package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.GenericData;
import com.google.api.client.util.Joiner;
import com.google.api.client.util.Preconditions;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.OAuth2Credentials;
import com.google.common.collect.ImmutableList;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import com.microsoft.aad.msal4j.Constants;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.annotation.Nullable;
import org.jets3t.service.utils.oauth.OAuthConstants;

/* loaded from: input_file:com/google/auth/oauth2/UserAuthorizer.class */
public class UserAuthorizer {
    static final URI DEFAULT_CALLBACK_URI = URI.create("/oauth2callback");
    private final String TOKEN_STORE_ERROR = "Error parsing stored token data.";
    private final String FETCH_TOKEN_ERROR = "Error reading result of Token API:";
    private final ClientId clientId;
    private final Collection<String> scopes;
    private final TokenStore tokenStore;
    private final URI callbackUri;
    private final HttpTransportFactory transportFactory;
    private final URI tokenServerUri;
    private final URI userAuthUri;
    private final PKCEProvider pkce;
    private final ClientAuthenticationType clientAuthenticationType;

    /* loaded from: input_file:com/google/auth/oauth2/UserAuthorizer$Builder.class */
    public static class Builder {
        private ClientId clientId;
        private TokenStore tokenStore;
        private URI callbackUri;
        private URI tokenServerUri;
        private URI userAuthUri;
        private Collection<String> scopes;
        private HttpTransportFactory transportFactory;
        private PKCEProvider pkce;
        private ClientAuthenticationType clientAuthenticationType;

        protected Builder() {
        }

        protected Builder(UserAuthorizer userAuthorizer) {
            this.clientId = userAuthorizer.clientId;
            this.scopes = userAuthorizer.scopes;
            this.transportFactory = userAuthorizer.transportFactory;
            this.tokenServerUri = userAuthorizer.tokenServerUri;
            this.tokenStore = userAuthorizer.tokenStore;
            this.callbackUri = userAuthorizer.callbackUri;
            this.userAuthUri = userAuthorizer.userAuthUri;
            this.pkce = new DefaultPKCEProvider();
            this.clientAuthenticationType = userAuthorizer.clientAuthenticationType;
        }

        @CanIgnoreReturnValue
        public Builder setClientId(ClientId clientId) {
            this.clientId = clientId;
            return this;
        }

        @CanIgnoreReturnValue
        public Builder setTokenStore(TokenStore tokenStore) {
            this.tokenStore = tokenStore;
            return this;
        }

        @CanIgnoreReturnValue
        public Builder setScopes(Collection<String> collection) {
            this.scopes = collection;
            return this;
        }

        @CanIgnoreReturnValue
        public Builder setTokenServerUri(URI uri) {
            this.tokenServerUri = uri;
            return this;
        }

        @CanIgnoreReturnValue
        public Builder setCallbackUri(URI uri) {
            this.callbackUri = uri;
            return this;
        }

        @CanIgnoreReturnValue
        public Builder setUserAuthUri(URI uri) {
            this.userAuthUri = uri;
            return this;
        }

        @CanIgnoreReturnValue
        public Builder setHttpTransportFactory(HttpTransportFactory httpTransportFactory) {
            this.transportFactory = httpTransportFactory;
            return this;
        }

        @CanIgnoreReturnValue
        public Builder setPKCEProvider(PKCEProvider pKCEProvider) {
            if (pKCEProvider != null && (pKCEProvider.getCodeChallenge() == null || pKCEProvider.getCodeVerifier() == null || pKCEProvider.getCodeChallengeMethod() == null)) {
                throw new IllegalArgumentException("PKCE provider contained null implementations. PKCE object must implement all PKCEProvider methods.");
            }
            this.pkce = pKCEProvider;
            return this;
        }

