package org.aoju.bus.oauth.provider;

import com.alibaba.fastjson.JSONObject;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.aoju.bus.cache.metric.ExtendCache;
import org.aoju.bus.core.codec.Base64;
import org.aoju.bus.core.lang.Algorithm;
import org.aoju.bus.core.lang.Header;
import org.aoju.bus.core.lang.Normal;
import org.aoju.bus.core.lang.Symbol;
import org.aoju.bus.core.lang.exception.AuthorizedException;
import org.aoju.bus.core.toolkit.RandomKit;
import org.aoju.bus.core.toolkit.UriKit;
import org.aoju.bus.http.Httpx;
import org.aoju.bus.oauth.Builder;
import org.aoju.bus.oauth.Context;
import org.aoju.bus.oauth.Registry;
import org.aoju.bus.oauth.magic.AccToken;
import org.aoju.bus.oauth.magic.Callback;
import org.aoju.bus.oauth.magic.Message;
import org.aoju.bus.oauth.magic.Property;
import org.aoju.bus.oauth.metric.OauthScope;

/* loaded from: input_file:org/aoju/bus/oauth/provider/AmazonProvider.class */
public class AmazonProvider extends AbstractProvider {
    public AmazonProvider(Context context) {
        super(context, Registry.AMAZON);
    }

    public AmazonProvider(Context context, ExtendCache extendCache) {
        super(context, Registry.AMAZON, extendCache);
    }

    public static String generateCodeVerifier() {
        return Base64.encodeUrlSafe(RandomKit.randomString(50));
    }

    public static String generateCodeChallenge(String str, String str2) {
        return "S256".equalsIgnoreCase(str) ? new String(Base64.encodeUrlSafe(digest(str2), true), StandardCharsets.US_ASCII) : str2;
    }

    public static byte[] digest(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(Algorithm.SHA256);
            messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // org.aoju.bus.oauth.provider.AbstractProvider, org.aoju.bus.oauth.Provider
    public String authorize(String str) {
        Builder queryParam = Builder.fromUrl(this.source.authorize()).queryParam("client_id", this.context.getAppKey()).queryParam("scope", getScopes(Symbol.SPACE, true, getScopes(false, OauthScope.Amazon.values()))).queryParam("redirect_uri", this.context.getRedirectUri()).queryParam("response_type", "code").queryParam("state", getRealState(str));
        if (this.context.isPkce()) {
            String concat = this.source.getName().concat(":code_verifier:").concat(this.context.getAppKey());
            String generateCodeVerifier = generateCodeVerifier();
            queryParam.queryParam("code_challenge", generateCodeChallenge("S256", generateCodeVerifier)).queryParam("code_challenge_method", "S256");
            this.extendCache.cache(concat, generateCodeVerifier, TimeUnit.MINUTES.toMillis(10L));
        }
        return queryParam.build();
    }

    @Override // org.aoju.bus.oauth.provider.AbstractProvider
    protected AccToken getAccessToken(Callback callback) {
        HashMap hashMap = new HashMap(8);
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", callback.getCode());
        hashMap.put("redirect_uri", this.context.getRedirectUri());
        hashMap.put("client_id", this.context.getAppKey());
        hashMap.put("client_secret", this.context.getAppSecret());
        if (this.context.isPkce()) {
            hashMap.put("code_verifier", (String) this.extendCache.get(this.source.getName().concat(":code_verifier:").concat(this.context.getAppKey())));
        }
        return getToken(hashMap, this.source.accessToken());
    }

    @Override // org.aoju.bus.oauth.Provider
    public Message refresh(AccToken accToken) {
        HashMap hashMap = new HashMap(6);
        hashMap.put("grant_type", "refresh_token");
        hashMap.put("refresh_token", accToken.getRefreshToken());
        hashMap.put("client_id", this.context.getAppKey());
        hashMap.put("client_secret", this.context.getAppSecret());
        return Message.builder().errcode(Builder.ErrorCode.SUCCESS.getCode()).data(getToken(hashMap, this.source.refresh())).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.aoju.bus.oauth.provider.AbstractProvider
    public Property getUserInfo(AccToken accToken) {
        String accessToken = accToken.getAccessToken();
        checkToken(accessToken);
        HashMap hashMap = new HashMap();
        hashMap.put(Header.HOST, "api.amazon.com");
        hashMap.put("Authorization", "bearer " + accessToken);
        JSONObject parseObject = JSONObject.parseObject(Httpx.get(this.source.userInfo(), new HashMap(0), hashMap));
        checkResponse(parseObject);
        return Property.builder().rawJson(parseObject).uuid(parseObject.getString("user_id")).username(parseObject.getString("name")).nickname(parseObject.getString("name")).email(parseObject.getString("email")).gender(Normal.Gender.UNKNOWN).source(this.source.toString()).token(accToken).build();
    }

    @Override // org.aoju.bus.oauth.provider.AbstractProvider
    protected String userInfoUrl(AccToken accToken) {
        return Builder.fromUrl(this.source.userInfo()).queryParam("user_id", accToken.getUserId()).queryParam("screen_name", accToken.getScreenName()).queryParam("include_entities", true).build();
    }

    private void checkToken(String str) {
        if (!this.context.getAppKey().equals(JSONObject.parseObject(Httpx.get("https://api.amazon.com/auth/o2/tokeninfo?access_token=" + UriKit.encode(str))).getString("aud"))) {
            throw new AuthorizedException(Builder.ErrorCode.ILLEGAL_TOKEN.getMsg());
        }
    }

    private AccToken getToken(Map<String, Object> map, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(Header.HOST, "api.amazon.com");
        hashMap.put(Header.CONTENT_TYPE, "application/x-www-form-urlencoded;charset=UTF-8");
        JSONObject parseObject = JSONObject.parseObject(Httpx.post(str, map, hashMap));
        checkResponse(parseObject);
        return AccToken.builder().accessToken(parseObject.getString("access_token")).tokenType(parseObject.getString("token_type")).expireIn(parseObject.getIntValue("expires_in")).refreshToken(parseObject.getString("refresh_token")).build();
    }

    private void checkResponse(JSONObject jSONObject) {
        if (jSONObject.containsKey("error")) {
            throw new AuthorizedException(jSONObject.getString("error_description").concat(Symbol.SPACE) + jSONObject.getString("error_description"));
        }
    }
}
