic(new X509EncodedKeySpec(this.apiKeyBytes))).parse(str);
                return true;
            }
            if (this.apiKeyBytes != null) {
                Jwts.parser().setSigningKey(this.apiKeyBytes).parse(str);
                return true;
            }
            LOGGER.debug("Can not validate token, please set the signing key.");
            return true;
        } catch (SignatureException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.error("Token failed signature!", e);
            return false;
        }
    }

    @Override // de.fraunhofer.iosb.ilt.sta.service.TokenManager
    public TokenManagerOpenIDConnect setHttpClient(CloseableHttpClient closeableHttpClient) {
        this.client = closeableHttpClient;
        return this;
    }

    @Override // de.fraunhofer.iosb.ilt.sta.service.TokenManager
    public CloseableHttpClient getHttpClient() {
        return this.client;
    }

    public TokenManagerOpenIDConnect setTokenServerUrl(String str) {
        this.tokenServerUrl = str;
        return this;
    }

    public TokenManagerOpenIDConnect setClientId(String str) {
        this.clientId = str;
        return this;
    }

    public TokenManagerOpenIDConnect setUserName(String str) {
        this.userName = str;
        return this;
    }

    public TokenManagerOpenIDConnect setPassword(String str) {
        this.password = str;
        return this;
    }

    public TokenManagerOpenIDConnect setSigningKey(String str) {
        this.apiKeyBytes = DatatypeConverter.parseBase64Binary(str);
        return this;
    }

    public TokenManagerOpenIDConnect setKeyType(String str) {
        this.keyType = str;
        return this;
    }

    public TokenManagerOpenIDConnect setRefreshToken(String str) {
        this.refreshToken = str;
        return this;
    }

    public TokenManagerOpenIDConnect setRefreshExpireDuration(int i) {
        this.refreshExpireDuration = i;
        return this;
    }

    public TokenManagerOpenIDConnect setAutoRefresh(boolean z) {
        this.autoRefresh = z;
        return this;
    }
}
