package one.jpro.platform.auth.core.oauth2;

import com.auth0.jwk.JwkException;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.jpro.webapi.WebAPI;
import java.net.InetAddress;
import java.time.Instant;
import java.util.Base64;
import java.util.Collection;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import javafx.stage.Stage;
import one.jpro.platform.auth.core.authentication.Authentication;
import one.jpro.platform.auth.core.authentication.AuthenticationException;
import one.jpro.platform.auth.core.authentication.AuthenticationProvider;
import one.jpro.platform.auth.core.authentication.Credentials;
import one.jpro.platform.auth.core.authentication.User;
import one.jpro.platform.auth.core.http.HttpOptions;
import one.jpro.platform.auth.core.http.HttpServer;
import one.jpro.platform.auth.core.jwt.TokenExpiredException;
import one.jpro.platform.auth.core.oauth2.provider.OpenIDAuthenticationProvider;
import one.jpro.platform.auth.core.utils.AuthUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:one/jpro/platform/auth/core/oauth2/OAuth2AuthenticationProvider.class */
public class OAuth2AuthenticationProvider implements AuthenticationProvider<Credentials> {
    private static final Logger logger = LoggerFactory.getLogger(OAuth2AuthenticationProvider.class);
    private static final Base64.Decoder BASE64_DECODER = AuthUtils.BASE64_DECODER;

    @Nullable
    private final Stage stage;

    @NotNull
    private final OAuth2API api;

    @NotNull
    private final OAuth2Options options;
    private HttpServer httpServer;

    public OAuth2AuthenticationProvider(@Nullable Stage stage, @NotNull OAuth2API oAuth2API) {
        this.stage = stage;
        this.api = (OAuth2API) Objects.requireNonNull(oAuth2API, "OAuth2 api cannot be null");
        this.options = oAuth2API.getOptions();
        this.options.validate();
        this.httpServer = HttpServer.create(stage);
    }

    public OAuth2AuthenticationProvider(@Nullable Stage stage, @NotNull OAuth2Options oAuth2Options) {
        this(stage, new OAuth2API(oAuth2Options));
    }

    @NotNull
    public final OAuth2Options getOptions() {
        return this.options;
    }

