package ch.cyberduck.core.oauth;

import ch.cyberduck.core.AlphanumericRandomStringService;
import ch.cyberduck.core.Credentials;
import ch.cyberduck.core.DefaultIOExceptionMappingService;
import ch.cyberduck.core.Host;
import ch.cyberduck.core.HostPasswordStore;
import ch.cyberduck.core.LocaleFactory;
import ch.cyberduck.core.LoginCallback;
import ch.cyberduck.core.LoginOptions;
import ch.cyberduck.core.exception.BackgroundException;
import ch.cyberduck.core.exception.LoginCanceledException;
import ch.cyberduck.core.exception.LoginFailureException;
import ch.cyberduck.core.http.HttpResponseExceptionMappingService;
import ch.cyberduck.core.local.BrowserLauncher;
import ch.cyberduck.core.local.BrowserLauncherFactory;
import ch.cyberduck.core.preferences.Preferences;
import ch.cyberduck.core.preferences.PreferencesFactory;
import ch.cyberduck.core.threading.CancelCallback;
import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.BearerToken;
import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.auth.oauth2.RefreshTokenRequest;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.auth.oauth2.TokenResponseException;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.apache.ApacheHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.HttpClient;
import org.apache.log4j.Logger;

/* loaded from: input_file:ch/cyberduck/core/oauth/OAuth2AuthorizationService.class */
public class OAuth2AuthorizationService {
    private static final Logger log = Logger.getLogger(OAuth2AuthorizationService.class);
    private static final String OOB_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
    private static final String CYBERDUCK_REDIRECT_URI = "x-cyberduck-action:oauth";
    private final Preferences preferences;
    private final JsonFactory json;
    private final String tokenServerUrl;
    private final String authorizationServerUrl;
    private final String clientid;
    private final String clientsecret;
    public final BrowserLauncher browser;
    private final List<String> scopes;
    private final Map<String, String> additionalParameters;
    private Credential.AccessMethod method;
    private String redirectUri;
    private final HttpTransport transport;

    /* loaded from: input_file:ch/cyberduck/core/oauth/OAuth2AuthorizationService$Tokens.class */
    public static final class Tokens {
        public static final Tokens EMPTY = new Tokens(null, null, Long.MAX_VALUE);
        private String accessToken;
        private String refreshToken;
        private Long expiryInMilliseconds;

        public Tokens(String str, String str2, Long l) {
            this.accessToken = str;
            this.refreshToken = str2;
            this.expiryInMilliseconds = l;
        }

        public boolean validate() {
            return StringUtils.isNotEmpty(this.accessToken);
        }

        public String getAccessToken() {
            return this.accessToken;
        }

        public String getRefreshToken() {
            return this.refreshToken;
        }

        public Long getExpiryInMilliseconds() {
            return this.expiryInMilliseconds;
        }

        public boolean isExpired() {
            return System.currentTimeMillis() >= this.expiryInMilliseconds.longValue();
        }

        public String toString() {
            StringBuilder sb = new StringBuilder("Tokens{");
            sb.append("accessToken='").append(this.accessToken).append('\'');
            sb.append(", refreshToken='").append(this.refreshToken).append('\'');
            sb.append('}');
            return sb.toString();
        }
    }

    public OAuth2AuthorizationService(HttpClient httpClient, String str, String str2, String str3, String str4, List<String> list) {
        this((HttpTransport) new ApacheHttpTransport(httpClient), str, str2, str3, str4, list);
    }

    public OAuth2AuthorizationService(HttpTransport httpTransport, String str, String str2, String str3, String str4, List<String> list) {
        this.preferences = PreferencesFactory.get();
        this.json = new GsonFactory();
        this.browser = BrowserLauncherFactory.get();
        this.additionalParameters = new HashMap();
        this.method = BearerToken.authorizationHeaderAccessMethod();
        this.redirectUri = OOB_REDIRECT_URI;
        this.transport = httpTransport;
        this.tokenServerUrl = str;
        this.authorizationServerUrl = str2;
        this.clientid = str3;
        this.clientsecret = str4;
        this.scopes = list;
    }

