package com.parasoft.xtest.common.oidc;

import com.parasoft.xtest.common.IStringConstants;
import com.parasoft.xtest.common.api.console.ConsoleServiceUtil;
import com.parasoft.xtest.common.api.console.IConsole;
import com.parasoft.xtest.common.api.progress.IProgressMonitor;
import com.parasoft.xtest.common.containers.ObjectReference;
import com.parasoft.xtest.common.io.IOUtils;
import com.parasoft.xtest.common.oidc.IOidcStatefulService;
import com.parasoft.xtest.common.preferences.IOidcPreferences;
import com.parasoft.xtest.common.preferences.OidcPreferences;
import com.parasoft.xtest.common.text.UString;
import com.parasoft.xtest.preference.api.IPreferencesListener;
import com.parasoft.xtest.services.api.IParasoftServiceContext;
import java.io.IOException;
import java.net.URI;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CancellationException;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:WEB-INF/lib/com.parasoft.xtest.common-10.4.4.20200402.jar:com/parasoft/xtest/common/oidc/BrowserAuthenticationOidcService.class */
public abstract class BrowserAuthenticationOidcService implements IOidcStatefulService {
    private static final String INVALID_TOKEN_MSG = "Access token and refresh token are invalid";
    private final IParasoftServiceContext _context;
    private final IConsole _console;
    private final List<IOidcStatefulService.IOidcStateListener> _stateListeners = new CopyOnWriteArrayList();
    private final ExecutorService _executor = Executors.newCachedThreadPool(new ThreadFactory() { // from class: com.parasoft.xtest.common.oidc.BrowserAuthenticationOidcService.1
        @Override // java.util.concurrent.ThreadFactory
        public Thread newThread(Runnable runnable) {
            Thread newThread = Executors.defaultThreadFactory().newThread(runnable);
            newThread.setDaemon(true);
            return newThread;
        }
    });
    private final SecureRandom _randomState = new SecureRandom();
    private volatile AccessTokenData _accessTokenData = null;
    private volatile TokenRefresher _refresher = null;
    private final AtomicBoolean _accessTokenAvailable = new AtomicBoolean(false);
    private final Object _dataMutex = new Object();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/com.parasoft.xtest.common-10.4.4.20200402.jar:com/parasoft/xtest/common/oidc/BrowserAuthenticationOidcService$AuthorizationData.class */
    public static class AuthorizationData {
        final String _issuerUrl;
        final String _clientId;

        AuthorizationData(String str, String str2) {
            this._issuerUrl = str;
            this._clientId = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/com.parasoft.xtest.common-10.4.4.20200402.jar:com/parasoft/xtest/common/oidc/BrowserAuthenticationOidcService$AuthorizationResponse.class */
    public static class AuthorizationResponse {
        private AccessTokenResponse _accessTokenResponse;
        private OidcException _exception;

        protected AuthorizationResponse() {
        }

        public OidcException getException() {
            return this._exception;
        }

        public AccessTokenResponse getAccessTokenResponse() {
            return this._accessTokenResponse;
        }

        public void setException(OidcException oidcException) {
            this._exception = oidcException;
        }

        public void setAccessTokenResponse(AccessTokenResponse accessTokenResponse) {
            this._accessTokenResponse = accessTokenResponse;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/com.parasoft.xtest.common-10.4.4.20200402.jar:com/parasoft/xtest/common/oidc/BrowserAuthenticationOidcService$RunningBrowserTask.class */
    public static class RunningBrowserTask {
        private final AtomicBoolean _cancelled = new AtomicBoolean(false);
        volatile Future<ObjectReference<AuthorizationResponse>> _responseServerFuture;
        private final long _startTime;
        private final long _serverTimeoutInSec;
        private final HttpRequestUriServer _server;

        /* JADX INFO: Access modifiers changed from: package-private */
        public RunningBrowserTask(HttpRequestUriServer httpRequestUriServer, long j, int i) {
            this._startTime = j;
            this._server = httpRequestUriServer;
            this._serverTimeoutInSec = i;
        }

        public void cancelTask() {
            this._cancelled.set(true);
            IOUtils.close(this._server);
            Future<ObjectReference<AuthorizationResponse>> future = this._responseServerFuture;
            if (future != null) {
                future.cancel(true);
            }
        }

