package com.parasoft.xtest.common.oidc;

import com.parasoft.xtest.common.api.MessageSeverity;
import com.parasoft.xtest.common.api.console.IConsole;
import com.parasoft.xtest.common.io.IOUtils;
import com.parasoft.xtest.common.json.JSONException;
import com.parasoft.xtest.common.json.JSONObject;
import com.parasoft.xtest.common.nls.NLS;
import com.parasoft.xtest.common.text.UString;
import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLException;
import org.apache.http.NameValuePair;
import org.apache.http.StatusLine;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:WEB-INF/lib/com.parasoft.xtest.common-10.6.1.20221021.jar:com/parasoft/xtest/common/oidc/AbstractAccessTokenProducer.class */
public abstract class AbstractAccessTokenProducer {
    protected String _tokenEndpoint;
    private String _logoutEndpoint;
    protected IConsole _console;
    protected String _clientId;
    private String _clientSecret;
    protected File _tokenStorageFile;
    protected AbstractOidcLogEventListener _consoleEventListener;
    protected static final String HTTP_RESPONSE_KEY_ERROR = "error";
    protected static final String HTTP_RESPONSE_KEY_ERROR_DESCRIPTION = "error_description";
    protected static final String INVALID_GRANT = "invalid_grant";
    protected static final String INVALID_SCOPE = "invalid_scope";
    protected static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
    protected static final String INVALID_REQUEST = "invalid_request";
    protected static final String HTTP_REQUEST_KEY_GRANT_TYPE = "grant_type";
    protected static final String HTTP_REQUEST_KEY_CLIENT_ID = "client_id";
    protected static final String HTTP_RESPONSE_KEY_ACCESS_TOKEN = "access_token";
    private static final String HTTP_REQUEST_KEY_CLIENT_SECRET = "client_secret";
    private static final String HTTP_REQUEST_KEY_SCOPE = "scope";
    private static final String HTTP_REQUEST_SCOPE = "openid profile offline_access";
    private static final String HTTP_KEY_REFRESH_TOKEN = "refresh_token";
    private static final String HTTP_RESPONSE_KEY_ID_TOKEN = "id_token";
    private static final String HTTP_RESPONSE_KEY_ACCESS_TOKEN_EXPIRES_IN = "expires_in";
    private static final String HTTP_KEY_REFRESH_TOKEN_EXPIRES_IN = "refresh_expires_in";
    private static final Long DEFAULT_REFRESH_TOKEN_EXPIRES_IN = 7776000L;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAccessTokenProducer(String str, String str2, IConsole iConsole, String str3, String str4, AbstractOidcLogEventListener abstractOidcLogEventListener) {
        this._tokenEndpoint = str;
        this._logoutEndpoint = str2;
        this._console = iConsole;
        this._clientId = str3;
        this._clientSecret = str4;
        this._consoleEventListener = abstractOidcLogEventListener;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r9v0 */
    /* JADX WARN: Type inference failed for: r9v1 */
    /* JADX WARN: Type inference failed for: r9v2, types: [org.apache.http.impl.client.CloseableHttpClient, java.io.Closeable] */
    public AccessTokenResponse createAccessToken() throws OidcException {
        String createTokenEndpoint = getCreateTokenEndpoint();
        HttpPost httpPost = new HttpPost(createTokenEndpoint);
        Closeable closeable = 0;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                try {
                    try {
                        try {
                            httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) getCreateTokenRequestParameters()));
                            closeable = createHttpClient(createTokenEndpoint);
                            closeableHttpResponse = closeable.execute(httpPost);
                            String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity(), "UTF-8");
                            checkResponse(entityUtils, closeableHttpResponse.getStatusLine().getStatusCode(), createTokenEndpoint);
                            AccessTokenResponse createOrUpdateAccessTokenResponse = createOrUpdateAccessTokenResponse(entityUtils, null, createTokenEndpoint);
                            IOUtils.close(closeableHttpResponse);
                            IOUtils.close(closeable);
                            return createOrUpdateAccessTokenResponse;
                        } catch (ConnectTimeoutException e) {
                            writeErrorToConsole(Messages.CONNECTION_TIMEOUT, createTokenEndpoint);
                            throw new OidcException("Connection timeout", e);
                        }
                    } catch (UnsupportedEncodingException e2) {
                        writeErrorToConsole(Messages.CANNOT_ENCODE_PARAMETERS, createTokenEndpoint);
                        throw new OidcException("Cannot encode parameters", e2);
                    }
                } catch (SSLException e3) {
