package one.jpro.platform.auth.core.oauth2;

import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpHeaders;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javafx.stage.Stage;
import one.jpro.platform.auth.core.authentication.AuthenticationException;
import one.jpro.platform.auth.core.http.HttpMethod;
import one.jpro.platform.auth.core.jwt.JWTOptions;
import one.jpro.platform.auth.core.oauth2.provider.OpenIDAuthenticationProvider;
import one.jpro.platform.auth.core.utils.AuthUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: input_file:one/jpro/platform/auth/core/oauth2/OAuth2API.class */
public class OAuth2API {
    private static final Pattern MAX_AGE = Pattern.compile("max-age=\"?(\\d+)\"?");
    private static final String CACHE_CONTROL = "cache-control";

    @NotNull
    protected final OAuth2Options options;

    @NotNull
    private final HttpClient httpClient = HttpClient.newHttpClient();

    public OAuth2API(@NotNull OAuth2Options oAuth2Options) {
        this.options = (OAuth2Options) Objects.requireNonNull(oAuth2Options, "OAuth2 options cannot be null");
    }

    @NotNull
    public OAuth2Options getOptions() {
        return this.options;
    }

    public String authorizeURL(@NotNull OAuth2Credentials oAuth2Credentials) {
        JSONObject jSONObject = new JSONObject();
        if ((oAuth2Credentials.getFlow() != null ? oAuth2Credentials.getFlow() : this.options.getFlow()) == OAuth2Flow.AUTH_CODE) {
            jSONObject.put("response_type", "code");
        }
        String normalizedRedirectUri = oAuth2Credentials.getNormalizedRedirectUri();
        if (normalizedRedirectUri != null && !normalizedRedirectUri.isBlank()) {
            jSONObject.put("redirect_uri", normalizedRedirectUri);
        }
        if (oAuth2Credentials.getScopes() != null) {
            jSONObject.put("scope", String.join(this.options.getScopeSeparator(), oAuth2Credentials.getScopes()));
        }
        String state = oAuth2Credentials.getState();
        if (state != null && !state.isBlank()) {
            jSONObject.put("state", state);
        }
        String clientId = this.options.getClientId();
        if (clientId != null) {
            jSONObject.put("client_id", clientId);
        } else {
            if (this.options.getClientAssertionType() != null) {
                jSONObject.put("client_assertion_type", this.options.getClientAssertionType());
            }
            if (this.options.getClientAssertion() != null) {
                jSONObject.put("client_assertion", this.options.getClientAssertion());
            }
        }
        return this.options.getAuthorizationPath() + "?" + AuthUtils.jsonToQuery(jSONObject);
    }

    public CompletableFuture<JSONObject> token(String str, JSONObject jSONObject) {
        if (str == null) {
            return CompletableFuture.failedFuture(new IllegalArgumentException("Token request requires a grantType other than null"));
        }
        JSONObject jSONObject2 = new JSONObject();
        boolean z = (this.options.getClientId() == null || this.options.getClientSecret() == null) ? false : true;
        if (z) {
            jSONObject2.put("Authorization", "Basic " + AuthUtils.BASE64_ENCODER.encodeToString((this.options.getClientId() + ":" + this.options.getClientSecret()).getBytes(StandardCharsets.UTF_8)));
        }
        JSONObject jSONObject3 = new JSONObject(jSONObject.toString());
        if (this.options.getExtraParams() != null) {
            for (String str2 : JSONObject.getNames(this.options.getExtraParams())) {
                jSONObject3.put(str2, this.options.getExtraParams().get(str2));
            }
        }
        jSONObject3.put("grant_type", str);
        if (!z) {
            String clientId = this.options.getClientId();
            if (clientId != null) {
                jSONObject3.put("client_id", clientId);
            } else {
                if (this.options.getClientAssertionType() != null) {
                    jSONObject3.put("client_assertion_type", this.options.getClientAssertionType());
                }
                if (this.options.getClientAssertion() != null) {
                    jSONObject3.put("client_assertion", this.options.getClientAssertion());
                }
            }
        }
        jSONObject2.put("Content-Type", "application/x-www-form-urlencoded");
        String jsonToQuery = AuthUtils.jsonToQuery(jSONObject3);
        jSONObject2.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.POST, this.options.getTokenPath(), jSONObject2, jsonToQuery).thenCompose(httpResponse -> {
            JSONObject queryToJson;
            if (httpResponse.body() == null || ((String) httpResponse.body()).isEmpty()) {
                return CompletableFuture.failedFuture(new RuntimeException("No Body"));
            }
            HttpHeaders headers = httpResponse.headers();
            if (AuthUtils.containsValue(headers, "application/json")) {
                queryToJson = new JSONObject((String) httpResponse.body());
            } else {
                if (!AuthUtils.containsValue(headers, "application/x-www-form-urlencoded") && !AuthUtils.containsValue(headers, "text/plain")) {
                    return CompletableFuture.failedFuture(new RuntimeException("Cannot handle content type: " + headers.map().get("Content-Type")));
                }
                queryToJson = AuthUtils.queryToJson((String) httpResponse.body());
            }
            if (queryToJson == null || queryToJson.has("error")) {
                return CompletableFuture.failedFuture(new RuntimeException(AuthUtils.extractErrorDescription(queryToJson)));
            }
            AuthUtils.processNonStandardHeaders(queryToJson, httpResponse, this.options.getScopeSeparator());
            return CompletableFuture.completedFuture(queryToJson);
        });
    }

