package io.gardenerframework.camellia.authentication.server.main;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.gardenerframework.camellia.authentication.common.client.schema.OAuth2RequestingClient;
import io.gardenerframework.camellia.authentication.server.main.annotation.AuthenticationType;
import io.gardenerframework.camellia.authentication.server.main.exception.client.BadOAuth2AuthorizationCodeException;
import io.gardenerframework.camellia.authentication.server.main.exception.client.BadStateException;
import io.gardenerframework.camellia.authentication.server.main.schema.UserAuthenticationRequestToken;
import io.gardenerframework.camellia.authentication.server.main.schema.request.AuthenticationRequestParameter;
import io.gardenerframework.camellia.authentication.server.main.schema.request.OAuth2AuthorizationCodeParameter;
import io.gardenerframework.camellia.authentication.server.main.schema.subject.principal.Principal;
import io.gardenerframework.camellia.authentication.server.main.user.schema.User;
import java.time.Duration;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.validation.Validator;
import lombok.NonNull;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.lang.Nullable;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/OAuth2BasedUserAuthenticationService.class */
public abstract class OAuth2BasedUserAuthenticationService extends AbstractUserAuthenticationService<OAuth2AuthorizationCodeParameter> {
    private final OAuth2StateStore oAuth2StateStore;

    /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/OAuth2BasedUserAuthenticationService$AccessToken.class */
    public static class AccessToken {

        @NonNull
        private String accessToken;

        @Nullable
        private String refreshToken;
        private long expireIn;

        @Nullable
        private String scope;

        /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/OAuth2BasedUserAuthenticationService$AccessToken$AccessTokenBuilder.class */
        public static abstract class AccessTokenBuilder<C extends AccessToken, B extends AccessTokenBuilder<C, B>> {
            private String accessToken;
            private String refreshToken;
            private long expireIn;
            private String scope;

            public B accessToken(@NonNull String str) {
                if (str == null) {
                    throw new NullPointerException("accessToken is marked non-null but is null");
                }
                this.accessToken = str;
                return self();
            }

            public B refreshToken(@Nullable String str) {
                this.refreshToken = str;
                return self();
            }

            public B expireIn(long j) {
                this.expireIn = j;
                return self();
            }

            public B scope(@Nullable String str) {
                this.scope = str;
                return self();
            }

            protected abstract B self();

            public abstract C build();

            public String toString() {
                return "OAuth2BasedUserAuthenticationService.AccessToken.AccessTokenBuilder(accessToken=" + this.accessToken + ", refreshToken=" + this.refreshToken + ", expireIn=" + this.expireIn + ", scope=" + this.scope + ")";
            }
        }

        /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/OAuth2BasedUserAuthenticationService$AccessToken$AccessTokenBuilderImpl.class */
        private static final class AccessTokenBuilderImpl extends AccessTokenBuilder<AccessToken, AccessTokenBuilderImpl> {
            private AccessTokenBuilderImpl() {
            }

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // io.gardenerframework.camellia.authentication.server.main.OAuth2BasedUserAuthenticationService.AccessToken.AccessTokenBuilder
            public AccessTokenBuilderImpl self() {
                return this;
            }

            @Override // io.gardenerframework.camellia.authentication.server.main.OAuth2BasedUserAuthenticationService.AccessToken.AccessTokenBuilder
            public AccessToken build() {
                return new AccessToken(this);
            }
        }

        protected AccessToken(AccessTokenBuilder<?, ?> accessTokenBuilder) {
            this.accessToken = ((AccessTokenBuilder) accessTokenBuilder).accessToken;
            if (this.accessToken == null) {
                throw new NullPointerException("accessToken is marked non-null but is null");
            }
            this.refreshToken = ((AccessTokenBuilder) accessTokenBuilder).refreshToken;
            this.expireIn = ((AccessTokenBuilder) accessTokenBuilder).expireIn;
            this.scope = ((AccessTokenBuilder) accessTokenBuilder).scope;
        }

        public static AccessTokenBuilder<?, ?> builder() {
            return new AccessTokenBuilderImpl();
        }

        @NonNull
        public String getAccessToken() {
            return this.accessToken;
        }

