package cz.integsoft.mule.security.api;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import cz.integsoft.mule.security.api.error.SecurityModuleError;
import cz.integsoft.mule.security.api.exception.DuplicateAccountsFoundException;
import cz.integsoft.mule.security.api.exception.GenericSecurityException;
import cz.integsoft.mule.security.api.exception.KeycloakAuthenticationRetryException;
import cz.integsoft.mule.security.api.exception.NotFoundException;
import cz.integsoft.mule.security.internal.component.KeycloakAuthenticationRetryStrategy;
import cz.integsoft.mule.security.internal.spring.SpringAuthenticationAdapter;
import cz.integsoft.mule.security.internal.vo.KeycloakErrorResponseVO;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.charset.Charset;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.TreeSet;
import java.util.UUID;
import java.util.function.Function;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.entity.ContentType;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.util.JsonSerialization;
import org.mule.extension.http.api.HttpAttributes;
import org.mule.extension.http.api.HttpRequestAttributes;
import org.mule.runtime.api.security.Authentication;
import org.mule.runtime.extension.api.annotation.Ignore;
import org.mule.runtime.extension.api.security.AuthenticationHandler;
import org.mule.runtime.http.api.HttpConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.PathResource;
import org.springframework.core.io.Resource;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:cz/integsoft/mule/security/api/SecurityUtils.class */
public final class SecurityUtils {
    private static final int u = 3;
    private static final Logger v = LoggerFactory.getLogger(SecurityUtils.class);
    private static final String w = "classpath:";
    private static final int x = 15000;
    private static final int y = -1;
    public static final String JWT = "JWT";

    private SecurityUtils() {
    }

    public static boolean isBearerTokenRequest(String str) {
        return str != null && str.startsWith("Bearer");
    }

    public static String getBearerToken(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.trim().split("\\s+");
        if (split != null && split.length == 2 && split[0].contains("Bearer")) {
            return split[1];
        }
        throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_ANY_001, "Header value " + str + " is not valid bearer authentication");
    }

    public static String getBearerToken(String str, String str2) {
        try {
            return getBearerToken(str);
        } catch (Exception e) {
            v.warn("Could not get bearer token.", e);
            return str2;
        }
    }

    public static boolean isBasicAuthRequest(String str) {
        return str != null && str.startsWith("Basic");
    }

    public static <T> T parseToken(String str, Class<T> cls) throws IOException {
        if (str == null) {
            return null;
        }
        String[] split = str.split("\\.");
        if (split.length < 2 || split.length > u) {
            throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_ANY_001, "Parsing error");
        }
        return (T) JsonSerialization.readValue(Base64Url.decode(split[1]), cls);
    }

    public static AccessToken parseToken(HttpFacade.Request request) throws IOException {
        String header = request.getHeader("Authorization");
        if (!isBearerTokenRequest(header)) {
            return null;
        }
        String[] split = header.trim().split("\\s+");
        if (split != null && split.length == 2) {
            return (AccessToken) parseToken(split[1], AccessToken.class);
        }
        v.warn("Found invalid Bearer header.");
        return null;
    }

    public static UserResource findUser(Keycloak keycloak, String str, String str2, UserSource userSource) throws NotFoundException, DuplicateAccountsFoundException {
        String lowerCase = str2.toLowerCase();
        UserRepresentation filterUsers = filterUsers(keycloak.realm(str).users().search(a(lowerCase, userSource)), lowerCase, userSource);
        if (filterUsers == null) {
            throw new NotFoundException(SecurityErrorCode.SEC_SSO_002, MessageFormat.format("User {0} not found in realm {1}!", lowerCase, str));
        }
        return keycloak.realm(str).users().get(filterUsers.getId());
    }

