package com.fujieid.jap.ids.util;

import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.bean.copier.CopyOptions;
import cn.hutool.core.codec.Base64;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.core.util.URLUtil;
import cn.hutool.crypto.SecureUtil;
import com.fujieid.jap.ids.JapIds;
import com.fujieid.jap.ids.exception.IdsTokenException;
import com.fujieid.jap.ids.exception.InvalidClientException;
import com.fujieid.jap.ids.exception.InvalidGrantException;
import com.fujieid.jap.ids.exception.InvalidRedirectUriException;
import com.fujieid.jap.ids.exception.InvalidScopeException;
import com.fujieid.jap.ids.exception.UnsupportedGrantTypeException;
import com.fujieid.jap.ids.exception.UnsupportedResponseTypeException;
import com.fujieid.jap.ids.model.ClientDetail;
import com.fujieid.jap.ids.model.IdsConsts;
import com.fujieid.jap.ids.model.IdsRequestParam;
import com.fujieid.jap.ids.model.enums.ErrorResponse;
import com.fujieid.jap.ids.model.enums.GrantType;
import com.fujieid.jap.ids.service.IdsSecretService;
import com.fujieid.jap.ids.service.Oauth2Service;
import com.xkcoding.json.util.StringUtil;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import org.jose4j.base64url.Base64Url;

/* loaded from: input_file:com/fujieid/jap/ids/util/OauthUtil.class */
public class OauthUtil {
    private static final Collection<String> REDIRECT_GRANT_TYPES = Arrays.asList("implicit", "authorization_code");

    public static Set<String> convertStrToList(String str, String str2) {
        TreeSet treeSet = new TreeSet();
        if (str != null && str.trim().length() > 0) {
            treeSet.addAll(Arrays.asList(str.split(str2)));
        }
        return treeSet;
    }

    public static Set<String> convertStrToList(String str) {
        return convertStrToList(str, "[\\s+]");
    }

    public static Set<String> validateScope(String str, String str2) {
        if (StringUtil.isEmpty(str)) {
            return new HashSet();
        }
        Set<String> convertStrToList = convertStrToList(str);
        if (StringUtil.isNotEmpty(str2)) {
            Set<String> convertStrToList2 = convertStrToList(str2);
            for (String str3 : convertStrToList) {
                if (!convertStrToList2.contains(str3)) {
                    throw new InvalidScopeException("Invalid scope: " + str3 + ". Only the following scopes are supported: " + str2);
                }
            }
        }
        return convertStrToList;
    }

    private static boolean containsRedirectGrantType(Set<String> set) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (REDIRECT_GRANT_TYPES.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    public static void validateRedirectUri(String str, ClientDetail clientDetail) {
        Set<String> convertStrToList = convertStrToList(clientDetail.getGrantTypes());
        if (convertStrToList.isEmpty()) {
            throw new InvalidGrantException("A client must have at least one authorized grant type.");
        }
        if (!containsRedirectGrantType(convertStrToList)) {
            throw new InvalidGrantException("A redirect_uri can only be used by implicit or authorization_code grant types.");
        }
        String redirectUri = clientDetail.getRedirectUri();
        if (str == null || !str.equals(redirectUri)) {
            throw new InvalidRedirectUriException(ErrorResponse.INVALID_REDIRECT_URI);
        }
    }

    public static void validateSecret(IdsRequestParam idsRequestParam, ClientDetail clientDetail, Oauth2Service oauth2Service) {
        if (!idsRequestParam.getGrantType().equals(GrantType.AUTHORIZATION_CODE.getType())) {
            matchesSecret(idsRequestParam, clientDetail);
        } else if (idsRequestParam.isEnablePkce()) {
            oauth2Service.validateAuthrizationCodeChallenge(idsRequestParam.getCodeVerifier(), idsRequestParam.getCode());
        } else {
            matchesSecret(idsRequestParam, clientDetail);
        }
    }

    private static void matchesSecret(IdsRequestParam idsRequestParam, ClientDetail clientDetail) {
        IdsSecretService secretService = JapIds.getContext().getSecretService();
        if (null == secretService) {
            throw new IdsTokenException("com.fujieid.jap.ids.service.IdsSecretService has not been injected");
        }
        if (!secretService.matches(clientDetail.getClientSecret(), idsRequestParam.getClientSecret())) {
            throw new InvalidClientException(ErrorResponse.INVALID_CLIENT);
        }
    }

    public static void validateResponseType(String str, String str2) {
        Set<String> convertStrToList = convertStrToList(str2);
        if (!StringUtil.isEmpty(str2) && !convertStrToList.contains(str)) {
            throw new UnsupportedResponseTypeException(ErrorResponse.UNSUPPORTED_RESPONSE_TYPE);
        }
    }

    public static void validateGrantType(String str, String str2, GrantType grantType) {
        Set<String> convertStrToList = convertStrToList(str2);
        if (StringUtil.isEmpty(str) || ArrayUtil.isEmpty(convertStrToList) || !convertStrToList.contains(str)) {
            throw new UnsupportedGrantTypeException(ErrorResponse.UNSUPPORTED_GRANT_TYPE);
        }
        if (null != grantType && !str.equals(grantType.getType())) {
            throw new UnsupportedGrantTypeException(ErrorResponse.UNSUPPORTED_GRANT_TYPE);
        }
    }

