package org.apache.chemistry.opencmis.client.bindings.spi;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Reader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.chemistry.opencmis.client.bindings.impl.ClientVersion;
import org.apache.chemistry.opencmis.commons.SessionParameter;
import org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException;
import org.apache.chemistry.opencmis.commons.impl.IOUtils;
import org.apache.chemistry.opencmis.commons.impl.MimeHelper;
import org.apache.chemistry.opencmis.commons.impl.json.JSONObject;
import org.apache.chemistry.opencmis.commons.impl.json.parser.JSONParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/chemistry/opencmis/client/bindings/spi/OAuthAuthenticationProvider.class */
public class OAuthAuthenticationProvider extends StandardAuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthAuthenticationProvider.class);
    private static final long serialVersionUID = 1;
    private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
    private Token token = null;
    private long defaultTokenLifetime = 3600;
    private List<TokenListener> tokenListeners;

    /* loaded from: input_file:org/apache/chemistry/opencmis/client/bindings/spi/OAuthAuthenticationProvider$CmisOAuthException.class */
    public static class CmisOAuthException extends CmisConnectionException {
        private static final long serialVersionUID = 1;
        public static final String ERROR_INVALID_REQUEST = "invalid_request";
        public static final String ERROR_INVALID_CLIENT = "invalid_client";
        public static final String ERROR_INVALID_GRANT = "invalid_grant";
        public static final String ERROR_UNAUTHORIZED_CLIENT = "unauthorized_client";
        public static final String ERROR_UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
        public static final String ERROR_INVALID_SCOPE = "invalid_scope";
        public static final String ERROR_INVALID_TOKEN = "invalid_token";
        private String error;
        private String errorDescription;
        private String errorUri;

        public CmisOAuthException() {
        }

        public CmisOAuthException(String str) {
            super(str);
        }

        public CmisOAuthException(String str, Throwable th) {
            super(str, th);
        }

        public CmisOAuthException(String str, String str2, String str3, String str4) {
            super(str);
            this.error = str2;
            this.errorDescription = str3;
            this.errorUri = str4;
        }

        public String getError() {
            return this.error;
        }

        public String getErrorDescription() {
            return this.errorDescription;
        }

        public String getErrorUri() {
            return this.errorUri;
        }
    }

    /* loaded from: input_file:org/apache/chemistry/opencmis/client/bindings/spi/OAuthAuthenticationProvider$Token.class */
    public static class Token {
        private String accessToken;
        private String refreshToken;
        private long expirationTimestamp;

        public Token(String str, String str2, long j) {
            this.accessToken = str;
            this.refreshToken = str2;
            this.expirationTimestamp = j;
        }

        public String getAccessToken() {
            return this.accessToken;
        }

        public String getRefreshToken() {
            return this.refreshToken;
        }

        public long getExpirationTimestamp() {
            return this.expirationTimestamp;
        }

        public boolean isExpired() {
            return System.currentTimeMillis() >= this.expirationTimestamp;
        }

        public String toString() {
            return "Access token: " + this.accessToken + " / Refresh token: " + this.refreshToken + " / Expires : " + this.expirationTimestamp;
        }
    }

    /* loaded from: input_file:org/apache/chemistry/opencmis/client/bindings/spi/OAuthAuthenticationProvider$TokenListener.class */
    public interface TokenListener {
        void tokenRefreshed(Token token);
    }

    @Override // org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider, org.apache.chemistry.opencmis.client.bindings.spi.AbstractAuthenticationProvider, org.apache.chemistry.opencmis.client.bindings.spi.SessionAwareAuthenticationProvider
    public void setSession(BindingSession bindingSession) {
        super.setSession(bindingSession);
        if (this.token == null) {
            String str = null;
            if (bindingSession.get(SessionParameter.OAUTH_ACCESS_TOKEN) instanceof String) {
                str = (String) bindingSession.get(SessionParameter.OAUTH_ACCESS_TOKEN);
            }
            String str2 = null;
            if (bindingSession.get(SessionParameter.OAUTH_REFRESH_TOKEN) instanceof String) {
                str2 = (String) bindingSession.get(SessionParameter.OAUTH_REFRESH_TOKEN);
            }
            long j = 0;
            if (bindingSession.get(SessionParameter.OAUTH_EXPIRATION_TIMESTAMP) instanceof String) {
                try {
                    j = Long.parseLong((String) bindingSession.get(SessionParameter.OAUTH_EXPIRATION_TIMESTAMP));
                } catch (NumberFormatException e) {
                }
            } else if (bindingSession.get(SessionParameter.OAUTH_EXPIRATION_TIMESTAMP) instanceof Number) {
                j = ((Number) bindingSession.get(SessionParameter.OAUTH_EXPIRATION_TIMESTAMP)).longValue();
            }
            if (bindingSession.get(SessionParameter.OAUTH_DEFAULT_TOKEN_LIFETIME) instanceof String) {
                try {
                    this.defaultTokenLifetime = Long.parseLong((String) bindingSession.get(SessionParameter.OAUTH_DEFAULT_TOKEN_LIFETIME));
                } catch (NumberFormatException e2) {
                }
            } else if (bindingSession.get(SessionParameter.OAUTH_DEFAULT_TOKEN_LIFETIME) instanceof Number) {
                this.defaultTokenLifetime = ((Number) bindingSession.get(SessionParameter.OAUTH_DEFAULT_TOKEN_LIFETIME)).longValue();
            }
            this.token = new Token(str, str2, j);
            fireTokenListner(this.token);
        }
    }