        public AccessTokenResponse waitForAccessTokenResponse() throws OidcException {
            Future<ObjectReference<AuthorizationResponse>> future = this._responseServerFuture;
            if (future == null) {
                return null;
            }
            long max = Math.max(0L, (this._serverTimeoutInSec * 1000) - (System.currentTimeMillis() - this._startTime));
            Logger.getLogger().debug("Start server future and wait for accesss token with timeout: " + max + " [ms]");
            try {
                AuthorizationResponse referencedObject = future.get(max, TimeUnit.MILLISECONDS).getReferencedObject();
                if (referencedObject == null) {
                    return null;
                }
                if (referencedObject.getException() == null) {
                    return referencedObject.getAccessTokenResponse();
                }
                throw referencedObject.getException();
            } catch (InterruptedException e) {
                if (this._cancelled.get()) {
                    return null;
                }
                throw new OidcException("Creating access token response interrupted", e);
            } catch (CancellationException unused) {
                if (this._cancelled.get()) {
                    return null;
                }
                throw new OidcException("Waiting for access token response was unexpectedly cancelled");
            } catch (ExecutionException e2) {
                Throwable cause = e2.getCause();
                if (cause instanceof OidcException) {
                    throw ((OidcException) cause);
                }
                throw new OidcException("Exception thrown when creating access token response", cause);
            } catch (TimeoutException e3) {
                cancelTask();
                throw new OidcTimeoutException(Messages.OIDC_BROWSER_TIMEOUT, e3);
            }
        }
    }

    public BrowserAuthenticationOidcService(IParasoftServiceContext iParasoftServiceContext) {
        this._context = iParasoftServiceContext;
        this._console = ConsoleServiceUtil.getConsoleSafe(this._context);
        getOidcPreferences().addPreferencesListener(new IPreferencesListener() { // from class: com.parasoft.xtest.common.oidc.BrowserAuthenticationOidcService.2
            @Override // com.parasoft.xtest.preference.api.IPreferencesListener
            public void preferencesChanged() {
                BrowserAuthenticationOidcService.this.onPreferencesChanged();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    public void onPreferencesChanged() {
        IOidcPreferences oidcPreferences = getOidcPreferences();
        if (oidcPreferences == null || !oidcPreferences.isEnabled()) {
            ?? r0 = this._dataMutex;
            synchronized (r0) {
                this._accessTokenData = null;
                r0 = r0;
                fireAccessTokenExpired();
            }
        }
    }

    @Override // com.parasoft.xtest.common.oidc.IOidcService
    public boolean isEnabled() {
        IOidcPreferences oidcPreferences = getOidcPreferences();
        return oidcPreferences != null && oidcPreferences.isEnabled();
    }

    protected void validateEnabled() throws OidcException {
        if (!isEnabled()) {
            throw new OidcException("Service is disabled");
        }
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, java.lang.Object] */
    @Override // com.parasoft.xtest.common.oidc.IOidcService
    public String getAccessToken() throws OidcException {
        validateEnabled();
        AccessTokenData upToDateAccessTokenData = getUpToDateAccessTokenData();
        synchronized (upToDateAccessTokenData.getLock()) {
            String availableAccessToken = getAvailableAccessToken(upToDateAccessTokenData);
            if (availableAccessToken != null) {
                return availableAccessToken;
            }
            fireAccessTokenExpired();
            throw new OidcException(INVALID_TOKEN_MSG);
        }
    }

    protected String getAvailableAccessToken(AccessTokenData accessTokenData) throws OidcException {
        if (accessTokenData == null) {
            return null;
        }
        if (accessTokenData.getAccessTokenResponse() == null && TokenDataKeeper.loadTokenData(this._context, accessTokenData)) {
            accessTokenData._config = new OidcConfiguration(URI.create(accessTokenData.authorizationData._issuerUrl), this._console);
        }
        AccessTokenResponse accessTokenResponse = accessTokenData.getAccessTokenResponse();
        if (accessTokenResponse != null && accessTokenResponse.isAccessTokenValid()) {
            return accessTokenResponse.getAccessToken();
        }
        String refreshToken = refreshToken(accessTokenData);
        if (refreshToken != null) {
            return refreshToken;
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10 */
    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable] */
    @Override // com.parasoft.xtest.common.oidc.IOidcService
    public void refreshToken() throws OidcException {
        validateEnabled();
        AccessTokenData upToDateAccessTokenData = getUpToDateAccessTokenData();
        if (upToDateAccessTokenData == null) {
            return;
        }
        boolean z = false;
        ?? lock = upToDateAccessTokenData.getLock();
        synchronized (lock) {
            if (refreshToken(upToDateAccessTokenData) == null) {
                z = true;
            }
            lock = lock;
            if (z) {
                fireAccessTokenExpired();
                throw new OidcException(INVALID_TOKEN_MSG);
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable, java.lang.Object] */
    @Override // com.parasoft.xtest.common.oidc.IOidcService
    public String getRefreshToken(boolean z) throws OidcException {
        if (!isEnabled()) {
            return null;
        }
        AccessTokenData upToDateAccessTokenData = getUpToDateAccessTokenData();
        synchronized (upToDateAccessTokenData.getLock()) {
            AccessTokenResponse accessTokenResponse = upToDateAccessTokenData.getAccessTokenResponse();
            if (!z) {
                return accessTokenResponse != null ? accessTokenResponse.getRefreshToken() : null;
            }
            if (refreshToken(upToDateAccessTokenData) != null) {
                return accessTokenResponse.getRefreshToken();
            }
            fireAccessTokenExpired();
            throw new OidcException(INVALID_TOKEN_MSG);
        }
    }

