package org.gcube.common.iam;

import java.net.URL;
import java.util.List;
import org.gcube.common.keycloak.KeycloakClient;
import org.gcube.common.keycloak.KeycloakClientException;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.io.jsonwebtoken.ExpiredJwtException;
import org.gcube.io.jsonwebtoken.JwtException;
import org.gcube.io.jsonwebtoken.security.SignatureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/d4science-iam-client-1.0.0-SNAPSHOT.jar:org/gcube/common/iam/D4ScienceIAMClient.class */
public class D4ScienceIAMClient {
    private KeycloakClient keycloakClient;
    private URL realmBaseURL;
    protected static Logger logger = LoggerFactory.getLogger(D4ScienceIAMClient.class);
    public static boolean USE_DYNAMIC_SCOPES = true;
    private static String GATEWAY_CLIENT_ID = "d4science-internal-gateway";

    public static void setDefaultGatewayClientID(String str) {
        logger.warn("The default GW clientId will be changed to: {}", str);
        GATEWAY_CLIENT_ID = str;
    }

    public static D4ScienceIAMClient newInstance(String str) throws D4ScienceIAMClientException {
        KeycloakClient useDynamicScopeInsteadOfCustomHeaderForContextRestricion = KeycloakClientFactory.newInstance().useDynamicScopeInsteadOfCustomHeaderForContextRestricion(USE_DYNAMIC_SCOPES);
        logger.debug("Creating new D4ScienceIAMClient with infastructure context: {} ", str);
        try {
            return new D4ScienceIAMClient(useDynamicScopeInsteadOfCustomHeaderForContextRestricion, useDynamicScopeInsteadOfCustomHeaderForContextRestricion.getRealmBaseURL(str));
        } catch (KeycloakClientException e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    public static D4ScienceIAMClient newInstance(String str, String str2) throws D4ScienceIAMClientException {
        KeycloakClient useDynamicScopeInsteadOfCustomHeaderForContextRestricion = KeycloakClientFactory.newInstance().useDynamicScopeInsteadOfCustomHeaderForContextRestricion(USE_DYNAMIC_SCOPES);
        logger.debug("Creating new D4ScienceIAMClient with infastructure context: {}, and realm: {}", str, str2);
        try {
            return new D4ScienceIAMClient(useDynamicScopeInsteadOfCustomHeaderForContextRestricion, useDynamicScopeInsteadOfCustomHeaderForContextRestricion.getRealmBaseURL(str, str2));
        } catch (KeycloakClientException e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    public static D4ScienceIAMClient newInstance(URL url) {
        logger.debug("Creating new D4ScienceIAMClient with baase URL: {} ", url);
        return new D4ScienceIAMClient(KeycloakClientFactory.newInstance().useDynamicScopeInsteadOfCustomHeaderForContextRestricion(USE_DYNAMIC_SCOPES), url);
    }

    private D4ScienceIAMClient(KeycloakClient keycloakClient, URL url) {
        this.keycloakClient = keycloakClient;
        this.realmBaseURL = url;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeycloakClient getKeycloakClient() {
        return this.keycloakClient;
    }

    public URL getRealmBaseURL() {
        return this.realmBaseURL;
    }

    public D4ScienceIAMClientAuthn authenticate(String str, String str2) throws D4ScienceIAMClientException {
        return authenticate(str, str2, null);
    }

    public D4ScienceIAMClientAuthn authenticate(String str, String str2, String str3) throws D4ScienceIAMClientException {
        return new D4ScienceIAMClientAuthn4Client(this, str, str2, str3);
    }

    public D4ScienceIAMClientAuthn authenticateUser(String str, String str2) throws D4ScienceIAMClientException {
        return authenticateUser(GATEWAY_CLIENT_ID, null, str, str2);
    }

    public D4ScienceIAMClientAuthn authenticateUser(String str, String str2, String str3) throws D4ScienceIAMClientException {
        return authenticateUser(GATEWAY_CLIENT_ID, null, str, str2, str3);
    }

    public D4ScienceIAMClientAuthn authenticateUser(String str, String str2, String str3, String str4) throws D4ScienceIAMClientException {
        return authenticateUser(str, str2, str3, str4, null);
    }

    public D4ScienceIAMClientAuthn authenticateUser(String str, String str2, String str3, String str4, String str5) throws D4ScienceIAMClientException {
        return new D4ScienceIAMClientAuthn4User(this, str, str2, str3, str4, str5);
    }

    public D4ScienceIAMClientAuthz authorize(String str, String str2, String str3) throws D4ScienceIAMClientException {
        return authorize(str, str2, str3, null);
    }

    public D4ScienceIAMClientAuthz authorize(String str, String str2, String str3, List<String> list) throws D4ScienceIAMClientException {
        return new D4ScienceIAMClientAuthz(this, str, str2, str3, list);
    }

    public void verifyToken(String str) throws SignatureException, ExpiredJwtException, JwtException, Exception {
        ModelUtils.verify(str, this.keycloakClient.getRealmInfo(this.realmBaseURL).getPublicKey());
    }
}
