package org.openanzo.client.cli;

import com.cambridgesemantics.anzo.ontologies.ssoprovider.SSOProvider;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManager;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.http.HttpEntity;
import org.apache.http.StatusLine;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.openanzo.client.AnzoTrustManager;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.rdf.Literal;
import org.openanzo.rdf.Password;
import org.openanzo.rdf.URI;
import org.openanzo.rdf.jastor.ThingImpl;
import org.openanzo.rdf.utils.AnzoHttpClient;
import org.openanzo.rdf.utils.HttpBuilderArguments;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.MimeTypeUtils;

/* loaded from: input_file:org/openanzo/client/cli/SSOUtils.class */
public class SSOUtils {
    private static final String ERROR_RESPONSE = "error response";
    private static final String EMAIL = "email";
    private static final String EMAIL_AS_USERNAME = "emailAsUsername";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SSOUtils.class);
    static String ssoDeviceFlowAuthEndpoint = "http://localhost:8080/keycloak/auth/realms/anzo/protocol/openid-connect/auth/device";
    static String ssoDeviceFlowTokenEndpoint = "http://localhost:8080/keycloak/auth/realms/anzo/protocol/openid-connect/token";
    static int timeoutSeconds = 60;

    /* loaded from: input_file:org/openanzo/client/cli/SSOUtils$AccessToken.class */
    final class AccessToken {

        @JsonProperty("access_token")
        public String token;

        AccessToken() {
        }
    }

    public static AccessAndRefreshToken ssoDeviceFlow(CommandContextBuilder commandContextBuilder) {
        if (commandContextBuilder.getDeviceFlowClientId() == null) {
            return null;
        }
        String truststoreFile = commandContextBuilder.getTruststoreFile();
        String truststoreType = commandContextBuilder.getTruststoreType();
        Password truststorePassword = commandContextBuilder.getTruststorePassword();
        boolean booleanValue = commandContextBuilder.isShowTrace().booleanValue();
        IConsole consoleWriter = commandContextBuilder.getConsoleWriter();
        TrustManager[] trustManagerArr = new TrustManager[0];
        try {
            TrustManager[] trustManagerArr2 = new TrustManager[1];
            trustManagerArr2[0] = new AnzoTrustManager(commandContextBuilder.isTrustAll(), truststoreFile, truststoreType, truststorePassword != null ? truststorePassword.getDecrypted() : null, booleanValue);
            trustManagerArr = trustManagerArr2;
        } catch (AnzoException e) {
            writeError(consoleWriter, "Trust managers could not be initialized: " + e.getMessage());
        }
        return pollForToken(trustManagerArr, commandContextBuilder, showDeviceFlowInfo(trustManagerArr, commandContextBuilder));
    }