    protected AccessTokenResponse runBrowserAndWaitForTokenResponse(AccessTokenData accessTokenData, IProgressMonitor iProgressMonitor) throws OidcException {
        RunningBrowserTask runningBrowserTask = accessTokenData.browserTask.get();
        if (runningBrowserTask == null) {
            Logger.getLogger().error("Task was not prepared before running browser");
            return null;
        }
        if (accessTokenData._config == null) {
            try {
                accessTokenData._config = new OidcConfiguration(URI.create(accessTokenData.authorizationData._issuerUrl), this._console);
                Logger.getLogger().debug("OIDC configuration obtained from " + accessTokenData.authorizationData._issuerUrl);
            } catch (OidcException e) {
                if (!iProgressMonitor.isCanceled() && !runningBrowserTask._cancelled.get()) {
                    throw e;
                }
                accessTokenData.browserTask.set(null);
                return null;
            }
        }
        runBrowser(runningBrowserTask, accessTokenData._config, accessTokenData.authorizationData, accessTokenData.callbackServerData, iProgressMonitor);
        AccessTokenResponse waitForAccessTokenResponse = runningBrowserTask.waitForAccessTokenResponse();
        accessTokenData.browserTask.set(null);
        return waitForAccessTokenResponse;
    }

    private String refreshToken(AccessTokenData accessTokenData) throws OidcException {
        AccessTokenResponse accessTokenResponse = accessTokenData.getAccessTokenResponse();
        OidcConfiguration oidcConfiguration = accessTokenData._config;
        if (oidcConfiguration == null || accessTokenResponse == null || !accessTokenResponse.isRefreshTokenValid()) {
            return null;
        }
        try {
            new AccessTokenProducer(this._context, oidcConfiguration.getTokenEndpoint(), accessTokenData.authorizationData._clientId, this._console).refreshToken(accessTokenData.getAccessTokenResponse());
            return accessTokenResponse.getAccessToken();
        } catch (OidcSessionNotActiveException e) {
            Logger.getLogger().debug("Unable to refresh token: " + e);
            accessTokenData.setAccessTokenResponse(null);
            return null;
        }
    }

    @Override // com.parasoft.xtest.common.oidc.IOidcStatefulService
    public abstract IOidcStatefulService.IOidcAccessData testRequestToken(String str, String str2, String str3, int i, int i2) throws OidcException;

    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable, java.lang.Object] */
    @Override // com.parasoft.xtest.common.oidc.IOidcStatefulService
    public boolean verifyAndApplyToken(IOidcStatefulService.IOidcAccessData iOidcAccessData) throws OidcException {
        if (!(iOidcAccessData instanceof AccessTokenData)) {
            Logger.getLogger().warn("Wrong authorization data type");
            return false;
        }
        AccessTokenData accessTokenData = (AccessTokenData) iOidcAccessData;
        if (getAvailableAccessToken(accessTokenData) == null) {
            return false;
        }
        synchronized (this._dataMutex) {
            if (!isUpToDateWithPreferences(accessTokenData)) {
                return false;
            }
            this._accessTokenData = accessTokenData;
            updateRefresher(accessTokenData.getAccessTokenResponse(), accessTokenData);
            fireAccessTokenAvailable();
            return true;
        }
    }

