package co.arago.hiro.client.connection.token;

import co.arago.hiro.client.connection.token.AbstractRemoteAuthTokenAPIHandler;
import co.arago.hiro.client.exceptions.AuthenticationTokenException;
import co.arago.hiro.client.exceptions.HiroException;
import co.arago.hiro.client.exceptions.HiroHttpException;
import co.arago.hiro.client.exceptions.TokenUnauthorizedException;
import co.arago.hiro.client.model.token.AuthorizeRequest;
import co.arago.hiro.client.model.token.CodeFlowTokenRequest;
import co.arago.hiro.client.model.token.TokenResponse;
import co.arago.hiro.client.util.PkceUtil;
import co.arago.hiro.client.util.httpclient.HttpHeaderMap;
import co.arago.hiro.client.util.httpclient.URIEncodedData;
import co.arago.util.validation.ValueChecks;
import java.io.IOException;
import java.net.URI;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/arago/hiro/client/connection/token/CodeFlowAuthTokenAPIHandler.class */
public class CodeFlowAuthTokenAPIHandler extends AbstractRemoteAuthTokenAPIHandler {
    static final Logger log = LoggerFactory.getLogger(CodeFlowAuthTokenAPIHandler.class);
    protected final String redirectURI;
    protected final String scope;
    private final PkceUtil pkceUtil;
    protected String code;
    protected String state;

    /* loaded from: input_file:co/arago/hiro/client/connection/token/CodeFlowAuthTokenAPIHandler$Builder.class */
    public static final class Builder extends Conf<Builder> {
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // co.arago.hiro.client.connection.AbstractAPIHandler.Conf
        public Builder self() {
            return this;
        }

        @Override // co.arago.hiro.client.connection.token.CodeFlowAuthTokenAPIHandler.Conf, co.arago.hiro.client.connection.token.AbstractRemoteAuthTokenAPIHandler.Conf, co.arago.hiro.client.connection.token.AbstractTokenAPIHandler.Conf, co.arago.hiro.client.connection.AbstractVersionAPIHandler.Conf, co.arago.hiro.client.connection.AbstractAPIHandler.Conf
        public CodeFlowAuthTokenAPIHandler build() {
            return new CodeFlowAuthTokenAPIHandler(this);
        }
    }

    /* loaded from: input_file:co/arago/hiro/client/connection/token/CodeFlowAuthTokenAPIHandler$Conf.class */
    public static abstract class Conf<T extends Conf<T>> extends AbstractRemoteAuthTokenAPIHandler.Conf<T> {
        private String redirectURI;
        private String scope;

        public String getRedirectURI() {
            return this.redirectURI;
        }

        public T setRedirectURI(String str) {
            this.redirectURI = str;
            return (T) self();
        }

        public String getScope() {
            return this.scope;
        }

        public T setScope(String str) {
            this.scope = str;
            return (T) self();
        }

        public T setCredentials(String str, String str2) {
            setRedirectURI(str);
            setClientId(str2);
            return (T) self();
        }

        @Override // co.arago.hiro.client.connection.token.AbstractRemoteAuthTokenAPIHandler.Conf, co.arago.hiro.client.connection.token.AbstractTokenAPIHandler.Conf, co.arago.hiro.client.connection.AbstractVersionAPIHandler.Conf, co.arago.hiro.client.connection.AbstractAPIHandler.Conf
        public abstract CodeFlowAuthTokenAPIHandler build();
    }

    protected CodeFlowAuthTokenAPIHandler(Conf<?> conf) {
        super(conf);
        this.pkceUtil = new PkceUtil();
        this.redirectURI = ValueChecks.notBlank(conf.getRedirectURI(), "redirectURI");
        this.scope = conf.getScope();
    }

    public static Conf<?> newBuilder() {
        return new Builder();
    }

    public URI getAuthorizeURI() throws HiroException, IOException, InterruptedException {
        try {
            this.state = PkceUtil.generateRandomBase64(16);
            this.pkceUtil.initialize();
            return addQueryFragmentAndNormalize(getURI("authorize"), new URIEncodedData((Map<String, ?>) new AuthorizeRequest(this.clientId, this.redirectURI, this.pkceUtil.getCodeChallenge(), this.pkceUtil.getCodeChallengeMethod(), this.state, this.scope).toMap()), null);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public void handleAuthorizeCallback(String str, String str2) throws AuthenticationTokenException {
        if (!StringUtils.equals(str, this.state)) {
            throw new AuthenticationTokenException("The parameter 'state' of the callback does not match.", 400, null);
        }
        this.code = str2;
    }

    @Override // co.arago.hiro.client.connection.token.AbstractRemoteAuthTokenAPIHandler
    protected void requestToken(String str, String str2) throws IOException, InterruptedException, HiroException {
        if (StringUtils.isBlank(this.code)) {
            throw new TokenUnauthorizedException("parameter \"code\" has either been used before or never been set.", 400, null);
        }
        if (str != null) {
            this.organization = str;
        }
        if (str2 != null) {
            this.organizationId = str2;
        }
        if (Float.parseFloat(getVersionMap().getVersionEntryOf("auth").version) < 6.6f) {
            throw new HiroHttpException("Auth api version /api/auth/[version] has to be at least 6.6.", 500, null);
        }
        this.tokenInfo.parse((TokenResponse) post(TokenResponse.class, getURI("token"), new CodeFlowTokenRequest(this.code, this.pkceUtil.getCodeVerifier(), this.redirectURI, this.clientId, this.clientSecret, str, str2).toURIEncodedStringRemoveBlanks(), new HttpHeaderMap(Map.of("Content-Type", "application/x-www-form-urlencoded")), this.httpRequestTimeout, Integer.valueOf(this.maxRetries)));
        this.code = null;
    }

    @Override // co.arago.hiro.client.connection.token.AbstractRemoteAuthTokenAPIHandler, co.arago.hiro.client.connection.token.TokenAPIHandler
    public synchronized void refreshToken() throws HiroException, IOException, InterruptedException {
        if (!hasRefreshToken()) {
            throw new AuthenticationTokenException("no refresh token available", 400, null);
        }
        super.refreshToken();
    }
}
