package com.impactupgrade.nucleus.client;

import com.auth0.jwt.JWT;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.fasterxml.jackson.annotation.JsonAlias;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.base.Strings;
import com.impactupgrade.nucleus.entity.Organization;
import com.impactupgrade.nucleus.environment.Environment;
import com.impactupgrade.nucleus.environment.EnvironmentConfig;
import com.impactupgrade.nucleus.util.HttpClient;
import java.time.Instant;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.ws.rs.core.Form;
import org.apache.commons.collections.MapUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.json.JSONObject;

/* loaded from: input_file:com/impactupgrade/nucleus/client/OAuthClient.class */
public abstract class OAuthClient extends DBConfiguredClient {
    private static final Logger log = LogManager.getLogger(OAuthClient.class);
    protected final String name;
    protected OAuthContext oAuthContext;

    /* loaded from: input_file:com/impactupgrade/nucleus/client/OAuthClient$ClientCredentialsOAuthContext.class */
    public static final class ClientCredentialsOAuthContext extends OAuthContext {
        private final String clientId;
        private final String clientSecret;

        public ClientCredentialsOAuthContext(EnvironmentConfig.Platform platform, String str, boolean z) {
            super(platform, str, z);
            this.clientId = platform.clientId;
            this.clientSecret = platform.clientSecret;
        }

        @Override // com.impactupgrade.nucleus.client.OAuthClient.OAuthContext
        public Tokens getTokens() {
            OAuthClient.log.info("getting new tokens for client id and client secret...");
            HashMap hashMap = new HashMap();
            hashMap.put("client_id", this.clientId);
            hashMap.put("client_secret", this.clientSecret);
            hashMap.put("grant_type", "client_credentials");
            OAuthClient.mergeAdditionalParams(hashMap, this.getTokensAdditionalParams);
            TokenResponse tokenResponse = OAuthClient.getTokenResponse(this.tokenUrl, this.getTokensAdditionalHeaders, hashMap);
            if (tokenResponse == null) {
                OAuthClient.log.warn("failed to get new tokens for client_id={}", this.clientId);
            }
            return OAuthClient.toTokens(tokenResponse);
        }

        @Override // com.impactupgrade.nucleus.client.OAuthClient.OAuthContext
        public /* bridge */ /* synthetic */ OAuthContext refresh() {
            return super.refresh();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/impactupgrade/nucleus/client/OAuthClient$OAuthContext.class */
    public static abstract class OAuthContext {
        protected Tokens tokens;
        protected final String tokenUrl;
        protected final boolean enableRefresh;
        protected Map<String, String> getTokensAdditionalHeaders;
        protected Map<String, String> getTokensAdditionalParams;
        protected Map<String, String> refreshTokensAdditionalHeaders;
        protected Map<String, String> refreshTokensAdditionalParams;

        public OAuthContext(EnvironmentConfig.Platform platform, String str, boolean z) {
            this.tokens = new Tokens(platform.accessToken, platform.expiresAt != null ? Date.from(Instant.ofEpochSecond(platform.expiresAt.longValue())) : null, platform.refreshToken);
            this.tokenUrl = str;
            this.enableRefresh = z;
        }

        public OAuthContext refresh() {
            if (this.tokens.isValid()) {
                OAuthClient.log.info("access token is still valid - returning as-is...");
                return this;
            }
            if (this.enableRefresh) {
                this.tokens = refreshTokens();
            }
            if (this.tokens == null || !this.tokens.isValid()) {
                this.tokens = getTokens();
            }
            return this;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public String accessToken() {
            if (this.tokens != null) {
                return this.tokens.accessToken;
            }
            return null;
        }

        protected Date expiresAt() {
            if (this.tokens != null) {
                return this.tokens.expiresAt;
            }
            return null;
        }

        protected String refreshToken() {
            if (this.tokens != null) {
                return this.tokens.refreshToken;
            }
            return null;
        }

        protected Tokens refreshTokens() {
            if (this.tokens == null) {
                OAuthClient.log.warn("can't refresh null!");
                return null;
            }
            OAuthClient.log.info("refreshing access token...");
            HashMap hashMap = new HashMap();
            hashMap.put("refresh_token", this.tokens.refreshToken);
            hashMap.put("grant_type", "refresh_token");
            OAuthClient.mergeAdditionalParams(hashMap, this.refreshTokensAdditionalParams);
            TokenResponse tokenResponse = OAuthClient.getTokenResponse(this.tokenUrl, this.refreshTokensAdditionalHeaders, hashMap);
            if (tokenResponse == null) {
                OAuthClient.log.warn("failed to refresh tokens!");
            }
            return OAuthClient.toTokens(tokenResponse);
        }

        protected abstract Tokens getTokens();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:com/impactupgrade/nucleus/client/OAuthClient$TokenResponse.class */
    public static final class TokenResponse {

        @JsonProperty("access_token")
        @JsonAlias({"token"})
        public String accessToken;

        @JsonProperty("expires_in")
        public Integer expiresInSeconds;

