package io.jans.scim2.client;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.jans.as.model.common.AuthenticationMethod;
import io.jans.as.model.crypto.AuthCryptoProvider;
import io.jans.scim2.client.exception.ScimInitializationException;
import io.jans.util.StringHelper;
import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.client.Entity;
import jakarta.ws.rs.client.Invocation;
import jakarta.ws.rs.client.WebTarget;
import jakarta.ws.rs.core.Form;
import jakarta.ws.rs.core.Response;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.Base64;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:io/jans/scim2/client/ScimClient.class */
public class ScimClient<T> extends AbstractScimClient<T> {
    private static final long serialVersionUID = 3141592672017122134L;
    private static final Charset utf8 = StandardCharsets.UTF_8;
    private static final String SCOPES = (String) Stream.of((Object[]) new String[]{"https://jans.io/scim/users.read", "https://jans.io/scim/users.write", "https://jans.io/scim/groups.read", "https://jans.io/scim/groups.write", "https://jans.io/scim/fido.read", "https://jans.io/scim/fido.write", "https://jans.io/scim/fido2.read", "https://jans.io/scim/fido2.write", "https://jans.io/scim/all-resources.search", "https://jans.io/scim/bulk"}).collect(Collectors.joining(" "));
    private Logger logger;
    private String access_token;
    private String tokenEndpoint;
    private String clientId;
    private String password;
    private AuthenticationMethod tokenEndpointAuthnMethod;
    private String keyId;
    private ObjectMapper mapper;
    private AuthCryptoProvider cryptoProvider;

    public ScimClient(Class<T> cls, String str, String str2, String str3, String str4, boolean z) throws Exception {
        super(str, cls);
        this.logger = LogManager.getLogger(getClass());
        this.mapper = new ObjectMapper();
        checkRequiredness(str3, str4, str2);
        this.clientId = str3;
        this.password = str4;
        this.tokenEndpoint = getTokenEndpoint(str2);
        this.tokenEndpointAuthnMethod = z ? AuthenticationMethod.CLIENT_SECRET_POST : AuthenticationMethod.CLIENT_SECRET_BASIC;
        updateTokens();
    }

    public ScimClient(Class<T> cls, String str, String str2, String str3, Path path, String str4, String str5) throws Exception {
        super(str, cls);
        this.logger = LogManager.getLogger(getClass());
        this.mapper = new ObjectMapper();
        checkRequiredness(str3, str4, str2);
        try {
            this.cryptoProvider = new AuthCryptoProvider(path.toString(), str4, (String) null);
            if (StringHelper.isEmpty(str5)) {
                List keys = this.cryptoProvider.getKeys();
                if (keys.size() <= 0) {
                    throw new ScimInitializationException("No keys found in keystore");
                }
                str5 = (String) keys.get(0);
            }
            this.clientId = str3;
            this.tokenEndpoint = getTokenEndpoint(str2);
            this.tokenEndpointAuthnMethod = AuthenticationMethod.PRIVATE_KEY_JWT;
            this.keyId = str5;
            updateTokens();
        } catch (Exception e) {
            throw new ScimInitializationException("Failed to initialize crypto provider");
        }
    }

    private void checkRequiredness(String... strArr) throws ScimInitializationException {
        if (Stream.of((Object[]) strArr).anyMatch(StringHelper::isEmpty)) {
            throw new ScimInitializationException("One or more required values are missing");
        }
    }

    private String getTokenEndpoint(String str) throws Exception {
        return this.mapper.readTree(new URL(str)).get("token_endpoint").asText();
    }

    private void updateTokens() throws Exception {
        WebTarget target = ClientBuilder.newClient().target(this.tokenEndpoint);
        Form param = new Form().param("grant_type", "client_credentials").param("scope", SCOPES);
        Invocation.Builder request = target.request();
        if (this.tokenEndpointAuthnMethod.equals(AuthenticationMethod.CLIENT_SECRET_BASIC)) {
            request.header("Authorization", "Basic " + new String(Base64.getEncoder().encode((this.clientId + ":" + this.password).getBytes(utf8)), utf8));
        } else {
            if (!this.tokenEndpointAuthnMethod.equals(AuthenticationMethod.CLIENT_SECRET_POST)) {
                throw new ScimInitializationException("Authentication method " + this.tokenEndpointAuthnMethod + " not yet supported, please contact the project maintainer");
            }
            param.param("client_id", this.clientId).param("client_secret", this.password);
        }
        Response post = request.post(Entity.form(param));
        try {
            this.access_token = new ObjectMapper().readTree((String) post.readEntity(String.class)).get("access_token").asText();
            post.close();
            this.logger.debug("Got token: " + this.access_token);
        } catch (Throwable th) {
            post.close();
            throw th;
        }
    }

    @Override // io.jans.scim2.client.AbstractScimClient
    String getAuthenticationHeader() {
        return "Bearer " + this.access_token;
    }

    @Override // io.jans.scim2.client.AbstractScimClient
    boolean authorize(Response response) {
        try {
            updateTokens();
            return this.access_token != null;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            return false;
        }
    }
}
