package com.github.philippheuer.credentialmanager.identityprovider;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.philippheuer.credentialmanager.domain.IdentityProvider;
import com.github.philippheuer.credentialmanager.domain.OAuth2Credential;
import com.github.philippheuer.credentialmanager.util.ProxyHelper;
import com.github.twitch4j.helix.interceptor.TwitchHelixClientIdInterceptor;
import java.net.Proxy;
import java.net.URLEncoder;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import okhttp3.Headers;
import okhttp3.HttpUrl;
import okhttp3.MediaType;
import okhttp3.MultipartBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.apache.commons.lang.CharEncoding;
import org.apache.commons.lang3.exception.ContextedRuntimeException;

/* loaded from: input_file:META-INF/jars/credentialmanager-0.1.4.jar:com/github/philippheuer/credentialmanager/identityprovider/OAuth2IdentityProvider.class */
public abstract class OAuth2IdentityProvider extends IdentityProvider {
    protected static final ObjectMapper OBJECTMAPPER = new ObjectMapper();
    protected OkHttpClient httpClient;
    protected String clientId;
    protected String clientSecret;
    protected String authUrl;
    protected String tokenUrl;
    protected String redirectUrl;
    protected String scopeSeperator;
    protected String responseType;
    protected String tokenEndpointPostType;

    public OAuth2IdentityProvider(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        this(str, str2, str3, str4, str5, str6, str7, ProxyHelper.selectProxy());
    }

    public OAuth2IdentityProvider(String str, String str2, String str3, String str4, String str5, String str6, String str7, Proxy proxy) {
        this.httpClient = new OkHttpClient();
        this.scopeSeperator = " ";
        this.responseType = "code";
        this.tokenEndpointPostType = "QUERY";
        this.providerName = str;
        this.providerType = str2;
        this.clientId = str3 == null ? "" : str3;
        this.clientSecret = str4 == null ? "" : str4;
        this.authUrl = str5;
        this.tokenUrl = str6;
        this.redirectUrl = str7;
        if (proxy != null) {
            this.httpClient = this.httpClient.newBuilder().proxy(proxy).build();
        }
    }

    public String getAuthenticationUrl(List<Object> list, String str) {
        return getAuthenticationUrl(this.redirectUrl, list, str);
    }

    public String getAuthenticationUrl(String str, List<Object> list, String str2) {
        if (str2 == null) {
            str2 = this.providerName + "|" + UUID.randomUUID();
        }
        return String.format("%s?response_type=%s&client_id=%s&redirect_uri=%s&scope=%s&state=%s", this.authUrl, URLEncoder.encode(this.responseType, CharEncoding.UTF_8), URLEncoder.encode(this.clientId, CharEncoding.UTF_8), URLEncoder.encode(str, CharEncoding.UTF_8), String.join(this.scopeSeperator, (Iterable<? extends CharSequence>) list.stream().map(obj -> {
            return obj.toString();
        }).collect(Collectors.toList())), URLEncoder.encode(str2, CharEncoding.UTF_8));
    }

