package net.bluemind.webmodule.authenticationfilter;

import io.vertx.core.AbstractVerticle;
import io.vertx.core.AsyncResult;
import io.vertx.core.MultiMap;
import io.vertx.core.Verticle;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpClient;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.http.HttpClientRequest;
import io.vertx.core.http.HttpClientResponse;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.RequestOptions;
import io.vertx.core.json.JsonObject;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import net.bluemind.keycloak.api.IKeycloakUids;
import net.bluemind.keycloak.utils.endpoint.KeycloakEndpoints;
import net.bluemind.keydb.sessiondata.SessionData;
import net.bluemind.keydb.sessiondata.SessionDataStore;
import net.bluemind.lib.vertx.IUniqueVerticleFactory;
import net.bluemind.lib.vertx.IVerticleFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/webmodule/authenticationfilter/OpenIdRefreshHandler.class */
public class OpenIdRefreshHandler extends AbstractVerticle {
    private static final Logger logger = LoggerFactory.getLogger(OpenIdRefreshHandler.class);
    private HttpClient httpClient;

    /* loaded from: input_file:net/bluemind/webmodule/authenticationfilter/OpenIdRefreshHandler$OpenIdRefreshHandlerVerticleFactory.class */
    public static class OpenIdRefreshHandlerVerticleFactory implements IVerticleFactory, IUniqueVerticleFactory {
        public boolean isWorker() {
            return true;
        }

        public Verticle newInstance() {
            return new OpenIdRefreshHandler();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/webmodule/authenticationfilter/OpenIdRefreshHandler$SessionRefresher.class */
    public class SessionRefresher {
        private final SessionData sessionData;

        public SessionRefresher(SessionData sessionData) {
            this.sessionData = sessionData;
        }

        private void refresh() {
            if (OpenIdRefreshHandler.logger.isDebugEnabled()) {
                OpenIdRefreshHandler.logger.debug("Refresh session {}, using endpoint: {}", this.sessionData.authKey, KeycloakEndpoints.tokenEndpoint(this.sessionData.realm));
            }
            OpenIdRefreshHandler.this.httpClient.request(new RequestOptions().setMethod(HttpMethod.POST).setAbsoluteURI(KeycloakEndpoints.tokenEndpoint(this.sessionData.realm)), this::decorateRequest);
        }

        private void decorateRequest(AsyncResult<HttpClientRequest> asyncResult) {
            if (!asyncResult.succeeded()) {
                OpenIdRefreshHandler.logger.error("Unable to refresh session {}", this.sessionData.authKey, asyncResult.cause());
                return;
            }
            HttpClientRequest httpClientRequest = (HttpClientRequest) asyncResult.result();
            httpClientRequest.response(this::refreshResponse);
            if (OpenIdRefreshHandler.logger.isDebugEnabled()) {
                String[] split = this.sessionData.jwtToken.getString("refresh_token").split("\\.");
                OpenIdRefreshHandler.logger.debug("Refresh token: chunk0: {}, chunk1: {}", new String(Base64.getUrlDecoder().decode(split[0])), new String(Base64.getUrlDecoder().decode(split[1])));
            }
            byte[] bytes = ("client_id=" + IKeycloakUids.clientId(this.sessionData.realm) + "&client_secret=" + this.sessionData.openIdClientSecret + "&grant_type=refresh_token&refresh_token=" + this.sessionData.jwtToken.getString("refresh_token")).getBytes(StandardCharsets.UTF_8);
            MultiMap headers = httpClientRequest.headers();
            headers.add(HttpHeaders.ACCEPT_CHARSET, StandardCharsets.UTF_8.name());
            headers.add(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded");
            headers.add(HttpHeaders.CONTENT_LENGTH, Integer.toString(bytes.length));
            httpClientRequest.write(Buffer.buffer(bytes));
            httpClientRequest.end();
        }

        private void refreshResponse(AsyncResult<HttpClientResponse> asyncResult) {
            if (asyncResult.succeeded()) {
                ((HttpClientResponse) asyncResult.result()).body(asyncResult2 -> {
                    if (((HttpClientResponse) asyncResult.result()).statusCode() != 200) {
                        OpenIdRefreshHandler.logger.error("Fail to refresh session {}, response status {}, content {}", new Object[]{this.sessionData.authKey, Integer.valueOf(((HttpClientResponse) asyncResult.result()).statusCode()), new String(((Buffer) asyncResult2.result()).getBytes())});
                        return;
                    }
                    SessionDataStore.get().updateSessionData(this.sessionData.setOpenId(new JsonObject(new String(((Buffer) asyncResult2.result()).getBytes())), this.sessionData.realm, this.sessionData.openIdClientSecret, this.sessionData.internalAuth, System.currentTimeMillis() + SessionDataStore.SESSIONID_REFRESH_PERIOD));
                    if (OpenIdRefreshHandler.logger.isDebugEnabled()) {
                        OpenIdRefreshHandler.logger.debug("Session {} refreshed successfully", this.sessionData.authKey);
                    }
                });
            } else {
                OpenIdRefreshHandler.logger.error("Fail to refresh session {}", this.sessionData.authKey, asyncResult.cause());
            }
        }
    }

    private OpenIdRefreshHandler() {
    }

    public void start() throws Exception {
        this.httpClient = this.vertx.createHttpClient(new HttpClientOptions().setTrustAll(true).setVerifyHost(false));
        this.vertx.setPeriodic(60000L, 60000L, l -> {
            SessionDataStore.get().requeueRefreshSessionId();
        });
        this.vertx.setPeriodic(90000L, 60000L, l2 -> {
            refresh();
        });
    }

    public void refresh() {
        while (true) {
            String sessionIdToRefresh = SessionDataStore.get().getSessionIdToRefresh();
            if (sessionIdToRefresh == null) {
                return;
            }
            SessionData ifPresent = SessionDataStore.get().getIfPresent(sessionIdToRefresh);
            if (ifPresent == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Remove unknown session {} from refresh queue - session logged out ?", sessionIdToRefresh);
                }
                SessionDataStore.get().removeRefreshSessionId(sessionIdToRefresh);
            } else if (ifPresent.openIdRefreshStamp > System.currentTimeMillis()) {
                return;
            } else {
                new SessionRefresher(ifPresent).refresh();
            }
        }
    }
}
