package com.intuit.oauth2.client;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.intuit.oauth2.config.OAuth2Config;
import com.intuit.oauth2.data.BearerTokenResponse;
import com.intuit.oauth2.data.PlatformResponse;
import com.intuit.oauth2.data.UserInfoResponse;
import com.intuit.oauth2.exception.ConnectionException;
import com.intuit.oauth2.exception.OAuthException;
import com.intuit.oauth2.exception.OpenIdException;
import com.intuit.oauth2.http.HttpRequestClient;
import com.intuit.oauth2.http.MethodType;
import com.intuit.oauth2.http.Request;
import com.intuit.oauth2.http.Response;
import com.intuit.oauth2.utils.LoggerImpl;
import com.intuit.oauth2.utils.MapperImpl;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.NameValuePair;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;

/* loaded from: input_file:com/intuit/oauth2/client/OAuth2PlatformClient.class */
public class OAuth2PlatformClient {
    private OAuth2Config oauth2Config;
    private static final Logger logger = LoggerImpl.getInstance();
    private static final ObjectMapper mapper = MapperImpl.getInstance();

    public OAuth2PlatformClient(OAuth2Config oAuth2Config) {
        this.oauth2Config = oAuth2Config;
    }

    protected OAuth2PlatformClient() {
    }

    public BearerTokenResponse retrieveBearerTokens(String str, String str2) throws OAuthException {
        logger.debug("Enter OAuth2PlatformClient::retrieveBearerTokens");
        try {
            Response makeRequest = new HttpRequestClient().makeRequest(new Request.RequestBuilder(MethodType.POST, this.oauth2Config.getIntuitBearerTokenEndpoint()).requiresAuthentication(true).authString(getAuthHeader()).postParams(getUrlParameters(null, str, str2)).build());
            logger.debug("Response Code : " + makeRequest.getStatusCode());
            if (makeRequest.getStatusCode() == 200) {
                return (BearerTokenResponse) mapper.readerFor(BearerTokenResponse.class).readValue(makeRequest.getContent());
            }
            logger.debug("failed getting access token");
            throw new OAuthException("failed getting access token", makeRequest.getStatusCode() + "");
        } catch (Exception e) {
            logger.error("Exception while retrieving bearer tokens", e);
            throw new OAuthException(e.getMessage(), e);
        }
    }

    public BearerTokenResponse refreshToken(String str) throws OAuthException {
        logger.debug("Enter OAuth2PlatformClient::refreshToken");
        try {
            Response makeRequest = new HttpRequestClient().makeRequest(new Request.RequestBuilder(MethodType.POST, this.oauth2Config.getIntuitBearerTokenEndpoint()).requiresAuthentication(true).authString(getAuthHeader()).postParams(getUrlParameters("refresh", str, null)).build());
            logger.debug("Response Code : " + makeRequest.getStatusCode());
            if (makeRequest.getStatusCode() == 200) {
                return (BearerTokenResponse) mapper.readerFor(BearerTokenResponse.class).readValue(makeRequest.getContent());
            }
            logger.debug("failed getting access token");
            throw new OAuthException("failed getting access token", makeRequest.getStatusCode() + "");
        } catch (Exception e) {
            logger.error("Exception while calling refreshToken ", e);
            throw new OAuthException(e.getMessage(), e);
        }
    }

    private List<NameValuePair> getUrlParameters(String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        if (str == "revoke") {
            arrayList.add(new BasicNameValuePair("token", str2));
        } else if (str == "refresh") {
            arrayList.add(new BasicNameValuePair("refresh_token", str2));
            arrayList.add(new BasicNameValuePair("grant_type", "refresh_token"));
        } else {
            arrayList.add(new BasicNameValuePair("code", str2));
            arrayList.add(new BasicNameValuePair("redirect_uri", str3));
            arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        }
        return arrayList;
    }

    public PlatformResponse revokeToken(String str) throws ConnectionException {
        logger.debug("Enter OAuth2PlatformClient::revokeToken");
        PlatformResponse platformResponse = new PlatformResponse();
        try {
            Response makeRequest = new HttpRequestClient().makeRequest(new Request.RequestBuilder(MethodType.POST, this.oauth2Config.getIntuitRevokeTokenEndpoint()).requiresAuthentication(true).authString(getAuthHeader()).postParams(getUrlParameters("revoke", str, null)).build());
            logger.debug("Response Code : " + makeRequest.getStatusCode());
            if (makeRequest.getStatusCode() == 200) {
                platformResponse.setStatus("SUCCESS");
                return platformResponse;
            }
            logger.debug("failed to revoke token");
            platformResponse.setStatus("ERROR");
            platformResponse.setErrorCode(makeRequest.getStatusCode() + "");
            platformResponse.setErrorMessage("Failed to revoke token");
            return platformResponse;
        } catch (Exception e) {
            logger.error("Exception while calling revokeToken ", e);
            throw new ConnectionException(e.getMessage(), e);
        }
    }

    private String getAuthHeader() {
        return "Basic " + DatatypeConverter.printBase64Binary((this.oauth2Config.getClientId() + ":" + this.oauth2Config.getClientSecret()).getBytes());
    }

