package org.openremote.container.web;

import java.io.IOException;
import java.net.SocketException;
import java.time.LocalDateTime;
import java.util.Objects;
import java.util.logging.Logger;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.util.BasicAuthHelper;
import org.openremote.model.auth.OAuthGrant;
import org.openremote.model.auth.OAuthRefreshTokenGrant;
import org.openremote.model.syslog.SyslogCategory;
import org.openremote.model.util.TextUtil;

/* loaded from: input_file:org/openremote/container/web/OAuthFilter.class */
public class OAuthFilter implements ClientRequestFilter {
    private static final Logger LOG = SyslogCategory.getLogger(SyslogCategory.PROTOCOL, OAuthFilter.class);
    public static final String BEARER_AUTH = "Bearer";
    protected OAuthServerResponse authServerResponse;
    protected ResteasyClient client;
    protected WebTarget authTarget;
    protected OAuthGrant oAuthGrant;

    public OAuthFilter(ResteasyClient resteasyClient, OAuthGrant oAuthGrant) {
        Objects.requireNonNull(resteasyClient);
        Objects.requireNonNull(oAuthGrant);
        this.client = resteasyClient;
        this.authTarget = resteasyClient.target(oAuthGrant.getTokenEndpointUri());
        this.oAuthGrant = oAuthGrant;
    }

    public String getAuthHeader() throws SocketException {
        String accessToken = getAccessToken();
        if (TextUtil.isNullOrEmpty(accessToken)) {
            return null;
        }
        return "Bearer " + accessToken;
    }

    public synchronized String getAccessToken() throws SocketException {
        LocalDateTime expiryDateTime = this.authServerResponse == null ? null : this.authServerResponse.getExpiryDateTime();
        if (expiryDateTime == null || expiryDateTime.minusSeconds(10L).isBefore(LocalDateTime.now())) {
            updateToken();
        }
        if (this.authServerResponse != null) {
            return this.authServerResponse.accessToken;
        }
        return null;
    }

    protected synchronized void updateToken() throws SocketException {
        Response requestToken;
        LOG.fine("Updating OAuth token");
        Response response = null;
        try {
            if (this.authServerResponse == null || this.authServerResponse.refreshToken == null) {
                LOG.fine("Doing full authentication");
                requestToken = requestToken();
            } else {
                LOG.fine("Using Refresh grant");
                requestToken = requestTokenUsingRefresh();
                if (requestToken.getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) {
                    LOG.info("OAuth token refresh failed, trying a full authentication");
                    this.authServerResponse = null;
                    updateToken();
                    if (requestToken != null) {
                        requestToken.close();
                        return;
                    }
                    return;
                }
            }
            if (requestToken.getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) {
                this.authServerResponse = null;
                LOG.warning("OAuth server response error: " + requestToken.getStatus());
                throw new RuntimeException("OAuth server response error: " + requestToken.getStatus());
            }
            this.authServerResponse = (OAuthServerResponse) requestToken.readEntity(OAuthServerResponse.class);
            LOG.finest("OAuth server successfully returned an access token");
            if (requestToken != null) {
                requestToken.close();
            }
        } catch (Throwable th) {
            if (0 != 0) {
                response.close();
            }
            throw th;
        }
    }

    protected Response requestTokenUsingRefresh() throws SocketException {
        return this.authTarget.request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).post(Entity.entity(new Form(new OAuthRefreshTokenGrant(this.oAuthGrant.getTokenEndpointUri(), this.oAuthGrant.getClientId(), this.oAuthGrant.getClientSecret(), this.oAuthGrant.getScope(), this.authServerResponse.refreshToken).asMultivaluedMap()), MediaType.APPLICATION_FORM_URLENCODED_TYPE));
    }

    protected Response requestToken() throws SocketException {
        Invocation.Builder request = this.authTarget.request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE});
        if (this.oAuthGrant.isBasicAuthHeader()) {
            request.header("Authorization", BasicAuthHelper.createHeader(this.oAuthGrant.getClientId(), this.oAuthGrant.getClientSecret()));
        }
        return request.post(Entity.entity(new Form(this.oAuthGrant.asMultivaluedMap()), MediaType.APPLICATION_FORM_URLENCODED_TYPE));
    }

    public synchronized void updateGrant(OAuthGrant oAuthGrant) {
        this.authServerResponse = null;
        this.oAuthGrant = oAuthGrant;
        this.authTarget = this.client.target(this.oAuthGrant.getTokenEndpointUri());
    }

    public void filter(ClientRequestContext clientRequestContext) throws IOException {
        clientRequestContext.getHeaders().putSingle("Authorization", getAuthHeader());
    }
}
