package org.osiam.client.oauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Scanner;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.Header;
import org.apache.http.HeaderElement;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicNameValuePair;
import org.osiam.client.exception.ConflictException;
import org.osiam.client.exception.ConnectionInitializationException;
import org.osiam.client.exception.ForbiddenException;
import org.osiam.client.exception.InvalidAttributeException;
import org.osiam.client.exception.OsiamErrorMessage;
import org.osiam.client.exception.OsiamErrorMessage02;
import org.osiam.client.exception.UnauthorizedException;

/* loaded from: input_file:org/osiam/client/oauth/AuthService.class */
public final class AuthService {
    private static final Charset CHARSET = Charset.forName("UTF-8");
    private HttpPost post;
    private final String endpoint;
    private Header[] headers;
    private String clientId;
    private String clientSecret;
    private String clientRedirectUri;
    private String scopes;
    private String password;
    private String userName;
    private GrantType grantType;
    private HttpEntity body;

    /* loaded from: input_file:org/osiam/client/oauth/AuthService$Builder.class */
    public static class Builder {
        private String clientId;
        private String clientSecret;
        private GrantType grantType;
        private String scopes;
        private String endpoint;
        private String password;
        private String userName;
        private String clientRedirectUri;

        public Builder(String str) {
            this.endpoint = str;
        }

        public Builder setScope(Scope scope, Scope... scopeArr) {
            HashSet hashSet = new HashSet();
            hashSet.add(scope);
            for (Scope scope2 : scopeArr) {
                hashSet.add(scope2);
            }
            if (hashSet.contains(Scope.ALL)) {
                this.scopes = Scope.ALL.toString();
            } else {
                StringBuilder sb = new StringBuilder();
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    sb.append(" ").append(((Scope) it.next()).toString());
                }
                this.scopes = sb.toString().trim();
            }
            return this;
        }

        public Builder setScope(String str) {
            this.scopes = str;
            return this;
        }

        public Builder setGrantType(GrantType grantType) {
            this.grantType = grantType;
            return this;
        }

        public Builder setClientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder setClientRedirectUri(String str) {
            this.clientRedirectUri = str;
            return this;
        }

        public Builder setClientSecret(String str) {
            this.clientSecret = str;
            return this;
        }

        public Builder setUsername(String str) {
            this.userName = str;
            return this;
        }

        public Builder setPassword(String str) {
            this.password = str;
            return this;
        }

        public AuthService build() {
            ensureAllNeededParameterAreCorrect();
            return new AuthService(this);
        }

        private void ensureAllNeededParameterAreCorrect() {
            if (this.clientId == null || this.clientSecret == null) {
                throw new IllegalArgumentException("The provided client credentials are incomplete.");
            }
            if (this.scopes == null) {
                throw new IllegalArgumentException("At least one scope needs to be set.");
            }
            if (this.grantType == null) {
                throw new IllegalArgumentException("The grant type is not set.");
            }
            if (this.grantType.equals(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS) && this.userName == null && this.password == null) {
                throw new IllegalArgumentException("The grant type 'password' requires username and password");
            }
            if ((this.grantType.equals(GrantType.CLIENT_CREDENTIALS) || this.grantType.equals(GrantType.AUTHORIZATION_CODE)) && !(this.userName == null && this.password == null)) {
                throw new IllegalArgumentException("For the grant type '" + this.grantType + "' setting of password and username are not allowed.");
            }
            if (this.grantType.equals(GrantType.AUTHORIZATION_CODE) && this.clientRedirectUri == null) {
                throw new IllegalArgumentException("For the grant type '" + this.grantType + "' the redirect Uri is needed.");
            }
        }
    }

    private AuthService(Builder builder) {
        this.endpoint = builder.endpoint;
        this.scopes = builder.scopes;
        this.grantType = builder.grantType;
        this.userName = builder.userName;
        this.password = builder.password;
        this.clientId = builder.clientId;
        this.clientSecret = builder.clientSecret;
        this.clientRedirectUri = builder.clientRedirectUri;
    }