    public static UserResource findUser(Keycloak keycloak, String str, String str2, UserSource userSource, Function<String, List<UserRepresentation>> function) throws NotFoundException, DuplicateAccountsFoundException {
        String lowerCase = str2.toLowerCase();
        UserRepresentation filterUsers = filterUsers(function.apply(a(lowerCase, userSource)), lowerCase, userSource);
        if (filterUsers == null) {
            throw new NotFoundException(SecurityErrorCode.SEC_SSO_002, MessageFormat.format("User {0} not found in realm {1}!", lowerCase, str));
        }
        return keycloak.realm(str).users().get(filterUsers.getId());
    }

    private static String a(String str, UserSource userSource) {
        return (userSource == null || userSource.isCovertable()) ? str : userSource.getUsernamePrefix() + str;
    }

    public static UserRepresentation filterUsers(List<UserRepresentation> list, String str, UserSource userSource) throws DuplicateAccountsFoundException {
        Logger logger = v;
        Object[] objArr = new Object[u];
        objArr[0] = Integer.valueOf(list == null ? 0 : list.size());
        objArr[1] = str;
        objArr[2] = userSource == null ? "N/A" : userSource.name();
        logger.debug("Filtering {} accounts matching {} with user source {} ...", objArr);
        List list2 = (List) Stream.of((Object[]) UserSource.values()).flatMap(userSource2 -> {
            return list.stream().filter(userRepresentation -> {
                return str.equals(getFirstUserAttribute(SecurityConstants.MAPPING_USERNAME, userRepresentation).toLowerCase()) && b(userRepresentation, userSource2);
            });
        }).distinct().collect(Collectors.collectingAndThen(Collectors.toCollection(() -> {
            return new TreeSet(Comparator.comparing((v0) -> {
                return v0.getId();
            }));
        }), (v1) -> {
            return new ArrayList(v1);
        }));
        if (list2 == null || list2.isEmpty()) {
            return null;
        }
        if (list2.size() > 1) {
            if (userSource != null) {
                List list3 = (List) list2.stream().filter(userRepresentation -> {
                    return a(userRepresentation, userSource);
                }).collect(Collectors.toList());
                if (list3.size() != 1) {
                    a((List<UserRepresentation>) list2, str);
                }
                return (UserRepresentation) list3.get(0);
            }
            a((List<UserRepresentation>) list2, str);
        }
        return (UserRepresentation) list2.get(0);
    }

    private static void a(List<UserRepresentation> list, String str) {
        StringBuilder sb = new StringBuilder();
        for (UserRepresentation userRepresentation : list) {
            sb.append(userRepresentation.getId()).append('(').append(userRepresentation.getUsername()).append(')').append(',');
        }
        v.debug("Found duplicate accounts: count {} for user name {} \nDuplicate KC IDs: {}", new Object[]{Integer.valueOf(list.size()), str, sb.toString().substring(0, sb.length() - 1)});
        throw new DuplicateAccountsFoundException(SecurityErrorCode.SEC_SSO_001, MessageFormat.format("Duplicate accounts found for username {0}", str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean a(UserRepresentation userRepresentation, UserSource userSource) {
        String firstUserAttribute = getFirstUserAttribute(SecurityConstants.MAPPING_USER_SOURCE, userRepresentation);
        return userSource.equals(firstUserAttribute == null ? UserSource.DEFAULT : UserSource.getOrThrow(firstUserAttribute));
    }

    private static boolean b(UserRepresentation userRepresentation, UserSource userSource) {
        return userRepresentation.getUsername().equals(new StringBuilder().append(userSource.getUsernamePrefix()).append(getFirstUserAttribute(SecurityConstants.MAPPING_USERNAME, userRepresentation).toLowerCase()).toString()) || (userSource.isCovertable() && userRepresentation.getUsername().equals(getFirstUserAttribute(SecurityConstants.MAPPING_USERNAME, userRepresentation).toLowerCase()));
    }

    public static boolean isValidUUID(String str) {
        return Pattern.matches("[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}", str);
    }

