package com.dbeaver.jdbc.salesforce.oauth;

import com.dbeaver.jdbc.salesforce.SalesForceConstants;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.Strictness;
import java.awt.Desktop;
import java.io.IOException;
import java.net.CookieManager;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.sql.SQLException;
import java.time.Duration;
import java.util.Base64;
import java.util.HashMap;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.jkiss.code.NotNull;
import org.jkiss.utils.CommonUtils;

/* loaded from: input_file:com/dbeaver/jdbc/salesforce/oauth/OAuthHandler.class */
public class OAuthHandler {
    protected static final Gson gson = new GsonBuilder().setStrictness(Strictness.LENIENT).setPrettyPrinting().create();

    private OAuthHandler() {
    }

    public static void authorize(String str, Properties properties) throws SQLException {
        String property = properties.getProperty(SalesForceConstants.AUTH_PROP_CLIENT_ID);
        if (CommonUtils.isEmpty(property)) {
            throw new SQLException("Client ID for the SSO authorization is missing");
        }
        String property2 = properties.getProperty(SalesForceConstants.AUTH_PROP_CLIENT_SECRET);
        OAuthRequestURLBuilder oAuthRequestURLBuilder = new OAuthRequestURLBuilder();
        oAuthRequestURLBuilder.clientID(property).hostname(str);
        int timeout = getTimeout(properties);
        OAuthResponseHandler oAuthResponseHandler = new OAuthResponseHandler();
        try {
            authorizeUsingResponseCode(str, property, property2, oAuthRequestURLBuilder, properties, timeout);
        } finally {
            oAuthResponseHandler.closeHttpServer();
        }
    }

    private static void startSSO(OAuthRequestURLBuilder oAuthRequestURLBuilder, OAuthResponseHandler oAuthResponseHandler) throws SQLException {
        try {
            oAuthResponseHandler.initServer();
            oAuthRequestURLBuilder.redirectURI(String.format(SalesForceConstants.AUTH_SSO_CALLBACK_TEMPLATE, Integer.valueOf(oAuthResponseHandler.getPort())));
            if (!Desktop.isDesktopSupported() || !Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
                throw new SQLException("Desktop BROWSER interface is not supported");
            }
            try {
                Desktop.getDesktop().browse(URI.create(oAuthRequestURLBuilder.build()));
            } catch (IOException e) {
                throw new SQLException(e);
            }
        } catch (Throwable th) {
            throw new SQLException("Error acquiring auth code", th);
        }
    }

    private static void authorizeUsingResponseCode(String str, String str2, String str3, OAuthRequestURLBuilder oAuthRequestURLBuilder, Properties properties, int i) throws SQLException {
        OAuthResponseHandler oAuthResponseHandler = new OAuthResponseHandler();
        try {
            String generateCodeChallengeAndVerifier = generateCodeChallengeAndVerifier(oAuthRequestURLBuilder);
            startSSO(oAuthRequestURLBuilder, oAuthResponseHandler);
            try {
                String str4 = oAuthResponseHandler.requestCode().get(i, TimeUnit.SECONDS);
                HttpRequest.Builder uri = HttpRequest.newBuilder().uri(URI.create(String.format(SalesForceConstants.AUTH_SSO_TOKEN_TEMPLATE, str)));
                uri.header("Content-type", "application/x-www-form-urlencoded");
                uri.POST(HttpRequest.BodyPublishers.ofString(createTokenRequestParameters(str4, str3, str2, generateCodeChallengeAndVerifier, oAuthResponseHandler.getPort())));
                uri.timeout(Duration.ofSeconds(i));
                HttpRequest build = uri.build();
                try {
                    oAuthResponseHandler.addStabContext();
                    HttpClient build2 = HttpClient.newBuilder().cookieHandler(new CookieManager()).version(HttpClient.Version.HTTP_2).build();
                    HttpResponse send = build2.send(build, HttpResponse.BodyHandlers.ofString());
                    if (send.statusCode() != 200) {
                        throw new SQLException("Error getting token info " + ((String) send.body()));
                    }
                    OAuthResponseDTO oAuthResponseDTO = (OAuthResponseDTO) gson.fromJson((String) send.body(), OAuthResponseDTO.class);
                    if (oAuthResponseDTO.access_token() == null) {
                        throw new SQLException("Error extracting token");
                    }
                    String access_token = oAuthResponseDTO.access_token();
                    properties.put(SalesForceConstants.AUTH_PROP_TOKEN, access_token);
                    if (oAuthResponseDTO.id() != null) {
                        HttpResponse<String> sendServiceRequest = sendServiceRequest(oAuthResponseDTO.id(), build2, access_token, i);
                        if (sendServiceRequest.statusCode() != 200) {
                            throw new SQLException("Error getting service info " + send.statusCode());
                        }
                        IdentityResponseDTO identityResponseDTO = (IdentityResponseDTO) gson.fromJson((String) sendServiceRequest.body(), IdentityResponseDTO.class);
                        if (identityResponseDTO.urls().partner() != null) {
                            properties.setProperty("service_endpoint", identityResponseDTO.urls().partner().replace("{version}", SalesForceConstants.DEFAULT_API_VERSION));
                        }
                    }
                } catch (Throwable th) {
                    throw new SQLException("Error getting token info", th);
                }
            } catch (Throwable th2) {
                throw new SQLException("Error while reading response code value", th2);
            }
        } finally {
            oAuthResponseHandler.closeHttpServer();
        }
    }

    private static HttpResponse<String> sendServiceRequest(String str, HttpClient httpClient, String str2, int i) throws IOException, InterruptedException {
        return httpClient.send(HttpRequest.newBuilder().uri(URI.create(str)).setHeader("Authorization", "Bearer " + str2).GET().timeout(Duration.ofSeconds(i)).build(), HttpResponse.BodyHandlers.ofString());
    }

    @NotNull
    private static String generateCodeChallengeAndVerifier(OAuthRequestURLBuilder oAuthRequestURLBuilder) throws SQLException {
        String generateVerifier = generateVerifier();
        try {
            oAuthRequestURLBuilder.codeChallenge(Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance("SHA-256").digest(generateVerifier.getBytes())));
            return generateVerifier;
        } catch (NoSuchAlgorithmException unused) {
            throw new SQLException("Missing SHA-256 algorithm");
        }
    }

    private static int getTimeout(Properties properties) {
        String property = properties.getProperty(SalesForceConstants.AUTH_PROP_SSO_REQUEST_TIMEOUT);
        return property != null ? Integer.parseInt(property) : 120;
    }

    private static String generateVerifier() {
        byte[] bArr = new byte[128];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private static String createTokenRequestParameters(String str, String str2, String str3, String str4, int i) {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str);
        hashMap.put(SalesForceConstants.AUTH_PROP_CLIENT_ID, str3);
        if (str2 != null && !str2.isEmpty()) {
            hashMap.put(SalesForceConstants.AUTH_PROP_CLIENT_SECRET, str2);
        }
        hashMap.put("code_verifier", str4);
        hashMap.put("redirect_uri", URLEncoder.encode(String.format(SalesForceConstants.AUTH_SSO_CALLBACK_TEMPLATE, Integer.valueOf(i)), StandardCharsets.UTF_8));
        return (String) hashMap.entrySet().stream().map(entry -> {
            return ((String) entry.getKey()) + "=" + ((String) entry.getValue());
        }).collect(Collectors.joining("&"));
    }
}
