package com.gentics.mesh.auth.util;

import com.gentics.mesh.core.rest.error.Errors;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import java.io.IOException;
import java.net.URL;
import java.util.HashSet;
import java.util.Set;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;

/* loaded from: input_file:com/gentics/mesh/auth/util/KeycloakUtils.class */
public final class KeycloakUtils {
    private static final Logger log = LoggerFactory.getLogger(KeycloakUtils.class);

    private KeycloakUtils() {
    }

    public static String loadPublicKey(String str, String str2) {
        try {
            URL url = new URL(str2);
            return fetchPublicRealmInfo(url.getProtocol(), url.getHost(), url.getPort(), str).getString("public_key");
        } catch (Exception e) {
            throw Errors.error(HttpResponseStatus.INTERNAL_SERVER_ERROR, "oauth_config_error", e);
        }
    }

    public static Set<JsonObject> loadJWKs(String str, String str2, int i, String str3) throws IOException {
        Response execute = httpClient().newCall(new Request.Builder().header("Accept", "application/json").url(str + "://" + str2 + ":" + i + "/auth/realms/" + str3 + "/protocol/openid-connect/certs").build()).execute();
        try {
            if (!execute.isSuccessful()) {
                log.error(execute.body().toString());
                throw new RuntimeException("Error while loading certs. Got code {" + execute.code() + "}");
            }
            JsonArray jsonArray = new JsonObject(execute.body().string()).getJsonArray("keys");
            HashSet hashSet = new HashSet();
            for (int i2 = 0; i2 < jsonArray.size(); i2++) {
                hashSet.add(jsonArray.getJsonObject(i2));
            }
            if (execute != null) {
                execute.close();
            }
            return hashSet;
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static JsonObject fetchPublicRealmInfo(String str, String str2, int i, String str3) throws IOException {
        Response execute = httpClient().newCall(new Request.Builder().header("Accept", "application/json").url(str + "://" + str2 + ":" + i + "/auth/realms/" + str3).build()).execute();
        try {
            if (!execute.isSuccessful()) {
                log.error(execute.body().toString());
                throw new RuntimeException("Error while loading realm info. Got code {" + execute.code() + "}");
            }
            JsonObject jsonObject = new JsonObject(execute.body().string());
            if (execute != null) {
                execute.close();
            }
            return jsonObject;
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static JsonObject loginKeycloak(String str, String str2, int i, String str3, String str4, String str5, String str6, String str7) throws IOException {
        return new JsonObject(httpClient().newCall(new Request.Builder().post(RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), ("client_id=" + str4 + "&") + ("username=" + str5 + "&") + ("password=" + str6 + "&") + "grant_type=password&" + ("client_secret=" + str7))).url(str + "://" + str2 + ":" + i + "/auth/realms/" + str3 + "/protocol/openid-connect/token").build()).execute().body().string());
    }

    private static OkHttpClient httpClient() {
        return new OkHttpClient.Builder().build();
    }
}
