package net.accelbyte.sdk.core;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.math.BigInteger;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Base64;
import java.util.BitSet;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import net.accelbyte.sdk.api.iam.models.BloomFilterJSON;
import net.accelbyte.sdk.api.iam.models.OauthapiRevocationList;
import net.accelbyte.sdk.api.iam.models.OauthcommonJWKSet;
import net.accelbyte.sdk.api.iam.models.OauthmodelTokenResponse;
import net.accelbyte.sdk.api.iam.models.OauthmodelTokenWithDeviceCookieResponseV3;
import net.accelbyte.sdk.api.iam.operations.o_auth2_0.AuthorizeV3;
import net.accelbyte.sdk.api.iam.operations.o_auth2_0.GetJWKSV3;
import net.accelbyte.sdk.api.iam.operations.o_auth2_0.GetRevocationListV3;
import net.accelbyte.sdk.api.iam.operations.o_auth2_0.PlatformTokenGrantV3;
import net.accelbyte.sdk.api.iam.operations.o_auth2_0.TokenGrantV3;
import net.accelbyte.sdk.api.iam.operations.o_auth2_0.VerifyTokenV3;
import net.accelbyte.sdk.api.iam.operations.o_auth2_0_extension.UserAuthenticationV3;
import net.accelbyte.sdk.api.iam.wrappers.OAuth20;
import net.accelbyte.sdk.api.iam.wrappers.OAuth20Extension;
import net.accelbyte.sdk.core.Operation;
import net.accelbyte.sdk.core.client.HttpClient;
import net.accelbyte.sdk.core.repository.ConfigRepository;
import net.accelbyte.sdk.core.repository.TokenRefresh;
import net.accelbyte.sdk.core.repository.TokenRepository;
import net.accelbyte.sdk.core.repository.TokenValidation;
import net.accelbyte.sdk.core.util.BloomFilter;
import net.accelbyte.sdk.core.util.Helper;
import okhttp3.Credentials;
import org.apache.http.client.utils.URLEncodedUtils;

/* loaded from: input_file:net/accelbyte/sdk/core/AccelByteSDK.class */
public class AccelByteSDK {
    private static final String COOKIE_KEY_ACCESS_TOKEN = "access_token";
    private static final String LOGIN_USER_SCOPE = "commerce account social publishing analytics";
    private static final float TOKEN_REFRESH_RATIO = 0.8f;
    private static final String DEFAULT_CACHE_KEY = "default";
    private static final String CLAIM_PERMISSIONS = "permissions";
    private static final String CLAIM_SUB = "sub";
    private static final String PERMISSION_RESOURCE = "Resource";
    private static final String PERMISSION_ACTION = "Action";
    private AccelByteConfig sdkConfiguration;
    private final Timer refreshTokenTimer;
    private final Object refreshTokenTaskLock;
    private TimerTask refreshTokenTask;
    private final ReentrantLock refreshTokenMethodLock;
    private LoadingCache<String, Map<String, RSAPublicKey>> jwksCache;
    private LoadingCache<String, OauthapiRevocationList> revocationListCache;
    private static final Logger log = Logger.getLogger(AccelByteSDK.class.getName());
    private static final BloomFilter bloomFilter = new BloomFilter();

    public AccelByteSDK(HttpClient<?> httpClient, TokenRepository tokenRepository, ConfigRepository configRepository) {
        this(new AccelByteConfig(httpClient, tokenRepository, configRepository));
    }

    public AccelByteSDK(AccelByteConfig accelByteConfig) {
        this.refreshTokenTimer = new Timer("RefreshTokenTimer", true);
        this.refreshTokenTaskLock = new Object();
        this.refreshTokenTask = null;
        this.refreshTokenMethodLock = new ReentrantLock();
        this.sdkConfiguration = accelByteConfig;
        if (this.sdkConfiguration.getConfigRepository() instanceof TokenValidation) {
            TokenValidation tokenValidation = (TokenValidation) this.sdkConfiguration.getConfigRepository();
            if (tokenValidation.getLocalTokenValidationEnabled()) {
                this.jwksCache = buildJWKSLoadingCache(this, tokenValidation.getJwksRefreshInterval());
                this.revocationListCache = buildRevocationListLoadingCache(this, tokenValidation.getRevocationListRefreshInterval());
            }
        }
    }

    public AccelByteConfig getSdkConfiguration() {
        return this.sdkConfiguration;
    }

