package org.eclipse.userstorage.oauth;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.fluent.Request;
import org.apache.http.client.utils.DateUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.eclipse.core.runtime.Status;
import org.eclipse.jface.window.IShellProvider;
import org.eclipse.userstorage.IStorageService;
import org.eclipse.userstorage.internal.Activator;
import org.eclipse.userstorage.internal.oauth.AuthToken;
import org.eclipse.userstorage.internal.oauth.OAuthCredentialsPersistence;
import org.eclipse.userstorage.internal.oauth.UIFacade;
import org.eclipse.userstorage.internal.oauth.ui.SWTInternalBrowserFacade;
import org.eclipse.userstorage.internal.util.AES;
import org.eclipse.userstorage.internal.util.IOUtil;
import org.eclipse.userstorage.internal.util.JSONUtil;
import org.eclipse.userstorage.internal.util.ProxyUtil;
import org.eclipse.userstorage.internal.util.StringUtil;
import org.eclipse.userstorage.spi.Credentials;

/* loaded from: input_file:org/eclipse/userstorage/oauth/EclipseOAuthCredentialsProvider.class */
public final class EclipseOAuthCredentialsProvider extends OAuthCredentialsProvider {
    private static final String CONSENT_REQUIRED_ERROR_ID = "consent_required";
    private static final String AUTHORIZATION = "Authorization";
    private static final boolean DEBUG = Boolean.getBoolean("org.eclipse.userstorage.session.debug");
    private static final String PLUGIN_ID = "org.eclipse.userstorage.oauth";
    private OAuthCredentialsPersistence persister;
    UIFacade uiFacade;
    private boolean interactive;

    private static void debug(String str) {
        if (DEBUG) {
            System.out.println("<EclipseOAuthCredentialsProvider> " + str);
        }
    }

    private static void log(int i, String str, Throwable th) {
        Activator.log(new Status(i, PLUGIN_ID, str, th));
    }

    public EclipseOAuthCredentialsProvider(String str, String str2, String[] strArr, URI uri) throws URISyntaxException {
        this(null, str, str2, strArr, uri);
    }

    public EclipseOAuthCredentialsProvider(URI uri, String str, String str2, String[] strArr, URI uri2) {
        super(uri, str, str2, strArr, uri2);
        this.interactive = true;
        this.persister = OAuthCredentialsPersistence.standard();
        this.uiFacade = new SWTInternalBrowserFacade();
    }

    public EclipseOAuthCredentialsProvider(OAuthParameters oAuthParameters) {
        super(oAuthParameters);
        this.interactive = true;
        this.persister = OAuthCredentialsPersistence.standard();
        this.uiFacade = new SWTInternalBrowserFacade();
    }

    public void setShell(IShellProvider iShellProvider) {
        if (this.uiFacade instanceof SWTInternalBrowserFacade) {
            ((SWTInternalBrowserFacade) this.uiFacade).setShell(iShellProvider);
        }
    }

    public Credentials provideCredentials(IStorageService iStorageService, boolean z) {
        if (!z) {
            try {
                AuthToken refreshAuthToken = refreshAuthToken(iStorageService);
                if (refreshAuthToken != null) {
                    debug("Returning cached credentials");
                    return asCredentials(iStorageService, refreshAuthToken);
                }
            } catch (IOException e) {
                log(2, "Unable to fetch credential", e);
                return null;
            } catch (URISyntaxException e2) {
                log(2, "Invalid parameters", e2);
                return null;
            }
        }
        if (!isInteractive()) {
            debug("Non-interactive login process failed");
            return null;
        }
        debug("Starting OAuth authorization process");
        URI obtainAuthCode = this.uiFacade.obtainAuthCode(iStorageService.getServiceLabel(), getAuthorizationURI(iStorageService), getRegisteredCallback());
        if (obtainAuthCode == null) {
            debug("User Cancelled login process");
            return null;
        }
        String findValue = findValue(new URIBuilder(obtainAuthCode).getQueryParams(), "error");
        if (findValue != null) {
            if (CONSENT_REQUIRED_ERROR_ID.equals(findValue)) {
                debug("User cancelled authorization");
                return null;
            }
            debug("Remote reported OAuth Error: " + obtainAuthCode.getRawQuery());
            this.uiFacade.showError("OAuth Error", "An error occurred retrieving during the authorization process.", new Status(4, PLUGIN_ID, "Error returned: " + obtainAuthCode.getRawQuery()));
            return null;
        }
        debug("Login success: retrieving access token...");
        AuthToken requestAuthToken = requestAuthToken(iStorageService, obtainAuthCode);
        if (requestAuthToken != null) {
            return asCredentials(iStorageService, requestAuthToken);
        }
        debug("Failed to turn Access Code -> Auth Token");
        this.uiFacade.showError("OAuth Error", "Unable to retrieve Authorization Code", new Status(4, PLUGIN_ID, "Unable to turn authorization code to an authoriation token"));
        return null;
    }

