package io.mosip.kernel.authcodeflowproxy.api.service.impl;

import com.auth0.jwt.JWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.mosip.kernel.authcodeflowproxy.api.constants.Errors;
import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponse;
import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponseDTO;
import io.mosip.kernel.authcodeflowproxy.api.dto.IAMErrorResponseDto;
import io.mosip.kernel.authcodeflowproxy.api.dto.MosipUserDto;
import io.mosip.kernel.authcodeflowproxy.api.exception.AuthRestException;
import io.mosip.kernel.authcodeflowproxy.api.exception.ClientException;
import io.mosip.kernel.authcodeflowproxy.api.exception.ServiceException;
import io.mosip.kernel.authcodeflowproxy.api.service.LoginService;
import io.mosip.kernel.core.authmanager.model.AuthResponseDto;
import io.mosip.kernel.core.exception.ExceptionUtils;
import io.mosip.kernel.core.http.ResponseWrapper;
import io.mosip.kernel.core.util.EmptyCheckUtils;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import javax.servlet.http.Cookie;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.stereotype.Service;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.HttpStatusCodeException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

@Service
/* loaded from: input_file:io/mosip/kernel/authcodeflowproxy/api/service/impl/LoginServiceImpl.class */
public class LoginServiceImpl implements LoginService {

    @Value("${mosip.kernel.auth-code-url-splitter:#URISPLITTER#}")
    private String urlSplitter;

    @Value("${mosip.security.secure-cookie:false}")
    private boolean isSecureCookie;

    @Value("${auth.token.header:Authorization}")
    private String authTokenHeader;

    @Value("${auth.jwt.expiry:1800000}")
    private int authTokenExpiry;

    @Value("${mosip.iam.module.login_flow.name:authorization_code}")
    private String loginFlowName;

    @Value("${mosip.iam.module.clientid}")
    private String clientID;

    @Value("${mosip.iam.module.clientsecret}")
    private String clientSecret;

    @Value("${mosip.iam.module.redirecturi}")
    private String redirectURI;

    @Value("${mosip.iam.module.login_flow.scope:cls}")
    private String scope;

    @Value("${mosip.iam.module.login_flow.response_type:code}")
    private String responseType;

    @Value("${mosip.iam.authorization_endpoint}")
    private String authorizationEndpoint;

    @Value("${mosip.iam.module.admin_realm_id}")
    private String realmID;

    @Value("${mosip.iam.token_endpoint}")
    private String tokenEndpoint;

    @Value("${auth.server.admin.validate.url}")
    private String validateUrl;

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private ObjectMapper objectMapper;
    private static final String LOG_OUT_FAILED = "log out failed";
    private static final String FAILED = "Failed";
    private static final String SUCCESS = "Success";
    private static final String SUCCESSFULLY_LOGGED_OUT = "successfully loggedout";

    @Override // io.mosip.kernel.authcodeflowproxy.api.service.LoginService
    public String login(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("realmId", this.realmID);
        UriComponentsBuilder fromHttpUrl = UriComponentsBuilder.fromHttpUrl(this.authorizationEndpoint);
        fromHttpUrl.queryParam("client_id", new Object[]{this.clientID});
        fromHttpUrl.queryParam("redirect_uri", new Object[]{this.redirectURI + str});
        fromHttpUrl.queryParam("state", new Object[]{str2});
        fromHttpUrl.queryParam("response_type", new Object[]{this.responseType});
        fromHttpUrl.queryParam("scope", new Object[]{this.scope});
        return fromHttpUrl.buildAndExpand(hashMap).toString();
    }

    @Override // io.mosip.kernel.authcodeflowproxy.api.service.LoginService
    public Cookie createCookie(String str) {
        Cookie cookie = new Cookie(this.authTokenHeader, str);
        cookie.setMaxAge(this.authTokenExpiry);
        cookie.setHttpOnly(true);
        cookie.setSecure(this.isSecureCookie);
        cookie.setPath("/");
        return cookie;
    }

    @Override // io.mosip.kernel.authcodeflowproxy.api.service.LoginService
    public MosipUserDto valdiateToken(String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("Cookie", this.authTokenHeader + "=" + str);
        ResponseEntity exchange = this.restTemplate.exchange(this.validateUrl, HttpMethod.GET, new HttpEntity(httpHeaders), String.class, new Object[0]);
        if (exchange == null) {
            throw new ServiceException(Errors.CANNOT_CONNECT_TO_AUTH_SERVICE.getErrorCode(), Errors.CANNOT_CONNECT_TO_AUTH_SERVICE.getErrorMessage());
        }
        List serviceErrorList = ExceptionUtils.getServiceErrorList((String) exchange.getBody());
        if (!serviceErrorList.isEmpty()) {
            throw new AuthRestException(serviceErrorList);
        }
        try {
            return (MosipUserDto) this.objectMapper.readValue(this.objectMapper.writeValueAsString(((ResponseWrapper) this.objectMapper.readValue((String) exchange.getBody(), ResponseWrapper.class)).getResponse()), MosipUserDto.class);
        } catch (IOException e) {
            throw new ServiceException(Errors.IO_EXCEPTION.getErrorCode(), Errors.IO_EXCEPTION.getErrorMessage());
        }
    }