    public HttpResponse runRequest(Operation operation) throws Exception {
        String security = Operation.Security.Basic.toString();
        if (!operation.getPreferredSecurityMethod().isEmpty()) {
            security = operation.getPreferredSecurityMethod();
        } else if (operation.getSecurities().size() > 0) {
            security = operation.getSecurities().get(0);
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        Map<String, String> cookieParams = operation.getCookieParams();
        ConfigRepository configRepository = this.sdkConfiguration.getConfigRepository();
        String token = this.sdkConfiguration.getTokenRepository().getToken();
        if (Operation.Security.Basic.toString().equals(security)) {
            httpHeaders.put(HttpHeaders.AUTHORIZATION, Credentials.basic(configRepository.getClientId(), configRepository.getClientSecret()));
        } else if (Operation.Security.Bearer.toString().equals(security)) {
            if (token != null && !token.isEmpty()) {
                httpHeaders.put(HttpHeaders.AUTHORIZATION, Operation.Security.Bearer.toString() + " " + token);
            }
        } else if (Operation.Security.Cookie.toString().equals(security) && token != null && !token.isEmpty()) {
            cookieParams.put(COOKIE_KEY_ACCESS_TOKEN, token);
        }
        if (configRepository.isAmazonTraceId()) {
            httpHeaders.put(HttpHeaders.X_AMZN_TRACE_ID, Helper.generateAmazonTraceId(configRepository.getAmazonTraceIdVersion()));
        }
        if (configRepository.isClientInfoHeader()) {
            String sdkName = SDKInfo.getInstance().getSdkName();
            String sdkVersion = SDKInfo.getInstance().getSdkVersion();
            AppInfo appInfo = configRepository.getAppInfo();
            httpHeaders.put(HttpHeaders.USER_AGENT, String.format("%s/%s (%s/%s)", sdkName, sdkVersion, appInfo.getAppName(), appInfo.getAppVersion()));
        }
        if (cookieParams.size() > 0) {
            ArrayList arrayList = new ArrayList();
            for (Map.Entry<String, String> entry : cookieParams.entrySet()) {
                arrayList.add(URLEncoder.encode(entry.getKey(), StandardCharsets.UTF_8.toString()) + "=" + URLEncoder.encode(entry.getValue(), StandardCharsets.UTF_8.toString()));
            }
            httpHeaders.put(HttpHeaders.COOKIE, String.join("; ", arrayList));
        }
        return this.sdkConfiguration.getHttpClient().sendRequest(operation, this.sdkConfiguration.getConfigRepository().getBaseURL(), httpHeaders);
    }

    public boolean loginUser(String str, String str2) {
        String generateCodeVerifier = Helper.generateCodeVerifier();
        String generateCodeChallenge = Helper.generateCodeChallenge(generateCodeVerifier);
        String clientId = this.sdkConfiguration.getConfigRepository().getClientId();
        try {
            OAuth20 oAuth20 = new OAuth20(this);
            OAuth20Extension oAuth20Extension = new OAuth20Extension(this);
            AuthorizeV3 build = AuthorizeV3.builder().codeChallenge(generateCodeChallenge).codeChallengeMethodFromEnum(AuthorizeV3.CodeChallengeMethod.S256).scope(LOGIN_USER_SCOPE).clientId(clientId).responseTypeFromEnum(AuthorizeV3.ResponseType.Code).build();
            UserAuthenticationV3 build2 = UserAuthenticationV3.builder().clientId(clientId).userName(str).password(str2).requestId((String) URLEncodedUtils.parse(new URI(oAuth20.authorizeV3(build)), StandardCharsets.UTF_8).stream().filter(nameValuePair -> {
                return nameValuePair.getName().equals(build.getLocationQuery());
            }).findFirst().map((v0) -> {
                return v0.getValue();
            }).orElse(null)).build();
            String str3 = (String) URLEncodedUtils.parse(new URI(oAuth20Extension.userAuthenticationV3(build2)), StandardCharsets.UTF_8).stream().filter(nameValuePair2 -> {
                return nameValuePair2.getName().equals(build2.getLocationQuery());
            }).findFirst().map((v0) -> {
                return v0.getValue();
            }).orElse(null);
            if (str3 == null) {
                return false;
            }
            Instant now = Instant.now();
            OauthmodelTokenWithDeviceCookieResponseV3 oauthmodelTokenWithDeviceCookieResponseV3 = oAuth20.tokenGrantV3(TokenGrantV3.builder().clientId(clientId).code(str3).codeVerifier(generateCodeVerifier).grantTypeFromEnum(TokenGrantV3.GrantType.AuthorizationCode).build());
            TokenRepository tokenRepository = this.sdkConfiguration.getTokenRepository();
            tokenRepository.storeToken(oauthmodelTokenWithDeviceCookieResponseV3.getAccessToken());
            if (!(tokenRepository instanceof TokenRefresh)) {
                return true;
            }
            TokenRefresh tokenRefresh = (TokenRefresh) tokenRepository;
            long intValue = oauthmodelTokenWithDeviceCookieResponseV3.getExpiresIn().intValue() * TOKEN_REFRESH_RATIO;
            long intValue2 = oauthmodelTokenWithDeviceCookieResponseV3.getRefreshExpiresIn().intValue() * TOKEN_REFRESH_RATIO;
            tokenRefresh.setTokenExpiresAt(Date.from(now.plusSeconds(intValue)));
            tokenRefresh.storeRefreshToken(oauthmodelTokenWithDeviceCookieResponseV3.getRefreshToken());
            tokenRefresh.setRefreshTokenExpiresAt(Date.from(now.plusSeconds(intValue2)));
            scheduleRefreshTokenTask(intValue);
            return true;
        } catch (Exception e) {
            log.warning(e.getMessage());
            return false;
        }
    }