    public UserInfoResponse getUserInfo(String str) throws OpenIdException {
        logger.debug("Enter OAuth2PlatformClient::getUserInfo");
        try {
            Response makeRequest = new HttpRequestClient().makeRequest(new Request.RequestBuilder(MethodType.GET, this.oauth2Config.getUserProfileEndpoint()).requiresAuthentication(true).authString("Bearer " + str).build());
            logger.debug("Response Code : " + makeRequest.getStatusCode());
            if (makeRequest.getStatusCode() == 200) {
                return (UserInfoResponse) mapper.readerFor(UserInfoResponse.class).readValue(makeRequest.getContent());
            }
            logger.debug("failed getting user info");
            throw new OpenIdException("failed getting user info", makeRequest.getStatusCode() + "");
        } catch (Exception e) {
            logger.error("Exception while retrieving user info ", e);
            throw new OpenIdException(e.getMessage(), e);
        }
    }

    public boolean validateIDToken(String str) throws OpenIdException {
        logger.debug("Enter OAuth2PlatformClient::validateIDToken");
        String[] split = str.split("\\.");
        if (split.length < 3) {
            logger.debug("invalid idTokenParts length");
            return false;
        }
        String base64UrlDecode = base64UrlDecode(split[0]);
        String base64UrlDecode2 = base64UrlDecode(split[1]);
        byte[] base64UrlDecodeToBytes = base64UrlDecodeToBytes(split[2]);
        JSONObject jSONObject = new JSONObject(base64UrlDecode);
        JSONObject jSONObject2 = new JSONObject(base64UrlDecode2);
        if (!jSONObject2.getString("iss").equalsIgnoreCase(this.oauth2Config.getIntuitIdTokenIssuer())) {
            logger.debug("issuer value mismtach");
            return false;
        }
        if (!jSONObject2.getJSONArray("aud").getString(0).equalsIgnoreCase(this.oauth2Config.getClientId())) {
            logger.debug("incorrect client id");
            return false;
        }
        if (Long.valueOf(jSONObject2.getLong("exp")).longValue() - Long.valueOf(System.currentTimeMillis() / 1000).longValue() <= 0) {
            logger.debug("expirationTimestamp has elapsed");
            return false;
        }
        HashMap<String, JSONObject> keyMapFromJWKSUri = getKeyMapFromJWKSUri();
        if (keyMapFromJWKSUri == null || keyMapFromJWKSUri.isEmpty()) {
            logger.debug("unable to retrive keyMap from JWKS url");
            return false;
        }
        JSONObject jSONObject3 = keyMapFromJWKSUri.get(jSONObject.getString("kid"));
        try {
            boolean verifyUsingPublicKey = verifyUsingPublicKey((split[0] + "." + split[1]).getBytes(StandardCharsets.UTF_8), base64UrlDecodeToBytes, getPublicKey(jSONObject3.getString("n"), jSONObject3.getString("e")));
            logger.debug("isSignatureValid: " + verifyUsingPublicKey);
            return verifyUsingPublicKey;
        } catch (GeneralSecurityException e) {
            logger.error("Exception while validating ID token ", e);
            throw new OpenIdException(e.getMessage(), e);
        }
    }

    private HashMap<String, JSONObject> getKeyMapFromJWKSUri() throws OpenIdException {
        logger.debug("Enter OAuth2PlatformClient::getKeyMapFromJWKSUri");
        try {
            Response makeRequest = new HttpRequestClient().makeRequest(new Request.RequestBuilder(MethodType.GET, this.oauth2Config.getIntuitJwksURI()).requiresAuthentication(false).build());
            logger.debug("Response Code : " + makeRequest.getStatusCode());
            if (makeRequest.getStatusCode() == 200) {
                return buildKeyMap(makeRequest.getContent());
            }
            logger.debug("failed JWKS URI");
            throw new OpenIdException("failed JWKS URI", makeRequest.getStatusCode() + "");
        } catch (Exception e) {
            logger.error("Exception while retrieving jwks ", e);
            throw new OpenIdException(e.getMessage(), e);
        }
    }

    private PublicKey getPublicKey(String str, String str2) {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, base64UrlDecodeToBytes(str)), new BigInteger(1, base64UrlDecodeToBytes(str2))));
        } catch (Exception e) {
            logger.error("Exception while getting public key ", e);
            throw new RuntimeException("Cant create public key", e);
        }
    }

    private boolean verifyUsingPublicKey(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws GeneralSecurityException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private String base64UrlDecode(String str) {
        return new String(base64UrlDecodeToBytes(str), StandardCharsets.UTF_8);
    }

    private byte[] base64UrlDecodeToBytes(String str) {
        return new Base64(-1, null, true).decode(str);
    }

    private HashMap<String, JSONObject> buildKeyMap(String str) throws ConnectionException {
        HashMap<String, JSONObject> hashMap = new HashMap<>();
        JSONArray jSONArray = new JSONObject(str).getJSONArray("keys");
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            hashMap.put(jSONObject.getString("kid"), jSONObject);
        }
        return hashMap;
    }
}