    public CompletableFuture<JSONObject> tokenIntrospection(String str, String str2) {
        JSONObject jSONObject = new JSONObject();
        if ((this.options.getClientId() == null || this.options.getClientSecret() == null) ? false : true) {
            jSONObject.put("Authorization", "Basic " + AuthUtils.BASE64_ENCODER.encodeToString((this.options.getClientId() + ":" + this.options.getClientSecret()).getBytes(StandardCharsets.UTF_8)));
        }
        JSONObject put = new JSONObject().put("token", str2).put("token_type_hint", str);
        jSONObject.put("Content-Type", "application/x-www-form-urlencoded");
        String jsonToQuery = AuthUtils.jsonToQuery(put);
        jSONObject.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.POST, this.options.getIntrospectionPath(), jSONObject, jsonToQuery).thenCompose(httpResponse -> {
            JSONObject queryToJson;
            if (httpResponse.body() == null || ((String) httpResponse.body()).isEmpty()) {
                return CompletableFuture.failedFuture(new RuntimeException("No Body"));
            }
            if (AuthUtils.containsValue(httpResponse.headers(), "application/json")) {
                queryToJson = new JSONObject((String) httpResponse.body());
            } else {
                if (!AuthUtils.containsValue(httpResponse.headers(), "application/x-www-form-urlencoded") && !AuthUtils.containsValue(httpResponse.headers(), "text/plain")) {
                    return CompletableFuture.failedFuture(new RuntimeException("Cannot handle accessToken type: " + httpResponse.headers().allValues("Content-Type")));
                }
                queryToJson = AuthUtils.queryToJson((String) httpResponse.body());
            }
            if (queryToJson == null || queryToJson.has("error")) {
                return CompletableFuture.failedFuture(new RuntimeException(AuthUtils.extractErrorDescription(queryToJson)));
            }
            AuthUtils.processNonStandardHeaders(queryToJson, httpResponse, this.options.getScopeSeparator());
            return CompletableFuture.completedFuture(queryToJson);
        });
    }

    public CompletableFuture<Void> tokenRevocation(@NotNull String str, @NotNull String str2) {
        if (str2 == null) {
            return CompletableFuture.failedFuture(new RuntimeException("Cannot revoke null token"));
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("Content-Type", "application/x-www-form-urlencoded");
        if ((this.options.getClientId() == null || this.options.getClientSecret() == null) ? false : true) {
            jSONObject.put("Authorization", "Basic " + AuthUtils.BASE64_ENCODER.encodeToString((this.options.getClientId() + ":" + this.options.getClientSecret()).getBytes(StandardCharsets.UTF_8)));
        }
        String jsonToQuery = AuthUtils.jsonToQuery(new JSONObject().put("token", str2).put("token_type_hint", str));
        jSONObject.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.POST, this.options.getRevocationPath(), jSONObject, jsonToQuery).thenCompose(httpResponse -> {
            return httpResponse.body() == null ? CompletableFuture.failedFuture(new RuntimeException("No Body")) : CompletableFuture.completedFuture(null);
        });
    }

