package org.apache.cxf.rs.security.oauth2.client;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.ResponseProcessingException;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant;
import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAuthorizationScheme;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;

/* loaded from: input_file:lib/cxf-rt-rs-security-oauth2-3.1.10.jar:org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.class */
public final class OAuthClientUtils {
    private OAuthClientUtils() {
    }

    public static URI getAuthorizationURI(String str, String str2, String str3, String str4, String str5) {
        UriBuilder authorizationURIBuilder = getAuthorizationURIBuilder(str, str2, str3, str4, str5);
        if (str3 != null) {
            authorizationURIBuilder.queryParam(OAuthConstants.REDIRECT_URI, str3);
        }
        if (str4 != null) {
            authorizationURIBuilder.queryParam(OAuthConstants.STATE, str4);
        }
        return authorizationURIBuilder.build(new Object[0]);
    }

    public static UriBuilder getAuthorizationURIBuilder(String str, String str2, String str3, String str4, String str5) {
        UriBuilder authorizationURIBuilder = getAuthorizationURIBuilder(str, str2, str5);
        if (str3 != null) {
            authorizationURIBuilder.queryParam(OAuthConstants.REDIRECT_URI, str3);
        }
        if (str4 != null) {
            authorizationURIBuilder.queryParam(OAuthConstants.STATE, str4);
        }
        return authorizationURIBuilder;
    }

    public static UriBuilder getAuthorizationURIBuilder(String str, String str2, String str3) {
        UriBuilder fromUri = UriBuilder.fromUri(str);
        if (str2 != null) {
            fromUri.queryParam("client_id", str2);
        }
        if (str3 != null) {
            fromUri.queryParam("scope", str3);
        }
        fromUri.queryParam(OAuthConstants.RESPONSE_TYPE, "code");
        return fromUri;
    }

    public static ClientAccessToken getAccessToken(WebClient webClient, Consumer consumer, AccessTokenGrant accessTokenGrant) throws OAuthServiceException {
        return getAccessToken(webClient, consumer, accessTokenGrant, true);
    }

    public static ClientAccessToken getAccessToken(String str, Consumer consumer, AccessTokenGrant accessTokenGrant, boolean z) throws OAuthServiceException {
        WebClient create = WebClient.create(str, (List<?>) Collections.singletonList(new OAuthJSONProvider()));
        create.accept(MediaType.APPLICATION_JSON);
        return getAccessToken(create, consumer, accessTokenGrant, z);
    }

    public static ClientAccessToken getAccessToken(WebClient webClient, Consumer consumer, AccessTokenGrant accessTokenGrant, boolean z) {
        return getAccessToken(webClient, consumer, accessTokenGrant, null, z);
    }

    public static ClientAccessToken getAccessToken(WebClient webClient, AccessTokenGrant accessTokenGrant) throws OAuthServiceException {
        return getAccessToken(webClient, null, accessTokenGrant, null, false);
    }

    public static ClientAccessToken getAccessToken(WebClient webClient, AccessTokenGrant accessTokenGrant, Map<String, String> map) throws OAuthServiceException {
        return getAccessToken(webClient, null, accessTokenGrant, map, false);
    }

    public static ClientAccessToken getAccessToken(WebClient webClient, Consumer consumer, AccessTokenGrant accessTokenGrant, Map<String, String> map, boolean z) throws OAuthServiceException {
        return getAccessToken(webClient, consumer, accessTokenGrant, map, null, z);
    }

    public static ClientAccessToken refreshAccessToken(WebClient webClient, ClientAccessToken clientAccessToken) {
        return refreshAccessToken(webClient, null, clientAccessToken, null, true);
    }

    public static ClientAccessToken refreshAccessToken(WebClient webClient, Consumer consumer, ClientAccessToken clientAccessToken) {
        return refreshAccessToken(webClient, consumer, clientAccessToken, null, true);
    }

    public static ClientAccessToken refreshAccessToken(WebClient webClient, Consumer consumer, ClientAccessToken clientAccessToken, String str, boolean z) throws OAuthServiceException {
        return getAccessToken(webClient, consumer, new RefreshTokenGrant(clientAccessToken.getRefreshToken(), str), null, clientAccessToken.getTokenType(), z);
    }