    public boolean loginClient() {
        try {
            OAuth20 oAuth20 = new OAuth20(this);
            Instant now = Instant.now();
            OauthmodelTokenWithDeviceCookieResponseV3 oauthmodelTokenWithDeviceCookieResponseV3 = oAuth20.tokenGrantV3(TokenGrantV3.builder().grantTypeFromEnum(TokenGrantV3.GrantType.ClientCredentials).build());
            TokenRepository tokenRepository = this.sdkConfiguration.getTokenRepository();
            tokenRepository.storeToken(oauthmodelTokenWithDeviceCookieResponseV3.getAccessToken());
            if (!(tokenRepository instanceof TokenRefresh)) {
                return true;
            }
            TokenRefresh tokenRefresh = (TokenRefresh) tokenRepository;
            long intValue = oauthmodelTokenWithDeviceCookieResponseV3.getExpiresIn().intValue() * TOKEN_REFRESH_RATIO;
            tokenRefresh.setTokenExpiresAt(Date.from(now.plusSeconds(intValue)));
            tokenRefresh.storeRefreshToken(null);
            tokenRefresh.setRefreshTokenExpiresAt(null);
            scheduleRefreshTokenTask(intValue);
            return true;
        } catch (Exception e) {
            log.warning(e.getMessage());
            return false;
        }
    }

    public boolean loginPlatform(String str, String str2) {
        try {
            OAuth20 oAuth20 = new OAuth20(this);
            Instant now = Instant.now();
            OauthmodelTokenResponse platformTokenGrantV3 = oAuth20.platformTokenGrantV3(PlatformTokenGrantV3.builder().platformId(str).platformToken(str2).build());
            TokenRepository tokenRepository = this.sdkConfiguration.getTokenRepository();
            tokenRepository.storeToken(platformTokenGrantV3.getAccessToken());
            if (!(tokenRepository instanceof TokenRefresh)) {
                return true;
            }
            TokenRefresh tokenRefresh = (TokenRefresh) tokenRepository;
            long intValue = platformTokenGrantV3.getExpiresIn().intValue() * TOKEN_REFRESH_RATIO;
            long intValue2 = platformTokenGrantV3.getRefreshExpiresIn().intValue() * TOKEN_REFRESH_RATIO;
            tokenRefresh.setTokenExpiresAt(Date.from(now.plusSeconds(intValue)));
            tokenRefresh.storeRefreshToken(platformTokenGrantV3.getRefreshToken());
            tokenRefresh.setRefreshTokenExpiresAt(Date.from(now.plusSeconds(intValue2)));
            scheduleRefreshTokenTask(intValue);
            return true;
        } catch (Exception e) {
            log.warning(e.getMessage());
            return false;
        }
    }