    private String findValue(List<NameValuePair> list, String str) {
        for (NameValuePair nameValuePair : list) {
            if (str.equals(nameValuePair.getName())) {
                return nameValuePair.getValue();
            }
        }
        return null;
    }

    public Request configureRequest(Request request, URI uri, Credentials credentials) {
        AuthToken deserialize = AuthToken.deserialize(credentials.getPassword());
        return request.addHeader(AUTHORIZATION, String.valueOf(deserialize.getTokenType()) + " " + deserialize.getAccessToken());
    }

    public boolean isValid(Credentials credentials) {
        if (!super.isValid(credentials)) {
            return false;
        }
        try {
            AuthToken deserialize = AuthToken.deserialize(credentials.getPassword());
            if (deserialize == null || deserialize.isExpired()) {
                return false;
            }
            return hasRequiredScopes(deserialize.getScopes());
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    private boolean hasRequiredScopes(Set<String> set) {
        for (String str : getScopes()) {
            if (!set.contains(str)) {
                return false;
            }
        }
        return true;
    }

    public Credentials getCredentials(IStorageService iStorageService) {
        AuthToken retrieveStoredAuthToken = retrieveStoredAuthToken(iStorageService);
        if (retrieveStoredAuthToken == null || retrieveStoredAuthToken.isExpired()) {
            return null;
        }
        return asCredentials(iStorageService, retrieveStoredAuthToken);
    }

    public boolean hasCredentials(IStorageService iStorageService) {
        AuthToken retrieveStoredAuthToken = retrieveStoredAuthToken(iStorageService);
        return (retrieveStoredAuthToken == null || retrieveStoredAuthToken.isExpired()) ? false : true;
    }

    private AuthToken requestAuthToken(IStorageService iStorageService, URI uri) throws URISyntaxException, IOException {
        Matcher matcher = Pattern.compile(".*[?&]code=([^&]+).*").matcher(uri.toASCIIString());
        if (!matcher.matches()) {
            debug("OAuth Access Code URI doesn't have an access code!");
            return null;
        }
        String group = matcher.group(1);
        URI build = new URIBuilder(getAuthorizationServiceBaseURI(iStorageService)).setPath("/oauth2/token").build();
        HttpResponse returnResponse = ProxyUtil.proxyAuthentication(this.executor, build).execute(Request.Post(build).bodyForm(new NameValuePair[]{new BasicNameValuePair("grant_type", "authorization_code"), new BasicNameValuePair("client_id", getClientId()), new BasicNameValuePair("client_secret", getClientSecret()), new BasicNameValuePair("redirect_uri", getRegisteredCallback().toASCIIString()), new BasicNameValuePair("code", group)})).returnResponse();
        if (returnResponse.getStatusLine().getStatusCode() != 200) {
            log(4, "Authorization/authentication failed: " + returnResponse, null);
            return null;
        }
        AuthToken authToken = new AuthToken(EntityUtils.toString(returnResponse.getEntity()), DateUtils.parseDate(returnResponse.getFirstHeader("Date").getValue()));
        persistAuthToken(iStorageService, authToken, retrieveUserDetails(iStorageService, authToken));
        return authToken;
    }

    private String retrieveUserDetails(IStorageService iStorageService, AuthToken authToken) {
        if (!contains(getScopes(), "profile")) {
            return null;
        }
        try {
            URI build = new URIBuilder(iStorageService.getServiceURI()).setPath("/account/profile").build();
            HttpResponse returnResponse = ProxyUtil.proxyAuthentication(this.executor, build).execute(Request.Get(build).addHeader("Accept", ContentType.APPLICATION_JSON.getMimeType()).addHeader("Content-Type", ContentType.APPLICATION_JSON.getMimeType()).addHeader("User-Agent", "uss/1.0.0").addHeader(AUTHORIZATION, String.valueOf(authToken.getTokenType()) + " " + authToken.getAccessToken())).returnResponse();
            if (returnResponse.getStatusLine().getStatusCode() != 200) {
                return null;
            }
            Object parse = JSONUtil.parse(IOUtil.streamUTF(EntityUtils.toString(returnResponse.getEntity())), (String) null);
            if ((parse instanceof List) && (((List) parse).get(0) instanceof Map)) {
                return (String) ((Map) ((List) parse).get(0)).get("mail");
            }
            throw new IllegalArgumentException("not a valid profile object");
        } catch (IOException e) {
            log(2, "Unable to parse user profile information", e);
            return null;
        } catch (URISyntaxException e2) {
            log(2, "Unable to construct remote URI", e2);
            return null;
        } catch (ClientProtocolException e3) {
            log(2, "Unable to request user profile information", e3);
            return null;
        }
    }

