package org.eclipse.smarthome.auth.oauth2client.internal;

import com.google.gson.FieldNamingPolicy;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonSyntaxException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.time.LocalDateTime;
import java.util.Base64;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeoutException;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.api.ContentResponse;
import org.eclipse.jetty.client.api.Request;
import org.eclipse.jetty.client.util.FormContentProvider;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.util.Fields;
import org.eclipse.smarthome.core.auth.client.oauth2.AccessTokenResponse;
import org.eclipse.smarthome.core.auth.client.oauth2.OAuthException;
import org.eclipse.smarthome.core.auth.client.oauth2.OAuthResponseException;
import org.eclipse.smarthome.io.net.http.HttpClientFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@NonNullByDefault
/* loaded from: input_file:org/eclipse/smarthome/auth/oauth2client/internal/OAuthConnector.class */
public class OAuthConnector {
    private static final String HTTP_CLIENT_CONSUMER_NAME = "OAuthConnector";
    private final HttpClientFactory httpClientFactory;
    private final Logger logger = LoggerFactory.getLogger(OAuthConnector.class);
    private final Gson gson = new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create();

    public OAuthConnector(HttpClientFactory httpClientFactory) {
        this.httpClientFactory = httpClientFactory;
    }

    public String getAuthorizationUrl(String str, String str2, String str3, String str4, String str5) {
        StringBuilder sb = new StringBuilder(str);
        if (sb.indexOf("?") == -1) {
            sb.append('?');
        } else {
            sb.append('&');
        }
        try {
            sb.append("response_type=code");
            sb.append("&client_id=").append(URLEncoder.encode(str2, StandardCharsets.UTF_8.name()));
            if (str4 != null) {
                sb.append("&state=").append(URLEncoder.encode(str4, StandardCharsets.UTF_8.name()));
            }
            if (str3 != null) {
                sb.append("&redirect_uri=").append(URLEncoder.encode(str3, StandardCharsets.UTF_8.name()));
            }
            if (str5 != null) {
                sb.append("&scope=").append(URLEncoder.encode(str5, StandardCharsets.UTF_8.name()));
            }
        } catch (UnsupportedEncodingException e) {
            this.logger.error("Unknown encoding {}", e.getMessage(), e);
        }
        return sb.toString();
    }

    public AccessTokenResponse grantTypePassword(String str, String str2, String str3, String str4, String str5, String str6, boolean z) throws OAuthResponseException, OAuthException, IOException {
        HttpClient httpClient = null;
        try {
            httpClient = createHttpClient(str);
            Request method = getMethod(httpClient, str);
            Fields initFields = initFields(Keyword.GRANT_TYPE, Keyword.PASSWORD, Keyword.USERNAME, str2, Keyword.PASSWORD, str3, Keyword.SCOPE, str6);
            setAuthentication(str4, str5, method, initFields, z);
            AccessTokenResponse doRequest = doRequest(Keyword.PASSWORD, httpClient, method, initFields);
            shutdownQuietly(httpClient);
            return doRequest;
        } catch (Throwable th) {
            shutdownQuietly(httpClient);
            throw th;
        }
    }

    public AccessTokenResponse grantTypeRefreshToken(String str, String str2, String str3, String str4, String str5, boolean z) throws OAuthResponseException, OAuthException, IOException {
        HttpClient httpClient = null;
        try {
            httpClient = createHttpClient(str);
            Request method = getMethod(httpClient, str);
            Fields initFields = initFields(Keyword.GRANT_TYPE, Keyword.REFRESH_TOKEN, Keyword.REFRESH_TOKEN, str2, Keyword.SCOPE, str5);
            setAuthentication(str3, str4, method, initFields, z);
            AccessTokenResponse doRequest = doRequest(Keyword.REFRESH_TOKEN, httpClient, method, initFields);
            shutdownQuietly(httpClient);
            return doRequest;
        } catch (Throwable th) {
            shutdownQuietly(httpClient);
            throw th;
        }
    }

    public AccessTokenResponse grantTypeAuthorizationCode(String str, String str2, String str3, String str4, String str5, boolean z) throws OAuthResponseException, OAuthException, IOException {
        HttpClient httpClient = null;
        try {
            httpClient = createHttpClient(str);
            Request method = getMethod(httpClient, str);
            Fields initFields = initFields(Keyword.GRANT_TYPE, Keyword.AUTHORIZATION_CODE, Keyword.CODE, str2, Keyword.REDIRECT_URI, str5);
            setAuthentication(str3, str4, method, initFields, z);
            AccessTokenResponse doRequest = doRequest(Keyword.AUTHORIZATION_CODE, httpClient, method, initFields);
            shutdownQuietly(httpClient);
            return doRequest;
        } catch (Throwable th) {
            shutdownQuietly(httpClient);
            throw th;
        }
    }