    @Deprecated
    public static String getPrincipalName() {
        return (SecurityContextHolder.getContext() == null || SecurityContextHolder.getContext().getAuthentication() == null) ? "N/A" : SecurityContextHolder.getContext().getAuthentication().getName();
    }

    public static String getPrincipalName(AuthenticationHandler authenticationHandler) {
        return (SecurityContextHolder.getContext() == null || SecurityContextHolder.getContext().getAuthentication() == null) ? (authenticationHandler == null || !authenticationHandler.getAuthentication().isPresent()) ? "N/A" : ((Principal) ((Authentication) authenticationHandler.getAuthentication().get()).getPrincipal()).getName() : SecurityContextHolder.getContext().getAuthentication().getName();
    }

    public static String getPrincipalName(AuthenticationHandler authenticationHandler, String str) {
        return (SecurityContextHolder.getContext() == null || SecurityContextHolder.getContext().getAuthentication() == null) ? (authenticationHandler == null || !authenticationHandler.getAuthentication().isPresent()) ? str : ((Principal) ((Authentication) authenticationHandler.getAuthentication().get()).getPrincipal()).getName() : SecurityContextHolder.getContext().getAuthentication().getName();
    }

    public static KeycloakSecurityContext getCurrentKeycloakContext() {
        Object details;
        if (SecurityContextHolder.getContext() == null || SecurityContextHolder.getContext().getAuthentication() == null || !SecurityContextHolder.getContext().getAuthentication().isAuthenticated() || (details = SecurityContextHolder.getContext().getAuthentication().getDetails()) == null || !(details instanceof OidcKeycloakAccount)) {
            return null;
        }
        return ((OidcKeycloakAccount) details).getKeycloakSecurityContext();
    }

    public static boolean isTokenExpired(String str) {
        try {
            return ((AccessToken) parseToken(str, AccessToken.class)).isExpired();
        } catch (IOException e) {
            v.error("Error while parsing token. {}", str);
            return true;
        }
    }

    public static String getFirstUserAttribute(String str, UserRepresentation userRepresentation) {
        Map attributes;
        List list;
        if (str == null || userRepresentation == null || (attributes = userRepresentation.getAttributes()) == null || attributes.isEmpty() || (list = (List) attributes.get(str)) == null || list.isEmpty()) {
            return null;
        }
        return (String) list.get(0);
    }

    @Ignore
    public static AccessTokenResponse getToken(String str, String str2, KeycloakDeployment keycloakDeployment, UserSource userSource) throws IOException, GenericSecurityException {
        return getToken(str, str2, keycloakDeployment, userSource, new KeycloakAuthenticationRetryStrategy());
    }

    public static AccessTokenResponse getToken(String str, String str2, KeycloakDeployment keycloakDeployment, UserSource userSource, RetryStrategy retryStrategy) throws IOException, GenericSecurityException {
        return getToken(str, str2, keycloakDeployment, userSource, retryStrategy, x, y);
    }

    public static AccessTokenResponse getToken(String str, String str2, KeycloakDeployment keycloakDeployment, UserSource userSource, RetryStrategy retryStrategy, int i, int i2) throws IOException, GenericSecurityException {
        String lowerCase = userSource == null ? SecurityConstants.DEFAULT_USER_SOURCE.name().toLowerCase() : userSource.name().toLowerCase();
        return (AccessTokenResponse) (retryStrategy == null ? new KeycloakAuthenticationRetryStrategy() : retryStrategy).retry(() -> {
            try {
                return a(keycloakDeployment, str, str2, lowerCase, i, i2);
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }, u, KeycloakAuthenticationRetryException.class);
    }

    public static AccessTokenResponse getToken(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AdapterDeploymentContext adapterDeploymentContext) throws IOException, GenericSecurityException {
        return getToken(str, str2, httpServletRequest, httpServletResponse, adapterDeploymentContext, new KeycloakAuthenticationRetryStrategy());
    }