    protected IOidcPreferences getOidcPreferences() {
        return OidcPreferences.get(this._context);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v12, types: [com.parasoft.xtest.common.oidc.AccessTokenData] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    protected AccessTokenData getUpToDateAccessTokenData() throws OidcException {
        ?? r0 = this._dataMutex;
        synchronized (r0) {
            if (this._accessTokenData == null || !isUpToDateWithPreferences(this._accessTokenData)) {
                AuthorizationData authorizationData = getAuthorizationData();
                this._accessTokenData = new AccessTokenData(authorizationData, getCallbackServerData());
                Logger.getLogger().debug("Generated new access token data for " + authorizationData._issuerUrl + IStringConstants.CHAR_SPACE_HYPHEN_SPACE + authorizationData._clientId);
            }
            r0 = this._accessTokenData;
        }
        return r0;
    }

    private boolean isUpToDateWithPreferences(AccessTokenData accessTokenData) {
        IOidcPreferences oidcPreferences = getOidcPreferences();
        if (oidcPreferences == null || !oidcPreferences.isEnabled()) {
            return false;
        }
        return UString.equals(accessTokenData.authorizationData._issuerUrl, oidcPreferences.getIssuerUri()) && UString.equals(accessTokenData.authorizationData._clientId, oidcPreferences.getClientId()) && UString.equals(oidcPreferences.getCallbackServerHost(), accessTokenData.callbackServerData.getHost()) && accessTokenData.callbackServerData.getPort() == oidcPreferences.getCallbackServerPort() && accessTokenData.callbackServerData.getTimeoutInSec() == oidcPreferences.getCallbackServerTimeoutInSecond();
    }

    private AuthorizationData getAuthorizationData() throws OidcException {
        IOidcPreferences oidcPreferences = getOidcPreferences();
        assertOidcEnabled(oidcPreferences);
        return parseAuthorizationData(oidcPreferences.getIssuerUri(), oidcPreferences.getClientId());
    }

    private CallbackServerData getCallbackServerData() throws OidcException {
        IOidcPreferences oidcPreferences = getOidcPreferences();
        assertOidcEnabled(oidcPreferences);
        return new CallbackServerData(oidcPreferences.getCallbackServerHost(), oidcPreferences.getCallbackServerPort(), oidcPreferences.getCallbackServerTimeoutInSecond());
    }

    private void assertOidcEnabled(IOidcPreferences iOidcPreferences) throws OidcException {
        if (iOidcPreferences == null || !iOidcPreferences.isEnabled()) {
            throw new OidcException("OpenID Connect authorization is disabled");
        }
    }

    protected AuthorizationData parseAuthorizationData(String str, String str2) throws OidcException {
        if (UString.isEmpty(str) || UString.isEmpty(str2)) {
            throw new OidcException("OpenID Connect credentials are not set");
        }
        return new AuthorizationData(str, str2);
    }

