package de.unijena.bioinf.auth;

import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.github.scribejava.apis.openid.OpenIdOAuth2AccessToken;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.builder.api.DefaultApi20;
import com.github.scribejava.core.model.Response;
import com.github.scribejava.core.oauth.OAuth20Service;
import com.github.scribejava.core.revoke.TokenTypeHint;
import de.unijena.bioinf.ChemistryBase.utils.IOFunctions;
import de.unijena.bioinf.auth.auth0.Auth0Service;
import de.unijena.bioinf.ms.properties.PropertyManager;
import java.io.Closeable;
import java.io.IOException;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.http.client.methods.HttpUriRequest;
import org.jetbrains.annotations.Nullable;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/unijena/bioinf/auth/AuthService.class */
public class AuthService implements IOFunctions.IOConsumer<HttpUriRequest>, Closeable {
    protected final OAuth20Service service;

    @Nullable
    private String refreshToken;
    private Token token;
    protected final ReadWriteLock tokenLock;
    private int minLifetime;

    /* loaded from: input_file:de/unijena/bioinf/auth/AuthService$Token.class */
    public class Token {
        private final OpenIdOAuth2AccessToken source;
        private final Date expTime;

        private Token(OpenIdOAuth2AccessToken openIdOAuth2AccessToken) {
            this.source = openIdOAuth2AccessToken;
            this.expTime = JWT.decode(openIdOAuth2AccessToken.getOpenIdToken()).getExpiresAt();
        }

        public boolean isExpired() {
            return this.expTime.getTime() - System.currentTimeMillis() < ((long) AuthService.this.minLifetime);
        }

        public String getAccessToken() {
            return this.source.getAccessToken();
        }

        public String getOpenIdToken() {
            return this.source.getOpenIdToken();
        }

        public DecodedJWT getDecodedIdToken() {
            return JWT.decode(getOpenIdToken());
        }

        public OpenIdOAuth2AccessToken getSource() {
            return this.source;
        }
    }

    public AuthService(DefaultApi20 defaultApi20) {
        this((String) null, defaultApi20);
    }

    public AuthService(@Nullable String str, DefaultApi20 defaultApi20) {
        this(str, buildService(defaultApi20));
    }

    public AuthService(@Nullable String str, OAuth20Service oAuth20Service) {
        this.tokenLock = new ReentrantReadWriteLock();
        this.minLifetime = 900000;
        this.refreshToken = str;
        this.service = oAuth20Service;
    }

    private static OAuth20Service buildService(DefaultApi20 defaultApi20) {
        ServiceBuilder serviceBuilder = new ServiceBuilder(PropertyManager.getProperty("de.unijena.bioinf.sirius.security.clientID", (String) null, (String) null));
        String property = PropertyManager.getProperty("de.unijena.bioinf.sirius.security.clientSecret");
        if (property != null) {
            serviceBuilder.apiSecret(property);
        }
        return serviceBuilder.build(defaultApi20);
    }

    protected boolean isRefreshTokenValid() {
        if (this.refreshToken == null || this.refreshToken.isBlank()) {
            return false;
        }
        this.tokenLock.writeLock().lock();
        try {
            this.token = new Token(this.service.refreshAccessToken(this.refreshToken));
            return true;
        } catch (IOException | InterruptedException | ExecutionException e) {
            LoggerFactory.getLogger(getClass()).warn("Error when refreshing access_token with current refresh_token.", e);
            return false;
        } finally {
            this.tokenLock.writeLock().lock();
        }
    }

    public boolean needsLogin() {
        return (needsRefresh() && isRefreshTokenValid()) ? false : true;
    }

    public boolean needsRefresh() {
        this.tokenLock.readLock().lock();
        try {
            return needsRefreshRaw();
        } finally {
            this.tokenLock.readLock().unlock();
        }
    }

    protected boolean needsRefreshRaw() {
        return this.token == null || this.token.isExpired();
    }

    public Token refreshIfNeeded() throws LoginException {
        if (needsRefresh()) {
            this.tokenLock.writeLock().lock();
            try {
                try {
                    if (needsRefreshRaw()) {
                        if (this.refreshToken == null || this.refreshToken.isBlank()) {
                            throw new LoginException(new NullPointerException("Refresh token is null or empty!"));
                        }
                        this.token = new Token(this.service.refreshAccessToken(this.refreshToken));
                    }
                } catch (IOException | InterruptedException | ExecutionException e) {
                    throw new LoginException(e);
                }
            } finally {
                this.tokenLock.writeLock().unlock();
            }
        }
        return this.token;
    }

    public void login(String str, String str2) throws IOException, ExecutionException, InterruptedException {
        this.tokenLock.writeLock().lock();
        try {
            this.token = new Token(this.service.getAccessTokenPasswordGrant(str, str2, "offline_access"));
            this.refreshToken = this.token.getSource().getRefreshToken();
        } finally {
            this.tokenLock.writeLock().unlock();
        }
    }

    public void login() throws IOException, ExecutionException, InterruptedException {
        this.tokenLock.writeLock().lock();
        try {
            this.token = new Token(this.service.getAccessTokenClientCredentialsGrant("offline_access"));
            this.refreshToken = this.token.getSource().getRefreshToken();
        } finally {
            this.tokenLock.writeLock().unlock();
        }
    }

    public void accept(HttpUriRequest httpUriRequest) throws IOException {
        httpUriRequest.setHeader("Authorization", "Bearer " + refreshIfNeeded().getOpenIdToken());
    }

    public void logout() {
        this.tokenLock.writeLock().lock();
        try {
            if (this.refreshToken != null) {
                try {
                    this.service.revokeToken(this.refreshToken, TokenTypeHint.REFRESH_TOKEN);
                } catch (Throwable th) {
                    LoggerFactory.getLogger(getClass()).warn("Error when revoking refresh token!", th);
                }
            }
            if (this.token != null) {
                try {
                    this.service.revokeToken(this.token.getAccessToken(), TokenTypeHint.ACCESS_TOKEN);
                } catch (Throwable th2) {
                    LoggerFactory.getLogger(getClass()).warn("Error when revoking access token!", th2);
                }
            }
            this.token = null;
            this.refreshToken = null;
        } finally {
            this.tokenLock.writeLock().unlock();
        }
    }

    public int getMinLifetime() {
        return this.minLifetime;
    }

    public void setMinLifetime(int i) {
        this.minLifetime = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRefreshToken() {
        return this.refreshToken;
    }

    public String signUpURL(String str) {
        return this.service.createAuthorizationUrlBuilder().additionalParams(Map.of("screen_hint", "signup", "redirect_uri", str)).build();
    }

    public void sendPasswordReset(String str) throws IOException, ExecutionException, InterruptedException {
        Response sendPasswordResetRequest = ((Auth0Service) this.service).sendPasswordResetRequest(str);
        if (!sendPasswordResetRequest.isSuccessful()) {
            throw new IOException("Could not initiate Password reset. Cause: " + sendPasswordResetRequest.getMessage() + " | Body: " + sendPasswordResetRequest.getBody());
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.service.close();
    }
}