        @CanIgnoreReturnValue
        public Builder setClientAuthenticationType(ClientAuthenticationType clientAuthenticationType) {
            this.clientAuthenticationType = clientAuthenticationType;
            return this;
        }

        public ClientId getClientId() {
            return this.clientId;
        }

        public TokenStore getTokenStore() {
            return this.tokenStore;
        }

        public Collection<String> getScopes() {
            return this.scopes;
        }

        public URI getTokenServerUri() {
            return this.tokenServerUri;
        }

        public URI getCallbackUri() {
            return this.callbackUri;
        }

        public URI getUserAuthUri() {
            return this.userAuthUri;
        }

        public HttpTransportFactory getHttpTransportFactory() {
            return this.transportFactory;
        }

        public PKCEProvider getPKCEProvider() {
            return this.pkce;
        }

        public ClientAuthenticationType getClientAuthenticationType() {
            return this.clientAuthenticationType;
        }

        public UserAuthorizer build() {
            return new UserAuthorizer(this);
        }
    }

    /* loaded from: input_file:com/google/auth/oauth2/UserAuthorizer$ClientAuthenticationType.class */
    public enum ClientAuthenticationType {
        CLIENT_SECRET_POST,
        CLIENT_SECRET_BASIC,
        NONE
    }

    /* loaded from: input_file:com/google/auth/oauth2/UserAuthorizer$TokenResponseWithConfig.class */
    public static class TokenResponseWithConfig {
        private final String clientId;
        private final String clientSecret;
        private final String refreshToken;
        private final AccessToken accessToken;
        private URI tokenServerUri;
        private final HttpTransportFactory httpTransportFactory;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:com/google/auth/oauth2/UserAuthorizer$TokenResponseWithConfig$Builder.class */
        public static class Builder {
            private String clientId;
            private String clientSecret;
            private String refreshToken;
            private AccessToken accessToken;
            private URI tokenServerUri;
            private HttpTransportFactory httpTransportFactory;

            Builder() {
            }

            @CanIgnoreReturnValue
            Builder setClientId(String str) {
                this.clientId = str;
                return this;
            }

            @CanIgnoreReturnValue
            Builder setClientSecret(String str) {
                this.clientSecret = str;
                return this;
            }

            @CanIgnoreReturnValue
            Builder setRefreshToken(String str) {
                this.refreshToken = str;
                return this;
            }

            @CanIgnoreReturnValue
            Builder setAccessToken(AccessToken accessToken) {
                this.accessToken = accessToken;
                return this;
            }

            @CanIgnoreReturnValue
            Builder setHttpTransportFactory(HttpTransportFactory httpTransportFactory) {
                this.httpTransportFactory = httpTransportFactory;
                return this;
            }

            @CanIgnoreReturnValue
            Builder setTokenServerUri(URI uri) {
                this.tokenServerUri = uri;
                return this;
            }

            TokenResponseWithConfig build() {
                return new TokenResponseWithConfig(this);
            }
        }

        private TokenResponseWithConfig(Builder builder) {
            this.clientId = builder.clientId;
            this.clientSecret = builder.clientSecret;
            this.accessToken = builder.accessToken;
            this.httpTransportFactory = builder.httpTransportFactory;
            this.tokenServerUri = builder.tokenServerUri;
            this.refreshToken = builder.refreshToken;
        }

        public String getClientId() {
            return this.clientId;
        }

        public String getClientSecret() {
            return this.clientSecret;
        }

        public AccessToken getAccessToken() {
            return this.accessToken;
        }

        public HttpTransportFactory getHttpTransportFactory() {
            return this.httpTransportFactory;
        }

        public URI getTokenServerUri() {
            return this.tokenServerUri;
        }

        @Nullable
        public String getRefreshToken() {
            return this.refreshToken;
        }

        static Builder newBuilder() {
            return new Builder();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/auth/oauth2/UserAuthorizer$UserCredentialsListener.class */
    public class UserCredentialsListener implements OAuth2Credentials.CredentialsChangedListener {
        private final String userId;

        public UserCredentialsListener(String str) {
            this.userId = str;
        }