    public OAuth2Credential getCredentialByCode(String str) {
        Request build;
        try {
            if (this.tokenEndpointPostType.equalsIgnoreCase("QUERY")) {
                HttpUrl.Builder newBuilder = HttpUrl.parse(this.tokenUrl).newBuilder();
                newBuilder.addQueryParameter("client_id", this.clientId);
                newBuilder.addQueryParameter("client_secret", this.clientSecret);
                newBuilder.addQueryParameter("code", str);
                newBuilder.addQueryParameter("grant_type", "authorization_code");
                newBuilder.addQueryParameter("redirect_uri", this.redirectUrl);
                build = new Request.Builder().url(newBuilder.build().toString()).post(RequestBody.create((MediaType) null, new byte[0])).build();
            } else {
                if (!this.tokenEndpointPostType.equalsIgnoreCase("BODY")) {
                    throw new UnsupportedOperationException("Unknown tokenEndpointPostType: " + this.tokenEndpointPostType);
                }
                build = new Request.Builder().url(this.tokenUrl).post(new MultipartBody.Builder().setType(MultipartBody.FORM).addFormDataPart("client_id", this.clientId).addFormDataPart("client_secret", this.clientSecret).addFormDataPart("code", str).addFormDataPart("grant_type", "authorization_code").addFormDataPart("redirect_uri", this.redirectUrl).build()).build();
            }
            Response execute = this.httpClient.newCall(build).execute();
            String string = execute.body().string();
            if (!execute.isSuccessful()) {
                throw new ContextedRuntimeException("getCredentialByCode request failed!").addContextValue("requestUrl", build.url()).addContextValue("requestHeaders", build.headers()).addContextValue("requestBody", build.body()).addContextValue("responseCode", Integer.valueOf(execute.code())).addContextValue("responseBody", string);
            }
            Map map = (Map) OBJECTMAPPER.readValue(string, new TypeReference<HashMap<String, Object>>() { // from class: com.github.philippheuer.credentialmanager.identityprovider.OAuth2IdentityProvider.1
            });
            return new OAuth2Credential(this.providerName, (String) map.get("access_token"), (String) map.get("refresh_token"), null, null, (Integer) map.get("expires_in"), null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public OAuth2Credential getCredentialByUsernameAndPassword(String str, String str2) {
        Request build;
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(TwitchHelixClientIdInterceptor.AUTH_HEADER, "Basic " + Base64.getEncoder().encodeToString((this.clientId + ":" + this.clientSecret).getBytes()));
            if (this.tokenEndpointPostType.equalsIgnoreCase("QUERY")) {
                HttpUrl.Builder newBuilder = HttpUrl.parse(this.tokenUrl).newBuilder();
                newBuilder.addQueryParameter("grant_type", "password");
                newBuilder.addQueryParameter("username", str);
                newBuilder.addQueryParameter("password", str2);
                build = new Request.Builder().url(newBuilder.build().toString()).headers(Headers.of(hashMap)).post(RequestBody.create((MediaType) null, new byte[0])).build();
            } else {
                if (!this.tokenEndpointPostType.equalsIgnoreCase("BODY")) {
                    throw new UnsupportedOperationException("Unknown tokenEndpointPostType: " + this.tokenEndpointPostType);
                }
                HttpUrl.Builder newBuilder2 = HttpUrl.parse("http://localhost").newBuilder();
                newBuilder2.addQueryParameter("grant_type", "password");
                newBuilder2.addQueryParameter("username", str);
                newBuilder2.addQueryParameter("password", str2);
                build = new Request.Builder().url(this.tokenUrl).headers(Headers.of(hashMap)).post(RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), newBuilder2.toString().replace("http://localhost/?", "").getBytes())).build();
            }
            Response execute = this.httpClient.newCall(build).execute();
            String string = execute.body().string();
            if (!execute.isSuccessful()) {
                throw new ContextedRuntimeException("getCredentialByUsernameAndPassword request failed!").addContextValue("requestUrl", build.url()).addContextValue("requestHeaders", build.headers()).addContextValue("requestBody", build.body()).addContextValue("responseCode", Integer.valueOf(execute.code())).addContextValue("responseBody", string);
            }
            Map map = (Map) OBJECTMAPPER.readValue(string, new TypeReference<HashMap<String, Object>>() { // from class: com.github.philippheuer.credentialmanager.identityprovider.OAuth2IdentityProvider.2
            });
            return new OAuth2Credential(this.providerName, (String) map.get("access_token"), (String) map.get("refresh_token"), null, null, (Integer) map.get("expires_in"), null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public OAuth2Credential getScopedCredentialByUsernameAndPassword(String str, String str2, String str3) {
        Request build;
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(TwitchHelixClientIdInterceptor.AUTH_HEADER, "Basic " + Base64.getEncoder().encodeToString((this.clientId + ":" + this.clientSecret).getBytes()));
            if (this.tokenEndpointPostType.equalsIgnoreCase("QUERY")) {
                HttpUrl.Builder newBuilder = HttpUrl.parse(this.tokenUrl).newBuilder();
                newBuilder.addQueryParameter("grant_type", "password");
                newBuilder.addQueryParameter("username", str);
                newBuilder.addQueryParameter("password", str2);
                newBuilder.addQueryParameter("scope", str3);
                build = new Request.Builder().url(newBuilder.build().toString()).headers(Headers.of(hashMap)).post(RequestBody.create((MediaType) null, new byte[0])).build();
            } else {
                if (!this.tokenEndpointPostType.equalsIgnoreCase("BODY")) {
                    throw new UnsupportedOperationException("Unknown tokenEndpointPostType: " + this.tokenEndpointPostType);
                }
                HttpUrl.Builder newBuilder2 = HttpUrl.parse("http://localhost").newBuilder();
                newBuilder2.addQueryParameter("grant_type", "password");
                newBuilder2.addQueryParameter("username", str);
                newBuilder2.addQueryParameter("password", str2);
                newBuilder2.addQueryParameter("scope", str3);
                build = new Request.Builder().url(this.tokenUrl).headers(Headers.of(hashMap)).post(RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), newBuilder2.toString().replace("http://localhost/?", "").getBytes())).build();
            }
            Response execute = this.httpClient.newCall(build).execute();
            String string = execute.body().string();
            if (!execute.isSuccessful()) {
                throw new ContextedRuntimeException("getScopedCredentialByUsernameAndPassword request failed!").addContextValue("requestUrl", build.url()).addContextValue("requestHeaders", build.headers()).addContextValue("requestBody", build.body()).addContextValue("responseCode", Integer.valueOf(execute.code())).addContextValue("responseBody", string);
            }
            Map map = (Map) OBJECTMAPPER.readValue(string, new TypeReference<HashMap<String, Object>>() { // from class: com.github.philippheuer.credentialmanager.identityprovider.OAuth2IdentityProvider.3
            });
            return new OAuth2Credential(this.providerName, (String) map.get("access_token"), (String) map.get("refresh_token"), null, null, (Integer) map.get("expires_in"), null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public Optional<OAuth2Credential> refreshCredential(OAuth2Credential oAuth2Credential) {
        Request build;
        OkHttpClient okHttpClient = new OkHttpClient();
        ObjectMapper objectMapper = new ObjectMapper();
        try {
            if (oAuth2Credential.getRefreshToken() == null) {
                throw new UnsupportedOperationException("Attempting to refresh a credential that has no refresh token.");
            }
            if (this.tokenEndpointPostType.equalsIgnoreCase("QUERY")) {
                HttpUrl.Builder newBuilder = HttpUrl.parse(this.tokenUrl).newBuilder();
                newBuilder.addQueryParameter("client_id", this.clientId);
                newBuilder.addQueryParameter("client_secret", this.clientSecret);
                newBuilder.addQueryParameter("refresh_token", oAuth2Credential.getRefreshToken());
                newBuilder.addQueryParameter("grant_type", "refresh_token");
                build = new Request.Builder().url(newBuilder.build().toString()).post(RequestBody.create((MediaType) null, new byte[0])).build();
            } else {
                if (!this.tokenEndpointPostType.equalsIgnoreCase("BODY")) {
                    throw new UnsupportedOperationException("Unknown tokenEndpointPostType: " + this.tokenEndpointPostType);
                }
                build = new Request.Builder().url(this.tokenUrl).post(new MultipartBody.Builder().setType(MultipartBody.FORM).addFormDataPart("client_id", this.clientId).addFormDataPart("client_secret", this.clientSecret).addFormDataPart("refresh_token", oAuth2Credential.getRefreshToken()).addFormDataPart("grant_type", "refresh_token").build()).build();
            }
            Response execute = okHttpClient.newCall(build).execute();
            String string = execute.body().string();
            if (!execute.isSuccessful()) {
                throw new RuntimeException("refreshCredential request failed! " + execute.code() + ": " + string);
            }
            Map map = (Map) objectMapper.readValue(string, new TypeReference<HashMap<String, Object>>() { // from class: com.github.philippheuer.credentialmanager.identityprovider.OAuth2IdentityProvider.4
            });
            return Optional.of(new OAuth2Credential(this.providerName, (String) map.get("access_token"), (String) map.get("refresh_token"), null, null, (Integer) map.get("expires_in"), null));
        } catch (Exception e) {
            return Optional.empty();
        }
    }