    public static AccessTokenResponse getToken(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AdapterDeploymentContext adapterDeploymentContext, RetryStrategy retryStrategy) throws IOException, GenericSecurityException {
        return getToken(str, str2, httpServletRequest, httpServletResponse, adapterDeploymentContext, retryStrategy, x, y);
    }

    public static AccessTokenResponse getToken(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AdapterDeploymentContext adapterDeploymentContext, RetryStrategy retryStrategy, int i, int i2) throws IOException, GenericSecurityException {
        KeycloakDeployment resolveDeployment = adapterDeploymentContext.resolveDeployment(new SimpleHttpFacade(httpServletRequest, httpServletResponse));
        String lowerCase = httpServletRequest.getHeader(SecurityConstants.HEADER_TENANT_USER_SOURCE_KEY) == null ? SecurityConstants.DEFAULT_USER_SOURCE.name().toLowerCase() : httpServletRequest.getHeader(SecurityConstants.HEADER_TENANT_USER_SOURCE_KEY);
        return (AccessTokenResponse) (retryStrategy == null ? new KeycloakAuthenticationRetryStrategy() : retryStrategy).retry(() -> {
            try {
                return a(resolveDeployment, str, str2, lowerCase, i, i2);
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }, u, KeycloakAuthenticationRetryException.class);
    }

    public static AccessTokenResponse getToken(String str, String str2, String str3, KeycloakDeployment keycloakDeployment, RetryStrategy retryStrategy) throws IOException, GenericSecurityException {
        return getToken(str, str2, str3, keycloakDeployment, retryStrategy, x, y);
    }

    public static AccessTokenResponse getToken(String str, String str2, String str3, KeycloakDeployment keycloakDeployment, RetryStrategy retryStrategy, int i, int i2) throws IOException, GenericSecurityException {
        return (AccessTokenResponse) (retryStrategy == null ? new KeycloakAuthenticationRetryStrategy() : retryStrategy).retry(() -> {
            try {
                return a(keycloakDeployment, str, str2, str3, i, i2);
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }, u, KeycloakAuthenticationRetryException.class);
    }

    public static String encodeToken(AccessToken accessToken) throws IOException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        return new JWSBuilder().type(JWT).kid(UUID.randomUUID().toString()).jsonContent(accessToken).sign(Algorithm.RS256, keyPairGenerator.generateKeyPair().getPrivate());
    }

