package com.fujieid.jap.oauth2;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import com.fujieid.jap.core.context.JapAuthentication;
import com.fujieid.jap.core.exception.JapOauth2Exception;
import com.fujieid.jap.http.JapHttpRequest;
import com.fujieid.jap.oauth2.pkce.PkceCodeChallengeMethod;
import com.xkcoding.http.HttpUtil;
import com.xkcoding.http.support.SimpleHttpResponse;
import com.xkcoding.json.JsonUtil;
import com.xkcoding.json.util.Kv;
import java.io.Serializable;
import java.util.Map;
import java.util.Optional;

/* loaded from: input_file:com/fujieid/jap/oauth2/Oauth2Util.class */
public class Oauth2Util {
    private Oauth2Util() {
    }

    public static String generateCodeVerifier() {
        return Base64.encode(RandomUtil.randomString(50), "UTF-8");
    }

    public static String generateCodeChallenge(PkceCodeChallengeMethod pkceCodeChallengeMethod, String str) {
        return PkceCodeChallengeMethod.S256 == pkceCodeChallengeMethod ? Base64.encodeUrlSafe(SecureUtil.sha256().digest(str)) : str;
    }

    public static void checkOauthResponse(Kv kv, String str) {
        if (null == kv || kv.isEmpty()) {
            throw new JapOauth2Exception(str);
        }
        if (kv.containsKey("error") && ObjectUtil.isNotEmpty(kv.get("error"))) {
            throw new JapOauth2Exception(((String) Optional.ofNullable(str).orElse("")) + kv.get("error_description") + Oauth2Const.SCOPE_SEPARATOR + kv);
        }
    }

    public static void checkOauthCallbackRequest(String str, String str2, String str3) {
        if (StrUtil.isNotEmpty(str)) {
            throw new JapOauth2Exception(((String) Optional.ofNullable(str3).orElse("")) + str2);
        }
    }

    public static void checkState(String str, String str2, boolean z) {
        if (z) {
            if (StrUtil.isEmpty(str) || StrUtil.isEmpty(str2)) {
                throw new JapOauth2Exception("Illegal state.");
            }
            Serializable serializable = JapAuthentication.getContext().getCache().get(Oauth2Const.STATE_CACHE_KEY.concat(str2));
            if (null == serializable || !serializable.equals(str)) {
                throw new JapOauth2Exception("Illegal state.");
            }
        }
    }

    public static void checkOauthConfig(OAuthConfig oAuthConfig) {
        if (StrUtil.isEmpty(oAuthConfig.getTokenUrl())) {
            throw new JapOauth2Exception("Oauth2Strategy requires a tokenUrl");
        }
        if (oAuthConfig.getResponseType() != Oauth2ResponseType.CODE && oAuthConfig.getResponseType() != Oauth2ResponseType.TOKEN) {
            if (oAuthConfig.getGrantType() != Oauth2GrantType.PASSWORD && oAuthConfig.getGrantType() != Oauth2GrantType.CLIENT_CREDENTIALS) {
                throw new JapOauth2Exception("When the response type is none in the oauth2 strategy, a grant type other than the authorization code must be used: " + oAuthConfig.getGrantType());
            }
            if (oAuthConfig.getGrantType() == Oauth2GrantType.PASSWORD && !StrUtil.isAllNotEmpty(new CharSequence[]{oAuthConfig.getUsername(), oAuthConfig.getPassword()})) {
                throw new JapOauth2Exception("Oauth2Strategy requires username and password in password certificate grant");
            }
            return;
        }
        if (oAuthConfig.getResponseType() == Oauth2ResponseType.CODE) {
            if (oAuthConfig.getGrantType() != Oauth2GrantType.AUTHORIZATION_CODE) {
                throw new JapOauth2Exception("Invalid grantType `" + oAuthConfig.getGrantType() + "`. When using authorization code mode, grantType must be `authorization_code`");
            }
            if (!oAuthConfig.isEnablePkce() && StrUtil.isEmpty(oAuthConfig.getClientSecret())) {
                throw new JapOauth2Exception("Oauth2Strategy requires a clientSecret when PKCE is not enabled.");
            }
        } else if (StrUtil.isEmpty(oAuthConfig.getClientSecret())) {
            throw new JapOauth2Exception("Oauth2Strategy requires a clientSecret");
        }
        if (StrUtil.isEmpty(oAuthConfig.getClientId())) {
            throw new JapOauth2Exception("Oauth2Strategy requires a clientId");
        }
        if (StrUtil.isEmpty(oAuthConfig.getAuthorizationUrl())) {
            throw new JapOauth2Exception("Oauth2Strategy requires a authorizationUrl");
        }
        if (StrUtil.isEmpty(oAuthConfig.getUserinfoUrl())) {
            throw new JapOauth2Exception("Oauth2Strategy requires a userinfoUrl");
        }
    }

    public static boolean isCallback(JapHttpRequest japHttpRequest, OAuthConfig oAuthConfig) {
        return oAuthConfig.getResponseType() == Oauth2ResponseType.CODE ? !StrUtil.isEmpty(japHttpRequest.getParameter("code")) : oAuthConfig.getResponseType() == Oauth2ResponseType.TOKEN && !StrUtil.isEmpty(japHttpRequest.getParameter("access_token"));
    }

    public static Kv request(Oauth2EndpointMethodType oauth2EndpointMethodType, String str, Map<String, String> map) {
        SimpleHttpResponse post = (null == oauth2EndpointMethodType || Oauth2EndpointMethodType.GET == oauth2EndpointMethodType) ? HttpUtil.get(str, map, false) : HttpUtil.post(str, map, false);
        if (post.isSuccess()) {
            return JsonUtil.parseKv(post.getBody());
        }
        throw new JapOauth2Exception("Cannot access url: " + str + " , method: " + oauth2EndpointMethodType + " , params: " + map + " , error details: " + post.getError());
    }
}