    public OAuth2Credential getAppAccessToken() {
        Request build;
        try {
            if (this.tokenEndpointPostType.equalsIgnoreCase("QUERY")) {
                HttpUrl.Builder newBuilder = HttpUrl.parse(this.tokenUrl).newBuilder();
                newBuilder.addQueryParameter("client_id", this.clientId);
                newBuilder.addQueryParameter("client_secret", this.clientSecret);
                newBuilder.addQueryParameter("grant_type", "client_credentials");
                build = new Request.Builder().url(newBuilder.build().toString()).post(RequestBody.create((MediaType) null, new byte[0])).build();
            } else {
                if (!this.tokenEndpointPostType.equalsIgnoreCase("BODY")) {
                    throw new UnsupportedOperationException("Unknown tokenEndpointPostType: " + this.tokenEndpointPostType);
                }
                build = new Request.Builder().url(this.tokenUrl).post(new MultipartBody.Builder().setType(MultipartBody.FORM).addFormDataPart("client_id", this.clientId).addFormDataPart("client_secret", this.clientSecret).addFormDataPart("grant_type", "client_credentials").build()).build();
            }
            Response execute = this.httpClient.newCall(build).execute();
            String string = execute.body().string();
            if (!execute.isSuccessful()) {
                throw new RuntimeException("getCredentialByClientCredentials request failed! " + execute.code() + ": " + string);
            }
            Map map = (Map) OBJECTMAPPER.readValue(string, new TypeReference<HashMap<String, Object>>() { // from class: com.github.philippheuer.credentialmanager.identityprovider.OAuth2IdentityProvider.5
            });
            return new OAuth2Credential(this.providerName, (String) map.get("access_token"), (String) map.get("refresh_token"), null, null, (Integer) map.get("expires_in"), null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public abstract Optional<OAuth2Credential> getAdditionalCredentialInformation(OAuth2Credential oAuth2Credential);
}
