package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentity;

import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.IAMClientCredentialsReader;
import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/gcube/portlets/user/geoportaldataviewer/server/mongoservice/accessidentity/IAMClientIdentity.class */
public class IAMClientIdentity implements GcubeIdentity {
    private static final Logger LOG = LoggerFactory.getLogger(IAMClientIdentity.class);
    private String previousUMAToken = null;
    private static final String IAM_CLIENT_CREDENTIALS = "IAM_CLIENT_CREDENTIALS";

    @Override // org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentity.GcubeIdentity
    public void setIdentity(HttpServletRequest httpServletRequest) throws Exception {
        LOG.info("setIdentity called");
        String currentContext = SessionUtil.getCurrentContext(httpServletRequest, true);
        IAMClientCredentials sessionGetIAMClientCredentials = sessionGetIAMClientCredentials(httpServletRequest);
        if (sessionGetIAMClientCredentials == null) {
            try {
                sessionGetIAMClientCredentials = IAMClientCredentialsReader.getCredentials();
                sessionSetIAMClientCredentials(httpServletRequest, sessionGetIAMClientCredentials);
            } catch (Exception e) {
                LOG.error("Error on discovering IAM Client credentials", e);
                throw new Exception("IAM Client discovery failed");
            }
        }
        LOG.trace("Read credentials: " + sessionGetIAMClientCredentials);
        String clientId = sessionGetIAMClientCredentials.getClientId();
        String clientSecret = sessionGetIAMClientCredentials.getClientSecret();
        try {
            LOG.info("Querying KeycloakClientFactory to get UMA token..");
            String accessToken = KeycloakClientFactory.newInstance().queryUMAToken(clientId, clientSecret, currentContext, (List<String>) null).getAccessToken();
            if (accessToken == null || accessToken.isEmpty()) {
                LOG.error("UMA Access Token NOT RETRIEVED!!!");
                throw new Exception("UMA Access Token is null or empty");
            }
            LOG.info("UMA Access Token read correctly");
            try {
                try {
                    this.previousUMAToken = AccessTokenProvider.instance.get();
                } catch (Exception e2) {
                }
                LOG.debug("JWT token: " + accessToken.substring(0, 20) + "_MASKED_TOKEN_");
                LOG.info("Setting clientId '" + clientId + "' identity by JWT token in the " + AccessTokenProvider.class.getSimpleName());
                AccessTokenProvider.instance.set(accessToken);
            } catch (Exception e3) {
                LOG.error(e3.getMessage(), e3);
                throw new Exception(e3.getMessage());
            }
        } catch (Exception e4) {
            throw new Exception("Error occurred on reading UMA access token:", e4);
        }
    }

    @Override // org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentity.GcubeIdentity
    public void resetIdentity() {
        LOG.info("resetIdentity called");
        AccessTokenProvider.instance.set(this.previousUMAToken);
        LOG.info("resetIdentity to previous AccessToken");
    }

    public static IAMClientCredentials sessionGetIAMClientCredentials(HttpServletRequest httpServletRequest) {
        try {
            return (IAMClientCredentials) httpServletRequest.getSession().getAttribute(IAM_CLIENT_CREDENTIALS);
        } catch (Exception e) {
            LOG.warn("Error occurred when reading IAM_CLIENT_CREDENTIALS from session");
            return null;
        }
    }

    public static void sessionSetIAMClientCredentials(HttpServletRequest httpServletRequest, IAMClientCredentials iAMClientCredentials) {
        try {
            httpServletRequest.getSession().setAttribute(IAM_CLIENT_CREDENTIALS, iAMClientCredentials);
        } catch (Exception e) {
            LOG.warn("Error occurred when setting IAM_CLIENT_CREDENTIALS into session");
        }
    }
}