    private static AccessTokenResponse a(KeycloakDeployment keycloakDeployment, String str, String str2, String str3, int i, int i2) throws IOException, GenericSecurityException, NotFoundException, KeycloakAuthenticationRetryException {
        String trim = str == null ? null : str.trim();
        HttpPost httpPost = new HttpPost(KeycloakUriBuilder.fromUri(keycloakDeployment.getAuthServerBaseUrl()).path(SecurityConstants.TOKEN_PATH).build(new Object[]{keycloakDeployment.getRealm(), str3}));
        v.debug("Keycloak call prepare: authenticator url={}, username={}, user source={}", new Object[]{httpPost.getURI().toString(), trim, str3});
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", "password"));
        arrayList.add(new BasicNameValuePair("username", trim));
        arrayList.add(new BasicNameValuePair("password", str2));
        setClientCredentials(keycloakDeployment, httpPost, arrayList);
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
        HttpClient client = keycloakDeployment.getClient();
        HttpClientContext create = HttpClientContext.create();
        RequestConfig.Builder custom = RequestConfig.custom();
        custom.setConnectTimeout(i);
        custom.setSocketTimeout(i2);
        create.setRequestConfig(custom.build());
        HttpResponse execute = client.execute((HttpUriRequest) httpPost, (HttpContext) create);
        int statusCode = execute.getStatusLine().getStatusCode();
        HttpEntity entity = execute.getEntity();
        if (statusCode == HttpConstants.HttpStatus.NOT_FOUND.getStatusCode()) {
            EntityUtils.consumeQuietly(entity);
            throw new NotFoundException(SecurityErrorCode.SEC_SSO_002, MessageFormat.format("User {0} not found in realm {1}!", trim, keycloakDeployment.getRealm()));
        }
        if (statusCode == HttpConstants.HttpStatus.OK.getStatusCode()) {
            if (entity == null) {
                throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_SSO_003, "No Entity");
            }
            InputStream content = entity.getContent();
            try {
                return (AccessTokenResponse) JsonSerialization.readValue(content, AccessTokenResponse.class);
            } finally {
                try {
                    content.close();
                } catch (IOException e) {
                }
            }
        }
        String entityUtils = EntityUtils.toString(entity);
        Header firstHeader = execute.getFirstHeader("Content-Type");
        if (firstHeader == null || !ContentType.APPLICATION_JSON.getMimeType().equalsIgnoreCase(ContentType.parse(firstHeader.getValue()).getMimeType())) {
            throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_SSO_004, "Bad status: " + statusCode + " Message: " + entityUtils);
        }
        try {
            KeycloakErrorResponseVO keycloakErrorResponseVO = (KeycloakErrorResponseVO) new ObjectMapper().readValue(entityUtils, KeycloakErrorResponseVO.class);
            v.debug("Got response from Keycloak: {}", keycloakErrorResponseVO);
            if (SecurityConstants.KEYCLOAK_RETRY_SIGNAL_CODE.equalsIgnoreCase(keycloakErrorResponseVO.getErrorCode())) {
                throw new KeycloakAuthenticationRetryException(MessageFormat.format("Must retry Keycloak authentication since we got error {0}:{1}", keycloakErrorResponseVO.getErrorCode(), keycloakErrorResponseVO.getErrorMessage()));
            }
            SecurityModuleError securityModuleError = SecurityModuleError.GENERIC_SECURITY;
            SecurityErrorCode securityErrorCode = SecurityErrorCode.SEC_SSO_005;
            Object[] objArr = new Object[2];
            objArr[0] = StringUtils.isBlank(keycloakErrorResponseVO.getErrorCode()) ? "N/A" : keycloakErrorResponseVO.getErrorCode();
            objArr[1] = keycloakErrorResponseVO.getErrorMessage() + " http status=" + statusCode;
            throw new GenericSecurityException(securityModuleError, securityErrorCode, MessageFormat.format(SecurityConstants.EXCEPTION_MSG_TEMPLATE, objArr));
        } catch (JsonProcessingException e2) {
            v.debug("Keycloak returned unparsable response: {}", entityUtils);
            throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_SSO_004, "Bad status: " + statusCode + " Message: " + entityUtils);
        }
    }

    public static AccessTokenResponse refreshToken(String str, KeycloakDeployment keycloakDeployment, UserSource userSource) throws IOException, GenericSecurityException {
        return refreshToken(str, keycloakDeployment, userSource, new KeycloakAuthenticationRetryStrategy());
    }

    public static AccessTokenResponse refreshToken(String str, KeycloakDeployment keycloakDeployment, UserSource userSource, RetryStrategy retryStrategy) throws IOException, GenericSecurityException {
        return refreshToken(str, keycloakDeployment, userSource, retryStrategy, x, y);
    }

    public static AccessTokenResponse refreshToken(String str, KeycloakDeployment keycloakDeployment, UserSource userSource, RetryStrategy retryStrategy, int i, int i2) throws IOException, GenericSecurityException {
        String lowerCase = userSource == null ? SecurityConstants.DEFAULT_USER_SOURCE.name().toLowerCase() : userSource.name().toLowerCase();
        return (AccessTokenResponse) (retryStrategy == null ? new KeycloakAuthenticationRetryStrategy() : retryStrategy).retry(() -> {
            try {
                return a(keycloakDeployment, str, lowerCase, i, i2);
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }, u, KeycloakAuthenticationRetryException.class);
    }

