package org.gcube.common.iam;

import java.util.HashSet;
import java.util.Set;
import org.gcube.common.keycloak.KeycloakClient;
import org.gcube.common.keycloak.KeycloakClientException;
import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.RefreshToken;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.io.jsonwebtoken.ExpiredJwtException;
import org.gcube.io.jsonwebtoken.security.SignatureException;

/* loaded from: input_file:org/gcube/common/iam/AbstractIAMResponse.class */
public class AbstractIAMResponse implements IAMResponse {
    private D4ScienceIAMClient iamClient;
    private TokenResponse tokenResponse;

    public AbstractIAMResponse(D4ScienceIAMClient d4ScienceIAMClient, TokenResponse tokenResponse) {
        setIamClient(d4ScienceIAMClient);
        setTokenResponse(tokenResponse);
    }

    public void setIamClient(D4ScienceIAMClient d4ScienceIAMClient) {
        this.iamClient = d4ScienceIAMClient;
    }

    public D4ScienceIAMClient getIamClient() {
        return this.iamClient;
    }

    public void setTokenResponse(TokenResponse tokenResponse) {
        this.tokenResponse = tokenResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenResponse getTokenResponse() {
        return this.tokenResponse;
    }

    @Override // org.gcube.common.iam.IAMResponse
    public AccessToken getAccessToken() throws D4ScienceIAMClientException {
        try {
            return ModelUtils.getAccessTokenFrom(getTokenResponse());
        } catch (Exception e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    @Override // org.gcube.common.iam.IAMResponse
    public String getAccessTokenString() {
        return getTokenResponse().getAccessToken();
    }

    @Override // org.gcube.common.iam.IAMResponse
    public boolean isExpired() throws D4ScienceIAMClientException {
        try {
            return ModelUtils.getAccessTokenFrom(getTokenResponse()).isExpired();
        } catch (Exception e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    public String getRefreshTokenString() {
        return getTokenResponse().getRefreshToken();
    }

    @Override // org.gcube.common.iam.IAMResponse
    public boolean canBeRefreshed() throws D4ScienceIAMClientException {
        try {
            RefreshToken refreshTokenFrom = ModelUtils.getRefreshTokenFrom(getTokenResponse());
            if (refreshTokenFrom != null) {
                if (!refreshTokenFrom.isExpired()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    @Override // org.gcube.common.iam.IAMResponse
    public void refresh() throws D4ScienceIAMClientException {
        try {
            KeycloakClient keycloakClient = this.iamClient.getKeycloakClient();
            this.tokenResponse = keycloakClient.refreshToken(keycloakClient.getTokenEndpointURL(getIamClient().getRealmBaseURL()), getTokenResponse());
        } catch (KeycloakClientException e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    public void refresh(String str, String str2) throws D4ScienceIAMClientException {
        try {
            KeycloakClient keycloakClient = this.iamClient.getKeycloakClient();
            this.tokenResponse = keycloakClient.refreshToken(keycloakClient.getTokenEndpointURL(getIamClient().getRealmBaseURL()), str, str2, getTokenResponse());
        } catch (KeycloakClientException e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    @Override // org.gcube.common.iam.IAMResponse
    public Set<String> getGlobalRoles() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        return accessToken.getRealmAccess() != null ? accessToken.getRealmAccess().getRoles() : new HashSet();
    }

    @Override // org.gcube.common.iam.IAMResponse
    public Set<String> getRoles() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        Set<String> globalRoles = getGlobalRoles();
        accessToken.getResourceAccess().forEach((str, access) -> {
            globalRoles.addAll(access.getRoles());
        });
        return globalRoles;
    }

    @Override // org.gcube.common.iam.IAMResponse
    public Set<String> getResourceRoles(String str) throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        if (accessToken.getResourceAccess() != null && accessToken.getResourceAccess().get(str) != null) {
            return ((AccessToken.Access) accessToken.getResourceAccess().get(str)).getRoles();
        }
        return new HashSet();
    }

    @Override // org.gcube.common.iam.IAMResponse
    public Set<String> getContextRoles() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        if (accessToken.getResourceAccess() != null && accessToken.getResourceAccess().get(accessToken.getAudience()[0]) != null) {
            return ((AccessToken.Access) accessToken.getResourceAccess().get(accessToken.getAudience()[0])).getRoles();
        }
        return new HashSet();
    }

    @Override // org.gcube.common.iam.IAMResponse
    public String getName() throws D4ScienceIAMClientException {
        return getAccessToken().getName();
    }

    @Override // org.gcube.common.iam.IAMResponse
    public String getContactPerson() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        return (String) (accessToken.getOtherClaims() != null ? accessToken.getOtherClaims().get(D4ScienceCustomClaims.CLIENT_CONTACT_PERSON) : null);
    }

    @Override // org.gcube.common.iam.IAMResponse
    public String getContactOrganization() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        return (String) (accessToken.getOtherClaims() != null ? accessToken.getOtherClaims().get(D4ScienceCustomClaims.CLIENT_CONTACT_ORGANISATION) : null);
    }

    @Override // org.gcube.common.iam.IAMResponse
    public boolean isAccessTokenValid() throws D4ScienceIAMClientException {
        return isAccessTokenValid(true);
    }

    @Override // org.gcube.common.iam.IAMResponse
    public boolean isAccessTokenValid(boolean z) throws D4ScienceIAMClientException {
        try {
            return ModelUtils.isValid(getAccessTokenString(), this.iamClient.getKeycloakClient().getRealmInfo(this.iamClient.getRealmBaseURL()).getPublicKey(), z);
        } catch (Exception e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    @Override // org.gcube.common.iam.IAMResponse
    public void verifyAccessToken() throws SignatureException, ExpiredJwtException, D4ScienceIAMClientException {
        try {
            getIamClient().verifyToken(getAccessTokenString());
        } catch (ExpiredJwtException | SignatureException e) {
            throw e;
        } catch (Exception e2) {
            throw new D4ScienceIAMClientException(e2);
        }
    }

    @Override // org.gcube.common.iam.IAMResponse
    public boolean isRefreshTokenValid() throws D4ScienceIAMClientException {
        return isRefreshTokenValid(true);
    }

    @Override // org.gcube.common.iam.IAMResponse
    public boolean isRefreshTokenValid(boolean z) throws D4ScienceIAMClientException {
        KeycloakClient keycloakClient = this.iamClient.getKeycloakClient();
        String refreshTokenString = getRefreshTokenString();
        if (refreshTokenString != null) {
            try {
                if (ModelUtils.isValid(refreshTokenString, keycloakClient.getRealmInfo(this.iamClient.getRealmBaseURL()).getPublicKey(), z)) {
                    return true;
                }
            } catch (Exception e) {
                throw new D4ScienceIAMClientException(e);
            }
        }
        return false;
    }

    @Override // org.gcube.common.iam.IAMResponse
    public void verifyRefreshToken() throws SignatureException, ExpiredJwtException, D4ScienceIAMClientException {
        String refreshTokenString = getRefreshTokenString();
        if (refreshTokenString == null) {
            try {
                getIamClient().verifyToken(refreshTokenString);
            } catch (ExpiredJwtException | SignatureException e) {
                throw e;
            } catch (Exception e2) {
                throw new D4ScienceIAMClientException(e2);
            }
        }
    }
}