    public AccessTokenResponse grantTypeClientCredentials(String str, String str2, String str3, String str4, boolean z) throws OAuthResponseException, OAuthException, IOException {
        HttpClient httpClient = null;
        try {
            httpClient = createHttpClient(str);
            Request method = getMethod(httpClient, str);
            Fields initFields = initFields(Keyword.GRANT_TYPE, Keyword.CLIENT_CREDENTIALS, Keyword.SCOPE, str4);
            setAuthentication(str2, str3, method, initFields, z);
            AccessTokenResponse doRequest = doRequest(Keyword.CLIENT_CREDENTIALS, httpClient, method, initFields);
            shutdownQuietly(httpClient);
            return doRequest;
        } catch (Throwable th) {
            shutdownQuietly(httpClient);
            throw th;
        }
    }

    private Request getMethod(HttpClient httpClient, String str) {
        Request method = httpClient.newRequest(str).method(HttpMethod.POST);
        method.header(HttpHeader.ACCEPT, "application/json");
        method.header(HttpHeader.ACCEPT_CHARSET, "UTF-8");
        return method;
    }

    private void setAuthentication(String str, String str2, Request request, Fields fields, boolean z) {
        this.logger.debug("Setting authentication for clientId {}. Using basic auth {}", str, Boolean.valueOf(z));
        if (z && str2 != null) {
            request.header(HttpHeader.AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString((String.valueOf(str) + ":" + str2).getBytes(StandardCharsets.UTF_8)));
            return;
        }
        if (str != null) {
            fields.add(Keyword.CLIENT_ID, str);
        }
        if (str2 != null) {
            fields.add(Keyword.CLIENT_SECRET, str2);
        }
    }

    private Fields initFields(String... strArr) {
        Fields fields = new Fields();
        for (int i = 0; i < strArr.length; i += 2) {
            if (i + 1 < strArr.length && strArr[i] != null && strArr[i + 1] != null) {
                this.logger.debug("Oauth request parameter {}, value {}", strArr[i], strArr[i + 1]);
                fields.add(strArr[i], strArr[i + 1]);
            }
        }
        return fields;
    }

    private AccessTokenResponse doRequest(String str, HttpClient httpClient, Request request, Fields fields) throws OAuthResponseException, OAuthException, IOException {
        try {
            FormContentProvider formContentProvider = new FormContentProvider(fields);
            ContentResponse contentResponse = (ContentResponse) AccessController.doPrivileged(() -> {
                return request.content(formContentProvider).send();
            });
            int status = contentResponse.getStatus();
            String contentAsString = contentResponse.getContentAsString();
            if (status == 200) {
                AccessTokenResponse accessTokenResponse = (AccessTokenResponse) this.gson.fromJson(contentAsString, AccessTokenResponse.class);
                accessTokenResponse.setCreatedOn(LocalDateTime.now());
                this.logger.info("grant type {} to URL {} success", str, request.getURI());
                return accessTokenResponse;
            }
            if (status != 400) {
                this.logger.error("grant type {} to URL {} failed with HTTP response code {}", new Object[]{str, request.getURI(), Integer.valueOf(status)});
                throw new OAuthException("Bad http response, http code " + status);
            }
            OAuthResponseException oAuthResponseException = (OAuthResponseException) this.gson.fromJson(contentAsString, OAuthResponseException.class);
            this.logger.error("grant type {} to URL {} failed with error code {}, description {}", new Object[]{str, request.getURI(), oAuthResponseException.getError(), oAuthResponseException.getErrorDescription()});
            throw oAuthResponseException;
        } catch (JsonSyntaxException e) {
            throw new OAuthException(String.format("Unable to deserialize json into AccessTokenResponse/ OAuthResponseException. httpCode: %i json: %s", 0, ""), e);
        } catch (PrivilegedActionException e2) {
            Exception exception = e2.getException();
            if ((exception instanceof InterruptedException) || (exception instanceof TimeoutException) || (exception instanceof ExecutionException)) {
                throw new IOException("Exception in oauth communication, grant type " + str, exception);
            }
            throw new OAuthException("Exception in oauth communication, grant type " + str, exception);
        }
    }

    private HttpClient createHttpClient(String str) throws OAuthException {
        HttpClient createHttpClient = this.httpClientFactory.createHttpClient(HTTP_CLIENT_CONSUMER_NAME, str);
        if (!createHttpClient.isStarted()) {
            try {
                AccessController.doPrivileged(() -> {
                    createHttpClient.start();
                    return null;
                });
            } catch (Exception e) {
                throw new OAuthException("Exception while starting httpClient, tokenUrl: " + str, e);
            }
        }
        return createHttpClient;
    }

    private void shutdownQuietly(HttpClient httpClient) {
        if (httpClient != null) {
            try {
                AccessController.doPrivileged(() -> {
                    httpClient.stop();
                    return null;
                });
            } catch (Exception e) {
                this.logger.error("Exception while shutting down httpClient, {}", e.getMessage(), e);
            }
        }
    }
}
