package cn.authing.sdk.java.client;

import cn.authing.sdk.java.bean.AfterLoginRequest;
import cn.authing.sdk.java.bean.BeforeLoginRequest;
import cn.authing.sdk.java.bean.CasParams;
import cn.authing.sdk.java.bean.CodeChallengeDigestParam;
import cn.authing.sdk.java.bean.LogoutParams;
import cn.authing.sdk.java.bean.OauthParams;
import cn.authing.sdk.java.bean.OidcParams;
import cn.authing.sdk.java.bean.OpenapiRequest;
import cn.authing.sdk.java.bean.SamlParams;
import cn.authing.sdk.java.constant.OpenapiPublicParams;
import cn.authing.sdk.java.constant.PasswordSecurityLevel;
import cn.authing.sdk.java.constant.ProtocolEnum;
import cn.authing.sdk.java.util.EncryptUtils;
import cn.authing.sdk.java.util.HttpUtils;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.http.impl.client.CloseableHttpClient;

/* loaded from: input_file:cn/authing/sdk/java/client/AuthClient.class */
public class AuthClient extends AuthingBaseClient {
    private static final String PASSWORD_HIGH_LEVEL = "[a-z](?=.*[A-Z])(?=.*\\\\d)[\\\\^]{12,}\\$";
    private static final String PASSWORD_MIDDLE_LEVEL = "^(?=.*[a-zA-Z])(?=.*\\\\d)[\\\\^]{8,}\\$";
    protected String appId;
    protected ProtocolEnum protocol;
    protected String redirectUri;

    public AuthClient() {
    }

    public AuthClient(String str, String str2) {
        super(str);
        this.appId = str2;
    }

    public AuthClient(String str) {
        super(str);
    }

    public AuthClient(String str, CloseableHttpClient closeableHttpClient) {
        super(str, closeableHttpClient);
    }

    public <R> R execute(BeforeLoginRequest beforeLoginRequest, Class<R> cls) {
        return (R) super.execute(beforeLoginRequest, cls, (String) null);
    }

    public <R> R execute(BeforeLoginRequest beforeLoginRequest, Class<R> cls, String str, String str2) {
        return (R) super.execute((OpenapiRequest) beforeLoginRequest, (Class) cls, str, str2);
    }

    public <R> R execute(AfterLoginRequest afterLoginRequest, Class<R> cls, String str) {
        return (R) super.execute((OpenapiRequest) afterLoginRequest, (Class) cls, str);
    }

    public <R> R execute(AfterLoginRequest afterLoginRequest, Class<R> cls, String str, String str2) {
        return (R) super.execute((OpenapiRequest) afterLoginRequest, (Class) cls, str, str2);
    }

    public PasswordSecurityLevel computedPasswordSecurityLevel(String str) {
        return Pattern.matches(PASSWORD_HIGH_LEVEL, str) ? PasswordSecurityLevel.HIGH : Pattern.matches(PASSWORD_MIDDLE_LEVEL, str) ? PasswordSecurityLevel.MIDDLE : PasswordSecurityLevel.LOW;
    }

    public String buildAuthorizeUrl(SamlParams samlParams) {
        String endpoint = samlParams.getEndpoint();
        if (endpoint == null) {
            endpoint = this.endpoint;
        }
        String appId = samlParams.getAppId();
        if (appId == null) {
            appId = this.appId;
        }
        return endpoint + "/api/v2/saml-idp/" + appId;
    }

    public String buildAuthorizeUrl(OidcParams oidcParams) {
        String endpoint = oidcParams.getEndpoint();
        if (endpoint == null) {
            endpoint = this.endpoint;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(OpenapiPublicParams.CLIENT_ID, oidcParams.getAppId() != null ? oidcParams.getAppId() : this.appId);
        hashMap.put("scope", oidcParams.getScope() != null ? oidcParams.getScope() : "openid profile email phone address");
        hashMap.put("state", oidcParams.getState() != null ? oidcParams.getState() : HttpUtils.randomString(12));
        hashMap.put("nonce", oidcParams.getNonce() != null ? oidcParams.getNonce() : HttpUtils.randomString(12));
        hashMap.put("response_mode", oidcParams.getResponseMode() != null ? oidcParams.getResponseMode() : null);
        hashMap.put("response_type", oidcParams.getResponseType() != null ? oidcParams.getResponseType() : "code");
        hashMap.put("redirect_uri", oidcParams.getRedirectUri() != null ? oidcParams.getRedirectUri() : this.redirectUri);
        hashMap.put("prompt", (oidcParams.getPrompt() == null || !oidcParams.getScope().contains("offline_access")) ? null : "consent");
        return HttpUtils.buildUrl(endpoint + "/oidc/auth", hashMap);
    }