    private HttpResponse performRequest(AccessToken... accessTokenArr) {
        buildHead();
        buildBody(accessTokenArr);
        this.post = new HttpPost(getFinalEndpoint());
        this.post.setHeaders(this.headers);
        this.post.setEntity(this.body);
        try {
            return new DefaultHttpClient().execute(this.post);
        } catch (IOException e) {
            throw new ConnectionInitializationException("Unable to perform Request ", e);
        }
    }

    private void buildHead() {
        this.headers = new Header[]{new BasicHeader("Authorization", "Basic " + encodeClientCredentials(this.clientId, this.clientSecret)), new BasicHeader("Accept", ContentType.APPLICATION_JSON.getMimeType())};
    }

    private String encodeClientCredentials(String str, String str2) {
        return new String(Base64.encodeBase64((str + ":" + str2).getBytes(CHARSET)), CHARSET);
    }

    private void buildBody(AccessToken... accessTokenArr) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("scope", this.scopes));
        arrayList.add(new BasicNameValuePair("grant_type", this.grantType.getUrlParam()));
        if (this.grantType != GrantType.REFRESH_TOKEN) {
            if (this.userName != null) {
                arrayList.add(new BasicNameValuePair("username", this.userName));
            }
            if (this.password != null) {
                arrayList.add(new BasicNameValuePair("password", this.password));
            }
        } else if (this.grantType == GrantType.REFRESH_TOKEN && accessTokenArr.length != 0) {
            if (accessTokenArr[0].getRefreshToken() == null) {
                throw new ConnectionInitializationException("Unable to perform a refresh_token_grant request without refresh token.");
            }
            arrayList.add(new BasicNameValuePair("refresh_token", accessTokenArr[0].getRefreshToken()));
        }
        try {
            this.body = new UrlEncodedFormEntity(arrayList);
        } catch (UnsupportedEncodingException e) {
            throw new ConnectionInitializationException("Unable to Build Request in this encoding.", e);
        }
    }

    public AccessToken retrieveAccessToken() {
        if (this.grantType == GrantType.AUTHORIZATION_CODE) {
            throw new IllegalAccessError("For the grant type " + GrantType.AUTHORIZATION_CODE + " you need to retrieve a authentication code first.");
        }
        HttpResponse performRequest = performRequest(new AccessToken[0]);
        checkAndHandleHttpStatus(performRequest, performRequest.getStatusLine().getStatusCode());
        return getAccessToken(performRequest);
    }

    private void checkAndHandleHttpStatus(HttpResponse httpResponse, int i) {
        if (i != 200) {
            switch (i) {
                case 400:
                    throw new ConnectionInitializationException(getErrorMessage(httpResponse, "Unable to create Connection. Please make sure that you have the correct grants."));
                case 401:
                    throw new UnauthorizedException(getErrorMessage(httpResponse, "You are not authorized to directly retrieve a access token."));
                case 402:
                case 403:
                default:
                    throw new ConnectionInitializationException(getErrorMessage(httpResponse, String.format("Unable to setup connection (HTTP Status Code: %d)", Integer.valueOf(i))));
                case 404:
                    throw new ConnectionInitializationException(getErrorMessage(httpResponse, "Unable to find the given OSIAM service (" + getFinalEndpoint() + ")"));
            }
        }
    }

    private String getErrorMessage(HttpResponse httpResponse, String str) {
        String str2;
        InputStream inputStream = null;
        try {
            InputStream content = httpResponse.getEntity().getContent();
            String next = new Scanner(content, "UTF-8").useDelimiter("\\A").next();
            ObjectMapper objectMapper = new ObjectMapper();
            str2 = next.contains("error_code") ? ((OsiamErrorMessage) objectMapper.readValue(next, OsiamErrorMessage.class)).getDescription() : ((OsiamErrorMessage02) objectMapper.readValue(next, OsiamErrorMessage02.class)).getDescription();
            if (content != null) {
                try {
                    content.close();
                } catch (IOException e) {
                }
            }
        } catch (Exception e2) {
            str2 = str;
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    throw th;
                }
            }
            throw th;
        }
        if (str2 == null) {
            str2 = str;
        }
        return str2;
    }

