package com.fujieid.jap.oauth2.token;

import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.StrUtil;
import com.fujieid.jap.core.exception.JapOauth2Exception;
import com.fujieid.jap.http.JapHttpRequest;
import com.fujieid.jap.oauth2.OAuthConfig;
import com.fujieid.jap.oauth2.Oauth2Const;
import com.fujieid.jap.oauth2.Oauth2GrantType;
import com.fujieid.jap.oauth2.Oauth2ResponseType;
import com.fujieid.jap.oauth2.Oauth2Util;
import com.fujieid.jap.oauth2.pkce.PkceHelper;
import com.fujieid.jap.oauth2.pkce.PkceParams;
import com.xkcoding.json.util.Kv;
import com.xkcoding.json.util.ObjectUtil;
import java.util.HashMap;

/* loaded from: input_file:com/fujieid/jap/oauth2/token/AccessTokenHelper.class */
public class AccessTokenHelper {
    private AccessTokenHelper() {
    }

    public static AccessToken getToken(JapHttpRequest japHttpRequest, OAuthConfig oAuthConfig, Object... objArr) throws JapOauth2Exception {
        if (null == oAuthConfig) {
            throw new JapOauth2Exception("Oauth2Strategy failed to get AccessToken. OAuthConfig cannot be empty.");
        }
        if (oAuthConfig.getResponseType() == Oauth2ResponseType.CODE) {
            return getAccessTokenOfAuthorizationCodeMode(japHttpRequest, oAuthConfig);
        }
        if (oAuthConfig.getResponseType() == Oauth2ResponseType.TOKEN) {
            return getAccessTokenOfImplicitMode(japHttpRequest);
        }
        if (oAuthConfig.getGrantType() == Oauth2GrantType.PASSWORD) {
            return getAccessTokenOfPasswordMode(oAuthConfig);
        }
        if (oAuthConfig.getGrantType() == Oauth2GrantType.CLIENT_CREDENTIALS) {
            return getAccessTokenOfClientMode(japHttpRequest, oAuthConfig);
        }
        if (oAuthConfig.getGrantType() != Oauth2GrantType.REFRESH_TOKEN) {
            throw new JapOauth2Exception("Oauth2Strategy failed to get AccessToken. Missing required parameters.");
        }
        if (null != objArr && objArr.length != 0 && null != objArr[0]) {
            String valueOf = String.valueOf(objArr[0]);
            if (!valueOf.isEmpty()) {
                return refreshToken(oAuthConfig, valueOf);
            }
        }
        throw new JapOauth2Exception("Failed to refresh token, refresh_token is empty.");
    }

    private static AccessToken getAccessTokenOfAuthorizationCodeMode(JapHttpRequest japHttpRequest, OAuthConfig oAuthConfig) throws JapOauth2Exception {
        Oauth2Util.checkState(japHttpRequest.getParameter("state"), oAuthConfig.getClientId(), oAuthConfig.isVerifyState());
        String parameter = japHttpRequest.getParameter("code");
        HashMap hashMap = new HashMap(6);
        hashMap.put("grant_type", Oauth2GrantType.AUTHORIZATION_CODE.getType());
        hashMap.put("code", parameter);
        hashMap.put("client_id", oAuthConfig.getClientId());
        hashMap.put("client_secret", oAuthConfig.getClientSecret());
        if (StrUtil.isNotBlank(oAuthConfig.getCallbackUrl())) {
            hashMap.put("redirect_uri", oAuthConfig.getCallbackUrl());
        }
        if (ArrayUtil.isNotEmpty(oAuthConfig.getScopes())) {
            hashMap.put("scope", String.join(Oauth2Const.SCOPE_SEPARATOR, oAuthConfig.getScopes()));
        }
        if (Oauth2ResponseType.CODE == oAuthConfig.getResponseType() && oAuthConfig.isEnablePkce()) {
            hashMap.put(PkceParams.CODE_VERIFIER, PkceHelper.getCacheCodeVerifier(oAuthConfig.getClientId()));
        }
        Kv request = Oauth2Util.request(oAuthConfig.getAccessTokenEndpointMethodType(), oAuthConfig.getTokenUrl(), hashMap);
        Oauth2Util.checkOauthResponse(request, "Oauth2Strategy failed to get AccessToken.");
        if (request.containsKey("access_token")) {
            return mapToAccessToken(request);
        }
        throw new JapOauth2Exception("Oauth2Strategy failed to get AccessToken." + request);
    }