    private static String showDeviceFlowInfo(TrustManager[] trustManagerArr, CommandContextBuilder commandContextBuilder) throws SecurityException {
        Throwable th;
        String deviceFlowAuthEndpoint = commandContextBuilder.getDeviceFlowAuthEndpoint();
        String deviceFlowClientId = commandContextBuilder.getDeviceFlowClientId();
        IConsole consoleWriter = commandContextBuilder.getConsoleWriter();
        boolean booleanValue = commandContextBuilder.isShowTrace().booleanValue();
        try {
            URL url = new URL(deviceFlowAuthEndpoint == null ? ssoDeviceFlowAuthEndpoint : deviceFlowAuthEndpoint);
            HttpClientBuilder pooledHttpBuilder = AnzoHttpClient.getPooledHttpBuilder(new HttpBuilderArguments().setTimeout(-1).setTrustManagers(trustManagerArr).setMaxTotal(200).setMaxPerRoute(20));
            pooledHttpBuilder.setConnectionManagerShared(true);
            Throwable th2 = null;
            try {
                CloseableHttpClient build = pooledHttpBuilder.build();
                try {
                    HttpPost httpPost = new HttpPost(url.toString());
                    httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
                    httpPost.addHeader("Accept", MimeTypeUtils.ALL_VALUE);
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(new BasicNameValuePair("client_id", deviceFlowClientId));
                    arrayList.add(new BasicNameValuePair("scope", "openid profile email"));
                    httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
                    CloseableHttpResponse execute = build.execute((HttpUriRequest) httpPost);
                    if (execute.getStatusLine().getStatusCode() != 200) {
                        throw new SecurityException(ERROR_RESPONSE);
                    }
                    HttpEntity entity = execute.getEntity();
                    if (entity == null) {
                        throw new SecurityException(ERROR_RESPONSE);
                    }
                    th2 = null;
                    try {
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent()));
                        try {
                            StringBuilder sb = new StringBuilder();
                            while (true) {
                                String readLine = bufferedReader.readLine();
                                if (readLine == null) {
                                    break;
                                }
                                sb.append(readLine).append(System.lineSeparator());
                            }
                            JsonNode readTree = new ObjectMapper().readTree(sb.toString());
                            String asText = readTree.get("user_code").asText();
                            String asText2 = readTree.get("device_code").asText();
                            JsonNode jsonNode = readTree.get("verification_uri");
                            String asText3 = jsonNode != null ? jsonNode.asText() : readTree.get("verification_url").asText();
                            consoleWriter.println("Please visit the following URL on your device and enter the code:");
                            consoleWriter.println("Verification URL: " + asText3);
                            consoleWriter.println("Code: " + asText);
                            consoleWriter.println("Waiting for user authentication...");
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                            return asText2;
                        } catch (Throwable th3) {
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                            throw th3;
                        }
                    } finally {
                    }
                } finally {
                    if (build != null) {
                        build.close();
                    }
                }
            } finally {
            }
        } catch (IOException e) {
            consoleWriter.printException(e, booleanValue);
            throw new SecurityException(ERROR_RESPONSE, e);
        }
    }

    private static AccessAndRefreshToken pollForToken(TrustManager[] trustManagerArr, CommandContextBuilder commandContextBuilder, String str) {
        Integer valueOf = commandContextBuilder.getTimeout() == null ? null : Integer.valueOf(commandContextBuilder.getTimeout());
        IConsole consoleWriter = commandContextBuilder.getConsoleWriter();
        ScheduledExecutorService newScheduledThreadPool = Executors.newScheduledThreadPool(1);
        CountDownLatch countDownLatch = new CountDownLatch(1);
        AtomicReference atomicReference = new AtomicReference(null);
        ScheduledFuture<?> scheduleAtFixedRate = newScheduledThreadPool.scheduleAtFixedRate(() -> {
            if (atomicReference.get() == null) {
                getToken(trustManagerArr, commandContextBuilder, atomicReference, str);
                if (atomicReference.get() != null) {
                    countDownLatch.countDown();
                }
            }
        }, 0, 5, TimeUnit.SECONDS);
        try {
            try {
                countDownLatch.await(valueOf == null ? timeoutSeconds : valueOf.intValue(), TimeUnit.SECONDS);
                try {
                    if (atomicReference.get() != null) {
                        writeOutput(consoleWriter, "Authorization completed successfully.");
                    } else {
                        scheduleAtFixedRate.get();
                    }
                    return (AccessAndRefreshToken) atomicReference.get();
                } catch (InterruptedException e) {
                    writeError(consoleWriter, "Authorization task was interrupted: " + e.getMessage());
                    return null;
                } catch (ExecutionException e2) {
                    writeError(consoleWriter, "Error during authorization: " + e2.getCause().getMessage());
                    return null;
                }
            } catch (InterruptedException e3) {
                throw new SecurityException("timed out waithing to authorization", e3);
            }
        } finally {
            newScheduledThreadPool.shutdown();
        }
    }

