package io.syndesis.core;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.Locale;
import java.util.function.UnaryOperator;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.TokenVerifier;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.keycloak.common.VerificationException;
import org.keycloak.representations.AccessTokenResponse;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:io/syndesis/core/Tokens.class */
public final class Tokens {
    private static final ThreadLocal<String> OAUTH_TOKEN = new InheritableThreadLocal();

    /* loaded from: input_file:io/syndesis/core/Tokens$TokenProvider.class */
    public enum TokenProvider implements UnaryOperator<String> {
        OPENSHIFT { // from class: io.syndesis.core.Tokens.TokenProvider.1
            @Override // java.util.function.Function
            public String apply(String str) {
                try {
                    return ((AccessTokenResponse) new ObjectMapper().readValue(str, AccessTokenResponse.class)).getToken();
                } catch (IOException e) {
                    throw SyndesisServerException.launderThrowable(e);
                }
            }
        },
        GITHUB { // from class: io.syndesis.core.Tokens.TokenProvider.2
            @Override // java.util.function.Function
            public String apply(String str) {
                return (String) UriComponentsBuilder.fromUriString("").query(str).build().getQueryParams().getFirst("access_token");
            }
        }
    }

    private Tokens() {
    }

    public static String getAuthenticationToken() {
        String str = OAUTH_TOKEN.get();
        return str != null ? str : getKeycloakSecurityContext().getTokenString();
    }

    public static String getUsername() {
        return getKeycloakSecurityContext().getToken().getPreferredUsername();
    }

    public static KeycloakSecurityContext getKeycloakSecurityContext() {
        KeycloakAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new IllegalStateException("Cannot set authorization header because there is no authenticated principal");
        }
        if (KeycloakAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
            return authentication.getAccount().getKeycloakSecurityContext();
        }
        throw new IllegalStateException(String.format("Cannot set authorization header because Authentication is of type %s but %s is required", authentication.getClass(), KeycloakAuthenticationToken.class));
    }

    public static boolean isTokenExpired(String str) {
        try {
            return TokenVerifier.create(str).getToken().isExpired();
        } catch (VerificationException e) {
            return true;
        }
    }

    private static String getIssuer(String str) {
        try {
            return TokenVerifier.create(str).getToken().getIssuer();
        } catch (VerificationException e) {
            throw SyndesisServerException.launderThrowable(e);
        }
    }

    public static String fetchProviderTokenFromKeycloak(TokenProvider tokenProvider) {
        return fetchProviderTokenFromKeycloak(tokenProvider, getAuthenticationToken());
    }

    public static String fetchProviderTokenFromKeycloak(TokenProvider tokenProvider, String str) {
        String lowerCase = tokenProvider.toString().toLowerCase(Locale.ENGLISH);
        String str2 = getIssuer(str) + "/broker/" + lowerCase + "/token";
        String str3 = "Bearer " + str;
        Response response = ClientBuilder.newBuilder().register(clientRequestContext -> {
            clientRequestContext.getHeaders().add("Authorization", str3);
        }).build().target(UriBuilder.fromUri(str2)).request().get();
        String str4 = (String) response.readEntity(String.class);
        int status = response.getStatus();
        if (status != 200) {
            throw new IllegalStateException(String.format("Unable to retrieve token for provider %s from URL %s, status code %d, received body: %s", lowerCase, str2, Integer.valueOf(status), str4));
        }
        return (String) tokenProvider.apply(str4);
    }
}