    public boolean refreshToken() {
        try {
            try {
                if (!this.refreshTokenMethodLock.tryLock()) {
                    this.refreshTokenMethodLock.unlock();
                    return false;
                }
                TokenRepository tokenRepository = this.sdkConfiguration.getTokenRepository();
                String token = tokenRepository.getToken();
                if (token == null || token.isEmpty()) {
                    this.refreshTokenMethodLock.unlock();
                    return false;
                }
                if (!(tokenRepository instanceof TokenRefresh)) {
                    this.refreshTokenMethodLock.unlock();
                    return false;
                }
                TokenRefresh tokenRefresh = (TokenRefresh) tokenRepository;
                Date tokenExpiresAt = tokenRefresh.getTokenExpiresAt();
                String refreshToken = tokenRefresh.getRefreshToken();
                boolean z = (refreshToken == null || refreshToken.isEmpty()) ? false : true;
                Date refreshTokenExpiresAt = z ? tokenRefresh.getRefreshTokenExpiresAt() : null;
                if (tokenExpiresAt == null) {
                    this.refreshTokenMethodLock.unlock();
                    return false;
                }
                if (!z) {
                    boolean loginClient = loginClient();
                    this.refreshTokenMethodLock.unlock();
                    return loginClient;
                }
                if (isExpired(refreshTokenExpiresAt)) {
                    this.refreshTokenMethodLock.unlock();
                    return false;
                }
                try {
                    Instant now = Instant.now();
                    OauthmodelTokenWithDeviceCookieResponseV3 oauthmodelTokenWithDeviceCookieResponseV3 = new OAuth20(this).tokenGrantV3(TokenGrantV3.builder().refreshToken(refreshToken).grantTypeFromEnum(TokenGrantV3.GrantType.RefreshToken).build());
                    long intValue = oauthmodelTokenWithDeviceCookieResponseV3.getExpiresIn().intValue() * TOKEN_REFRESH_RATIO;
                    long intValue2 = oauthmodelTokenWithDeviceCookieResponseV3.getRefreshExpiresIn().intValue() * TOKEN_REFRESH_RATIO;
                    tokenRepository.storeToken(oauthmodelTokenWithDeviceCookieResponseV3.getAccessToken());
                    tokenRefresh.setTokenExpiresAt(Date.from(now.plusSeconds(intValue)));
                    tokenRefresh.storeRefreshToken(oauthmodelTokenWithDeviceCookieResponseV3.getRefreshToken());
                    tokenRefresh.setRefreshTokenExpiresAt(Date.from(now.plusSeconds(intValue2)));
                    scheduleRefreshTokenTask(intValue);
                    this.refreshTokenMethodLock.unlock();
                    return true;
                } catch (Exception e) {
                    log.warning(e.getMessage());
                    this.refreshTokenMethodLock.unlock();
                    return false;
                }
            } catch (Exception e2) {
                log.warning(e2.getMessage());
                this.refreshTokenMethodLock.unlock();
                return false;
            }
        } catch (Throwable th) {
            this.refreshTokenMethodLock.unlock();
            throw th;
        }
    }

    public boolean validateToken(String str) {
        return validateToken(str, null, 0);
    }

    public boolean validateToken(String str, String str2, int i) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
            if ((this.jwksCache == null || this.revocationListCache == null) ? false : true) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) ((Map) this.jwksCache.get(DEFAULT_CACHE_KEY)).get(parse.getHeader().getKeyID());
                if (rSAPublicKey == null || !parse.verify(new RSASSAVerifier(rSAPublicKey)) || jWTClaimsSet.getExpirationTime() == null || jWTClaimsSet.getExpirationTime().before(new Date())) {
                    return false;
                }
                OauthapiRevocationList oauthapiRevocationList = (OauthapiRevocationList) this.revocationListCache.get(DEFAULT_CACHE_KEY);
                BloomFilterJSON revokedTokens = oauthapiRevocationList.getRevokedTokens();
                if (bloomFilter.mightContain(str, revokedTokens.getK().intValue(), BitSet.valueOf(revokedTokens.getBits().stream().mapToLong(bigInteger -> {
                    return Long.parseUnsignedLong(bigInteger.toString());
                }).toArray()), revokedTokens.getM().intValue())) {
                    return false;
                }
                String str3 = (String) jWTClaimsSet.getClaim(CLAIM_SUB);
                if (str3 != null && !str3.equals("") && oauthapiRevocationList.getRevokedUsers().stream().anyMatch(oauthcommonUserRevocationListRecord -> {
                    return str3.equals(oauthcommonUserRevocationListRecord.getId());
                })) {
                    return false;
                }
            } else {
                new OAuth20(this).verifyTokenV3(VerifyTokenV3.builder().token(str).build());
            }
            if (str2 == null) {
                return true;
            }
            for (Map map : (List) jWTClaimsSet.getClaim(CLAIM_PERMISSIONS)) {
                String obj = map.get(PERMISSION_RESOURCE).toString();
                int intValue = ((Long) map.get(PERMISSION_ACTION)).intValue();
                if (IsResourceAllowed(obj, str2) && IsActionAllowed(intValue, i)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            log.warning(e.getMessage());
            return false;
        }
    }