    public Tokens authorize(Host host, HostPasswordStore hostPasswordStore, LoginCallback loginCallback, CancelCallback cancelCallback) throws BackgroundException {
        Tokens find = find(hostPasswordStore, host);
        if (find.validate()) {
            if (!find.isExpired()) {
                return find;
            }
            try {
                return refresh(find);
            } catch (LoginFailureException e) {
                log.warn(String.format("Failure refreshing tokens from %s for %s", find, host));
            }
        }
        AuthorizationCodeFlow build = new AuthorizationCodeFlow.Builder(this.method, this.transport, this.json, new GenericUrl(this.tokenServerUrl), new ClientParametersAuthentication(this.clientid, this.clientsecret), this.clientid, this.authorizationServerUrl).setScopes(this.scopes).build();
        AuthorizationCodeRequestUrl newAuthorizationUrl = build.newAuthorizationUrl();
        newAuthorizationUrl.setRedirectUri(this.redirectUri);
        newAuthorizationUrl.setState(new AlphanumericRandomStringService().random());
        for (Map.Entry<String, String> entry : this.additionalParameters.entrySet()) {
            newAuthorizationUrl.set(entry.getKey(), entry.getValue());
        }
        String build2 = newAuthorizationUrl.build();
        if (!this.browser.open(build2)) {
            log.warn(String.format("Failed to launch web browser for %s", build2));
        }
        if (StringUtils.equals(CYBERDUCK_REDIRECT_URI, this.redirectUri)) {
            OAuth2TokenListenerRegistry.get().register(new OAuth2TokenListener() { // from class: ch.cyberduck.core.oauth.OAuth2AuthorizationService.1
                @Override // ch.cyberduck.core.oauth.OAuth2TokenListener
                public void callback(String str) {
                    OAuth2AuthorizationService.log.warn(String.format("Callback with code %s from redirect uri not currently handled.", str));
                }
            }, cancelCallback);
        }
        Credentials prompt = loginCallback.prompt(host, LocaleFactory.localizedString("OAuth2 Authentication", "Credentials"), LocaleFactory.localizedString("Paste the authentication code from your web browser", "Credentials"), new LoginOptions(host.getProtocol()).keychain(true).user(false).password(true).passwordPlaceholder(LocaleFactory.localizedString("Authentication Code", "Credentials")));
        try {
            if (StringUtils.isBlank(prompt.getPassword())) {
                throw new LoginCanceledException();
            }
            TokenResponse execute = build.newTokenRequest(prompt.getPassword()).setRedirectUri(this.redirectUri).setScopes(this.scopes.isEmpty() ? null : this.scopes).execute();
            Tokens tokens = new Tokens(execute.getAccessToken(), execute.getRefreshToken(), Long.valueOf(null == execute.getExpiresInSeconds() ? System.currentTimeMillis() : System.currentTimeMillis() + (execute.getExpiresInSeconds().longValue() * 1000)));
            if (prompt.isSaved()) {
                save(hostPasswordStore, host, tokens);
            }
            return tokens;
        } catch (HttpResponseException e2) {
            throw new HttpResponseExceptionMappingService().map(new org.apache.http.client.HttpResponseException(e2.getStatusCode(), e2.getStatusMessage()));
        } catch (IOException e3) {
            throw new DefaultIOExceptionMappingService().map(e3);
        } catch (TokenResponseException e4) {
            throw new OAuthExceptionMappingService().map(e4);
        }
    }

    public Tokens refresh(Tokens tokens) throws BackgroundException {
        if (StringUtils.isBlank(tokens.getRefreshToken())) {
            log.warn("Missing refresh token");
            return tokens;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Refresh expired tokens %s", tokens));
        }
        try {
            TokenResponse execute = new RefreshTokenRequest(this.transport, this.json, new GenericUrl(this.tokenServerUrl), tokens.getRefreshToken()).setClientAuthentication(new ClientParametersAuthentication(this.clientid, this.clientsecret)).execute();
            long currentTimeMillis = System.currentTimeMillis() + (execute.getExpiresInSeconds().longValue() * 1000);
            return StringUtils.isBlank(execute.getRefreshToken()) ? new Tokens(execute.getAccessToken(), tokens.getRefreshToken(), Long.valueOf(currentTimeMillis)) : new Tokens(execute.getAccessToken(), execute.getRefreshToken(), Long.valueOf(currentTimeMillis));
        } catch (HttpResponseException e) {
            throw new HttpResponseExceptionMappingService().map(new org.apache.http.client.HttpResponseException(e.getStatusCode(), e.getStatusMessage()));
        } catch (IOException e2) {
            throw new DefaultIOExceptionMappingService().map(e2);
        } catch (TokenResponseException e3) {
            throw new OAuthExceptionMappingService().map(e3);
        }
    }

    public Tokens find(HostPasswordStore hostPasswordStore, Host host) {
        long j = this.preferences.getLong(String.format("%s.oauth.expiry", host.getProtocol().getIdentifier()));
        String prefix = getPrefix(host);
        return new Tokens(hostPasswordStore.getPassword(host.getProtocol().getScheme(), host.getPort(), URI.create(this.tokenServerUrl).getHost(), String.format("%s OAuth2 Access Token", prefix)), hostPasswordStore.getPassword(host.getProtocol().getScheme(), host.getPort(), URI.create(this.tokenServerUrl).getHost(), String.format("%s OAuth2 Refresh Token", prefix)), Long.valueOf(j));
    }

    private void save(HostPasswordStore hostPasswordStore, Host host, Tokens tokens) {
        String prefix = getPrefix(host);
        if (StringUtils.isNotBlank(tokens.getAccessToken())) {
            hostPasswordStore.addPassword(host.getProtocol().getScheme(), host.getPort(), URI.create(this.tokenServerUrl).getHost(), String.format("%s OAuth2 Access Token", prefix), tokens.getAccessToken());
        }
        if (StringUtils.isNotBlank(tokens.refreshToken)) {
            hostPasswordStore.addPassword(host.getProtocol().getScheme(), host.getPort(), URI.create(this.tokenServerUrl).getHost(), String.format("%s OAuth2 Refresh Token", prefix), tokens.getRefreshToken());
        }
        if (tokens.expiryInMilliseconds != null) {
            this.preferences.setProperty(String.format("%s.oauth.expiry", host.getProtocol().getIdentifier()), tokens.expiryInMilliseconds.longValue());
        }
    }

    private String getPrefix(Host host) {
        return StringUtils.isNotBlank(host.getCredentials().getUsername()) ? String.format("%s (%s)", host.getProtocol().getDescription(), host.getCredentials().getUsername()) : host.getProtocol().getDescription();
    }

    public OAuth2AuthorizationService withMethod(Credential.AccessMethod accessMethod) {
        this.method = accessMethod;
        return this;
    }

    public OAuth2AuthorizationService withRedirectUri(String str) {
        this.redirectUri = str;
        return this;
    }

    public OAuth2AuthorizationService withParameter(String str, String str2) {
        this.additionalParameters.put(str, str2);
        return this;
    }
}