    @Override // org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider, org.apache.chemistry.opencmis.client.bindings.spi.AbstractAuthenticationProvider, org.apache.chemistry.opencmis.commons.spi.AuthenticationProvider
    public Map<String, List<String>> getHTTPHeaders(String str) {
        Map<String, List<String>> hTTPHeaders = super.getHTTPHeaders(str);
        if (hTTPHeaders == null) {
            hTTPHeaders = new HashMap();
        }
        hTTPHeaders.put("Authorization", Collections.singletonList("Bearer " + getAccessToken()));
        return hTTPHeaders;
    }

    public Token getToken() {
        this.lock.readLock().lock();
        try {
            Token token = this.token;
            this.lock.readLock().unlock();
            return token;
        } catch (Throwable th) {
            this.lock.readLock().unlock();
            throw th;
        }
    }

    public void addTokenListener(TokenListener tokenListener) {
        if (tokenListener == null) {
            return;
        }
        this.lock.writeLock().lock();
        try {
            if (this.tokenListeners == null) {
                this.tokenListeners = new ArrayList();
            }
            this.tokenListeners.add(tokenListener);
            this.lock.writeLock().unlock();
        } catch (Throwable th) {
            this.lock.writeLock().unlock();
            throw th;
        }
    }

    public void removeTokenListener(TokenListener tokenListener) {
        if (tokenListener == null) {
            return;
        }
        this.lock.writeLock().lock();
        try {
            if (this.tokenListeners != null) {
                this.tokenListeners.remove(tokenListener);
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    protected void fireTokenListner(Token token) {
        if (this.tokenListeners == null) {
            return;
        }
        Iterator<TokenListener> it = this.tokenListeners.iterator();
        while (it.hasNext()) {
            it.next().tokenRefreshed(token);
        }
    }

    @Override // org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider
    protected boolean getSendBearerToken() {
        return false;
    }

    protected String getAccessToken() {
        this.lock.writeLock().lock();
        try {
            try {
                try {
                    if (this.token.getAccessToken() == null) {
                        if (this.token.getRefreshToken() == null) {
                            requestToken();
                        } else {
                            refreshToken();
                        }
                    } else if (this.token.isExpired()) {
                        refreshToken();
                    }
                    String accessToken = this.token.getAccessToken();
                    this.lock.writeLock().unlock();
                    return accessToken;
                } catch (CmisConnectionException e) {
                    throw e;
                }
            } catch (Exception e2) {
                throw new CmisConnectionException("Cannot get OAuth access token: " + e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            this.lock.writeLock().unlock();
            throw th;
        }
    }

    private void requestToken() throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Requesting new OAuth access token.");
        }
        makeRequest(false);
        if (LOG.isTraceEnabled()) {
            LOG.trace(this.token.toString());
        }
    }

    private void refreshToken() throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Refreshing OAuth access token.");
        }
        makeRequest(true);
        if (LOG.isTraceEnabled()) {
            LOG.trace(this.token.toString());
        }
    }