    public CompletableFuture<JSONObject> userInfo(String str) {
        JSONObject jSONObject = new JSONObject();
        JSONObject extraParams = this.options.getExtraParams();
        String userInfoPath = this.options.getUserInfoPath();
        if (userInfoPath == null) {
            return CompletableFuture.failedFuture(new AuthenticationException("userInfo path is not configured"));
        }
        if (extraParams != null) {
            userInfoPath = userInfoPath + "?" + AuthUtils.jsonToQuery(extraParams);
        }
        jSONObject.put("Authorization", "Bearer " + str);
        jSONObject.put("Accept", "application/json,application/jwt,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.GET, userInfoPath, jSONObject, null).thenCompose(httpResponse -> {
            JSONObject queryToJson;
            String str2 = (String) httpResponse.body();
            if (str2 == null) {
                return CompletableFuture.failedFuture(new AuthenticationException("No Body"));
            }
            if (AuthUtils.containsValue(httpResponse.headers(), "application/json")) {
                queryToJson = new JSONObject(str2);
            } else if (AuthUtils.containsValue(httpResponse.headers(), "applications/jwt")) {
                DecodedJWT decode = JWT.decode(str2);
                JSONObject jSONObject2 = new JSONObject(decode.getHeader());
                queryToJson = new JSONObject().put("header", jSONObject2).put("payload", new JSONObject(decode.getPayload()));
            } else {
                if (!AuthUtils.containsValue(httpResponse.headers(), "application/x-www-form-urlencoded") && !AuthUtils.containsValue(httpResponse.headers(), "text/plain")) {
                    return CompletableFuture.failedFuture(new AuthenticationException("Cannot handle Content-Type: " + httpResponse.headers().allValues("Content-Type")));
                }
                queryToJson = AuthUtils.queryToJson(str2);
            }
            AuthUtils.processNonStandardHeaders(queryToJson, httpResponse, this.options.getScopeSeparator());
            return CompletableFuture.completedFuture(queryToJson);
        });
    }

    public CompletableFuture<JSONObject> jwkSet() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("Accept", "application/jwk-set+json, application/json");
        return fetch(HttpMethod.GET, this.options.getJwkPath(), jSONObject, null).thenCompose(httpResponse -> {
            if (httpResponse.body() == null || ((String) httpResponse.body()).isEmpty()) {
                return CompletableFuture.failedFuture(new RuntimeException("No Body"));
            }
            if (!AuthUtils.containsValue(httpResponse.headers(), "application/jwk-set+json") && !AuthUtils.containsValue(httpResponse.headers(), "application/json")) {
                return CompletableFuture.failedFuture(new RuntimeException("Cannot handle content type: " + httpResponse.headers().allValues("Content-Type")));
            }
            JSONObject jSONObject2 = new JSONObject((String) httpResponse.body());
            if (jSONObject2.has("error")) {
                return CompletableFuture.failedFuture(new RuntimeException(AuthUtils.extractErrorDescription(jSONObject2)));
            }
            List<String> allValues = httpResponse.headers().allValues(CACHE_CONTROL);
            if (allValues != null) {
                for (String str : allValues) {
                    if (str.length() > 8) {
                        Matcher matcher = MAX_AGE.matcher(str);
                        if (matcher.find()) {
                            try {
                                jSONObject2.put("maxAge", Long.valueOf(matcher.group(1)));
                                break;
                            } catch (RuntimeException e) {
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            return CompletableFuture.completedFuture(jSONObject2);
        });
    }