    protected void runBrowser(RunningBrowserTask runningBrowserTask, final OidcConfiguration oidcConfiguration, final AuthorizationData authorizationData, CallbackServerData callbackServerData, IProgressMonitor iProgressMonitor) throws OidcException {
        final AtomicBoolean atomicBoolean = runningBrowserTask._cancelled;
        final HttpRequestUriServer httpRequestUriServer = runningBrowserTask._server;
        try {
            final Pkce create = Pkce.create();
            byte[] bArr = new byte[20];
            this._randomState.nextBytes(bArr);
            final String encodeHexString = Hex.encodeHexString(bArr);
            final String str = "http://" + callbackServerData.getHost() + IStringConstants.CHAR_COLON + httpRequestUriServer.getPort() + "/oauth2_callback";
            String str2 = String.valueOf(oidcConfiguration.getAuthorizationEndpoint()) + "?client_id=" + authorizationData._clientId + "&scope=openid+profile&response_type=code&redirect_uri=" + str + "&code_challenge=" + create.getCodeChallenge() + "&code_challenge_method=" + create.getCodeChallengeMethod() + "&state=" + encodeHexString;
            final ObjectReference objectReference = new ObjectReference();
            runningBrowserTask._responseServerFuture = this._executor.submit(new Runnable() { // from class: com.parasoft.xtest.common.oidc.BrowserAuthenticationOidcService.3
                @Override // java.lang.Runnable
                public void run() {
                    String authorizationCode;
                    String state;
                    AuthorizationResponse authorizationResponse = new AuthorizationResponse();
                    try {
                        try {
                            try {
                                String listenForHttpRequestUri = httpRequestUriServer.listenForHttpRequestUri();
                                IOUtils.close(httpRequestUriServer);
                                CallbackUriParser parse = CallbackUriParser.parse(listenForHttpRequestUri);
                                authorizationCode = parse.getAuthorizationCode();
                                state = parse.getState();
                            } finally {
                                IOUtils.close(httpRequestUriServer);
                            }
                        } catch (IOException e) {
                            if (!atomicBoolean.get()) {
                                throw e;
                            }
                            Logger.getLogger().info("Server socket cancelled on port: " + httpRequestUriServer.getPort());
                            return;
                        }
                    } catch (OidcException e2) {
                        authorizationResponse.setException(e2);
                    } catch (Throwable th) {
                        authorizationResponse.setException(new OidcException(th));
                    }
                    if (!encodeHexString.equals(state)) {
                        Logger.getLogger().info("Invalid state in callback URI. Expected state: " + encodeHexString + ", callback state: " + state);
                        return;
                    }
                    AccessTokenResponse createAccessToken = new AccessTokenProducer(BrowserAuthenticationOidcService.this._context, oidcConfiguration.getTokenEndpoint(), authorizationData._clientId, BrowserAuthenticationOidcService.this._console).createAccessToken(authorizationCode, str, create);
                    authorizationResponse.setAccessTokenResponse(createAccessToken);
                    Logger.getLogger().info("Access Token (" + new Date() + "): " + createAccessToken.getAccessToken());
                    objectReference.setReferencedObject(authorizationResponse);
                }
            }, objectReference);
            runBrowser(str2, iProgressMonitor);
        } finally {
            if (iProgressMonitor.isCanceled()) {
                atomicBoolean.set(true);
                IOUtils.close(httpRequestUriServer);
            }
        }
    }

    protected abstract void runBrowser(String str, IProgressMonitor iProgressMonitor);

    @Override // com.parasoft.xtest.common.oidc.IOidcStatefulService
    public boolean isReady() {
        return true;
    }

    @Override // com.parasoft.xtest.common.oidc.IOidcStatefulService
    public void addServiceStateListener(IOidcStatefulService.IOidcStateListener iOidcStateListener) {
        this._stateListeners.add(iOidcStateListener);
    }

    @Override // com.parasoft.xtest.common.oidc.IOidcStatefulService
    public void removeServiceStateListener(IOidcStatefulService.IOidcStateListener iOidcStateListener) {
        this._stateListeners.remove(iOidcStateListener);
    }

    protected void fireAccessTokenAvailable() {
        if (this._accessTokenAvailable.compareAndSet(false, true)) {
            Logger.getLogger().debug("OIDC access token becomes available, notifying listeners.");
            Iterator<IOidcStatefulService.IOidcStateListener> it = this._stateListeners.iterator();
            while (it.hasNext()) {
                try {
                    it.next().accessTokenAvailable();
                } catch (Throwable th) {
                    Logger.getLogger().error(th);
                }
            }
        }
    }

    protected void fireAccessTokenExpired() {
        if (this._accessTokenAvailable.compareAndSet(true, false)) {
            Logger.getLogger().debug("No valid OIDC access token, notifying listeners.");
            Iterator<IOidcStatefulService.IOidcStateListener> it = this._stateListeners.iterator();
            while (it.hasNext()) {
                try {
                    it.next().accessTokenExpired();
                } catch (Throwable th) {
                    Logger.getLogger().error(th);
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9 */
    protected void updateRefresher(AccessTokenResponse accessTokenResponse, final AccessTokenData accessTokenData) {
        ?? r0 = this._dataMutex;
        synchronized (r0) {
            if (this._refresher != null) {
                this._refresher.stop();
            }
            TokenRefresher tokenRefresher = new TokenRefresher(new AccessTokenProducer(this._context, accessTokenData.getTokenEndpoint(), accessTokenData.authorizationData._clientId, this._console), accessTokenResponse) { // from class: com.parasoft.xtest.common.oidc.BrowserAuthenticationOidcService.4
                @Override // com.parasoft.xtest.common.oidc.TokenRefresher
                protected void onTokenExpired() {
                    accessTokenData.setAccessTokenResponse(null);
                    BrowserAuthenticationOidcService.this.fireAccessTokenExpired();
                }
            };
            tokenRefresher.start();
            this._refresher = tokenRefresher;
            r0 = r0;
        }
    }
}