    private void makeRequest(boolean z) throws IOException {
        Object obj = getSession().get(SessionParameter.OAUTH_TOKEN_ENDPOINT);
        if (!(obj instanceof String)) {
            throw new CmisConnectionException("Token endpoint not set!");
        }
        if (z && this.token.getRefreshToken() == null) {
            throw new CmisConnectionException("No refresh token!");
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(obj.toString()).openConnection();
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setAllowUserInteraction(false);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", ClientVersion.OPENCMIS_CLIENT);
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpURLConnection.getOutputStream(), "UTF-8");
        if (z) {
            outputStreamWriter.write("grant_type=refresh_token");
            outputStreamWriter.write("&refresh_token=");
            outputStreamWriter.write(IOUtils.encodeURL(this.token.getRefreshToken()));
        } else {
            outputStreamWriter.write("grant_type=authorization_code");
            Object obj2 = getSession().get(SessionParameter.OAUTH_CODE);
            if (obj2 != null) {
                outputStreamWriter.write("&code=");
                outputStreamWriter.write(IOUtils.encodeURL(obj2.toString()));
            }
            Object obj3 = getSession().get(SessionParameter.OAUTH_REDIRECT_URI);
            if (obj3 != null) {
                outputStreamWriter.write("&redirect_uri=");
                outputStreamWriter.write(IOUtils.encodeURL(obj3.toString()));
            }
        }
        Object obj4 = getSession().get(SessionParameter.OAUTH_CLIENT_ID);
        if (obj4 != null) {
            outputStreamWriter.write("&client_id=");
            outputStreamWriter.write(IOUtils.encodeURL(obj4.toString()));
        }
        Object obj5 = getSession().get(SessionParameter.OAUTH_CLIENT_SECRET);
        if (obj5 != null) {
            outputStreamWriter.write("&client_secret=");
            outputStreamWriter.write(IOUtils.encodeURL(obj5.toString()));
        }
        outputStreamWriter.flush();
        httpURLConnection.connect();
        if (httpURLConnection.getResponseCode() != 200) {
            JSONObject parseResponse = parseResponse(httpURLConnection);
            Object obj6 = parseResponse.get("error");
            String obj7 = obj6 == null ? null : obj6.toString();
            Object obj8 = parseResponse.get("error_description");
            String obj9 = obj8 == null ? null : obj8.toString();
            Object obj10 = parseResponse.get("error_uri");
            String obj11 = obj10 == null ? null : obj10.toString();
            if (LOG.isDebugEnabled()) {
                LOG.debug("OAuth token request failed: {}", parseResponse.toJSONString());
            }
            throw new CmisOAuthException("OAuth token request failed" + (obj7 == null ? "" : ": " + obj7) + (obj9 == null ? "" : ": " + obj9), obj7, obj9, obj11);
        }
        JSONObject parseResponse2 = parseResponse(httpURLConnection);
        Object obj12 = parseResponse2.get("token_type");
        if (!(obj12 instanceof String) || !"bearer".equalsIgnoreCase((String) obj12)) {
            throw new CmisOAuthException("Unsupported OAuth token type: " + obj12);
        }
        Object obj13 = parseResponse2.get("access_token");
        if (!(obj13 instanceof String)) {
            throw new CmisOAuthException("Invalid OAuth access_token!");
        }
        Object obj14 = parseResponse2.get("refresh_token");
        if (obj14 != null && !(obj14 instanceof String)) {
            throw new CmisOAuthException("Invalid OAuth refresh_token!");
        }
        long j = this.defaultTokenLifetime;
        Object obj15 = parseResponse2.get("expires_in");
        if (obj15 != null) {
            if (obj15 instanceof Number) {
                j = ((Number) obj15).longValue();
            } else {
                if (!(obj15 instanceof String)) {
                    throw new CmisOAuthException("Invalid OAuth expires_in value!");
                }
                try {
                    j = Long.parseLong((String) obj15);
                } catch (NumberFormatException e) {
                    throw new CmisOAuthException("Invalid OAuth expires_in value!");
                }
            }
            if (j <= 0) {
                j = this.defaultTokenLifetime;
            }
        }
        this.token = new Token(obj13.toString(), obj14 == null ? null : obj14.toString(), (j * 1000) + System.currentTimeMillis());
        fireTokenListner(this.token);
    }

    private JSONObject parseResponse(HttpURLConnection httpURLConnection) {
        try {
            try {
                try {
                    int responseCode = httpURLConnection.getResponseCode();
                    if (responseCode != 401) {
                        InputStream errorStream = (responseCode < 200 || responseCode >= 300) ? httpURLConnection.getErrorStream() : httpURLConnection.getInputStream();
                        if (errorStream == null) {
                            throw new CmisOAuthException("Invalid OAuth token response!");
                        }
                        InputStreamReader inputStreamReader = new InputStreamReader(errorStream, extractCharset(httpURLConnection));
                        Object parse = new JSONParser().parse(inputStreamReader);
                        if (!(parse instanceof JSONObject)) {
                            throw new CmisOAuthException("Invalid OAuth token response!");
                        }
                        JSONObject jSONObject = (JSONObject) parse;
                        IOUtils.consumeAndClose(inputStreamReader);
                        return jSONObject;
                    }
                    Map<String, Map<String, String>> challengesFromAuthenticateHeader = MimeHelper.getChallengesFromAuthenticateHeader(httpURLConnection.getHeaderField("WWW-Authenticate"));
                    if (challengesFromAuthenticateHeader == null || !challengesFromAuthenticateHeader.containsKey("bearer")) {
                        throw new CmisOAuthException("Unauthorized!");
                    }
                    Map<String, String> map = challengesFromAuthenticateHeader.get("bearer");
                    String str = map.get("error");
                    String str2 = map.get("error_description");
                    String str3 = map.get("error_uri");
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Invalid OAuth token: {}", map.toString());
                    }
                    throw new CmisOAuthException("Unauthorized" + (str == null ? "" : ": " + str) + (str2 == null ? "" : ": " + str2), str, str2, str3);
                } catch (CmisConnectionException e) {
                    throw e;
                }
            } catch (Exception e2) {
                throw new CmisOAuthException("Parsing the OAuth token response failed: " + e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            IOUtils.consumeAndClose((Reader) null);
            throw th;
        }
    }

    private String extractCharset(HttpURLConnection httpURLConnection) {
        String str = "UTF-8";
        String contentType = httpURLConnection.getContentType();
        if (contentType != null) {
            String[] split = contentType.split(";");
            int i = 1;
            while (true) {
                if (i >= split.length) {
                    break;
                }
                String lowerCase = split[i].trim().toLowerCase(Locale.ENGLISH);
                if (lowerCase.startsWith("charset")) {
                    str = lowerCase.substring(lowerCase.indexOf(61) + 1).trim();
                    break;
                }
                i++;
            }
        }
        return str;
    }
}