        @Nullable
        public String getRefreshToken() {
            return this.refreshToken;
        }

        public long getExpireIn() {
            return this.expireIn;
        }

        @Nullable
        public String getScope() {
            return this.scope;
        }

        public void setAccessToken(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("accessToken is marked non-null but is null");
            }
            this.accessToken = str;
        }

        public void setRefreshToken(@Nullable String str) {
            this.refreshToken = str;
        }

        public void setExpireIn(long j) {
            this.expireIn = j;
        }

        public void setScope(@Nullable String str) {
            this.scope = str;
        }
    }

    protected OAuth2BasedUserAuthenticationService(@NonNull Validator validator, OAuth2StateStore oAuth2StateStore) {
        super(validator);
        if (validator == null) {
            throw new NullPointerException("validator is marked non-null but is null");
        }
        this.oAuth2StateStore = oAuth2StateStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: getAuthenticationParameter, reason: merged with bridge method [inline-methods] */
    public OAuth2AuthorizationCodeParameter m1getAuthenticationParameter(@NonNull HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new NullPointerException("request is marked non-null but is null");
        }
        return new OAuth2AuthorizationCodeParameter(httpServletRequest);
    }

    protected abstract AccessToken obtainAccessToken(@NonNull String str, @NonNull Map<String, Object> map) throws Exception;

    @Nullable
    protected abstract Principal getPrincipal(@NonNull AccessToken accessToken, @NonNull Map<String, Object> map) throws Exception;

    /* JADX WARN: Multi-variable type inference failed */
    protected UserAuthenticationRequestToken doConvert(@NonNull OAuth2AuthorizationCodeParameter oAuth2AuthorizationCodeParameter, @Nullable OAuth2RequestingClient oAuth2RequestingClient, @NonNull Map<String, Object> map) throws Exception {
        if (oAuth2AuthorizationCodeParameter == null) {
            throw new NullPointerException("authenticationParameter is marked non-null but is null");
        }
        if (map == null) {
            throw new NullPointerException("context is marked non-null but is null");
        }
        if (!this.oAuth2StateStore.verify(getClass(), oAuth2AuthorizationCodeParameter.getState())) {
            throw new BadStateException(oAuth2AuthorizationCodeParameter.getCode());
        }
        AccessToken obtainAccessToken = obtainAccessToken(oAuth2AuthorizationCodeParameter.getCode(), map);
        map.put(getClass().getName(), obtainAccessToken);
        Principal principal = getPrincipal(obtainAccessToken, map);
        if (principal == null) {
            throw new BadOAuth2AuthorizationCodeException(oAuth2AuthorizationCodeParameter.getCode());
        }
        return new UserAuthenticationRequestToken(principal);
    }

    public void authenticate(@NonNull UserAuthenticationRequestToken userAuthenticationRequestToken, @Nullable OAuth2RequestingClient oAuth2RequestingClient, @NonNull User user, @NonNull Map<String, Object> map) throws AuthenticationException {
        if (userAuthenticationRequestToken == null) {
            throw new NullPointerException("authenticationRequest is marked non-null but is null");
        }
        if (user == null) {
            throw new NullPointerException("user is marked non-null but is null");
        }
        if (map == null) {
            throw new NullPointerException("context is marked non-null but is null");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public String createState() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("state", UUID.randomUUID().toString());
        AuthenticationType findAnnotation = AnnotationUtils.findAnnotation(getClass(), AuthenticationType.class);
        if (findAnnotation != null) {
            hashMap.put(findAnnotation.value(), true);
        }
        String encodeToString = Base64.getEncoder().encodeToString(new ObjectMapper().writeValueAsBytes(hashMap));
        this.oAuth2StateStore.save(getClass(), encodeToString, Duration.ofSeconds(300L));
        return encodeToString;
    }

    @Nullable
    public AccessToken getAccessTokenFromContext(@NonNull Map<String, Object> map) {
        if (map == null) {
            throw new NullPointerException("context is marked non-null but is null");
        }
        return (AccessToken) map.get(getClass().getName());
    }

    protected /* bridge */ /* synthetic */ UserAuthenticationRequestToken doConvert(@NonNull AuthenticationRequestParameter authenticationRequestParameter, @Nullable OAuth2RequestingClient oAuth2RequestingClient, @NonNull Map map) throws Exception {
        return doConvert((OAuth2AuthorizationCodeParameter) authenticationRequestParameter, oAuth2RequestingClient, (Map<String, Object>) map);
    }
}