    public static void validClientDetail(ClientDetail clientDetail) {
        if (clientDetail == null) {
            throw new InvalidClientException(ErrorResponse.INVALID_CLIENT);
        }
        if (!((Boolean) Optional.ofNullable(clientDetail.getAvailable()).orElse(false)).booleanValue()) {
            throw new InvalidClientException(ErrorResponse.DISABLED_CLIENT);
        }
    }

    public static long getAccessTokenExpiresIn(Long l) {
        return ((Long) Optional.ofNullable(l).orElse(Long.valueOf(IdsConsts.ACCESS_TOKEN_ACTIVITY_TIME))).longValue();
    }

    public static long getRefreshTokenExpiresIn(Long l) {
        return ((Long) Optional.ofNullable(l).orElse(31536000L)).longValue();
    }

    public static long getCodeExpiresIn(Long l) {
        return ((Long) Optional.ofNullable(l).orElse(600L)).longValue();
    }

    public static long getIdTokenExpiresIn(Long l) {
        return ((Long) Optional.ofNullable(l).orElse(31536000L)).longValue();
    }

    public static Date getAccessTokenExpiresAt(Long l) {
        return DateUtil.offsetSecond(new Date(), Long.valueOf(getAccessTokenExpiresIn(l)).intValue());
    }

    public static Date getRefreshTokenExpiresAt(Long l) {
        return DateUtil.offsetSecond(new Date(), Long.valueOf(getRefreshTokenExpiresIn(l)).intValue());
    }

    public static Date getCodeExpiresAt(Long l) {
        return DateUtil.offsetSecond(new Date(), Long.valueOf(getCodeExpiresIn(l)).intValue());
    }

    public static Date getIdTokenExpiresAt(Long l) {
        return DateUtil.offsetSecond(new Date(), Long.valueOf(getIdTokenExpiresIn(l)).intValue());
    }

    public static String createAuthorizeUrl(String str, IdsRequestParam idsRequestParam) {
        String str2;
        HashMap hashMap = new HashMap(13);
        hashMap.put(IdsConsts.CLIENT_ID, idsRequestParam.getClientId());
        if (StringUtil.isNotEmpty(idsRequestParam.getRedirectUri())) {
            hashMap.put(IdsConsts.REDIRECT_URI, idsRequestParam.getRedirectUri());
        }
        if (StringUtil.isNotEmpty(idsRequestParam.getScope())) {
            hashMap.put(IdsConsts.SCOPE, idsRequestParam.getScope());
        }
        if (StringUtil.isNotEmpty(idsRequestParam.getState())) {
            hashMap.put(IdsConsts.STATE, idsRequestParam.getState());
        }
        if (StringUtil.isNotEmpty(idsRequestParam.getUid())) {
            hashMap.put(IdsConsts.UID, idsRequestParam.getUid());
        }
        if (StringUtil.isNotEmpty(idsRequestParam.getNonce())) {
            hashMap.put(IdsConsts.NONCE, idsRequestParam.getNonce());
        }
        if (StringUtil.isNotEmpty(idsRequestParam.getResponseType())) {
            hashMap.put(IdsConsts.RESPONSE_TYPE, idsRequestParam.getResponseType());
        }
        if (StringUtil.isNotEmpty(idsRequestParam.getCodeChallengeMethod()) || StringUtil.isNotEmpty(idsRequestParam.getCodeChallenge())) {
            hashMap.put(IdsConsts.CODE_CHALLENGE_METHOD, idsRequestParam.getCodeChallengeMethod());
            hashMap.put(IdsConsts.CODE_CHALLENGE, idsRequestParam.getCodeChallenge());
        }
        if (StringUtil.isNotEmpty(idsRequestParam.getAutoapprove())) {
            hashMap.put(IdsConsts.AUTOAPPROVE, idsRequestParam.getAutoapprove());
        }
        String buildQuery = URLUtil.buildQuery(hashMap, StandardCharsets.UTF_8);
        if (str.contains("?")) {
            str2 = str + (str.endsWith("?") ? "" : "&") + buildQuery;
        } else {
            str2 = str + "?" + buildQuery;
        }
        return str2;
    }

    public static String generateClientId() {
        return RandomUtil.randomString(32);
    }

    public static String generateClientSecret() {
        return RandomUtil.randomString(40);
    }

    public static boolean isOidcProtocol(String str) {
        return convertStrToList(str).contains("openid");
    }

    public static String generateCodeChallenge(String str, String str2) {
        return "S256".equalsIgnoreCase(str) ? Base64.encodeUrlSafe(SecureUtil.sha256().digest(str2)) : str2;
    }

    public static String generateCodeVerifier() {
        return Base64Url.encode(RandomUtil.randomString(50), "UTF-8");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static <T> T objToBean(Serializable serializable, Class<T> cls) {
        if (0 == serializable) {
            return null;
        }
        if (serializable.getClass() == cls) {
            return serializable;
        }
        if (serializable instanceof Map) {
            return (T) BeanUtil.mapToBean((Map) serializable, cls, false, (CopyOptions) null);
        }
        return null;
    }
}
