package net.bluemind.authentication.service;

import io.vertx.core.json.JsonObject;
import net.bluemind.authentication.api.AccessTokenInfo;
import net.bluemind.authentication.api.RefreshToken;
import net.bluemind.authentication.api.incore.IInCoreUserAccessToken;
import net.bluemind.authentication.persistence.UserRefreshTokenStore;
import net.bluemind.authentication.service.internal.IOpenIdAuthFlow;
import net.bluemind.authentication.service.internal.OpenIdAuthFlowFactory;
import net.bluemind.authentication.service.internal.OpenIdException;
import net.bluemind.authentication.service.internal.OpenIdFlow;
import net.bluemind.authentication.service.internal.UserAccessTokenCache;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.service.internal.RBACManager;
import net.bluemind.core.context.UserAccessToken;
import net.bluemind.core.rest.BmContext;
import net.bluemind.system.api.ExternalSystem;
import net.bluemind.system.api.IExternalSystem;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/authentication/service/UserAccessTokenService.class */
public class UserAccessTokenService implements IInCoreUserAccessToken {
    private final BmContext context;
    private final UserRefreshTokenStore store;
    private static final Logger logger = LoggerFactory.getLogger(UserAccessTokenService.class);

    public UserAccessTokenService(BmContext bmContext) {
        this.context = bmContext;
        this.store = new UserRefreshTokenStore(bmContext.getDataSource(), bmContext.getSecurityContext().getSubject());
    }

    public AccessTokenInfo getTokenInfo(String str, String str2) {
        RBACManager.forContext(this.context).checkNotAnoynmous();
        if (str == null) {
            return AccessTokenInfo.noTokenNeeded();
        }
        ExternalSystem externalSystem = ((IExternalSystem) this.context.su().provider().instance(IExternalSystem.class, new String[0])).getExternalSystem(str);
        if (externalSystem == null || !externalSystem.authKind.name().startsWith("OPEN_ID")) {
            return AccessTokenInfo.noTokenNeeded();
        }
        if (UserAccessTokenCache.get(this.context).getIfPresent(this.context.getSecurityContext().getContainerUid(), this.context.getSecurityContext().getSubject(), str) != null) {
            return AccessTokenInfo.tokenValid();
        }
        RefreshToken refreshToken = this.store.get(str);
        if (refreshToken != null) {
            try {
                AccessTokenInfo refreshOpenIdToken = new OpenIdFlow(this.context).refreshOpenIdToken(this.context.getSecurityContext().getContainerUid(), this.context.getSecurityContext().getSubject(), refreshToken);
                if (refreshOpenIdToken.status == AccessTokenInfo.TokenStatus.TOKEN_OK) {
                    return refreshOpenIdToken;
                }
            } catch (Exception e) {
                logger.warn("Cannot refresh token", e.getMessage());
            }
        }
        return OpenIdAuthFlowFactory.getFlow(this.context, externalSystem.authKind).initalizeOpenIdAuthentication(externalSystem, str2);
    }

    public AccessTokenInfo authCodeReceived(String str, String str2) {
        if (!this.context.getSecurityContext().isDomainGlobal()) {
            throw new ServerFault("Operation is only permitted for admin0", ErrorCode.PERMISSION_DENIED);
        }
        logger.debug("Received authToken for openid connect state {}", str);
        OpenIdContext ifPresent = OpenIdContextCache.get(this.context).getIfPresent(str);
        if (ifPresent == null) {
            logger.warn("Cannot find OpenId context {}", str);
            AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
            accessTokenInfo.status = AccessTokenInfo.TokenStatus.TOKEN_NOT_VALID;
            return accessTokenInfo;
        }
        IOpenIdAuthFlow flow = OpenIdAuthFlowFactory.getFlow(this.context, ifPresent.authKind);
        try {
            JsonObject accessTokenByCode = flow.getAccessTokenByCode(str2, ifPresent);
            String string = accessTokenByCode.containsKey("refresh_token") ? accessTokenByCode.getString("refresh_token") : null;
            flow.storeAccessToken(ifPresent.domain, ifPresent.userUid, ifPresent.systemIdentifier, accessTokenByCode);
            flow.storeRefreshToken(ifPresent, string);
            return AccessTokenInfo.tokenValid();
        } catch (OpenIdException e) {
            logger.warn("Cannot retrieve access token for {}@{}. code: {}", new Object[]{ifPresent.userUid, ifPresent.systemIdentifier, e});
            AccessTokenInfo accessTokenInfo2 = new AccessTokenInfo();
            accessTokenInfo2.status = AccessTokenInfo.TokenStatus.TOKEN_NOT_VALID;
            return accessTokenInfo2;
        }
    }

    public UserAccessToken get(String str, String str2, String str3) {
        return UserAccessTokenCache.get(this.context).getIfPresent(str, str2, str3);
    }
}
