package org.eclipse.smarthome.auth.oauth2client.internal;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.eclipse.jetty.util.UrlEncoded;
import org.eclipse.smarthome.core.auth.client.oauth2.AccessTokenRefreshListener;
import org.eclipse.smarthome.core.auth.client.oauth2.AccessTokenResponse;
import org.eclipse.smarthome.core.auth.client.oauth2.OAuthClientService;
import org.eclipse.smarthome.core.auth.client.oauth2.OAuthException;
import org.eclipse.smarthome.core.auth.client.oauth2.OAuthResponseException;
import org.eclipse.smarthome.io.net.http.HttpClientFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@NonNullByDefault
/* loaded from: input_file:org/eclipse/smarthome/auth/oauth2client/internal/OAuthClientServiceImpl.class */
public class OAuthClientServiceImpl implements OAuthClientService {
    public static final int DEFAULT_TOKEN_EXPIRES_IN_BUFFER_SECOND = 10;
    private static final String EXCEPTION_MESSAGE_CLOSED = "Client service is closed";

    @NonNullByDefault({})
    private OAuthStoreHandler storeHandler;
    private final String handle;
    private final int tokenExpiresInSeconds;
    private final HttpClientFactory httpClientFactory;
    private final transient Logger logger = LoggerFactory.getLogger(OAuthClientServiceImpl.class);
    private final List<AccessTokenRefreshListener> accessTokenRefreshListeners = new ArrayList();
    private PersistedParams persistedParams = new PersistedParams();
    private volatile boolean closed = false;

    private OAuthClientServiceImpl(String str, int i, HttpClientFactory httpClientFactory) {
        this.handle = str;
        this.tokenExpiresInSeconds = i;
        this.httpClientFactory = httpClientFactory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OAuthClientServiceImpl getInstance(String str, OAuthStoreHandler oAuthStoreHandler, int i, HttpClientFactory httpClientFactory) {
        PersistedParams loadPersistedParams = oAuthStoreHandler.loadPersistedParams(str);
        if (loadPersistedParams == null) {
            return null;
        }
        OAuthClientServiceImpl oAuthClientServiceImpl = new OAuthClientServiceImpl(str, i, httpClientFactory);
        oAuthClientServiceImpl.storeHandler = oAuthStoreHandler;
        oAuthClientServiceImpl.persistedParams = loadPersistedParams;
        return oAuthClientServiceImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OAuthClientServiceImpl createInstance(String str, OAuthStoreHandler oAuthStoreHandler, HttpClientFactory httpClientFactory, PersistedParams persistedParams) {
        OAuthClientServiceImpl oAuthClientServiceImpl = new OAuthClientServiceImpl(str, persistedParams.tokenExpiresInSeconds, httpClientFactory);
        oAuthClientServiceImpl.storeHandler = oAuthStoreHandler;
        oAuthClientServiceImpl.persistedParams = persistedParams;
        oAuthStoreHandler.savePersistedParams(str, oAuthClientServiceImpl.persistedParams);
        return oAuthClientServiceImpl;
    }

    public String getAuthorizationUrl(String str, String str2, String str3) throws OAuthException {
        if (str3 == null) {
            this.persistedParams.state = createNewState();
        } else {
            this.persistedParams.state = str3;
        }
        String str4 = str2 == null ? this.persistedParams.scope : str2;
        this.persistedParams.redirectUri = str;
        String str5 = this.persistedParams.authorizationUrl;
        if (str5 == null) {
            throw new OAuthException("Missing authorization url");
        }
        String str6 = this.persistedParams.clientId;
        if (str6 == null) {
            throw new OAuthException("Missing client ID");
        }
        return new OAuthConnector(this.httpClientFactory).getAuthorizationUrl(str5, str6, str, this.persistedParams.state, str4);
    }