    public static AccessTokenResponse refreshToken(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AdapterDeploymentContext adapterDeploymentContext) throws IOException, GenericSecurityException {
        return refreshToken(str, httpServletRequest, httpServletResponse, adapterDeploymentContext, new KeycloakAuthenticationRetryStrategy());
    }

    public static AccessTokenResponse refreshToken(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AdapterDeploymentContext adapterDeploymentContext, RetryStrategy retryStrategy) throws IOException, GenericSecurityException {
        return refreshToken(str, httpServletRequest, httpServletResponse, adapterDeploymentContext, retryStrategy, x, y);
    }

    public static AccessTokenResponse refreshToken(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AdapterDeploymentContext adapterDeploymentContext, RetryStrategy retryStrategy, int i, int i2) throws IOException, GenericSecurityException {
        KeycloakDeployment resolveDeployment = adapterDeploymentContext.resolveDeployment(new SimpleHttpFacade(httpServletRequest, httpServletResponse));
        String lowerCase = httpServletRequest.getHeader(SecurityConstants.HEADER_TENANT_USER_SOURCE_KEY) == null ? SecurityConstants.DEFAULT_USER_SOURCE.name().toLowerCase() : httpServletRequest.getHeader(SecurityConstants.HEADER_TENANT_USER_SOURCE_KEY);
        return (AccessTokenResponse) (retryStrategy == null ? new KeycloakAuthenticationRetryStrategy() : retryStrategy).retry(() -> {
            try {
                return a(resolveDeployment, str, lowerCase, i, i2);
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }, u, KeycloakAuthenticationRetryException.class);
    }

    private static AccessTokenResponse a(KeycloakDeployment keycloakDeployment, String str, String str2, int i, int i2) throws IOException, GenericSecurityException, NotFoundException, KeycloakAuthenticationRetryException {
        HttpClient client = keycloakDeployment.getClient();
        HttpContext create = HttpClientContext.create();
        RequestConfig.Builder custom = RequestConfig.custom();
        custom.setConnectTimeout(i);
        custom.setSocketTimeout(i2);
        create.setRequestConfig(custom.build());
        HttpPost httpPost = new HttpPost(KeycloakUriBuilder.fromUri(keycloakDeployment.getAuthServerBaseUrl()).path("/realms/{realm-name}/protocol/openid-connect/token").build(new Object[]{keycloakDeployment.getRealm()}));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", "refresh_token"));
        arrayList.add(new BasicNameValuePair("refresh_token", str));
        setClientCredentials(keycloakDeployment, httpPost, arrayList);
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
        v.debug("Refreshing token...");
        HttpResponse execute = client.execute(httpPost, create);
        int statusCode = execute.getStatusLine().getStatusCode();
        HttpEntity entity = execute.getEntity();
        if (statusCode == HttpConstants.HttpStatus.BAD_REQUEST.getStatusCode()) {
            throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_SSO_004, "Bad request: " + statusCode + " Message: " + ((OAuth2ErrorRepresentation) JsonSerialization.readValue(entity.getContent(), OAuth2ErrorRepresentation.class)).getErrorDescription());
        }
        if (statusCode == HttpConstants.HttpStatus.OK.getStatusCode()) {
            if (entity == null) {
                throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_SSO_003, "No Entity");
            }
            InputStream content = entity.getContent();
            try {
                return (AccessTokenResponse) JsonSerialization.readValue(content, AccessTokenResponse.class);
            } finally {
                try {
                    content.close();
                } catch (IOException e) {
                }
            }
        }
        String entityUtils = EntityUtils.toString(entity);
        Header firstHeader = execute.getFirstHeader("Content-Type");
        if (firstHeader == null || !ContentType.APPLICATION_JSON.getMimeType().equalsIgnoreCase(ContentType.parse(firstHeader.getValue()).getMimeType())) {
            throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_SSO_004, "Bad status: " + statusCode + " Message: " + entityUtils);
        }
        try {
            KeycloakErrorResponseVO keycloakErrorResponseVO = (KeycloakErrorResponseVO) new ObjectMapper().readValue(entityUtils, KeycloakErrorResponseVO.class);
            v.debug("Got response from Keycloak: {}", keycloakErrorResponseVO);
            if (SecurityConstants.KEYCLOAK_RETRY_SIGNAL_CODE.equalsIgnoreCase(keycloakErrorResponseVO.getErrorCode())) {
                throw new KeycloakAuthenticationRetryException(MessageFormat.format("Must retry Keycloak authentication since we got error {0}:{1}", keycloakErrorResponseVO.getErrorCode(), keycloakErrorResponseVO.getErrorMessage()));
            }
            SecurityModuleError securityModuleError = SecurityModuleError.GENERIC_SECURITY;
            SecurityErrorCode securityErrorCode = SecurityErrorCode.SEC_SSO_005;
            Object[] objArr = new Object[2];
            objArr[0] = StringUtils.isBlank(keycloakErrorResponseVO.getErrorCode()) ? "N/A" : keycloakErrorResponseVO.getErrorCode();
            objArr[1] = keycloakErrorResponseVO.getErrorMessage() + " http status=" + statusCode;
            throw new GenericSecurityException(securityModuleError, securityErrorCode, MessageFormat.format(SecurityConstants.EXCEPTION_MSG_TEMPLATE, objArr));
        } catch (JsonProcessingException e2) {
            v.debug("Keycloak returned unparsable response: {}", entityUtils);
            throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_SSO_004, "Bad status: " + statusCode + " Message: " + entityUtils);
        }
    }

