package com.parasoft.xtest.common.oidc;

import com.parasoft.xtest.common.api.MessageSeverity;
import com.parasoft.xtest.common.api.console.IConsole;
import com.parasoft.xtest.common.io.IOUtils;
import com.parasoft.xtest.common.nls.NLS;
import com.parasoft.xtest.common.text.UString;
import com.parasoft.xtest.services.api.IParasoftServiceContext;
import java.io.Closeable;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLHandshakeException;
import org.apache.http.NameValuePair;
import org.apache.http.StatusLine;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/com.parasoft.xtest.common-10.4.4.20200402.jar:com/parasoft/xtest/common/oidc/AccessTokenProducer.class */
public class AccessTokenProducer {
    private final String _tokenEndpoint;
    private final String _clientId;
    private final IConsole _console;
    private IParasoftServiceContext _context;
    private static final String HTTP_RESPONSE_KEY_ERROR_DESCRIPTION = "error_description";
    private static final String HTTP_RESPONSE_KEY_ACCESS_TOKEN = "access_token";
    private static final String HTTP_RESPONSE_KEY_ACCESS_TOKEN_EXPIRES_IN = "expires_in";
    private static final String HTTP_KEY_REFRESH_TOKEN = "refresh_token";
    private static final String HTTP_KEY_REFRESH_TOKEN_EXPIRES_IN = "refresh_expires_in";
    private static final String HTTP_REQUEST_KEY_GRANT_TYPE = "grant_type";
    private static final String HTTP_REQUEST_KEY_CLIENT_ID = "client_id";
    private static final String HTTP_REQUEST_KEY_CLIENT_SECRET = "client_secret";
    private static final String HTTP_REQUEST_KEY_USERNAME = "username";
    private static final String HTTP_REQUEST_PASSWORD = "password";
    private static final String HTTP_REQUEST_KEY_SCOPE = "scope";
    private static final String HTTP_REQUEST_SCOPE_OPENID_PROFILE = "openid profile";
    private static final String HTTP_REQUEST_GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code";
    private static final String HTTP_REQUEST_AUTHORIZATION_CODE = "code";
    private static final String HTTP_REQUEST_REDIRECT_URI = "redirect_uri";
    private static final String HTTP_REQUEST_CODE_VERIFIER = "code_verifier";

    public AccessTokenProducer(String str, String str2, IConsole iConsole) {
        this(null, str, str2, iConsole);
    }