        @Override // com.google.auth.oauth2.OAuth2Credentials.CredentialsChangedListener
        public void onChanged(OAuth2Credentials oAuth2Credentials) throws IOException {
            UserAuthorizer.this.storeCredentials(this.userId, (UserCredentials) oAuth2Credentials);
        }
    }

    private UserAuthorizer(Builder builder) {
        this.TOKEN_STORE_ERROR = "Error parsing stored token data.";
        this.FETCH_TOKEN_ERROR = "Error reading result of Token API:";
        this.clientId = (ClientId) Preconditions.checkNotNull(builder.clientId);
        this.scopes = ImmutableList.copyOf((Collection) Preconditions.checkNotNull(builder.scopes));
        this.callbackUri = builder.callbackUri == null ? DEFAULT_CALLBACK_URI : builder.callbackUri;
        this.transportFactory = builder.transportFactory == null ? OAuth2Utils.HTTP_TRANSPORT_FACTORY : builder.transportFactory;
        this.tokenServerUri = builder.tokenServerUri == null ? OAuth2Utils.TOKEN_SERVER_URI : builder.tokenServerUri;
        this.userAuthUri = builder.userAuthUri == null ? OAuth2Utils.USER_AUTH_URI : builder.userAuthUri;
        this.tokenStore = builder.tokenStore == null ? new MemoryTokensStorage() : builder.tokenStore;
        this.pkce = builder.pkce;
        this.clientAuthenticationType = builder.clientAuthenticationType == null ? ClientAuthenticationType.CLIENT_SECRET_POST : builder.clientAuthenticationType;
    }

    public ClientId getClientId() {
        return this.clientId;
    }

    public Collection<String> getScopes() {
        return this.scopes;
    }

    public URI getCallbackUri() {
        return this.callbackUri;
    }

    public URI getCallbackUri(URI uri) {
        if (this.callbackUri.isAbsolute()) {
            return this.callbackUri;
        }
        if (uri == null || !uri.isAbsolute()) {
            throw new IllegalStateException("If the callback URI is relative, the baseUri passed must be an absolute URI");
        }
        return uri.resolve(this.callbackUri);
    }

    public TokenStore getTokenStore() {
        return this.tokenStore;
    }

    public ClientAuthenticationType getClientAuthenticationType() {
        return this.clientAuthenticationType;
    }

    public URL getAuthorizationUrl(String str, String str2, URI uri) {
        return getAuthorizationUrl(str, str2, uri, null);
    }

    public URL getAuthorizationUrl(String str, String str2, URI uri, Map<String, String> map) {
        URI callbackUri = getCallbackUri(uri);
        String join = Joiner.on(' ').join(this.scopes);
        GenericUrl genericUrl = new GenericUrl(this.userAuthUri);
        genericUrl.put("response_type", (Object) "code");
        genericUrl.put(Constants.MANAGED_IDENTITY_CLIENT_ID, (Object) this.clientId.getClientId());
        genericUrl.put("redirect_uri", (Object) callbackUri);
        genericUrl.put("scope", (Object) join);
        if (str2 != null) {
            genericUrl.put("state", (Object) str2);
        }
        genericUrl.put("access_type", (Object) "offline");
        genericUrl.put("prompt", (Object) "consent");
        if (str != null) {
            genericUrl.put("login_hint", (Object) str);
        }
        genericUrl.put("include_granted_scopes", (Object) true);
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                genericUrl.put(entry.getKey(), (Object) entry.getValue());
            }
        }
        if (this.pkce != null) {
            genericUrl.put("code_challenge", (Object) this.pkce.getCodeChallenge());
            genericUrl.put("code_challenge_method", (Object) this.pkce.getCodeChallengeMethod());
        }
        return genericUrl.toURL();
    }