    public CompletableFuture<OpenIDAuthenticationProvider> discover(Stage stage, OAuth2Options oAuth2Options) {
        if (oAuth2Options.getSite() == null) {
            CompletableFuture.failedFuture(new RuntimeException("the site url cannot be null"));
        }
        String site = oAuth2Options.getSite();
        if (site.endsWith("/.well-known/openid-configuration")) {
            site = site.substring(0, site.length() - "/.well-known/openid-configuration".length());
        }
        return fetch(HttpMethod.GET, site + "/.well-known/openid-configuration", new JSONObject().put("Accept", "application/json"), null).thenCompose(httpResponse -> {
            if (httpResponse.statusCode() != 200) {
                return CompletableFuture.failedFuture(new RuntimeException("Bad Response [" + httpResponse.statusCode() + "] " + ((String) httpResponse.body())));
            }
            if (!AuthUtils.containsValue(httpResponse.headers(), "application/json")) {
                return CompletableFuture.failedFuture(new RuntimeException("Cannot handle content type: " + httpResponse.headers().allValues("Content-Type")));
            }
            JSONObject jSONObject = new JSONObject((String) httpResponse.body());
            if (jSONObject.has("error")) {
                return CompletableFuture.failedFuture(new RuntimeException(AuthUtils.extractErrorDescription(jSONObject)));
            }
            oAuth2Options.setAuthorizationPath(jSONObject.optString("authorization_endpoint", null));
            oAuth2Options.setTokenPath(jSONObject.optString("token_endpoint", null));
            oAuth2Options.setLogoutPath(jSONObject.optString("end_session_endpoint", null));
            oAuth2Options.setRevocationPath(jSONObject.optString("revocation_endpoint", null));
            oAuth2Options.setUserInfoPath(jSONObject.optString("userinfo_endpoint", null));
            oAuth2Options.setJwkPath(jSONObject.optString("jwks_uri", null));
            oAuth2Options.setIntrospectionPath(jSONObject.optString("introspection_endpoint", null));
            if (jSONObject.has("issuer")) {
                JWTOptions jWTOptions = oAuth2Options.getJWTOptions();
                if (jWTOptions == null) {
                    jWTOptions = new JWTOptions();
                    oAuth2Options.setJWTOptions(jWTOptions);
                }
                jWTOptions.setIssuer(jSONObject.getString("issuer"));
            }
            if (oAuth2Options.isValidateIssuer()) {
                String string = jSONObject.getString("issuer");
                if (string != null) {
                    if (string.endsWith("/")) {
                        string = string.substring(0, string.length() - 1);
                    }
                    if (!string.equals(oAuth2Options.getJWTOptions().getIssuer())) {
                        return CompletableFuture.failedFuture(new RuntimeException("Issuer validation failed: received [" + string + "] but expected [" + oAuth2Options.getJWTOptions().getIssuer() + "]"));
                    }
                }
            }
            oAuth2Options.setSupportedResponseTypes(null);
            if (jSONObject.has("response_types_supported")) {
                jSONObject.getJSONArray("response_types_supported").forEach(obj -> {
                    oAuth2Options.addSupportedResponseType((String) obj);
                });
            }
            oAuth2Options.setSupportedResponseModes(null);
            if (jSONObject.has("response_modes_supported")) {
                jSONObject.getJSONArray("response_modes_supported").forEach(obj2 -> {
                    oAuth2Options.addSupportedResponseMode((String) obj2);
                });
            }
            oAuth2Options.setSupportedGrantTypes(null);
            if (jSONObject.has("grant_types_supported") && oAuth2Options.getFlow() != null) {
                JSONArray jSONArray = jSONObject.getJSONArray("grant_types_supported");
                jSONArray.forEach(obj3 -> {
                    oAuth2Options.addSupportedGrantType((String) obj3);
                });
                if (!jSONArray.toList().contains(oAuth2Options.getFlow().getGrantType())) {
                    return CompletableFuture.failedFuture(new RuntimeException("Unsupported flow: " + oAuth2Options.getFlow().getGrantType() + ", allowed: " + jSONArray));
                }
            }
            oAuth2Options.setSupportedSubjectTypes(null);
            if (jSONObject.has("subject_types_supported")) {
                jSONObject.getJSONArray("subject_types_supported").forEach(obj4 -> {
                    oAuth2Options.addSupportedSubjectType((String) obj4);
                });
            }
            oAuth2Options.setSupportedScopes(null);
            if (jSONObject.has("scopes_supported")) {
                jSONObject.getJSONArray("scopes_supported").forEach(obj5 -> {
                    oAuth2Options.addSupportedScope((String) obj5);
                });
            }
            oAuth2Options.setSupportedIdTokenSigningAlgValues(null);
            if (jSONObject.has("id_token_signing_alg_values_supported")) {
                jSONObject.getJSONArray("id_token_signing_alg_values_supported").forEach(obj6 -> {
                    oAuth2Options.addSupportedIdTokenSigningAlgValue((String) obj6);
                });
            }
            oAuth2Options.setSupportedTokenEndpointAuthMethods(null);
            if (jSONObject.has("token_endpoint_auth_methods_supported")) {
                jSONObject.getJSONArray("token_endpoint_auth_methods_supported").forEach(obj7 -> {
                    oAuth2Options.addSupportedTokenEndpointAuthMethod((String) obj7);
                });
            }
            oAuth2Options.setSupportedClaims(null);
            if (jSONObject.has("claims_supported")) {
                jSONObject.getJSONArray("claims_supported").forEach(obj8 -> {
                    oAuth2Options.addSupportedClaim((String) obj8);
                });
            }
            oAuth2Options.setSupportedCodeChallengeMethods(null);
            if (jSONObject.has("code_challenge_methods_supported")) {
                jSONObject.getJSONArray("code_challenge_methods_supported").forEach(obj9 -> {
                    oAuth2Options.addSupportedCodeChallengeMethod((String) obj9);
                });
            }
            oAuth2Options.setSupportedIntrospectionEndpointAuthMethods(null);
            if (jSONObject.has("introspection_endpoint_auth_methods_supported")) {
                jSONObject.getJSONArray("introspection_endpoint_auth_methods_supported").forEach(obj10 -> {
                    oAuth2Options.addSupportedIntrospectionEndpointAuthMethod((String) obj10);
                });
            }
            oAuth2Options.setSupportedRevocationEndpointAuthMethods(null);
            if (jSONObject.has("revocation_endpoint_auth_methods_supported")) {
                jSONObject.getJSONArray("revocation_endpoint_auth_methods_supported").forEach(obj11 -> {
                    oAuth2Options.addSupportedRevocationEndpointAuthMethod((String) obj11);
                });
            }
            oAuth2Options.setSupportedRequestParameter(false);
            if (jSONObject.has("request_parameter_supported")) {
                oAuth2Options.setSupportedRequestParameter(jSONObject.getBoolean("request_parameter_supported"));
            }
            oAuth2Options.setSupportedRequestObjectSigningAlgValues(null);
            if (jSONObject.has("request_object_signing_alg_values_supported")) {
                jSONObject.getJSONArray("request_object_signing_alg_values_supported").forEach(obj12 -> {
                    oAuth2Options.addSupportedRequestObjectSigningAlgValue((String) obj12);
                });
            }
            return CompletableFuture.completedFuture(new OpenIDAuthenticationProvider(stage, oAuth2Options));
        });
    }