    public AccessTokenProducer(IParasoftServiceContext iParasoftServiceContext, String str, String str2, IConsole iConsole) {
        this._context = null;
        this._context = iParasoftServiceContext;
        this._tokenEndpoint = str;
        this._clientId = str2;
        this._console = iConsole;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r17v0 */
    /* JADX WARN: Type inference failed for: r17v1 */
    /* JADX WARN: Type inference failed for: r17v2, types: [org.apache.http.impl.client.CloseableHttpClient, java.io.Closeable] */
    public AccessTokenResponse createAccessToken(String str, KeyStore keyStore, String str2, String str3) throws OidcException {
        HttpPost httpPost = new HttpPost(this._tokenEndpoint);
        ArrayList arrayList = new ArrayList(Arrays.asList(new BasicNameValuePair(HTTP_REQUEST_KEY_GRANT_TYPE, HTTP_REQUEST_PASSWORD), new BasicNameValuePair("scope", HTTP_REQUEST_SCOPE_OPENID_PROFILE), new BasicNameValuePair(HTTP_REQUEST_KEY_USERNAME, ""), new BasicNameValuePair(HTTP_REQUEST_PASSWORD, ""), new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_ID, this._clientId)));
        if (str != null) {
            arrayList.add(new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_SECRET, str));
        }
        Closeable closeable = 0;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
                                closeable = createHttpClient(keyStore, str2, str3);
                                closeableHttpResponse = closeable.execute(httpPost);
                                String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity(), "UTF-8");
                                checkResponse(entityUtils, closeableHttpResponse.getStatusLine().getStatusCode());
                                AccessTokenResponse createOrUpdateAccessTokenResponse = createOrUpdateAccessTokenResponse(entityUtils, null);
                                IOUtils.close(closeableHttpResponse);
                                IOUtils.close(closeable);
                                return createOrUpdateAccessTokenResponse;
                            } catch (UnsupportedEncodingException e) {
                                writeErrorToConsole(Messages.CANNOT_ENCODE_PARAMETERS);
                                throw new OidcException("Cannot encode parameters", e);
                            }
                        } catch (SSLHandshakeException e2) {
                            writeErrorToConsole(Messages.WRONG_CERTIFICATE);
                            throw new OidcInvalidCredentialsException(Messages.OIDC_WRONG_CERTIFICATE_MESSAGE, e2);
                        }
                    } catch (ClientProtocolException e3) {
                        writeErrorToConsole(Messages.CANNOT_EXECUTE_REQUEST);
                        throw new OidcException("Cannot execute request (http protocol error)", e3);
                    }
                } catch (IOException e4) {
                    writeErrorToConsole(Messages.CONNECTION_REFUSED);
                    throw new OidcException(e4);
                }
            } catch (ConnectTimeoutException e5) {
                writeErrorToConsole(Messages.CONNECTION_TIMEOUT);
                throw new OidcException("Connection timeout", e5);
            }
        } catch (Throwable th) {
            IOUtils.close(closeableHttpResponse);
            IOUtils.close(closeable);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r14v0 */
    /* JADX WARN: Type inference failed for: r14v1 */
    /* JADX WARN: Type inference failed for: r14v2, types: [org.apache.http.impl.client.CloseableHttpClient, java.io.Closeable] */
    public AccessTokenResponse createAccessToken(String str, String str2, Pkce pkce) throws OidcException {
        HttpPost httpPost = new HttpPost(this._tokenEndpoint);
        Closeable closeable = 0;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                try {
                    try {
                        httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) Arrays.asList(new BasicNameValuePair(HTTP_REQUEST_KEY_GRANT_TYPE, HTTP_REQUEST_GRANT_TYPE_AUTHORIZATION_CODE), new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_ID, this._clientId), new BasicNameValuePair(HTTP_REQUEST_AUTHORIZATION_CODE, str), new BasicNameValuePair(HTTP_REQUEST_REDIRECT_URI, str2), new BasicNameValuePair(HTTP_REQUEST_CODE_VERIFIER, pkce.getCodeVerifier()))));
                        closeable = createTrustAllHttpClient();
                        closeableHttpResponse = closeable.execute(httpPost);
                        String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity(), "UTF-8");
                        checkResponse(entityUtils, closeableHttpResponse.getStatusLine().getStatusCode());
                        AccessTokenResponse createOrUpdateAccessTokenResponse = createOrUpdateAccessTokenResponse(entityUtils, null);
                        IOUtils.close(closeableHttpResponse);
                        IOUtils.close(closeable);
                        return createOrUpdateAccessTokenResponse;
                    } catch (UnsupportedEncodingException e) {
                        writeErrorToConsole(Messages.CANNOT_ENCODE_PARAMETERS);
                        throw new OidcException("Cannot encode parameters", e);
                    }
                } catch (IOException e2) {
                    writeErrorToConsole(Messages.CONNECTION_REFUSED);
                    throw new OidcException(e2);
                }
            } catch (ClientProtocolException e3) {
                writeErrorToConsole(Messages.CANNOT_EXECUTE_REQUEST);
                throw new OidcException("Cannot execute request (http protocol error)", e3);
            }
        } catch (Throwable th) {
            IOUtils.close(closeableHttpResponse);
            IOUtils.close(closeable);
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r18v0 */
    /* JADX WARN: Type inference failed for: r18v1 */
    /* JADX WARN: Type inference failed for: r18v2, types: [org.apache.http.impl.client.CloseableHttpClient, java.io.Closeable] */
    public void refreshToken(AccessTokenResponse accessTokenResponse, String str, KeyStore keyStore, String str2, String str3) throws OidcException {
        if (accessTokenResponse == null || !accessTokenResponse.isRefreshTokenValid()) {
            writeErrorToConsole(Messages.REFRESH_TOKEN_EXPIRED);
            throw new OidcException("Refresh token expired");
        }
        HttpPost httpPost = new HttpPost(this._tokenEndpoint);
        ArrayList arrayList = new ArrayList(Arrays.asList(new BasicNameValuePair(HTTP_REQUEST_KEY_GRANT_TYPE, HTTP_KEY_REFRESH_TOKEN), new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_ID, this._clientId), new BasicNameValuePair(HTTP_KEY_REFRESH_TOKEN, accessTokenResponse.getRefreshToken())));
        if (str != null) {
            arrayList.add(new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_SECRET, str));
        }
        Closeable closeable = 0;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                try {
                    try {
                        httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
                        closeable = getRefreshClient(keyStore, str2, str3);
                        closeableHttpResponse = closeable.execute(httpPost);
                        String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity(), "UTF-8");
                        checkResponse(entityUtils, closeableHttpResponse.getStatusLine().getStatusCode());
                        createOrUpdateAccessTokenResponse(entityUtils, accessTokenResponse);
                        IOUtils.close(closeableHttpResponse);
                        IOUtils.close(closeable);
                    } catch (ClientProtocolException e) {
                        writeErrorToConsole(Messages.CANNOT_EXECUTE_REQUEST);
                        throw new OidcException("Cannot execute request (http protocol error)", e);
                    }
                } catch (IOException e2) {
                    writeErrorToConsole(Messages.CONNECTION_REFUSED);
                    throw new OidcException(e2);
                }
            } catch (UnsupportedEncodingException e3) {
                writeErrorToConsole(Messages.CANNOT_ENCODE_PARAMETERS);
                throw new OidcException("Cannot encode parameters", e3);
            } catch (ConnectTimeoutException e4) {
                writeErrorToConsole(Messages.CONNECTION_TIMEOUT);
                throw new OidcException("Connection timeout", e4);
            }
        } catch (Throwable th) {
            IOUtils.close(closeableHttpResponse);
            IOUtils.close(closeable);
            throw th;
        }
    }