    public CompletableFuture<String> authorizeUrl(@NotNull OAuth2Credentials oAuth2Credentials) {
        Objects.requireNonNull(oAuth2Credentials, "OAuth2Credentials cannot be null");
        String authorizeURL = this.api.authorizeURL(oAuth2Credentials.setNormalizedRedirectUri(normalizeUri(oAuth2Credentials.getRedirectUri())));
        logger.debug("Authorize URL: {}", authorizeURL);
        if (!WebAPI.isBrowser()) {
            if (this.httpServer != null) {
                this.httpServer.stop();
            }
            this.httpServer = HttpServer.create(this.stage);
        }
        return this.httpServer.openURL(authorizeURL);
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x0087 A[Catch: ClassCastException | CredentialValidationException -> 0x0295, ClassCastException | CredentialValidationException -> 0x0295, TryCatch #0 {ClassCastException | CredentialValidationException -> 0x0295, blocks: (B:2:0x0000, B:2:0x0000, B:4:0x0007, B:4:0x0007, B:7:0x0033, B:7:0x0033, B:9:0x003a, B:9:0x003a, B:11:0x0044, B:11:0x0044, B:23:0x005f, B:23:0x005f, B:16:0x007d, B:16:0x007d, B:18:0x0087, B:18:0x0087, B:20:0x0094, B:20:0x0094, B:15:0x0070, B:15:0x0070, B:24:0x00ab, B:24:0x00ab, B:26:0x00d5, B:26:0x00d5, B:28:0x00e7, B:28:0x00e7, B:30:0x00f1, B:30:0x00f1, B:32:0x00fe, B:32:0x00fe, B:34:0x0107, B:34:0x0107, B:35:0x011e, B:35:0x011e, B:37:0x012e, B:37:0x012e, B:38:0x0140, B:38:0x0140, B:40:0x0150, B:40:0x0150, B:42:0x015f, B:42:0x015f, B:44:0x0173, B:44:0x0173, B:46:0x0181, B:47:0x018a, B:48:0x01a8, B:50:0x01bb, B:51:0x01cc, B:53:0x01d3, B:54:0x027c, B:54:0x027c, B:56:0x01e3, B:58:0x0201, B:59:0x021a, B:61:0x0221, B:62:0x023a, B:64:0x0241, B:65:0x024e, B:67:0x0255, B:68:0x026e, B:70:0x0137, B:70:0x0137), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0094 A[Catch: ClassCastException | CredentialValidationException -> 0x0295, ClassCastException | CredentialValidationException -> 0x0295, TRY_ENTER, TryCatch #0 {ClassCastException | CredentialValidationException -> 0x0295, blocks: (B:2:0x0000, B:2:0x0000, B:4:0x0007, B:4:0x0007, B:7:0x0033, B:7:0x0033, B:9:0x003a, B:9:0x003a, B:11:0x0044, B:11:0x0044, B:23:0x005f, B:23:0x005f, B:16:0x007d, B:16:0x007d, B:18:0x0087, B:18:0x0087, B:20:0x0094, B:20:0x0094, B:15:0x0070, B:15:0x0070, B:24:0x00ab, B:24:0x00ab, B:26:0x00d5, B:26:0x00d5, B:28:0x00e7, B:28:0x00e7, B:30:0x00f1, B:30:0x00f1, B:32:0x00fe, B:32:0x00fe, B:34:0x0107, B:34:0x0107, B:35:0x011e, B:35:0x011e, B:37:0x012e, B:37:0x012e, B:38:0x0140, B:38:0x0140, B:40:0x0150, B:40:0x0150, B:42:0x015f, B:42:0x015f, B:44:0x0173, B:44:0x0173, B:46:0x0181, B:47:0x018a, B:48:0x01a8, B:50:0x01bb, B:51:0x01cc, B:53:0x01d3, B:54:0x027c, B:54:0x027c, B:56:0x01e3, B:58:0x0201, B:59:0x021a, B:61:0x0221, B:62:0x023a, B:64:0x0241, B:65:0x024e, B:67:0x0255, B:68:0x026e, B:70:0x0137, B:70:0x0137), top: B:1:0x0000 }] */
    @Override // one.jpro.platform.auth.core.authentication.AuthenticationProvider
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.concurrent.CompletableFuture<one.jpro.platform.auth.core.authentication.User> authenticate(@org.jetbrains.annotations.NotNull one.jpro.platform.auth.core.authentication.Credentials r6) {
        /*
            Method dump skipped, instructions count: 667
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: one.jpro.platform.auth.core.oauth2.OAuth2AuthenticationProvider.authenticate(one.jpro.platform.auth.core.authentication.Credentials):java.util.concurrent.CompletableFuture");
    }

    public CompletableFuture<OpenIDAuthenticationProvider> discover() {
        return this.api.discover(this.stage, this.options);
    }

    public CompletableFuture<JSONObject> introspect(User user, String str) {
        return this.api.tokenIntrospection(str, user.toJSON().getJSONObject(Authentication.KEY_ATTRIBUTES).optJSONObject("auth").get(str).toString());
    }

    public CompletableFuture<User> refresh(User user) throws IllegalStateException {
        String optString = user.toJSON().getJSONObject(Authentication.KEY_ATTRIBUTES).optJSONObject("auth").optString("refresh_token");
        return (optString == null || optString.isBlank()) ? CompletableFuture.failedFuture(new IllegalStateException("refresh_token is null or missing")) : this.api.token("refresh_token", new JSONObject().put("refresh_token", optString)).thenCompose(jSONObject -> {
            try {
                return CompletableFuture.completedFuture(createUser(jSONObject));
            } catch (IllegalStateException | TokenExpiredException e) {
                return CompletableFuture.failedFuture(e);
            } catch (JwkException e2) {
                return CompletableFuture.failedFuture(new RuntimeException(e2.getMessage(), e2));
            }
        });
    }

    public CompletableFuture<Void> revoke(User user, String str) {
        return this.api.tokenRevocation(str, user.toJSON().getJSONObject(Authentication.KEY_ATTRIBUTES).optJSONObject("auth").get(str).toString());
    }

