package org.jkiss.utils.oauth;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonParser;
import com.google.gson.Strictness;
import java.awt.Desktop;
import java.io.IOException;
import java.net.CookieManager;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.jkiss.code.NotNull;
import org.jkiss.code.Nullable;
import org.jkiss.utils.CommonUtils;

/* loaded from: input_file:org/jkiss/utils/oauth/OAuthHandler.class */
public class OAuthHandler {
    protected static final Gson gson = new GsonBuilder().setStrictness(Strictness.LENIENT).setPrettyPrinting().create();
    public static final int TOKEN_VERIFIER_BYTE_LENGTH = 64;

    @NotNull
    protected final String clientId;

    @Nullable
    protected final String secretId;

    @NotNull
    protected final String authUrl;

    @NotNull
    protected final String tokenURL;
    protected final int callbackPort;
    protected int timeout = OAuthConstants.AUTH_DEFAULT_SSO_TIMEOUT;

    @NotNull
    protected String callbackEndpoint = OAuthConstants.DEFAULT_CALLBACK_ENDPOINT;

    @Nullable
    protected String codeChallenge;

    public OAuthHandler(@NotNull String str, @Nullable String str2, @NotNull String str3, @NotNull String str4, int i) {
        this.clientId = str;
        this.secretId = str2;
        this.authUrl = str3;
        this.tokenURL = str4;
        this.callbackPort = i;
    }

    public void setTimeout(int i) {
        this.timeout = i;
    }

    public void setCallbackEndpoint(@NotNull String str) {
        this.callbackEndpoint = str;
    }

    public Map<String, String> authorize() throws IOException {
        Throwable th = null;
        try {
            try {
                OAuthResponseHandler oAuthResponseHandler = new OAuthResponseHandler(this.callbackPort, this.callbackEndpoint);
                try {
                    String generateCodeChallengeAndVerifier = generateCodeChallengeAndVerifier();
                    startSSO(oAuthResponseHandler);
                    String str = oAuthResponseHandler.requestCode().get(this.timeout, TimeUnit.SECONDS);
                    HttpRequest.Builder uri = HttpRequest.newBuilder().uri(URI.create(this.tokenURL));
                    uri.header("Content-type", "application/x-www-form-urlencoded");
                    uri.POST(HttpRequest.BodyPublishers.ofString(createTokenRequestParameters(str, generateCodeChallengeAndVerifier)));
                    uri.timeout(Duration.ofSeconds(this.timeout));
                    HttpRequest build = uri.build();
                    oAuthResponseHandler.addStabContext();
                    HttpResponse<String> send = HttpClient.newBuilder().cookieHandler(new CookieManager()).version(HttpClient.Version.HTTP_2).build().send(build, HttpResponse.BodyHandlers.ofString());
                    if (send.statusCode() != 200) {
                        throw new IOException("Error getting token info " + ((String) send.body()));
                    }
                    Map<String, String> extractResponse = extractResponse(send);
                    if (oAuthResponseHandler != null) {
                        oAuthResponseHandler.close();
                    }
                    return extractResponse;
                } catch (Throwable th2) {
                    if (oAuthResponseHandler != null) {
                        oAuthResponseHandler.close();
                    }
                    throw th2;
                }
            } catch (InterruptedException | ExecutionException | TimeoutException e) {
                throw new IOException(e);
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @NotNull
    protected Map<String, String> extractResponse(HttpResponse<String> httpResponse) throws IOException {
        String asString = JsonParser.parseString((String) httpResponse.body()).getAsJsonObject().get(OAuthConstants.RESULT_PROP_TOKEN_ID).getAsString();
        if (asString == null) {
            throw new IOException("Error extracting token");
        }
        HashMap hashMap = new HashMap();
        hashMap.put(OAuthConstants.AUTH_PROP_TOKEN, asString);
        return hashMap;
    }

    private void startSSO(@NotNull OAuthResponseHandler oAuthResponseHandler) throws IOException {
        oAuthResponseHandler.initServer();
        createBrowser(buildAuthUrl());
    }

    protected void createBrowser(@NotNull String str) throws IOException {
        if (!Desktop.isDesktopSupported() || !Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
            throw new IOException("Desktop BROWSER interface is not supported");
        }
        Desktop.getDesktop().browse(URI.create(str));
    }

    @NotNull
    private String generateCodeChallengeAndVerifier() throws IOException {
        String generateVerifier = generateVerifier();
        try {
            this.codeChallenge = Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance("SHA-256").digest(generateVerifier.getBytes()));
            return generateVerifier;
        } catch (NoSuchAlgorithmException unused) {
            throw new IOException("Missing SHA-256 algorithm");
        }
    }

    @NotNull
    private static String generateVerifier() {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    @NotNull
    private String createTokenRequestParameters(@NotNull String str, @NotNull String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str);
        hashMap.put(OAuthConstants.AUTH_PROP_CLIENT_ID, this.clientId);
        if (CommonUtils.isNotEmpty(this.secretId)) {
            hashMap.put(OAuthConstants.AUTH_PROP_CLIENT_SECRET, this.secretId);
        }
        hashMap.put("code_verifier", str2);
        hashMap.put("redirect_uri", String.format(OAuthConstants.AUTH_SSO_CALLBACK_TEMPLATE, Integer.valueOf(this.callbackPort), this.callbackEndpoint));
        return OAuthRequestURLBuilder.buildURLParameters(hashMap);
    }

    protected String buildAuthUrl() throws IOException {
        return new OAuthRequestURLBuilder(this.authUrl).withClientId(this.clientId).withRedirectURI(String.format(OAuthConstants.AUTH_SSO_CALLBACK_TEMPLATE, Integer.valueOf(this.callbackPort), this.callbackEndpoint)).withCodeChallenge(this.codeChallenge).build();
    }
}