    public String extractAuthCodeFromAuthResponse(String str) throws OAuthException {
        try {
            UrlEncoded urlEncoded = new UrlEncoded(new URL(str).getQuery());
            String str2 = (String) urlEncoded.getValue(Keyword.STATE, 0);
            if (str2 == null) {
                if (this.persistedParams.state == null) {
                    return (String) urlEncoded.getValue(Keyword.CODE, 0);
                }
                throw new OAuthException(String.format("state from redirectURL is incorrect.  Expected: %s Found: %s", this.persistedParams.state, str2));
            }
            if (str2.equals(this.persistedParams.state)) {
                return (String) urlEncoded.getValue(Keyword.CODE, 0);
            }
            throw new OAuthException(String.format("state from redirectURL is incorrect.  Expected: %s Found: %s", this.persistedParams.state, str2));
        } catch (MalformedURLException e) {
            throw new OAuthException("Redirect URL is malformed", e);
        }
    }

    public AccessTokenResponse getAccessTokenResponseByAuthorizationCode(String str, String str2) throws OAuthException, IOException, OAuthResponseException {
        if (isClosed()) {
            throw new OAuthException(EXCEPTION_MESSAGE_CLOSED);
        }
        OAuthConnector oAuthConnector = new OAuthConnector(this.httpClientFactory);
        if (this.persistedParams.redirectUri != null && !this.persistedParams.redirectUri.equals(str2)) {
            throw new OAuthException(String.format("redirectURI should be the same from previous call #getAuthorizationUrl.  Expected: %s Found: %s", this.persistedParams.redirectUri, str2));
        }
        String str3 = this.persistedParams.tokenUrl;
        if (str3 == null) {
            throw new OAuthException("Missing token url");
        }
        String str4 = this.persistedParams.clientId;
        if (str4 == null) {
            throw new OAuthException("Missing client ID");
        }
        AccessTokenResponse grantTypeAuthorizationCode = oAuthConnector.grantTypeAuthorizationCode(str3, str, str4, this.persistedParams.clientSecret, str2, Boolean.TRUE.equals(this.persistedParams.supportsBasicAuth));
        this.storeHandler.saveAccessTokenResponse(this.handle, grantTypeAuthorizationCode);
        return grantTypeAuthorizationCode;
    }

    public AccessTokenResponse getAccessTokenByImplicit(String str, String str2, String str3) throws OAuthException, IOException, OAuthResponseException {
        throw new UnsupportedOperationException("Implicit Grant is not implemented");
    }

    public AccessTokenResponse getAccessTokenByResourceOwnerPasswordCredentials(String str, String str2, String str3) throws OAuthException, IOException, OAuthResponseException {
        if (isClosed()) {
            throw new OAuthException(EXCEPTION_MESSAGE_CLOSED);
        }
        OAuthConnector oAuthConnector = new OAuthConnector(this.httpClientFactory);
        String str4 = this.persistedParams.tokenUrl;
        if (str4 == null) {
            throw new OAuthException("Missing token url");
        }
        AccessTokenResponse grantTypePassword = oAuthConnector.grantTypePassword(str4, str, str2, this.persistedParams.clientId, this.persistedParams.clientSecret, str3, Boolean.TRUE.equals(this.persistedParams.supportsBasicAuth));
        this.storeHandler.saveAccessTokenResponse(this.handle, grantTypePassword);
        return grantTypePassword;
    }

    public AccessTokenResponse getAccessTokenByClientCredentials(String str) throws OAuthException, IOException, OAuthResponseException {
        if (isClosed()) {
            throw new OAuthException(EXCEPTION_MESSAGE_CLOSED);
        }
        if (this.persistedParams.tokenUrl == null) {
            throw new IllegalStateException("bull shit");
        }
        OAuthConnector oAuthConnector = new OAuthConnector(this.httpClientFactory);
        String str2 = this.persistedParams.tokenUrl;
        if (str2 == null) {
            throw new OAuthException("Missing token url");
        }
        String str3 = this.persistedParams.clientId;
        if (str3 == null) {
            throw new OAuthException("Missing client ID");
        }
        AccessTokenResponse grantTypeClientCredentials = oAuthConnector.grantTypeClientCredentials(str2, str3, this.persistedParams.clientSecret, str, Boolean.TRUE.equals(this.persistedParams.supportsBasicAuth));
        this.storeHandler.saveAccessTokenResponse(this.handle, grantTypeClientCredentials);
        return grantTypeClientCredentials;
    }

