package org.osiam.client;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.io.IOException;
import java.net.URI;
import org.osiam.bundled.javax.ws.rs.ProcessingException;
import org.osiam.bundled.javax.ws.rs.client.Entity;
import org.osiam.bundled.javax.ws.rs.client.WebTarget;
import org.osiam.bundled.javax.ws.rs.core.Form;
import org.osiam.bundled.javax.ws.rs.core.MediaType;
import org.osiam.bundled.javax.ws.rs.core.Response;
import org.osiam.bundled.javax.ws.rs.core.UriBuilder;
import org.osiam.bundled.javax.ws.rs.core.UriBuilderException;
import org.osiam.bundled.org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
import org.osiam.client.exception.ConflictException;
import org.osiam.client.exception.ConnectionInitializationException;
import org.osiam.client.exception.ForbiddenException;
import org.osiam.client.exception.OAuthErrorMessage;
import org.osiam.client.exception.OsiamClientException;
import org.osiam.client.exception.UnauthorizedException;
import org.osiam.client.oauth.AccessToken;
import org.osiam.client.oauth.GrantType;
import org.osiam.client.oauth.Scope;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/osiam/client/AuthService.class */
public class AuthService {
    private static final String BEARER = "Bearer ";
    private static final String TOKEN_ENDPOINT = "/oauth/token";
    private final String endpoint;
    private final String clientId;
    private final String clientSecret;
    private final String clientRedirectUri;
    private final WebTarget targetEndpoint;

    /* loaded from: input_file:org/osiam/client/AuthService$Builder.class */
    public static class Builder {
        private String clientId;
        private String clientSecret;
        private String endpoint;
        private String clientRedirectUri;

        public Builder(String str) {
            this.endpoint = str;
        }

        public Builder setClientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder setClientRedirectUri(String str) {
            this.clientRedirectUri = str;
            return this;
        }

        public Builder setClientSecret(String str) {
            this.clientSecret = str;
            return this;
        }

        public AuthService build() {
            return new AuthService(this);
        }
    }

    private AuthService(Builder builder) {
        this.endpoint = builder.endpoint;
        this.clientId = builder.clientId;
        this.clientSecret = builder.clientSecret;
        this.clientRedirectUri = builder.clientRedirectUri;
        this.targetEndpoint = OsiamConnector.getClient().target(this.endpoint);
    }

    public AccessToken retrieveAccessToken(Scope... scopeArr) {
        ensureClientCredentialsAreSet();
        String scopesAsString = getScopesAsString(scopeArr);
        Form form = new Form();
        form.param("scope", scopesAsString);
        form.param("grant_type", GrantType.CLIENT_CREDENTIALS.getUrlParam());
        try {
            Response post = this.targetEndpoint.path(TOKEN_ENDPOINT).request(MediaType.APPLICATION_JSON).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_USERNAME, this.clientId).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_PASSWORD, this.clientSecret).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
            Response.StatusType statusInfo = post.getStatusInfo();
            String str = (String) post.readEntity(String.class);
            checkAndHandleResponse(str, statusInfo, new AccessToken.Builder("n/a").build());
            return getAccessToken(str);
        } catch (ProcessingException e) {
            throw createGeneralConnectionInitializationException(e);
        }
    }

    public AccessToken retrieveAccessToken(String str, String str2, Scope... scopeArr) {
        ensureClientCredentialsAreSet();
        String scopesAsString = getScopesAsString(scopeArr);
        Form form = new Form();
        form.param("scope", scopesAsString);
        form.param("grant_type", GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS.getUrlParam());
        form.param("username", str);
        form.param("password", str2);
        try {
            Response post = this.targetEndpoint.path(TOKEN_ENDPOINT).request(MediaType.APPLICATION_JSON).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_USERNAME, this.clientId).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_PASSWORD, this.clientSecret).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
            Response.StatusType statusInfo = post.getStatusInfo();
            String str3 = (String) post.readEntity(String.class);
            checkAndHandleResponse(str3, statusInfo, new AccessToken.Builder("n/a").build());
            return getAccessToken(str3);
        } catch (ProcessingException e) {
            throw createGeneralConnectionInitializationException(e);
        }
    }

    public AccessToken retrieveAccessToken(String str) {
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str), "The given authentication code can't be null.");
        ensureClientCredentialsAreSet();
        Form form = new Form();
        form.param("code", str);
        form.param("grant_type", "authorization_code");
        form.param("redirect_uri", this.clientRedirectUri);
        try {
            Response post = this.targetEndpoint.path(TOKEN_ENDPOINT).request(MediaType.APPLICATION_JSON).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_USERNAME, this.clientId).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_PASSWORD, this.clientSecret).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
            Response.StatusType statusInfo = post.getStatusInfo();
            String str2 = (String) post.readEntity(String.class);
            if (statusInfo.getStatusCode() == Response.Status.BAD_REQUEST.getStatusCode()) {
                throw new ConflictException(extractErrorMessage(str2, statusInfo));
            }
            checkAndHandleResponse(str2, statusInfo, new AccessToken.Builder("n/a").build());
            return getAccessToken(str2);
        } catch (ProcessingException e) {
            throw createGeneralConnectionInitializationException(e);
        }
    }

    private String getScopesAsString(Scope... scopeArr) {
        StringBuilder sb = new StringBuilder();
        for (Scope scope : scopeArr) {
            sb.append(scope.toString()).append(" ");
        }
        return sb.toString().trim();
    }