    public UserCredentials getCredentials(String str) throws IOException {
        Preconditions.checkNotNull(str);
        if (this.tokenStore == null) {
            throw new IllegalStateException("Method cannot be called if token store is not specified.");
        }
        String load = this.tokenStore.load(str);
        if (load == null) {
            return null;
        }
        GenericJson parseJson = OAuth2Utils.parseJson(load);
        String validateString = OAuth2Utils.validateString(parseJson, "access_token", "Error parsing stored token data.");
        Date date = new Date(Long.valueOf(OAuth2Utils.validateLong(parseJson, "expiration_time_millis", "Error parsing stored token data.")).longValue());
        UserCredentials build = UserCredentials.newBuilder().setClientId(this.clientId.getClientId()).setClientSecret(this.clientId.getClientSecret()).setRefreshToken(OAuth2Utils.validateOptionalString(parseJson, OAuthConstants.GSOAuth2_10.GrantTypes.RefreshToken, "Error parsing stored token data.")).setAccessToken(AccessToken.newBuilder().setExpirationTime(date).setTokenValue(validateString).setScopes(OAuth2Utils.validateOptionalListString(parseJson, "scope", "Error reading result of Token API:")).build()).setHttpTransportFactory(this.transportFactory).setTokenServerUri(this.tokenServerUri).build();
        monitorCredentials(str, build);
        return build;
    }

    public UserCredentials getCredentialsFromCode(String str, URI uri) throws IOException {
        return getCredentialsFromCode(str, uri, null);
    }

    public UserCredentials getCredentialsFromCode(String str, URI uri, Map<String, String> map) throws IOException {
        TokenResponseWithConfig credentialsFromCodeInternal = getCredentialsFromCodeInternal(str, uri, map);
        return UserCredentials.newBuilder().setClientId(credentialsFromCodeInternal.getClientId()).setClientSecret(credentialsFromCodeInternal.getClientSecret()).setAccessToken(credentialsFromCodeInternal.getAccessToken()).setRefreshToken(credentialsFromCodeInternal.getRefreshToken()).setHttpTransportFactory(credentialsFromCodeInternal.getHttpTransportFactory()).setTokenServerUri(credentialsFromCodeInternal.getTokenServerUri()).build();
    }

    public TokenResponseWithConfig getTokenResponseFromAuthCodeExchange(String str, URI uri, Map<String, String> map) throws IOException {
        return getCredentialsFromCodeInternal(str, uri, map);
    }

    public UserCredentials getAndStoreCredentialsFromCode(String str, String str2, URI uri) throws IOException {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(str2);
        UserCredentials credentialsFromCode = getCredentialsFromCode(str2, uri);
        storeCredentials(str, credentialsFromCode);
        monitorCredentials(str, credentialsFromCode);
        return credentialsFromCode;
    }

    public void revokeAuthorization(String str) throws IOException {
        Preconditions.checkNotNull(str);
        if (this.tokenStore == null) {
            throw new IllegalStateException("Method cannot be called if token store is not specified.");
        }
        String load = this.tokenStore.load(str);
        if (load == null) {
            return;
        }
        IOException iOException = null;
        try {
            this.tokenStore.delete(str);
        } catch (IOException e) {
            iOException = e;
        }
        GenericJson parseJson = OAuth2Utils.parseJson(load);
        String validateOptionalString = OAuth2Utils.validateOptionalString(parseJson, "access_token", "Error parsing stored token data.");
        String validateOptionalString2 = OAuth2Utils.validateOptionalString(parseJson, OAuthConstants.GSOAuth2_10.GrantTypes.RefreshToken, "Error parsing stored token data.");
        String str2 = validateOptionalString2 != null ? validateOptionalString2 : validateOptionalString;
        GenericUrl genericUrl = new GenericUrl(OAuth2Utils.TOKEN_REVOKE_URI);
        GenericData genericData = new GenericData();
        genericData.put(OAuthConstants.GSOAuth2_10.ResponseTypes.Token, (Object) str2);
        this.transportFactory.create().createRequestFactory().buildPostRequest(genericUrl, new UrlEncodedContent(genericData)).execute();
        if (iOException != null) {
            throw iOException;
        }
    }