    public void refreshToken(AccessTokenResponse accessTokenResponse) throws OidcException {
        refreshToken(accessTokenResponse, null, null, null, null);
    }

    private CloseableHttpClient getRefreshClient(KeyStore keyStore, String str, String str2) throws OidcException {
        return keyStore != null ? createHttpClient(keyStore, str, str2) : createTrustAllHttpClient();
    }

    private void checkResponse(String str, int i) throws OidcException {
        if (i != 400) {
            if (i == 404) {
                writeErrorToConsole(Messages.NOT_FOUND);
                throw new OidcException("404 not found");
            }
            if (i >= 500) {
                writeErrorToConsole(Messages.SERVER_ERROR);
                throw new OidcException("Server error with " + i + " status code");
            }
            if (i >= 401) {
                writeErrorToConsole(NLS.getFormatted(Messages.OTHER_HTTP_ERROR, Integer.valueOf(i)));
                throw new OidcException("Server responded with " + i + " status code");
            }
            return;
        }
        String string = new JSONObject(str).getString(HTTP_RESPONSE_KEY_ERROR_DESCRIPTION);
        if (UString.equalsIgnoreCase(string, "INVALID_CREDENTIALS: Invalid client credentials")) {
            writeErrorToConsole(Messages.INVALID_CREDENTIALS);
            throw new OidcInvalidCredentialsException(Messages.OIDC_INVALID_CREDENTIALS_MESSAGE);
        }
        if (UString.equalsIgnoreCase(string, "Invalid client secret")) {
            writeErrorToConsole(Messages.INVALID_SECRET);
            throw new OidcInvalidCredentialsException(Messages.OIDC_INVALID_CLIENT_SECRET_MESSAGE);
        }
        if (UString.equals(string, "Session not active")) {
            writeErrorToConsole(Messages.SESSION_NOT_ACTIVE);
            throw new OidcSessionNotActiveException(string);
        }
        if (UString.equals(string, "Refresh token expired")) {
            writeErrorToConsole(Messages.REFRESH_TOKEN_EXPIRED);
            throw new OidcException(string);
        }
        if (UString.equals(string, "Invalid refresh token")) {
            writeErrorToConsole(Messages.INVALID_REFRESH_TOKEN);
            throw new OidcException(string);
        }
        if (UString.equals(string, "Client secret not provided in request")) {
            OidcUtil.writeOnConsole(this._console, Messages.OIDC_NO_CLIENT_SECRET_MESSAGE, MessageSeverity.HIGH);
            throw new OidcInvalidCredentialsException(Messages.OIDC_NO_CLIENT_SECRET_MESSAGE);
        }
        writeErrorToConsole(Messages.UNAUTHORIZED);
        throw new OidcException("Unauthorized");
    }

