package leap.oauth2.wac.token;

import java.util.Map;
import java.util.UUID;
import leap.core.Session;
import leap.core.annotation.Inject;
import leap.core.security.Authentication;
import leap.core.security.UserPrincipal;
import leap.lang.codec.Base64;
import leap.lang.http.client.HttpClient;
import leap.lang.http.client.HttpResponse;
import leap.lang.json.JSON;
import leap.oauth2.AuthorizationCodeInvalidException;
import leap.oauth2.OAuth2Params;
import leap.oauth2.ObtainAccessTokenFailedException;
import leap.oauth2.RefreshAccessTokenFailedException;
import leap.oauth2.RefreshTokenInvalidException;
import leap.oauth2.wac.OAuth2AccessToken;
import leap.oauth2.wac.OAuth2WebAppConfig;
import leap.web.Request;

/* loaded from: input_file:leap/oauth2/wac/token/DefaultWacTokenManager.class */
public class DefaultWacTokenManager implements WacTokenManager {
    private static final String KEY = "AccessToken_" + UUID.randomUUID().toString();

    @Inject
    protected OAuth2WebAppConfig config;

    @Inject
    protected HttpClient hc;

    @Override // leap.oauth2.wac.token.WacTokenManager
    public OAuth2AccessToken fetchAndSaveAccessToken(Request request, Authentication authentication, String str) {
        HttpResponse post = this.hc.request(this.config.getServerTokenEndpointUrl()).addFormParam(OAuth2Params.GRANT_TYPE, "authorization_code").addFormParam(OAuth2Params.CODE, str).addHeader("Authorization", "Basic " + Base64.encode(this.config.getClientId() + ":" + this.config.getClientSecret())).post();
        if (!post.isOk()) {
            throw new ObtainAccessTokenFailedException("Obtain access token failed, " + post.getStatus() + " -> " + post.getString());
        }
        Map map = (Map) JSON.decode(post.getString());
        if (map.containsKey(OAuth2Params.ERROR)) {
            throw new AuthorizationCodeInvalidException("Cannot obtain access token, authorization code may be invalid : " + map.get(OAuth2Params.ERROR));
        }
        SimpleWacAccessToken simpleWacAccessToken = new SimpleWacAccessToken();
        simpleWacAccessToken.setCreated(System.currentTimeMillis());
        simpleWacAccessToken.setToken((String) map.get(OAuth2Params.ACCESS_TOKEN));
        simpleWacAccessToken.setRefreshToken((String) map.get(OAuth2Params.REFRESH_TOKEN));
        simpleWacAccessToken.setExpiresIn(((Integer) map.get("expires_in")).intValue());
        simpleWacAccessToken.setUserId(authentication.getUser().getIdAsString());
        saveAccessToken(request, simpleWacAccessToken);
        return simpleWacAccessToken;
    }

    @Override // leap.oauth2.wac.token.WacTokenManager
    public OAuth2AccessToken refreshAndSaveAccessToken(Request request) {
        OAuth2AccessToken resolveAccessToken = resolveAccessToken(request, false);
        if (null == resolveAccessToken) {
            throw new IllegalStateException("No current access token, cannot refresh");
        }
        return refreshAndSaveAccessToken(request, resolveAccessToken);
    }

    @Override // leap.oauth2.wac.token.WacTokenManager
    public OAuth2AccessToken refreshAndSaveAccessToken(Request request, OAuth2AccessToken oAuth2AccessToken) {
        if (null != this.config.getTokenStore()) {
            this.config.getTokenStore().removeAccessToken(request, oAuth2AccessToken);
        }
        HttpResponse post = this.hc.request(this.config.getServerTokenEndpointUrl()).addQueryParam(OAuth2Params.GRANT_TYPE, OAuth2Params.REFRESH_TOKEN).addQueryParam(OAuth2Params.REFRESH_TOKEN, oAuth2AccessToken.getRefreshToken()).post();
        if (!post.isOk()) {
            throw new RefreshAccessTokenFailedException("Refresh access token failed : " + post.getStatus() + " -> " + post.getString());
        }
        Map map = (Map) JSON.decode(post.getString());
        if (map.containsKey(OAuth2Params.ERROR)) {
            if (this.config.getTokenStore() != null) {
                this.config.getTokenStore().removeAccessToken(request, oAuth2AccessToken);
            }
            throw new RefreshTokenInvalidException("Refresh access token failed : " + map.get(OAuth2Params.ERROR));
        }
        SimpleWacAccessToken simpleWacAccessToken = new SimpleWacAccessToken();
        simpleWacAccessToken.setCreated(System.currentTimeMillis());
        simpleWacAccessToken.setToken((String) map.get(OAuth2Params.ACCESS_TOKEN));
        simpleWacAccessToken.setRefreshToken((String) map.get(OAuth2Params.REFRESH_TOKEN));
        simpleWacAccessToken.setExpiresIn(((Integer) map.get("expires_in")).intValue());
        simpleWacAccessToken.setUserId(oAuth2AccessToken.getUserId());
        saveAccessToken(request, simpleWacAccessToken);
        return simpleWacAccessToken;
    }

    @Override // leap.oauth2.wac.token.WacTokenManager
    public OAuth2AccessToken resolveAccessToken(Request request, boolean z) {
        Session session = request.getSession(false);
        if (null == session) {
            return null;
        }
        OAuth2AccessToken oAuth2AccessToken = (OAuth2AccessToken) session.getAttribute(KEY);
        if (null == oAuth2AccessToken && this.config.getTokenStore() != null) {
            oAuth2AccessToken = this.config.getTokenStore().loadAccessToken(request);
            if (null != oAuth2AccessToken) {
                session.setAttribute(KEY, oAuth2AccessToken);
            }
        }
        if (null != oAuth2AccessToken) {
            UserPrincipal user = request.getUser();
            if (null != user && !user.getIdAsString().equals(oAuth2AccessToken.getUserId())) {
                removeAccessToken(request);
                if (null == this.config.getTokenStore()) {
                    return null;
                }
                this.config.getTokenStore().removeAccessToken(request, oAuth2AccessToken);
                return null;
            }
            if (oAuth2AccessToken.isExpired() && z) {
                return refreshAndSaveAccessToken(request, oAuth2AccessToken);
            }
        }
        return oAuth2AccessToken;
    }

    public void saveAccessToken(Request request, OAuth2AccessToken oAuth2AccessToken) {
        if (null != this.config.getTokenStore()) {
            this.config.getTokenStore().saveAccessToken(request, request.response(), oAuth2AccessToken);
        }
        request.getSession(true).setAttribute(KEY, oAuth2AccessToken);
    }

    public void removeAccessToken(Request request) {
        Session session = request.getSession(false);
        if (null != session) {
            session.removeAttribute(KEY);
        }
    }
}