    public URI getRedirectLoginUri() {
        if (this.grantType != GrantType.AUTHORIZATION_CODE) {
            throw new IllegalAccessError("You need to use the GrantType " + GrantType.AUTHORIZATION_CODE + " to be able to use this method.");
        }
        try {
            return new URIBuilder().setPath(getFinalEndpoint()).addParameter("client_id", this.clientId).addParameter("response_type", "code").addParameter("redirect_uri", this.clientRedirectUri).addParameter("scope", this.scopes).build();
        } catch (URISyntaxException e) {
            throw new ConnectionInitializationException("Unable to create redirect URI", e);
        }
    }

    public AccessToken retrieveAccessToken(HttpResponse httpResponse) {
        String str = null;
        HeaderElement[] elements = httpResponse.getLastHeader("Location").getElements();
        int length = elements.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            HeaderElement headerElement = elements[i];
            if (headerElement.getName().contains("code")) {
                str = headerElement.getValue();
                break;
            }
            if (headerElement.getName().contains("error")) {
                throw new ForbiddenException("The user had denied the acces to his data.");
            }
            i++;
        }
        if (str == null) {
            throw new InvalidAttributeException("Could not find any auth code or error message in the given Response");
        }
        return retrieveAccessToken(str);
    }

    public AccessToken retrieveAccessToken(String str) {
        if (str == null) {
            throw new IllegalArgumentException("The given authentication code can't be null.");
        }
        try {
            HttpResponse execute = new DefaultHttpClient().execute(getWebRessourceToEchangeAuthCode(str));
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode == 200) {
                return getAccessToken(execute);
            }
            switch (statusCode) {
                case 400:
                    throw new ConflictException(getErrorMessage(execute, "Could not exchange yout authentication code against a access token."));
                default:
                    throw new ConnectionInitializationException(getErrorMessage(execute, String.format("Unable to setup connection (HTTP Status Code: %d)", Integer.valueOf(statusCode))));
            }
        } catch (IOException e) {
            throw new ConnectionInitializationException("Unable to setup connection", e);
        }
    }

    private AccessToken getAccessToken(HttpResponse httpResponse) {
        try {
            return (AccessToken) new ObjectMapper().readValue(httpResponse.getEntity().getContent(), AccessToken.class);
        } catch (IOException e) {
            throw new ConnectionInitializationException("Unable to retrieve access token: IOException", e);
        }
    }

    private String getFinalEndpoint() {
        String str = this.endpoint;
        return this.grantType.equals(GrantType.AUTHORIZATION_CODE) ? str + "/oauth/authorize" : str + "/oauth/token";
    }

    private HttpPost getWebRessourceToEchangeAuthCode(String str) {
        HttpPost httpPost = new HttpPost(this.endpoint + "/oauth/token");
        httpPost.addHeader("Authorization", "Basic " + encodeClientCredentials(this.clientId, this.clientSecret));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("code", str));
        arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        arrayList.add(new BasicNameValuePair("redirect_uri", this.clientRedirectUri));
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            return httpPost;
        } catch (UnsupportedEncodingException e) {
            throw new ConnectionInitializationException("Unable to Build Request in this encoding.", e);
        }
    }

    public AccessToken refreshAccessToken(AccessToken accessToken, Scope[] scopeArr) {
        if (scopeArr.length != 0) {
            StringBuilder sb = new StringBuilder();
            for (Scope scope : scopeArr) {
                sb.append(" ").append(scope.toString());
            }
            this.scopes = sb.toString().trim();
        }
        this.grantType = GrantType.REFRESH_TOKEN;
        HttpResponse performRequest = performRequest(accessToken);
        checkAndHandleHttpStatus(performRequest, performRequest.getStatusLine().getStatusCode());
        return getAccessToken(performRequest);
    }
}