    private static void getToken(TrustManager[] trustManagerArr, CommandContextBuilder commandContextBuilder, AtomicReference<AccessAndRefreshToken> atomicReference, String str) {
        Throwable th;
        String deviceFlowTokenEndpoint = commandContextBuilder.getDeviceFlowTokenEndpoint();
        String deviceFlowClientId = commandContextBuilder.getDeviceFlowClientId();
        String deviceFlowClientSecret = commandContextBuilder.getDeviceFlowClientSecret();
        IConsole consoleWriter = commandContextBuilder.getConsoleWriter();
        boolean booleanValue = commandContextBuilder.isShowTrace().booleanValue();
        if (str == null) {
            writeError(consoleWriter, "Device code is not available. Make sure to get the device code first.");
            return;
        }
        try {
            URL url = new URL(deviceFlowTokenEndpoint == null ? ssoDeviceFlowTokenEndpoint : deviceFlowTokenEndpoint);
            HttpClientBuilder pooledHttpBuilder = AnzoHttpClient.getPooledHttpBuilder(new HttpBuilderArguments().setTimeout(-1).setTrustManagers(trustManagerArr).setMaxTotal(200).setMaxPerRoute(20));
            pooledHttpBuilder.setConnectionManagerShared(true);
            Throwable th2 = null;
            try {
                CloseableHttpClient build = pooledHttpBuilder.build();
                try {
                    HttpPost httpPost = new HttpPost(url.toString());
                    httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(new BasicNameValuePair("grant_type", "urn:ietf:params:oauth:grant-type:device_code"));
                    arrayList.add(new BasicNameValuePair("client_id", deviceFlowClientId));
                    if (deviceFlowClientSecret != null) {
                        arrayList.add(new BasicNameValuePair("client_secret", deviceFlowClientSecret));
                    }
                    arrayList.add(new BasicNameValuePair("device_code", str));
                    httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
                    CloseableHttpResponse execute = build.execute((HttpUriRequest) httpPost);
                    StatusLine statusLine = execute.getStatusLine();
                    if (statusLine.getStatusCode() == 200) {
                        HttpEntity entity = execute.getEntity();
                        if (entity != null) {
                            th2 = null;
                            try {
                                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent()));
                                try {
                                    StringBuilder sb = new StringBuilder();
                                    while (true) {
                                        String readLine = bufferedReader.readLine();
                                        if (readLine == null) {
                                            break;
                                        } else {
                                            sb.append(readLine).append(System.lineSeparator());
                                        }
                                    }
                                    JsonNode readTree = new ObjectMapper().readTree(sb.toString());
                                    String asText = readTree.get("access_token").asText();
                                    String asText2 = readTree.get("refresh_token").asText();
                                    writeOutput(consoleWriter, "Access Token: " + asText);
                                    writeOutput(consoleWriter, "Refresh Token: " + asText2);
                                    atomicReference.set(new AccessAndRefreshToken(asText, asText2));
                                    if (bufferedReader != null) {
                                        bufferedReader.close();
                                    }
                                } catch (Throwable th3) {
                                    if (bufferedReader != null) {
                                        bufferedReader.close();
                                    }
                                    throw th3;
                                }
                            } finally {
                            }
                        }
                    } else {
                        statusLine.getStatusCode();
                    }
                    httpPost.abort();
                    if (build != null) {
                        build.close();
                    }
                } catch (Throwable th4) {
                    if (build != null) {
                        build.close();
                    }
                    throw th4;
                }
            } finally {
            }
        } catch (IOException e) {
            consoleWriter.printException(e, booleanValue);
        }
    }

    public static void writeOutput(IConsole iConsole, String str) {
        if (iConsole != null) {
            iConsole.println(str);
        } else {
            CommandLineInterface.DEFAULT_CONSOLE.println(str);
        }
    }

    public static void writeError(IConsole iConsole, String str) {
        if (iConsole != null) {
            iConsole.writeError(str);
        } else {
            CommandLineInterface.DEFAULT_CONSOLE.writeError(str);
        }
    }