        @JsonProperty("refresh_token")
        public String refreshToken;

        protected TokenResponse() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/impactupgrade/nucleus/client/OAuthClient$Tokens.class */
    public static class Tokens {
        public String accessToken;
        public Date expiresAt;
        public String refreshToken;

        public Tokens(String str, Date date, String str2) {
            this.accessToken = str;
            this.expiresAt = date;
            this.refreshToken = str2;
        }

        public boolean isValid() {
            return (Strings.isNullOrEmpty(this.accessToken) || this.expiresAt == null || !this.expiresAt.after(new Date())) ? false : true;
        }
    }

    /* loaded from: input_file:com/impactupgrade/nucleus/client/OAuthClient$UsernamePasswordOAuthContext.class */
    public static final class UsernamePasswordOAuthContext extends OAuthContext {
        private final String username;
        private final String password;

        public UsernamePasswordOAuthContext(EnvironmentConfig.Platform platform, String str, boolean z) {
            super(platform, str, z);
            this.username = platform.username;
            this.password = platform.password;
        }

        @Override // com.impactupgrade.nucleus.client.OAuthClient.OAuthContext
        public Tokens getTokens() {
            OAuthClient.log.info("getting new tokens for username and password...");
            HashMap hashMap = new HashMap();
            hashMap.put("username", this.username);
            hashMap.put("password", this.password);
            hashMap.put("grant_type", "password");
            hashMap.put("scope", "offline_access");
            OAuthClient.mergeAdditionalParams(hashMap, this.getTokensAdditionalParams);
            TokenResponse tokenResponse = OAuthClient.getTokenResponse(this.tokenUrl, this.getTokensAdditionalHeaders, hashMap);
            if (tokenResponse == null) {
                OAuthClient.log.warn("failed to get new tokens for username={}", this.username);
            }
            return OAuthClient.toTokens(tokenResponse);
        }

        @Override // com.impactupgrade.nucleus.client.OAuthClient.OAuthContext
        public /* bridge */ /* synthetic */ OAuthContext refresh() {
            return super.refresh();
        }
    }

    public OAuthClient(String str, Environment environment) {
        super(environment);
        this.oAuthContext = null;
        this.name = str;
    }

    protected abstract OAuthContext oAuthContext();

    protected JSONObject getClientConfigJson(JSONObject jSONObject) {
        return jSONObject.getJSONObject(this.name);
    }

    protected void updateEnvJson(OAuthContext oAuthContext) {
        if (this.env.getConfig().isDatabaseConnected()) {
            Organization organization = getOrganization();
            JSONObject environmentJson = organization.getEnvironmentJson();
            JSONObject clientConfigJson = getClientConfigJson(environmentJson);
            clientConfigJson.put("accessToken", oAuthContext.accessToken());
            clientConfigJson.put("expiresAt", oAuthContext.expiresAt() != null ? oAuthContext.expiresAt() : null);
            clientConfigJson.put("refreshToken", oAuthContext.refreshToken());
            organization.setEnvironmentJson(environmentJson);
            this.organizationDao.update(organization);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpClient.HeaderBuilder headers() {
        if (this.oAuthContext == null) {
            this.oAuthContext = oAuthContext();
        }
        if (!Objects.equals(this.oAuthContext.refresh().accessToken(), this.oAuthContext.accessToken())) {
            updateEnvJson(this.oAuthContext);
        }
        return HttpClient.HeaderBuilder.builder().authBearerToken(this.oAuthContext.accessToken());
    }

    private static Map<String, String> mergeAdditionalParams(Map<String, String> map, Map<String, String> map2) {
        if (MapUtils.isEmpty(map) || MapUtils.isEmpty(map2)) {
            return map;
        }
        Objects.requireNonNull(map);
        map2.forEach((v1, v2) -> {
            r1.putIfAbsent(v1, v2);
        });
        return map;
    }

    private static TokenResponse getTokenResponse(String str, Map<String, String> map, Map<String, String> map2) {
        HttpClient.HeaderBuilder builder = HttpClient.HeaderBuilder.builder();
        if (MapUtils.isNotEmpty(map)) {
            map.forEach((str2, str3) -> {
                builder.header(str2, str3);
            });
        }
        Form form = new Form();
        map2.forEach((str4, str5) -> {
            form.param(str4, str5);
        });
        return (TokenResponse) HttpClient.post(str, form, "application/x-www-form-urlencoded", builder, TokenResponse.class);
    }

    private static Tokens toTokens(TokenResponse tokenResponse) {
        if (tokenResponse == null) {
            return null;
        }
        Date date = null;
        if (tokenResponse.expiresInSeconds != null) {
            date = Date.from(Instant.now().plusSeconds(tokenResponse.expiresInSeconds.intValue()));
        }
        if (date == null) {
            date = getExpiresAt(tokenResponse.accessToken);
        }
        return new Tokens(tokenResponse.accessToken, date, tokenResponse.refreshToken);
    }

    private static Date getExpiresAt(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return null;
        }
        Date date = null;
        try {
            date = JWT.decode(str).getExpiresAt();
        } catch (JWTDecodeException e) {
            log.warn("failed to decode access token! {}", e.getMessage());
        }
        return date;
    }
}