    private static AccessToken getAccessTokenOfImplicitMode(JapHttpRequest japHttpRequest) throws JapOauth2Exception {
        Oauth2Util.checkOauthCallbackRequest(japHttpRequest.getParameter("error"), japHttpRequest.getParameter("error_description"), "Oauth2Strategy failed to get AccessToken.");
        if (null == japHttpRequest.getParameter("access_token")) {
            throw new JapOauth2Exception("Oauth2Strategy failed to get AccessToken.");
        }
        return new AccessToken().setAccessToken(japHttpRequest.getParameter("access_token")).setRefreshToken(japHttpRequest.getParameter("refresh_token")).setIdToken(japHttpRequest.getParameter("id_token")).setTokenType(japHttpRequest.getParameter("token_type")).setScope(japHttpRequest.getParameter("scope")).setExpiresIn(ObjectUtil.toInt(japHttpRequest.getParameter("expires_in")));
    }

    private static AccessToken getAccessTokenOfPasswordMode(OAuthConfig oAuthConfig) throws JapOauth2Exception {
        HashMap hashMap = new HashMap(6);
        hashMap.put("grant_type", Oauth2GrantType.PASSWORD.getType());
        hashMap.put("username", oAuthConfig.getUsername());
        hashMap.put("password", oAuthConfig.getPassword());
        hashMap.put("client_id", oAuthConfig.getClientId());
        hashMap.put("client_secret", oAuthConfig.getClientSecret());
        if (ArrayUtil.isNotEmpty(oAuthConfig.getScopes())) {
            hashMap.put("scope", String.join(Oauth2Const.SCOPE_SEPARATOR, oAuthConfig.getScopes()));
        }
        Kv request = Oauth2Util.request(oAuthConfig.getAccessTokenEndpointMethodType(), oAuthConfig.getTokenUrl(), hashMap);
        Oauth2Util.checkOauthResponse(request, "Oauth2Strategy failed to get AccessToken.");
        if (request.containsKey("access_token")) {
            return mapToAccessToken(request);
        }
        throw new JapOauth2Exception("Oauth2Strategy failed to get AccessToken." + request);
    }

    private static AccessToken getAccessTokenOfClientMode(JapHttpRequest japHttpRequest, OAuthConfig oAuthConfig) throws JapOauth2Exception {
        throw new JapOauth2Exception("Oauth2Strategy failed to get AccessToken. Grant type of client_credentials type is not supported.");
    }

    private static AccessToken refreshToken(OAuthConfig oAuthConfig, String str) {
        HashMap hashMap = new HashMap(6);
        hashMap.put("grant_type", oAuthConfig.getGrantType().getType());
        hashMap.put("refresh_token", str);
        if (ArrayUtil.isNotEmpty(oAuthConfig.getScopes())) {
            hashMap.put("scope", String.join(Oauth2Const.SCOPE_SEPARATOR, oAuthConfig.getScopes()));
        }
        Kv request = Oauth2Util.request(oAuthConfig.getRefreshTokenEndpointMethodType(), oAuthConfig.getRefreshTokenUrl(), hashMap);
        Oauth2Util.checkOauthResponse(request, "Oauth2Strategy failed to refresh access_token.");
        if (request.containsKey("access_token")) {
            return mapToAccessToken(request);
        }
        throw new JapOauth2Exception("Oauth2Strategy failed to refresh access_token." + request);
    }

    private static AccessToken mapToAccessToken(Kv kv) {
        return new AccessToken().setAccessToken(kv.getString("access_token")).setRefreshToken(kv.getString("refresh_token")).setIdToken(kv.getString("id_token")).setTokenType(kv.getString("token_type")).setScope(kv.getString("scope")).setExpiresIn(kv.getInteger("expires_in"));
    }
}