    public AccessTokenResponse refreshToken() throws OAuthException, IOException, OAuthResponseException {
        if (isClosed()) {
            throw new OAuthException(EXCEPTION_MESSAGE_CLOSED);
        }
        try {
            AccessTokenResponse loadAccessTokenResponse = this.storeHandler.loadAccessTokenResponse(this.handle);
            if (loadAccessTokenResponse == null) {
                throw new OAuthException("Cannot refresh token because last access token is not available from handle: " + this.handle);
            }
            if (loadAccessTokenResponse.getRefreshToken() == null) {
                throw new OAuthException("Cannot refresh token because last access token did not have a refresh token");
            }
            String str = this.persistedParams.tokenUrl;
            if (str == null) {
                throw new OAuthException("tokenUrl is required but null");
            }
            AccessTokenResponse grantTypeRefreshToken = new OAuthConnector(this.httpClientFactory).grantTypeRefreshToken(str, loadAccessTokenResponse.getRefreshToken(), this.persistedParams.clientId, this.persistedParams.clientSecret, this.persistedParams.scope, Boolean.TRUE.equals(this.persistedParams.supportsBasicAuth));
            this.storeHandler.saveAccessTokenResponse(this.handle, grantTypeRefreshToken);
            this.accessTokenRefreshListeners.forEach(accessTokenRefreshListener -> {
                accessTokenRefreshListener.onAccessTokenResponse(grantTypeRefreshToken);
            });
            return grantTypeRefreshToken;
        } catch (GeneralSecurityException e) {
            throw new OAuthException("Cannot decrypt access token from store", e);
        }
    }

    public AccessTokenResponse getAccessTokenResponse() throws OAuthException, IOException, OAuthResponseException {
        if (isClosed()) {
            throw new OAuthException(EXCEPTION_MESSAGE_CLOSED);
        }
        try {
            AccessTokenResponse loadAccessTokenResponse = this.storeHandler.loadAccessTokenResponse(this.handle);
            if (loadAccessTokenResponse == null) {
                return null;
            }
            return (!loadAccessTokenResponse.isExpired(LocalDateTime.now(), this.tokenExpiresInSeconds) || loadAccessTokenResponse.getRefreshToken() == null) ? loadAccessTokenResponse : refreshToken();
        } catch (GeneralSecurityException e) {
            throw new OAuthException("Cannot decrypt access token from store", e);
        }
    }

    public void importAccessTokenResponse(AccessTokenResponse accessTokenResponse) throws OAuthException {
        if (isClosed()) {
            throw new OAuthException(EXCEPTION_MESSAGE_CLOSED);
        }
        this.storeHandler.saveAccessTokenResponse(this.handle, accessTokenResponse);
    }

    public void setTokenExpiresInBuffer(int i) {
        this.persistedParams.tokenExpiresInSeconds = i;
    }

    public void remove() throws OAuthException {
        if (isClosed()) {
            throw new OAuthException(EXCEPTION_MESSAGE_CLOSED);
        }
        this.logger.debug("removing handle: {}", this.handle);
        this.storeHandler.remove(this.handle);
        close();
    }

    public void close() {
        this.closed = true;
        this.storeHandler = null;
        this.logger.debug("closing oauth client, handle: {}", this.handle);
    }

    public boolean isClosed() {
        return this.closed;
    }

    public void addAccessTokenRefreshListener(AccessTokenRefreshListener accessTokenRefreshListener) {
        this.accessTokenRefreshListeners.add(accessTokenRefreshListener);
    }

    public boolean removeAccessTokenRefreshListener(AccessTokenRefreshListener accessTokenRefreshListener) {
        return this.accessTokenRefreshListeners.remove(accessTokenRefreshListener);
    }

    private String createNewState() {
        return UUID.randomUUID().toString();
    }
}