    @Override // io.mosip.kernel.authcodeflowproxy.api.service.LoginService
    public AccessTokenResponseDTO loginRedirect(String str, String str2, String str3, String str4, String str5) {
        if (!str4.equals(str)) {
            throw new ClientException(Errors.STATE_EXCEPTION.getErrorCode(), Errors.STATE_EXCEPTION.getErrorMessage());
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", this.loginFlowName);
        linkedMultiValueMap.add("client_id", this.clientID);
        linkedMultiValueMap.add("client_secret", this.clientSecret);
        linkedMultiValueMap.add("code", str3);
        linkedMultiValueMap.add("redirect_uri", this.redirectURI + str5);
        HashMap hashMap = new HashMap();
        hashMap.put("realmId", this.realmID);
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(this.tokenEndpoint);
        try {
            try {
                AccessTokenResponse accessTokenResponse = (AccessTokenResponse) this.objectMapper.readValue((String) this.restTemplate.exchange(fromUriString.buildAndExpand(hashMap).toUriString(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap, httpHeaders), String.class, new Object[0]).getBody(), AccessTokenResponse.class);
                AccessTokenResponseDTO accessTokenResponseDTO = new AccessTokenResponseDTO();
                accessTokenResponseDTO.setAccessToken(accessTokenResponse.getAccess_token());
                accessTokenResponseDTO.setExpiresIn(accessTokenResponse.getExpires_in());
                return accessTokenResponseDTO;
            } catch (IOException e) {
                throw new ServiceException(Errors.RESPONSE_PARSE_ERROR.getErrorCode(), Errors.RESPONSE_PARSE_ERROR.getErrorMessage() + " " + e.getMessage());
            }
        } catch (HttpClientErrorException | HttpServerErrorException e2) {
            throw new ServiceException(Errors.ACESSTOKEN_EXCEPTION.getErrorCode(), Errors.ACESSTOKEN_EXCEPTION.getErrorMessage() + " " + parseKeyClockErrorResponse(e2).getError_description());
        }
    }

    private IAMErrorResponseDto parseKeyClockErrorResponse(HttpStatusCodeException httpStatusCodeException) {
        try {
            return (IAMErrorResponseDto) this.objectMapper.readValue(httpStatusCodeException.getResponseBodyAsString(), IAMErrorResponseDto.class);
        } catch (IOException e) {
            throw new ServiceException(Errors.RESPONSE_PARSE_ERROR.getErrorCode(), Errors.RESPONSE_PARSE_ERROR.getErrorMessage() + " " + e.getMessage());
        }
    }

    @Override // io.mosip.kernel.authcodeflowproxy.api.service.LoginService
    public AuthResponseDto logoutUser(String str) {
        if (EmptyCheckUtils.isNullEmpty(str)) {
            throw new AuthenticationServiceException(Errors.INVALID_TOKEN.getErrorMessage());
        }
        HashMap hashMap = new HashMap();
        String str2 = getissuer(str);
        AuthResponseDto authResponseDto = new AuthResponseDto();
        try {
            if (this.restTemplate.getForEntity(UriComponentsBuilder.fromUriString(str2 + "/protocol/openid-connect/logout").queryParam("id_token_hint", new Object[]{str}).buildAndExpand(hashMap).toUriString(), String.class, new Object[0]).getStatusCode().is2xxSuccessful()) {
                authResponseDto.setMessage(SUCCESSFULLY_LOGGED_OUT);
                authResponseDto.setStatus(SUCCESS);
            } else {
                authResponseDto.setMessage(LOG_OUT_FAILED);
                authResponseDto.setStatus(FAILED);
            }
            return authResponseDto;
        } catch (HttpClientErrorException | HttpServerErrorException e) {
            throw new ServiceException(Errors.REST_EXCEPTION.getErrorCode(), Errors.REST_EXCEPTION.getErrorMessage() + e.getResponseBodyAsString());
        }
    }

    public String getissuer(String str) {
        return JWT.decode(str).getClaim("iss").asString();
    }
}