    public boolean logout() {
        try {
            TokenRepository tokenRepository = this.sdkConfiguration.getTokenRepository();
            tokenRepository.removeToken();
            if (!(tokenRepository instanceof TokenRefresh)) {
                return true;
            }
            TokenRefresh tokenRefresh = (TokenRefresh) tokenRepository;
            tokenRefresh.setTokenExpiresAt(null);
            tokenRefresh.removeRefreshToken();
            tokenRefresh.setRefreshTokenExpiresAt(null);
            cancelRefreshTokenTask();
            return true;
        } catch (Exception e) {
            log.warning(e.getMessage());
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void scheduleRefreshTokenTask(long j) {
        synchronized (this.refreshTokenTaskLock) {
            if (this.refreshTokenTask != null) {
                this.refreshTokenTask.cancel();
            }
            this.refreshTokenTask = new TimerTask() { // from class: net.accelbyte.sdk.core.AccelByteSDK.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    if (AccelByteSDK.this.refreshToken()) {
                        return;
                    }
                    AccelByteSDK.this.scheduleRefreshTokenTask(10L);
                }
            };
            this.refreshTokenTimer.schedule(this.refreshTokenTask, j * 1000);
        }
    }

    private void cancelRefreshTokenTask() {
        synchronized (this.refreshTokenTaskLock) {
            if (this.refreshTokenTask != null) {
                this.refreshTokenTask.cancel();
            }
        }
    }

    private static boolean isExpired(Date date) {
        return date.getTime() - Date.from(Instant.now()).getTime() <= 0;
    }

    private LoadingCache<String, Map<String, RSAPublicKey>> buildJWKSLoadingCache(final AccelByteSDK accelByteSDK, int i) {
        return CacheBuilder.newBuilder().refreshAfterWrite(i, TimeUnit.SECONDS).build(new CacheLoader<String, Map<String, RSAPublicKey>>() { // from class: net.accelbyte.sdk.core.AccelByteSDK.2
            public Map<String, RSAPublicKey> load(String str) throws Exception {
                OauthcommonJWKSet jwksv3 = new OAuth20(accelByteSDK).getJWKSV3(GetJWKSV3.builder().build());
                Base64.Decoder urlDecoder = Base64.getUrlDecoder();
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                return (Map) jwksv3.getKeys().stream().collect(Collectors.toMap((v0) -> {
                    return v0.getKid();
                }, oauthcommonJWKKey -> {
                    try {
                        return (RSAPublicKey) keyFactory.generatePublic(new RSAPublicKeySpec(new BigInteger(1, urlDecoder.decode(oauthcommonJWKKey.getN())), new BigInteger(1, urlDecoder.decode(oauthcommonJWKKey.getE()))));
                    } catch (InvalidKeySpecException e) {
                        AccelByteSDK.log.warning(e.getMessage());
                        return null;
                    }
                }));
            }
        });
    }

    private LoadingCache<String, OauthapiRevocationList> buildRevocationListLoadingCache(final AccelByteSDK accelByteSDK, int i) {
        return CacheBuilder.newBuilder().refreshAfterWrite(i, TimeUnit.SECONDS).build(new CacheLoader<String, OauthapiRevocationList>() { // from class: net.accelbyte.sdk.core.AccelByteSDK.3
            public OauthapiRevocationList load(String str) throws Exception {
                return new OAuth20(accelByteSDK).getRevocationListV3(GetRevocationListV3.builder().build());
            }
        });
    }

    private boolean IsResourceAllowed(String str, String str2) {
        String[] split = str.split(":");
        String[] split2 = str2.toString().split(":");
        int length = split.length < split2.length ? split.length : split2.length;
        for (int i = 0; i < length; i++) {
            if (!split[i].equals(split2[i]) && !split[i].equals("*")) {
                return false;
            }
        }
        if (split.length == split2.length) {
            return true;
        }
        if (split.length < split2.length) {
            if (!split[split.length - 1].equals("*")) {
                return false;
            }
            if (split.length < 2) {
                return true;
            }
            String str3 = split[split.length - 2];
            return (str3.equals("NAMESPACE") || str3.equals("USER")) ? false : true;
        }
        for (int length2 = split2.length; length2 < split.length; length2++) {
            if (split[length2] != "*") {
                return false;
            }
        }
        return true;
    }

    private boolean IsActionAllowed(int i, int i2) {
        return (i & i2) == i2;
    }
}