    public CompletableFuture<Void> logout(@NotNull String str, @Nullable String str2) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("Authorization", "Bearer " + str);
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("client_id", this.options.getClientId());
        if (this.options.getClientSecret() != null) {
            jSONObject2.put("client_secret", this.options.getClientSecret());
        }
        if (str2 != null) {
            jSONObject2.put("refresh_token", str2);
        }
        jSONObject.put("Content-Type", "application/x-www-form-urlencoded");
        String jsonToQuery = AuthUtils.jsonToQuery(jSONObject2);
        jSONObject.put("Accept", "application/json,application/x-www-form-urlencoded;q=0.9");
        return fetch(HttpMethod.POST, this.options.getLogoutPath(), jSONObject, jsonToQuery).thenCompose(httpResponse -> {
            return (httpResponse.statusCode() < 200 || httpResponse.statusCode() >= 300) ? CompletableFuture.failedFuture(new RuntimeException("Bad Response [" + httpResponse.statusCode() + "] " + ((String) httpResponse.body()))) : CompletableFuture.completedFuture(null);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CompletableFuture<HttpResponse<String>> fetch(HttpMethod httpMethod, String str, JSONObject jSONObject, String str2) {
        if (str == null || str.isEmpty()) {
            return CompletableFuture.failedFuture(new IllegalArgumentException("Invalid path"));
        }
        HttpRequest.Builder uri = HttpRequest.newBuilder().uri(URI.create(str.charAt(0) == '/' ? this.options.getSite() + str : str));
        JSONObject headers = this.options.getHeaders();
        if (headers != null) {
            for (Map.Entry entry : headers.toMap().entrySet()) {
                uri.header((String) entry.getKey(), (String) entry.getValue());
            }
        }
        if (jSONObject != null) {
            for (Map.Entry entry2 : jSONObject.toMap().entrySet()) {
                uri.header((String) entry2.getKey(), (String) entry2.getValue());
            }
        }
        if (this.options.getUserAgent() != null) {
            uri.header("User-Agent", this.options.getUserAgent());
        }
        if (httpMethod != HttpMethod.POST && httpMethod != HttpMethod.PATCH && httpMethod != HttpMethod.PUT) {
            str2 = null;
        }
        return makeRequest(uri, str2);
    }

    private CompletableFuture<HttpResponse<String>> makeRequest(HttpRequest.Builder builder, String str) {
        if (str != null) {
            builder.POST(HttpRequest.BodyPublishers.ofByteArray(str.getBytes()));
        }
        return this.httpClient.sendAsync(builder.build(), HttpResponse.BodyHandlers.ofString()).thenCompose(httpResponse -> {
            if (httpResponse.statusCode() >= 200 && httpResponse.statusCode() < 300) {
                return CompletableFuture.completedFuture(httpResponse);
            }
            if (httpResponse.body() == null || ((String) httpResponse.body()).isEmpty()) {
                return CompletableFuture.failedFuture(new RuntimeException("Status code: " + httpResponse.statusCode()));
            }
            if (AuthUtils.containsValue(httpResponse.headers(), "application/json")) {
                JSONObject jSONObject = new JSONObject((String) httpResponse.body());
                if (!jSONObject.optString("error").isEmpty()) {
                    return !jSONObject.optString("error_description").isEmpty() ? CompletableFuture.failedFuture(new RuntimeException(jSONObject.getString("error") + ": " + jSONObject.getString("error_description"))) : CompletableFuture.failedFuture(new RuntimeException(jSONObject.getString("error")));
                }
            }
            return CompletableFuture.failedFuture(new RuntimeException(httpResponse.statusCode() + ": " + ((String) httpResponse.body())));
        });
    }
}