    public static String getUsername(boolean z, String str, Function<Pair<String, String>, String> function, UserProfile userProfile, SSOProvider sSOProvider) {
        String lookupUsernameFromEmail;
        String replaceWithUserTemplate;
        boolean z2 = false;
        String str2 = EMAIL;
        String str3 = null;
        if (sSOProvider != null) {
            str3 = sSOProvider.getLdapFallbackDomain();
            if (sSOProvider.getUseTokenName() != null && sSOProvider.getUseTokenName().booleanValue()) {
                return str;
            }
            if (sSOProvider.getCallbackUserKey() != null) {
                z2 = true;
                str2 = sSOProvider.getCallbackUserKey();
            }
        }
        if (z && !z2) {
            return str;
        }
        String str4 = null;
        String str5 = str;
        if (userProfile instanceof CommonProfile) {
            CommonProfile commonProfile = (CommonProfile) userProfile;
            if (str2.equals(EMAIL)) {
                str4 = replaceWithEmailTemplate(commonProfile.getEmail(), sSOProvider);
            } else {
                if (str2.equals(EMAIL_AS_USERNAME)) {
                    return replaceWithEmailTemplate(commonProfile.getEmail(), sSOProvider);
                }
                if (str2.equals("p_id")) {
                    String id = commonProfile.getId();
                    if (id != null) {
                        return replaceWithUserTemplate(id, sSOProvider);
                    }
                } else if (str2.equals("p_username") && (replaceWithUserTemplate = replaceWithUserTemplate(commonProfile.getUsername(), sSOProvider)) != null) {
                    return replaceWithUserTemplate;
                }
            }
        }
        if (str4 == null) {
            Object attribute = userProfile.getAttribute(str2);
            if (attribute instanceof String) {
                str4 = replaceWithEmailTemplate((String) attribute, sSOProvider);
            } else if (attribute instanceof Collection) {
                Collection collection = (Collection) attribute;
                if (!collection.isEmpty()) {
                    str4 = replaceWithEmailTemplate((String) collection.iterator().next(), sSOProvider);
                }
            }
            if (str4 == null) {
                throw new IllegalArgumentException("Could not find valid " + str2 + " in callback");
            }
        }
        String lookupUsernameFromEmail2 = lookupUsernameFromEmail(function, sSOProvider, str4);
        if (lookupUsernameFromEmail2 != null) {
            str5 = lookupUsernameFromEmail2;
        }
        if (str5 != null && str5.matches("^mailto:.*@[^@]*") && (lookupUsernameFromEmail = lookupUsernameFromEmail(function, sSOProvider, replaceWithEmailTemplate(str5.replaceAll("^mailto:", ""), sSOProvider))) != null) {
            str5 = lookupUsernameFromEmail;
        }
        logger.debug("lookup username:{}", str5);
        if (str3 != null && str5 != null && !str5.contains("@")) {
            str5 = String.valueOf(str5) + "@" + str3;
        }
        return str5;
    }

    public static String lookupUsernameFromEmail(Function<Pair<String, String>, String> function, SSOProvider sSOProvider, String str) {
        String str2 = null;
        if (sSOProvider != null && sSOProvider.getUserKeyMatchField() != null) {
            str2 = sSOProvider.getUserKeyMatchField();
        }
        return function.apply(Pair.of(str2, str));
    }

    private static String replaceWithUserTemplate(String str, SSOProvider sSOProvider) {
        return replaceWithTemplate(str, sSOProvider, SSOProvider.ssoUserTemplateProperty, SSOProvider.ssoUserTemplateReplacementProperty);
    }

    private static String replaceWithEmailTemplate(String str, SSOProvider sSOProvider) {
        return replaceWithTemplate(str, sSOProvider, SSOProvider.ssoEmailTemplateProperty, SSOProvider.ssoEmailTemplateReplacementProperty);
    }

    private static String replaceWithTemplate(String str, SSOProvider sSOProvider, URI uri, URI uri2) {
        Literal literal = (Literal) sSOProvider.getPropertyValue(uri, new URI[0]);
        String str2 = null;
        if (literal != null) {
            str2 = (String) ThingImpl.getLiteralValue(literal, "http://www.w3.org/2001/XMLSchema#string");
        }
        Literal literal2 = (Literal) sSOProvider.getPropertyValue(uri2, new URI[0]);
        String str3 = null;
        if (literal2 != null) {
            str3 = (String) ThingImpl.getLiteralValue(literal2, "http://www.w3.org/2001/XMLSchema#string");
        }
        if (str3 == null && str2 != null) {
            throw new IllegalArgumentException("For ssoProvider: " + sSOProvider.resource().toString() + " templateReplacement is null when template is set to:" + str2);
        }
        if (str3 != null && str2 == null) {
            throw new IllegalArgumentException("For ssoProvider: " + sSOProvider.resource().toString() + " template is null when templateReplacement is set to:" + str2);
        }
        if (str2 == null || str == null) {
            return str;
        }
        Matcher matcher = Pattern.compile(str2).matcher(str);
        if (matcher.find()) {
            return matcher.replaceAll(str3);
        }
        logger.warn("Template : {} does not match:{}", str2, str);
        return str;
    }
}