    public void storeCredentials(String str, UserCredentials userCredentials) throws IOException {
        if (this.tokenStore == null) {
            throw new IllegalStateException("Cannot store tokens if tokenStore is not specified.");
        }
        AccessToken accessToken = userCredentials.getAccessToken();
        String str2 = null;
        Date date = null;
        List<String> arrayList = new ArrayList();
        if (accessToken != null) {
            str2 = accessToken.getTokenValue();
            date = accessToken.getExpirationTime();
            arrayList = accessToken.getScopes();
        }
        String refreshToken = userCredentials.getRefreshToken();
        GenericJson genericJson = new GenericJson();
        genericJson.setFactory(OAuth2Utils.JSON_FACTORY);
        genericJson.put("access_token", (Object) str2);
        genericJson.put("scope", (Object) arrayList);
        genericJson.put("expiration_time_millis", (Object) Long.valueOf(date.getTime()));
        if (refreshToken != null) {
            genericJson.put(OAuthConstants.GSOAuth2_10.GrantTypes.RefreshToken, (Object) refreshToken);
        }
        this.tokenStore.store(str, genericJson.toString());
    }

    protected void monitorCredentials(String str, UserCredentials userCredentials) {
        userCredentials.addChangeListener(new UserCredentialsListener(str));
    }

    private TokenResponseWithConfig getCredentialsFromCodeInternal(String str, URI uri, Map<String, String> map) throws IOException {
        Preconditions.checkNotNull(str);
        URI callbackUri = getCallbackUri(uri);
        GenericData genericData = new GenericData();
        genericData.put("code", (Object) str);
        genericData.put(Constants.MANAGED_IDENTITY_CLIENT_ID, (Object) this.clientId.getClientId());
        genericData.put("redirect_uri", (Object) callbackUri);
        genericData.put("grant_type", (Object) OAuthConstants.GSOAuth2_10.GrantTypes.Authorization);
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                genericData.put(entry.getKey(), (Object) entry.getValue());
            }
        }
        if (this.pkce != null) {
            genericData.put("code_verifier", (Object) this.pkce.getCodeVerifier());
        }
        if (this.clientAuthenticationType == ClientAuthenticationType.CLIENT_SECRET_POST) {
            genericData.put("client_secret", (Object) this.clientId.getClientSecret());
        }
        HttpRequest buildPostRequest = this.transportFactory.create().createRequestFactory().buildPostRequest(new GenericUrl(this.tokenServerUri), new UrlEncodedContent(genericData));
        buildPostRequest.setParser(new JsonObjectParser(OAuth2Utils.JSON_FACTORY));
        if (this.clientAuthenticationType == ClientAuthenticationType.CLIENT_SECRET_BASIC) {
            buildPostRequest.getHeaders().setAuthorization(OAuth2Utils.generateBasicAuthHeader(this.clientId.getClientId(), this.clientId.getClientSecret()));
        }
        GenericJson genericJson = (GenericJson) buildPostRequest.execute().parseAs(GenericJson.class);
        return TokenResponseWithConfig.newBuilder().setClientId(this.clientId.getClientId()).setClientSecret(this.clientId.getClientSecret()).setAccessToken(AccessToken.newBuilder().setExpirationTime(new Date(new Date().getTime() + (OAuth2Utils.validateInt32(genericJson, "expires_in", "Error reading result of Token API:") * 1000))).setTokenValue(OAuth2Utils.validateString(genericJson, "access_token", "Error reading result of Token API:")).setScopes(OAuth2Utils.validateOptionalString(genericJson, "scope", "Error reading result of Token API:")).build()).setRefreshToken(OAuth2Utils.validateOptionalString(genericJson, OAuthConstants.GSOAuth2_10.GrantTypes.RefreshToken, "Error reading result of Token API:")).setHttpTransportFactory(this.transportFactory).setTokenServerUri(this.tokenServerUri).build();
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    public Builder toBuilder() {
        return new Builder(this);
    }
}