    private AccessTokenResponse createOrUpdateAccessTokenResponse(String str, AccessTokenResponse accessTokenResponse) throws OidcException {
        try {
            JSONObject jSONObject = new JSONObject(str);
            String string = jSONObject.getString(HTTP_RESPONSE_KEY_ACCESS_TOKEN);
            String string2 = jSONObject.getString(HTTP_KEY_REFRESH_TOKEN);
            long j = jSONObject.getLong(HTTP_RESPONSE_KEY_ACCESS_TOKEN_EXPIRES_IN);
            long j2 = jSONObject.getLong(HTTP_KEY_REFRESH_TOKEN_EXPIRES_IN);
            if (UString.isEmptyTrimmed(string) || UString.isEmptyTrimmed(string2) || j == 0 || j2 == 0) {
                writeErrorToConsole(Messages.INVALID_RESPONSE);
                throw new OidcException("Cannot retrieve access token");
            }
            if (accessTokenResponse != null) {
                Logger.getLogger().debug("OIDC token refreshed from " + this._tokenEndpoint);
                return updateAccessTokenResponse(accessTokenResponse, string, string2, j, j2);
            }
            String decodeUserNameFromAccessToken = OidcUtil.decodeUserNameFromAccessToken(string);
            OidcUtil.writeOnConsole(this._console, NLS.getFormatted(Messages.OIDC_TOKEN_OBTAINED, decodeUserNameFromAccessToken, this._tokenEndpoint));
            Logger.getLogger().info("OIDC token obtained for user: " + decodeUserNameFromAccessToken + " from: " + this._tokenEndpoint);
            AccessTokenResponse accessTokenResponse2 = new AccessTokenResponse(string, string2, j, j2);
            TokenDataKeeper.storeTokenData(this._context, accessTokenResponse2);
            return accessTokenResponse2;
        } catch (JSONException e) {
            Logger.getLogger().debug("Cannot parse json response: " + str);
            throw e;
        }
    }

    protected CloseableHttpClient createHttpClient(KeyStore keyStore, String str, String str2) throws OidcException {
        return HttpClientFactory.createHttpClient(keyStore, str, str2);
    }

    protected CloseableHttpClient createTrustAllHttpClient() throws OidcException {
        return HttpClientFactory.createTrustAllClient();
    }

    protected AccessTokenResponse updateAccessTokenResponse(AccessTokenResponse accessTokenResponse, String str, String str2, long j, long j2) {
        accessTokenResponse.setAccessToken(str);
        accessTokenResponse.setRefreshToken(str2);
        accessTokenResponse.setAccessTokenExpireDate(j);
        accessTokenResponse.setRefreshTokenExpireDate(j2);
        TokenDataKeeper.storeTokenData(this._context, accessTokenResponse);
        return accessTokenResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void logout(String str, AccessTokenResponse accessTokenResponse, String str2) throws OidcException {
        if (accessTokenResponse == null || accessTokenResponse.getRefreshToken() == null) {
            return;
        }
        try {
            try {
                HttpPost httpPost = new HttpPost(str);
                ArrayList arrayList = new ArrayList(Arrays.asList(new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_ID, this._clientId), new BasicNameValuePair(HTTP_KEY_REFRESH_TOKEN, accessTokenResponse.getRefreshToken())));
                if (str2 != null) {
                    arrayList.add(new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_SECRET, str2));
                }
                CloseableHttpClient createTrustAllHttpClient = createTrustAllHttpClient();
                httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
                CloseableHttpResponse execute = createTrustAllHttpClient.execute((HttpUriRequest) httpPost);
                StatusLine statusLine = execute.getStatusLine();
                if (statusLine == null || statusLine.getStatusCode() >= 300) {
                    throw new OidcException("Server responded with " + statusLine.getStatusCode() + " status code");
                }
                Logger.getLogger().debug("Deleted OIDC session from the server");
                IOUtils.close(execute);
                IOUtils.close(createTrustAllHttpClient);
            } catch (Throwable th) {
                throw new OidcException(th);
            }
        } catch (Throwable th2) {
            IOUtils.close((Closeable) null);
            IOUtils.close((Closeable) null);
            throw th2;
        }
    }

    private void writeErrorToConsole(String str) {
        OidcUtil.writeOnConsole(this._console, NLS.getFormatted(Messages.OIDC_ERROR_MESSAGE, this._tokenEndpoint, str), MessageSeverity.HIGH);
    }
}