    public String buildAuthorizeUrl(OauthParams oauthParams) {
        String endpoint = oauthParams.getEndpoint();
        if (endpoint == null) {
            endpoint = this.endpoint;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(OpenapiPublicParams.CLIENT_ID, oauthParams.getAppId() != null ? oauthParams.getAppId() : this.appId);
        hashMap.put("scope", oauthParams.getScope() != null ? oauthParams.getScope() : "user");
        hashMap.put("state", oauthParams.getState() != null ? oauthParams.getState() : HttpUtils.randomString(12));
        hashMap.put("response_type", oauthParams.getResponseType() != null ? oauthParams.getResponseType() : "code");
        hashMap.put("redirect_uri", oauthParams.getRedirectUri() != null ? oauthParams.getRedirectUri() : this.redirectUri);
        return HttpUtils.buildUrl(endpoint + "/oauth/auth", hashMap);
    }

    public String buildAuthorizeUrl(CasParams casParams) {
        String endpoint = casParams.getEndpoint();
        if (endpoint == null) {
            endpoint = this.endpoint;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("service", casParams.getService() != null ? casParams.getService() : null);
        return HttpUtils.buildUrl(endpoint + "/cas-idp/" + (casParams.getAppId() != null ? casParams.getAppId() : this.appId), hashMap);
    }

    public String buildLogoutUrl(LogoutParams logoutParams) {
        String buildEasyLogoutUrl;
        if (logoutParams.getEndpoint() == null) {
            logoutParams.setEndpoint(this.endpoint);
        }
        if (logoutParams.getProtocol() == null) {
            logoutParams.setProtocol(this.protocol);
        }
        switch (logoutParams.getProtocol()) {
            case CAS:
                buildEasyLogoutUrl = buildCasLogoutUrl(logoutParams);
                break;
            case OIDC:
                if (logoutParams.getExpert() != null) {
                    buildEasyLogoutUrl = buildOidcLogoutUrl(logoutParams);
                    break;
                }
            case OAUTH:
            case SAML:
            default:
                buildEasyLogoutUrl = buildEasyLogoutUrl(logoutParams);
                break;
        }
        return buildEasyLogoutUrl;
    }

    public String generateCodeChallenge() {
        return HttpUtils.randomString(43);
    }

    public String getCodeChallengeDigest(CodeChallengeDigestParam codeChallengeDigestParam) {
        String codeChallenge = codeChallengeDigestParam.getCodeChallenge();
        String method = codeChallengeDigestParam.getMethod();
        if (codeChallenge == null || "".equals(codeChallenge)) {
            throw new IllegalArgumentException("请提供 options.codeChallenge，值为一个长度大于等于 43 的字符串");
        }
        if (method == null || "".equals(method) || "S256".equals(method)) {
            return new String(Base64.getEncoder().encode(EncryptUtils.sha256Encrypt(codeChallenge)), StandardCharsets.UTF_8).replaceAll("\\+", "-").replaceAll("/", "_").replaceAll("=", "");
        }
        if ("plain".equals(method)) {
            return codeChallenge;
        }
        throw new IllegalArgumentException("不支持的 options.method，可选值为 S256、plain");
    }

    private String buildEasyLogoutUrl(LogoutParams logoutParams) {
        HashMap hashMap = new HashMap();
        hashMap.put("redirect_uri", logoutParams.getRedirectUri());
        return HttpUtils.buildUrl(this.endpoint + "/login/profile/logout", hashMap);
    }

    private String buildOidcLogoutUrl(LogoutParams logoutParams) {
        String endpoint = logoutParams.getEndpoint();
        String redirectUri = logoutParams.getRedirectUri();
        String idToken = logoutParams.getIdToken();
        if ((redirectUri == null) ^ (idToken == null)) {
            return endpoint + "/oidc/session/end";
        }
        HashMap hashMap = new HashMap();
        hashMap.put("id_token_hint", idToken);
        hashMap.put("post_logout_redirect_uri", "redirectUri");
        return HttpUtils.buildUrl(endpoint + "/oidc/session/end", hashMap);
    }

    private String buildCasLogoutUrl(LogoutParams logoutParams) {
        HashMap hashMap = new HashMap();
        hashMap.put("url", logoutParams.getRedirectUri());
        return HttpUtils.buildUrl(logoutParams.getEndpoint() + "/cas-idp/logout", hashMap);
    }

    @Override // cn.authing.sdk.java.client.AuthingBaseClient
    protected Map<String, String> getAddedHeaders() {
        HashMap hashMap = new HashMap();
        hashMap.put("x-authing-app-id", getAppId());
        return hashMap;
    }

    public String getAppId() {
        return this.appId;
    }

    public void setAppId(String str) {
        this.appId = str;
    }

    public ProtocolEnum getProtocol() {
        return this.protocol;
    }

    public void setProtocol(ProtocolEnum protocolEnum) {
        this.protocol = protocolEnum;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public void setRedirectUri(String str) {
        this.redirectUri = str;
    }
}