                    writeErrorToConsole(Messages.WRONG_CERTIFICATE, createTokenEndpoint);
                    throw new OidcInvalidCredentialsException(Messages.OIDC_WRONG_CERTIFICATE_MESSAGE, e3);
                }
            } catch (ClientProtocolException e4) {
                writeErrorToConsole(Messages.CANNOT_EXECUTE_REQUEST, createTokenEndpoint);
                throw new OidcException("Cannot execute request (http protocol error)", e4);
            } catch (IOException e5) {
                writeErrorToConsole(Messages.CONNECTION_REFUSED, createTokenEndpoint);
                throw new OidcException(e5);
            }
        } catch (Throwable th) {
            IOUtils.close(closeableHttpResponse);
            IOUtils.close(closeable);
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r10v0 */
    /* JADX WARN: Type inference failed for: r10v1 */
    /* JADX WARN: Type inference failed for: r10v2, types: [org.apache.http.impl.client.CloseableHttpClient, java.io.Closeable] */
    public void refreshToken(AccessTokenResponse accessTokenResponse) throws OidcException {
        String tokenRefreshEndpoint = getTokenRefreshEndpoint();
        if (accessTokenResponse == null || !accessTokenResponse.isRefreshTokenValid()) {
            writeErrorToConsole(Messages.REFRESH_TOKEN_EXPIRED, tokenRefreshEndpoint);
            throw new OidcException("Refresh token expired");
        }
        HttpPost httpPost = new HttpPost(getTokenRefreshEndpoint());
        Closeable closeable = 0;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                try {
                    httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) getRefreshTokenRequestParameters(accessTokenResponse.getRefreshToken())));
                    closeable = createHttpClient(tokenRefreshEndpoint);
                    closeableHttpResponse = closeable.execute(httpPost);
                    String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity(), "UTF-8");
                    checkResponse(entityUtils, closeableHttpResponse.getStatusLine().getStatusCode(), tokenRefreshEndpoint);
                    createOrUpdateAccessTokenResponse(entityUtils, accessTokenResponse, tokenRefreshEndpoint);
                    IOUtils.close(closeableHttpResponse);
                    IOUtils.close(closeable);
                } catch (UnsupportedEncodingException e) {
                    writeErrorToConsole(Messages.CANNOT_ENCODE_PARAMETERS, tokenRefreshEndpoint);
                    throw new OidcException("Cannot encode parameters", e);
                } catch (IOException e2) {
                    writeErrorToConsole(Messages.CONNECTION_REFUSED, tokenRefreshEndpoint);
                    throw new OidcException(e2);
                }
            } catch (ClientProtocolException e3) {
                writeErrorToConsole(Messages.CANNOT_EXECUTE_REQUEST, tokenRefreshEndpoint);
                throw new OidcException("Cannot execute request (http protocol error)", e3);
            } catch (ConnectTimeoutException e4) {
                writeErrorToConsole(Messages.CONNECTION_TIMEOUT, tokenRefreshEndpoint);
                throw new OidcException("Connection timeout", e4);
            }
        } catch (Throwable th) {
            IOUtils.close(closeableHttpResponse);
            IOUtils.close(closeable);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void logout(AccessTokenResponse accessTokenResponse) throws OidcException {
        if (accessTokenResponse == null || accessTokenResponse.getRefreshToken() == null) {
            return;
        }
        String logoutEndpoint = getLogoutEndpoint();
        try {
            try {
                HttpPost httpPost = new HttpPost(logoutEndpoint);
                List<BasicNameValuePair> logoutRequestParameters = getLogoutRequestParameters(accessTokenResponse.getRefreshToken());
                CloseableHttpClient createHttpClient = createHttpClient(logoutEndpoint);
                httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) logoutRequestParameters));
                CloseableHttpResponse execute = createHttpClient.execute((HttpUriRequest) httpPost);
                StatusLine statusLine = execute.getStatusLine();
                if (statusLine == null || statusLine.getStatusCode() >= 300) {
                    throw new OidcException("Server responded with " + statusLine.getStatusCode() + " status code");
                }
                Logger.getLogger().debug("Deleted OIDC session from the server");
                IOUtils.close(execute);
                IOUtils.close(createHttpClient);
            } catch (Throwable th) {
                throw new OidcException(th);
            }
        } catch (Throwable th2) {
            IOUtils.close((Closeable) null);
            IOUtils.close((Closeable) null);
            throw th2;
        }
    }