    public AccessToken refreshAccessToken(AccessToken accessToken, Scope... scopeArr) {
        Preconditions.checkArgument(accessToken != null, "The given accessToken code can't be null.");
        Preconditions.checkArgument(accessToken.getRefreshToken() != null, "Unable to perform a refresh_token_grant request without refresh token.");
        ensureClientCredentialsAreSet();
        String scopesAsString = getScopesAsString(scopeArr);
        Form form = new Form();
        form.param("scope", scopesAsString);
        form.param("grant_type", GrantType.REFRESH_TOKEN.getUrlParam());
        form.param("refresh_token", accessToken.getRefreshToken());
        try {
            Response post = this.targetEndpoint.path(TOKEN_ENDPOINT).request(MediaType.APPLICATION_JSON).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_USERNAME, this.clientId).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_PASSWORD, this.clientSecret).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
            Response.StatusType statusInfo = post.getStatusInfo();
            String str = (String) post.readEntity(String.class);
            if (statusInfo.getStatusCode() == Response.Status.BAD_REQUEST.getStatusCode()) {
                throw new ConflictException(extractErrorMessage(str, statusInfo));
            }
            checkAndHandleResponse(str, statusInfo, accessToken);
            return getAccessToken(str);
        } catch (ProcessingException e) {
            throw createGeneralConnectionInitializationException(e);
        }
    }

    public URI getAuthorizationUri(Scope... scopeArr) {
        Preconditions.checkState(!Strings.isNullOrEmpty(this.clientRedirectUri), "Can't create the login uri: redirect URI was not set.");
        try {
            return UriBuilder.fromUri(this.endpoint).path("/oauth/authorize").queryParam("client_id", this.clientId).queryParam("response_type", "code").queryParam("redirect_uri", this.clientRedirectUri).queryParam("scope", getScopesAsString(scopeArr)).build(new Object[0]);
        } catch (IllegalArgumentException | UriBuilderException e) {
            throw new OsiamClientException("Unable to create redirect URI", e);
        }
    }

    public AccessToken validateAccessToken(AccessToken accessToken) {
        Preconditions.checkNotNull(accessToken, "The tokenToValidate must not be null.");
        try {
            Response post = this.targetEndpoint.path("/token/validation").request(MediaType.APPLICATION_JSON).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_USERNAME, this.clientId).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_PASSWORD, this.clientSecret).header("Authorization", BEARER + accessToken.getToken()).post(null);
            Response.StatusType statusInfo = post.getStatusInfo();
            String str = (String) post.readEntity(String.class);
            checkAndHandleResponse(str, statusInfo, accessToken);
            return getAccessToken(str);
        } catch (ProcessingException e) {
            throw createGeneralConnectionInitializationException(e);
        }
    }

    public void revokeAccessToken(AccessToken accessToken) {
        try {
            Response post = this.targetEndpoint.path("/token/revocation").request(MediaType.APPLICATION_JSON).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_USERNAME, this.clientId).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_PASSWORD, this.clientSecret).header("Authorization", BEARER + accessToken.getToken()).post(null);
            checkAndHandleResponse((String) post.readEntity(String.class), post.getStatusInfo(), accessToken);
        } catch (ProcessingException e) {
            throw createGeneralConnectionInitializationException(e);
        }
    }

    public void revokeAllAccessTokens(String str, AccessToken accessToken) {
        try {
            Response post = this.targetEndpoint.path("/token/revocation").path(str).request(MediaType.APPLICATION_JSON).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_USERNAME, this.clientId).property(HttpAuthenticationFeature.HTTP_AUTHENTICATION_PASSWORD, this.clientSecret).header("Authorization", BEARER + accessToken.getToken()).post(null);
            checkAndHandleResponse((String) post.readEntity(String.class), post.getStatusInfo(), accessToken);
        } catch (ProcessingException e) {
            throw createGeneralConnectionInitializationException(e);
        }
    }

    private void checkAndHandleResponse(String str, Response.StatusType statusType, AccessToken accessToken) {
        if (statusType.getStatusCode() == Response.Status.OK.getStatusCode()) {
            return;
        }
        if (statusType.getStatusCode() == Response.Status.BAD_REQUEST.getStatusCode()) {
            throw new ConnectionInitializationException(extractErrorMessage(str, statusType));
        }
        if (statusType.getStatusCode() == Response.Status.UNAUTHORIZED.getStatusCode()) {
            throw new UnauthorizedException(extractErrorMessage(str, statusType));
        }
        if (statusType.getStatusCode() != Response.Status.FORBIDDEN.getStatusCode()) {
            throw new ConnectionInitializationException(extractErrorMessage(str, statusType));
        }
        throw new ForbiddenException(extractErrorMessageForbidden(accessToken));
    }

    private String extractErrorMessage(String str, Response.StatusType statusType) {
        try {
            return ((OAuthErrorMessage) new ObjectMapper().readValue(str, OAuthErrorMessage.class)).getDescription();
        } catch (IOException e) {
            String format = String.format("Could not deserialize the error response for the HTTP status '%s'.", statusType.getReasonPhrase());
            if (str != null) {
                format = format + String.format(" Original response: %s", str);
            }
            return format;
        }
    }

    protected String extractErrorMessageForbidden(AccessToken accessToken) {
        return "Insufficient scopes: " + accessToken.getScopes();
    }

    private AccessToken getAccessToken(String str) {
        try {
            return (AccessToken) new ObjectMapper().readValue(str, AccessToken.class);
        } catch (IOException e) {
            throw new OsiamClientException(String.format("Unable to parse access token: %s", str), e);
        }
    }

    private void ensureClientCredentialsAreSet() {
        Preconditions.checkState(!Strings.isNullOrEmpty(this.clientId), "The client id can't be null or empty.");
        Preconditions.checkState(!Strings.isNullOrEmpty(this.clientSecret), "The client secret can't be null or empty.");
    }

    private ConnectionInitializationException createGeneralConnectionInitializationException(Throwable th) {
        return new ConnectionInitializationException("Unable to retrieve access token.", th);
    }
}