    public static ClientAccessToken getAccessToken(WebClient webClient, Consumer consumer, AccessTokenGrant accessTokenGrant, Map<String, String> map, String str, boolean z) throws OAuthServiceException {
        if (webClient == null) {
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
        }
        Form form = new Form(accessTokenGrant.toMap());
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                form.param(entry.getKey(), entry.getValue());
            }
        }
        if (consumer != null) {
            boolean z2 = !StringUtils.isEmpty(consumer.getClientSecret());
            if (z && z2) {
                StringBuilder sb = new StringBuilder();
                sb.append("Basic ");
                try {
                    sb.append(Base64Utility.encode((consumer.getClientId() + ":" + consumer.getClientSecret()).getBytes(StandardCharsets.UTF_8)));
                    webClient.replaceHeader("Authorization", sb.toString());
                } catch (Exception e) {
                    throw new ProcessingException(e);
                }
            } else {
                form.param("client_id", consumer.getClientId());
                if (z2) {
                    form.param("client_secret", consumer.getClientSecret());
                }
            }
        }
        Response form2 = webClient.form(form);
        try {
            Map<String, String> readJSONResponse = new OAuthJSONProvider().readJSONResponse((InputStream) form2.getEntity());
            if (200 == form2.getStatus()) {
                ClientAccessToken fromMapToClientToken = fromMapToClientToken(readJSONResponse, str);
                if (fromMapToClientToken == null) {
                    throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
                }
                return fromMapToClientToken;
            }
            if (form2.getStatus() < 400 || !readJSONResponse.containsKey(OAuthConstants.ERROR_KEY)) {
                throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
            }
            OAuthError oAuthError = new OAuthError(readJSONResponse.get(OAuthConstants.ERROR_KEY), readJSONResponse.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
            oAuthError.setErrorUri(readJSONResponse.get(OAuthConstants.ERROR_URI_KEY));
            throw new OAuthServiceException(oAuthError);
        } catch (IOException e2) {
            throw new ResponseProcessingException(form2, e2);
        }
    }

    public static ClientAccessToken fromMapToClientToken(Map<String, String> map) {
        return fromMapToClientToken(map, null);
    }

    public static ClientAccessToken fromMapToClientToken(Map<String, String> map, String str) {
        if (!map.containsKey(OAuthConstants.ACCESS_TOKEN)) {
            return null;
        }
        String remove = map.remove(OAuthConstants.ACCESS_TOKEN_TYPE);
        if (remove == null) {
            remove = str;
        }
        if (remove == null) {
            return null;
        }
        ClientAccessToken clientAccessToken = new ClientAccessToken(remove, map.remove(OAuthConstants.ACCESS_TOKEN));
        String remove2 = map.remove("refresh_token");
        if (remove2 != null) {
            clientAccessToken.setRefreshToken(remove2);
        }
        String remove3 = map.remove(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN);
        if (remove3 != null) {
            clientAccessToken.setExpiresIn(Long.valueOf(remove3).longValue());
        }
        String remove4 = map.remove(OAuthConstants.ACCESS_TOKEN_ISSUED_AT);
        clientAccessToken.setIssuedAt(remove4 != null ? Long.valueOf(remove4).longValue() : System.currentTimeMillis() / 1000);
        String remove5 = map.remove("scope");
        if (remove5 != null) {
            clientAccessToken.setApprovedScope(remove5);
        }
        clientAccessToken.setParameters(map);
        return clientAccessToken;
    }

    public static String createAuthorizationHeader(ClientAccessToken clientAccessToken) throws OAuthServiceException {
        return createAuthorizationHeader(clientAccessToken, null);
    }

    public static String createAuthorizationHeader(ClientAccessToken clientAccessToken, HttpRequestProperties httpRequestProperties) throws OAuthServiceException {
        StringBuilder sb = new StringBuilder();
        appendTokenData(sb, clientAccessToken, httpRequestProperties);
        return sb.toString();
    }

    public static void setAuthorizationHeader(WebClient webClient, ClientAccessToken clientAccessToken) {
        setAuthorizationHeader(webClient, clientAccessToken, null);
    }

    public static void setAuthorizationHeader(WebClient webClient, ClientAccessToken clientAccessToken, String str) {
        webClient.replaceHeader("Authorization", createAuthorizationHeader(clientAccessToken, new HttpRequestProperties(webClient, str)));
    }

    private static void appendTokenData(StringBuilder sb, ClientAccessToken clientAccessToken, HttpRequestProperties httpRequestProperties) throws OAuthServiceException {
        String lowerCase = clientAccessToken.getTokenType().toLowerCase();
        if ("Bearer".equalsIgnoreCase(lowerCase)) {
            sb.append("Bearer");
            sb.append(" ");
            sb.append(clientAccessToken.getTokenKey());
        } else {
            if (!OAuthConstants.HAWK_TOKEN_TYPE.equalsIgnoreCase(lowerCase)) {
                throw new ProcessingException(new OAuthServiceException("Unsupported token type"));
            }
            if (httpRequestProperties == null) {
                throw new IllegalArgumentException("MAC scheme requires HTTP Request properties");
            }
            sb.append(new HawkAuthorizationScheme(httpRequestProperties, clientAccessToken).toAuthorizationHeader(clientAccessToken.getParameters().get(OAuthConstants.HAWK_TOKEN_ALGORITHM), clientAccessToken.getParameters().get(OAuthConstants.HAWK_TOKEN_KEY)));
        }
    }
}