    private boolean contains(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    private AuthToken refreshAuthToken(IStorageService iStorageService) {
        AuthToken retrieveStoredAuthToken = retrieveStoredAuthToken(iStorageService);
        if (retrieveStoredAuthToken == null) {
            return null;
        }
        if (retrieveStoredAuthToken.getRefreshToken() == null) {
            discardStoredAuthToken(iStorageService);
            return null;
        }
        try {
            URI build = new URIBuilder(getAuthorizationServiceBaseURI(iStorageService)).setPath("/oauth2/token").build();
            HttpResponse returnResponse = ProxyUtil.proxyAuthentication(this.executor, build).execute(Request.Post(build).bodyForm(new NameValuePair[]{new BasicNameValuePair("grant_type", "refresh_token"), new BasicNameValuePair("refresh_token", retrieveStoredAuthToken.getRefreshToken()), new BasicNameValuePair("client_id", getClientId()), new BasicNameValuePair("client_secret", getClientSecret())})).returnResponse();
            if (returnResponse.getStatusLine().getStatusCode() != 200) {
                log(2, "Authorization/authentication failed when refreshing auth token: " + returnResponse, null);
                discardStoredAuthToken(iStorageService);
                return null;
            }
            AuthToken authToken = new AuthToken(EntityUtils.toString(returnResponse.getEntity()), DateUtils.parseDate(returnResponse.getFirstHeader("Date").getValue()));
            persistAuthToken(iStorageService, authToken, retrieveUserDetails(iStorageService, authToken));
            return authToken;
        } catch (IOException e) {
            log(4, "Unparseable response", e);
            return null;
        } catch (URISyntaxException e2) {
            log(4, "Invalid URI", e2);
            return null;
        }
    }

    private AuthToken retrieveStoredAuthToken(IStorageService iStorageService) {
        try {
            String accountToken = this.persister.getAccountToken(getClientId(), getAuthorizationServiceBaseURI(iStorageService).toString());
            if (accountToken == null) {
                return null;
            }
            return AuthToken.deserialize(AES.decrypt(accountToken, getClientSecretAsChars()));
        } catch (IllegalArgumentException e) {
            log(2, "Unable to deserialize stored token", e);
            return null;
        } catch (GeneralSecurityException e2) {
            log(2, "Unable to decrypt stored token", e2);
            return null;
        }
    }

    private void discardStoredAuthToken(IStorageService iStorageService) {
        this.persister.removeAccountToken(getClientId(), getAuthorizationServiceBaseURI(iStorageService).toString());
    }

    private void persistAuthToken(IStorageService iStorageService, AuthToken authToken, String str) {
        try {
            this.persister.putAccountToken(getClientId(), getAuthorizationServiceBaseURI(iStorageService).toString(), AES.encrypt(authToken.serialize(), getClientSecretAsChars()), str);
        } catch (IOException e) {
            log(4, "Unable to serialize auth token for storage", e);
        } catch (GeneralSecurityException e2) {
            log(4, "Unable to encrypt auth token for storage", e2);
        }
    }

    private Credentials asCredentials(IStorageService iStorageService, AuthToken authToken) {
        try {
            return new Credentials(iStorageService.getServiceURI() + "|" + getClientId(), authToken.serialize());
        } catch (IOException e) {
            log(2, "Unable to serialize auth token", e);
            return null;
        }
    }

    protected URI getAuthorizationURI(IStorageService iStorageService) throws URISyntaxException {
        return new URIBuilder(getAuthorizationServiceBaseURI(iStorageService)).setPath("/oauth2/authorize").addParameter("response_type", "code").addParameter("client_id", getClientId()).addParameter("client_secret", getClientSecret()).addParameter("scope", StringUtil.join(" ", getScopes())).addParameter("redirect_uri", getRegisteredCallback().toASCIIString()).addParameter("state", this.stateCode).build();
    }

    public boolean isInteractive() {
        return this.interactive;
    }

    public void setInteractive(boolean z) {
        this.interactive = z;
    }
}