    public static boolean isClasspathResource(String str) {
        return str != null && str.startsWith(w);
    }

    public static Resource getResource(String str) {
        return isClasspathResource(str) ? new ClassPathResource(str.split(":")[1]) : new PathResource(str);
    }

    public static String getRemoteAddress(HttpRequestAttributes httpRequestAttributes) {
        String remoteAddress = httpRequestAttributes.getRemoteAddress();
        if (StringUtils.isNotBlank(remoteAddress)) {
            return remoteAddress;
        }
        String remoteAddress2 = httpRequestAttributes.getRemoteAddress();
        return StringUtils.isNotBlank(remoteAddress2) ? remoteAddress2 : "N/A";
    }

    public static Charset getDefaultEncoding() {
        return System.getProperty("mule.encoding") != null ? Charset.forName(System.getProperty("mule.encoding")) : Charset.defaultCharset();
    }

    public static String getHeaderIgnoreCase(HttpAttributes httpAttributes, String str) {
        if (str == null || httpAttributes == null) {
            return null;
        }
        Optional findFirst = httpAttributes.getHeaders().entrySet().parallelStream().filter(entry -> {
            return str.equalsIgnoreCase((String) entry.getKey());
        }).findFirst();
        if (findFirst.isPresent()) {
            return (String) ((Map.Entry) findFirst.get()).getValue();
        }
        return null;
    }

    public static Authentication toMuleAuthentication(org.springframework.security.core.Authentication authentication, Map<String, Object> map) {
        return new SpringAuthenticationAdapter(authentication, map);
    }

    public static void setClientCredentials(KeycloakDeployment keycloakDeployment, Map<String, String> map, Map<String, String> map2) {
        keycloakDeployment.getClientAuthenticator().setClientCredentials(keycloakDeployment.getAdapterConfig(), map, map2);
    }

    public static void setClientCredentials(KeycloakDeployment keycloakDeployment, HttpPost httpPost, List<NameValuePair> list) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        setClientCredentials(keycloakDeployment, hashMap, hashMap2);
        for (Map.Entry entry : hashMap.entrySet()) {
            httpPost.setHeader((String) entry.getKey(), (String) entry.getValue());
        }
        for (Map.Entry entry2 : hashMap2.entrySet()) {
            list.add(new BasicNameValuePair((String) entry2.getKey(), (String) entry2.getValue()));
        }
    }
}