    private String getLogoutEndpoint() {
        return this._logoutEndpoint;
    }

    private List<BasicNameValuePair> getRefreshTokenRequestParameters(String str) {
        ArrayList arrayList = new ArrayList(Arrays.asList(new BasicNameValuePair(HTTP_REQUEST_KEY_GRANT_TYPE, HTTP_KEY_REFRESH_TOKEN), new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_ID, this._clientId), new BasicNameValuePair(HTTP_KEY_REFRESH_TOKEN, str), new BasicNameValuePair("scope", HTTP_REQUEST_SCOPE)));
        addClientSecretProperty(arrayList);
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addClientSecretProperty(List<BasicNameValuePair> list) {
        if (UString.isNonEmptyTrimmed(this._clientSecret)) {
            list.add(new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_SECRET, this._clientSecret));
        }
    }

    protected List<BasicNameValuePair> getLogoutRequestParameters(String str) {
        return new ArrayList(Arrays.asList(new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_ID, this._clientId), new BasicNameValuePair(HTTP_KEY_REFRESH_TOKEN, str)));
    }

    protected String getCreateTokenEndpoint() {
        return getTokenRefreshEndpoint();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getTokenRefreshEndpoint() {
        return this._tokenEndpoint;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloseableHttpClient createHttpClient(String str) {
        return HttpClientFactory.createTrustAllClient(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkResponse(String str, int i, String str2) throws OidcException {
        if (i == 200) {
            return;
        }
        Logger.getLogger().warn(str);
        if (i != 400) {
            if (i == 404) {
                writeErrorToConsole(Messages.NOT_FOUND, str2);
                throw new OidcException("404 not found");
            }
            if (i >= 500) {
                writeErrorToConsole(Messages.SERVER_ERROR, str2);
                throw new OidcException("Server error with " + i + " status code");
            }
            if (i >= 401) {
                writeErrorToConsole(NLS.getFormatted(Messages.OTHER_HTTP_ERROR, Integer.valueOf(i)), str2);
                throw new OidcException("Server responded with " + i + " status code");
            }
            return;
        }
        JSONObject jSONObject = new JSONObject(str);
        String string = jSONObject.has(HTTP_RESPONSE_KEY_ERROR_DESCRIPTION) ? jSONObject.getString(HTTP_RESPONSE_KEY_ERROR_DESCRIPTION) : null;
        if (UString.equalsIgnoreCase(string, "INVALID_CREDENTIALS: Invalid client credentials")) {
            writeErrorToConsole(Messages.INVALID_CREDENTIALS, str2);
            throw new OidcInvalidCredentialsException(Messages.OIDC_INVALID_CREDENTIALS_MESSAGE);
        }
        if (UString.equalsIgnoreCase(string, "Invalid client secret")) {
            writeErrorToConsole(Messages.INVALID_SECRET, str2);
            throw new OidcInvalidCredentialsException(Messages.OIDC_INVALID_CLIENT_SECRET_MESSAGE);
        }
        if (UString.equals(string, "Session not active")) {
            writeErrorToConsole(Messages.SESSION_NOT_ACTIVE, str2);
            throw new OidcSessionNotActiveException(Messages.SESSION_NOT_ACTIVE);
        }
        if (UString.equals(string, "Refresh token expired")) {
            writeErrorToConsole(Messages.REFRESH_TOKEN_EXPIRED, str2);
            throw new OidcException(Messages.REFRESH_TOKEN_EXPIRED);
        }
        if (UString.equals(string, "Invalid refresh token")) {
            writeErrorToConsole(Messages.INVALID_REFRESH_TOKEN, str2);
            throw new OidcException(Messages.INVALID_REFRESH_TOKEN);
        }
        if (UString.equals(string, "Client secret not provided in request")) {
            OidcUtil.writeOnConsole(this._console, Messages.OIDC_NO_CLIENT_SECRET_MESSAGE, MessageSeverity.HIGH);
            throw new OidcInvalidCredentialsException(Messages.OIDC_NO_CLIENT_SECRET_MESSAGE);
        }
        handleBadRequestError(jSONObject.getString(HTTP_RESPONSE_KEY_ERROR), str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleBadRequestError(String str, String str2) throws OidcException {
        String str3 = INVALID_GRANT.equals(str) ? Messages.INVALID_OR_EXPIRED_AUTH_DATA : INVALID_SCOPE.equals(str) ? Messages.INVALID_SCOPE : UNAUTHORIZED_CLIENT.equals(str) ? Messages.UNAUTHORIZED_CLIENT : INVALID_REQUEST.equals(str) ? Messages.INVALID_REQUEST : Messages.UNAUTHORIZED;
        writeErrorToConsole(str3, str2);