    public CompletableFuture<JSONObject> userInfo(@NotNull User user) {
        Objects.requireNonNull(user, "User must not be null");
        JSONObject jSONObject = user.toJSON().getJSONObject(Authentication.KEY_ATTRIBUTES).getJSONObject("auth");
        return this.api.userInfo(jSONObject.getString("access_token")).thenCompose(jSONObject2 -> {
            JSONObject optJSONObject = jSONObject.optJSONObject("accessToken");
            if (optJSONObject != null && optJSONObject.has("sub") && !optJSONObject.getString("sub").equals(jSONObject2.getString("sub"))) {
                return CompletableFuture.failedFuture(new AuthenticationException("User subject does not match UserInfo subject"));
            }
            if (jSONObject2.has("token")) {
                try {
                    verifyToken(jSONObject2.getString("token"), false);
                } catch (IllegalStateException | TokenExpiredException e) {
                    return CompletableFuture.failedFuture(e);
                } catch (JwkException e2) {
                    return CompletableFuture.failedFuture(new AuthenticationException(e2.getMessage(), e2));
                }
            }
            return CompletableFuture.completedFuture(jSONObject2);
        });
    }

    public CompletableFuture<Void> logout(@NotNull User user) {
        JSONObject jSONObject = user.toJSON().getJSONObject(Authentication.KEY_ATTRIBUTES).getJSONObject("auth");
        return this.api.logout(jSONObject.getString("access_token"), jSONObject.optString("refresh_token"));
    }

    private User createUser(@NotNull JSONObject jSONObject) throws JwkException, TokenExpiredException, IllegalStateException {
        Objects.requireNonNull(jSONObject, "json can not be null");
        JSONObject jSONObject2 = new JSONObject();
        JSONObject jSONObject3 = new JSONObject(jSONObject.toString());
        if (jSONObject.has("access_token")) {
            try {
                JSONObject verifyToken = verifyToken(jSONObject.getString("access_token"), false);
                jSONObject3.put("accessToken", verifyToken);
                JSONObject jSONObject4 = verifyToken.getJSONObject("payload");
                if (jSONObject4.has(Authentication.KEY_NAME)) {
                    jSONObject2.put(Authentication.KEY_NAME, jSONObject4.getString(Authentication.KEY_NAME));
                } else if (jSONObject4.has("email")) {
                    jSONObject2.put(Authentication.KEY_NAME, jSONObject4.getString("email"));
                }
                jSONObject3.put("claimToken", "accessToken");
            } catch (JWTDecodeException | IllegalStateException e) {
                logger.trace("Cannot decode access token:", e);
            }
        }
        if (jSONObject.has("id_token")) {
            try {
                JSONObject verifyToken2 = verifyToken(jSONObject.getString("id_token"), true);
                jSONObject3.put("idToken", verifyToken2);
                JSONObject jSONObject5 = verifyToken2.getJSONObject("payload");
                if (jSONObject5.has(Authentication.KEY_NAME)) {
                    jSONObject2.put(Authentication.KEY_NAME, jSONObject5.getString(Authentication.KEY_NAME));
                } else if (jSONObject5.has("email")) {
                    jSONObject2.put(Authentication.KEY_NAME, jSONObject5.getString("email"));
                }
            } catch (JWTDecodeException | IllegalStateException e2) {
                logger.trace("Cannot decode id token:", e2);
            }
        }
        jSONObject2.put(Authentication.KEY_ATTRIBUTES, new JSONObject().put("auth", jSONObject3));
        return new User(jSONObject2);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:14:0x006d. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:18:0x00ef A[Catch: TokenExpiredException -> 0x013c, TryCatch #1 {TokenExpiredException -> 0x013c, blocks: (B:3:0x0008, B:5:0x0018, B:6:0x0032, B:7:0x004c, B:10:0x005d, B:14:0x006d, B:15:0x0088, B:76:0x0097, B:77:0x00c6, B:16:0x00e4, B:18:0x00ef, B:19:0x00f9, B:21:0x00fa, B:24:0x011d, B:80:0x00b2, B:81:0x00c5, B:85:0x0134), top: B:2:0x0008, inners: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x00fa A[Catch: TokenExpiredException -> 0x013c, TryCatch #1 {TokenExpiredException -> 0x013c, blocks: (B:3:0x0008, B:5:0x0018, B:6:0x0032, B:7:0x004c, B:10:0x005d, B:14:0x006d, B:15:0x0088, B:76:0x0097, B:77:0x00c6, B:16:0x00e4, B:18:0x00ef, B:19:0x00f9, B:21:0x00fa, B:24:0x011d, B:80:0x00b2, B:81:0x00c5, B:85:0x0134), top: B:2:0x0008, inners: #0 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.json.JSONObject verifyToken(java.lang.String r7, boolean r8) throws com.auth0.jwk.JwkException, one.jpro.platform.auth.core.jwt.TokenExpiredException, java.lang.IllegalStateException {
        /*
            Method dump skipped, instructions count: 695
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: one.jpro.platform.auth.core.oauth2.OAuth2AuthenticationProvider.verifyToken(java.lang.String, boolean):org.json.JSONObject");
    }

    private JSONObject jwtToJson(DecodedJWT decodedJWT, String str) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("token", decodedJWT.getToken());
        jSONObject.put("token_type", str);
        Optional.ofNullable(decodedJWT.getHeader()).ifPresent(str2 -> {
            jSONObject.put("header", new JSONObject(new String(BASE64_DECODER.decode(str2))));
        });
        Optional.ofNullable(decodedJWT.getPayload()).ifPresent(str3 -> {
            jSONObject.put("payload", new JSONObject(new String(BASE64_DECODER.decode(str3))));
        });
        Optional.ofNullable(decodedJWT.getSignature()).ifPresent(str4 -> {
            jSONObject.put("signature", str4);
        });
        Optional.ofNullable(decodedJWT.getIssuer()).ifPresent(str5 -> {
            jSONObject.put("iss", str5);
        });
        Optional.ofNullable(decodedJWT.getSubject()).ifPresent(str6 -> {
            jSONObject.put("sub", str6);
        });
        Optional.ofNullable(decodedJWT.getAudience()).ifPresent(list -> {
            jSONObject.put("aud", new JSONArray((Collection) list));
        });
        Optional.ofNullable(decodedJWT.getExpiresAt()).map((v0) -> {
            return v0.getTime();
        }).ifPresent(l -> {
            jSONObject.put("exp", l);
        });
        Optional.ofNullable(decodedJWT.getIssuedAt()).map((v0) -> {
            return v0.getTime();
        }).ifPresent(l2 -> {
            jSONObject.put("iat", l2);
        });
        Optional.ofNullable(decodedJWT.getNotBefore()).map((v0) -> {
            return v0.getTime();
        }).ifPresent(l3 -> {
            jSONObject.put("nbr", l3);
        });
        Optional.ofNullable(decodedJWT.getId()).ifPresent(str7 -> {
            jSONObject.put("kid", str7);
        });
        Optional.ofNullable(decodedJWT.getClaim("azp")).ifPresent(claim -> {
            jSONObject.put("azp", claim.asString());
        });
        Optional.ofNullable(decodedJWT.getClaims()).ifPresent(map -> {
            jSONObject.put("claims", new JSONArray((Collection) map.keySet()));
        });
        return jSONObject;
    }

    private boolean hasExpired(User user) {
        if (!user.getAttributes().containsKey("auth")) {
            return false;
        }
        JSONObject jSONObject = (JSONObject) user.getAttributes().get("auth");
        if (jSONObject.has("exp")) {
            return Instant.ofEpochMilli(jSONObject.getLong("exp")).isBefore(Instant.now());
        }
        return false;
    }

    private String normalizeUri(String str) {
        String str2 = str;
        if (this.httpServer != null && str2 != null && str2.charAt(0) == '/') {
            int serverPort = this.httpServer.getServerPort();
            String serverHost = this.httpServer.getServerHost();
            boolean equals = serverHost.equals(HttpOptions.DEFAULT_HOST);
            if (this.options.isUseLoopbackIpAddress() && equals) {
                serverHost = InetAddress.getLoopbackAddress().getHostAddress();
            }
            if (serverPort > 0) {
                serverHost = serverHost + ":" + serverPort;
            }
            str2 = (equals ? "http://" + serverHost : "https://" + serverHost) + str2;
        }
        return str2;
    }
}