        throw new OidcException(str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeErrorToConsole(String str, String str2) {
        OidcUtil.writeOnConsole(this._console, NLS.getFormatted(Messages.OIDC_ERROR_MESSAGE, str2, str), MessageSeverity.HIGH);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessTokenResponse createOrUpdateAccessTokenResponse(String str, AccessTokenResponse accessTokenResponse, String str2) throws OidcException {
        long j = 0;
        try {
            JSONObject jSONObject = new JSONObject(str);
            String string = jSONObject.getString(HTTP_RESPONSE_KEY_ACCESS_TOKEN);
            String string2 = jSONObject.getString(HTTP_KEY_REFRESH_TOKEN);
            String string3 = jSONObject.getString(HTTP_RESPONSE_KEY_ID_TOKEN);
            long j2 = jSONObject.getLong(HTTP_RESPONSE_KEY_ACCESS_TOKEN_EXPIRES_IN);
            String property = System.getProperty(IOidcConstants.OIDC_REFRESH_TOKEN_VALID_TIME_SYSTEM_PROPERTY);
            if (UString.isNonEmptyTrimmed(property)) {
                try {
                    j = Long.valueOf(property).longValue();
                } catch (NumberFormatException e) {
                    Logger.getLogger().warn("Wrong format of 'parasoft.oidc.refresh.token.valid.time' property: " + property);
                }
            }
            if (j != 0) {
                Logger.getLogger().debug("Using refresh token expires time from 'parasoft.oidc.refresh.token.valid.time': " + j);
            } else if (jSONObject.has(HTTP_KEY_REFRESH_TOKEN_EXPIRES_IN)) {
                j = jSONObject.getLong(HTTP_KEY_REFRESH_TOKEN_EXPIRES_IN);
            }
            if (j == 0) {
                j = DEFAULT_REFRESH_TOKEN_EXPIRES_IN.longValue();
                Logger.getLogger().debug("Using default refresh token expires time: " + j);
            }
            boolean isEmptyTrimmed = UString.isEmptyTrimmed(string);
            boolean isEmptyTrimmed2 = UString.isEmptyTrimmed(string2);
            boolean z = j2 == 0;
            if (isEmptyTrimmed || isEmptyTrimmed2 || z) {
                writeErrorToConsole(Messages.INVALID_RESPONSE, str2);
                Logger.getLogger().debug("Missing required data in access token response hasAccessToken=" + (!isEmptyTrimmed) + ", hasRefreshToken=" + (!isEmptyTrimmed2) + ", hasAccessTokenExpiresIn=" + (!z));
                throw new OidcException("Cannot retrieve required data from access token");
            }
            if (accessTokenResponse != null) {
                Logger.getLogger().debug("OIDC token refreshed from " + str2);
                return updateAccessTokenResponse(accessTokenResponse, string, string2, j2, j, string3);
            }
            String decodeUserNameFromIdToken = OidcUtil.decodeUserNameFromIdToken(string3);
            logAccessTokenObtained(decodeUserNameFromIdToken, str2);
            Logger.getLogger().info("OIDC token obtained for user: " + decodeUserNameFromIdToken + " from: " + str2);
            AccessTokenResponse accessTokenResponse2 = new AccessTokenResponse(string, string2, j2, j, string3);
            TokenDataKeeper.storeTokenData(getTokenStorageFile(), accessTokenResponse2);
            return accessTokenResponse2;
        } catch (JSONException e2) {
            Logger.getLogger().debug("Cannot parse JSON response.", e2);
            throw e2;
        }
    }

    protected void logAccessTokenObtained(String str, String str2) {
        if (this._consoleEventListener != null) {
            this._consoleEventListener.logAccessTokenObtained(str, str2);
        }
    }

    protected AccessTokenResponse updateAccessTokenResponse(AccessTokenResponse accessTokenResponse, String str, String str2, long j, long j2, String str3) {
        accessTokenResponse.setAccessToken(str);
        accessTokenResponse.setRefreshToken(str2);
        accessTokenResponse.setAccessTokenExpireDate(j);
        accessTokenResponse.setRefreshTokenExpireDate(j2);
        accessTokenResponse.setIdToken(str3);
        TokenDataKeeper.storeTokenData(getTokenStorageFile(), accessTokenResponse);
        return accessTokenResponse;
    }

    private File getTokenStorageFile() {
        return this._tokenStorageFile;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<BasicNameValuePair> getCreateTokenRequestParameters() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(HTTP_REQUEST_KEY_CLIENT_ID, this._clientId));
        arrayList.add(new BasicNameValuePair("scope", HTTP_REQUEST_SCOPE));
        addClientSecretProperty(arrayList);
        return arrayList;
    }
}
