package com.fangcloud.sdk.auth;

import com.fangcloud.sdk.YfyAppInfo;
import com.fangcloud.sdk.YfyRequestConfig;
import com.fangcloud.sdk.YfyRequestUtil;
import com.fangcloud.sdk.YfySdkConstant;
import com.fangcloud.sdk.YfySessionStore;
import com.fangcloud.sdk.exception.YfyException;
import com.fangcloud.sdk.util.StringUtil;
import java.nio.charset.Charset;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/fangcloud/sdk/auth/YfyWebAuth.class */
public class YfyWebAuth {
    private static final SecureRandom RAND = new SecureRandom();
    private static final int CSRF_BYTES_SIZE = 16;
    private static final int CSRF_STRING_SIZE = StringUtil.urlSafeBase64Encode(new byte[CSRF_BYTES_SIZE]).length();
    private final YfyRequestConfig requestConfig;

    /* loaded from: input_file:com/fangcloud/sdk/auth/YfyWebAuth$BadRequestException.class */
    public static final class BadRequestException extends Exception {
        private static final long serialVersionUID = 0;

        public BadRequestException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:com/fangcloud/sdk/auth/YfyWebAuth$BadStateException.class */
    public static final class BadStateException extends Exception {
        private static final long serialVersionUID = 0;

        public BadStateException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:com/fangcloud/sdk/auth/YfyWebAuth$CsrfException.class */
    public static final class CsrfException extends Exception {
        private static final long serialVersionUID = 0;

        public CsrfException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:com/fangcloud/sdk/auth/YfyWebAuth$Request.class */
    public static final class Request {
        private static final Charset UTF8 = Charset.forName("UTF-8");
        private static final int MAX_STATE_SIZE = 500;
        private final String redirectUri;
        private final String state;
        private final YfySessionStore sessionStore;

        /* loaded from: input_file:com/fangcloud/sdk/auth/YfyWebAuth$Request$Builder.class */
        public static final class Builder {
            private String redirectUri;
            private String state;
            private YfySessionStore sessionStore;

            public Builder withNoRedirect() {
                this.redirectUri = null;
                this.sessionStore = null;
                return this;
            }

            public Builder withRedirectUri(String str, YfySessionStore yfySessionStore) {
                if (str == null) {
                    throw new NullPointerException("redirectUri");
                }
                if (yfySessionStore == null) {
                    throw new NullPointerException("sessionStore");
                }
                this.redirectUri = str;
                this.sessionStore = yfySessionStore;
                return this;
            }

            public Builder withState(String str) {
                if (str != null && str.getBytes(Request.UTF8).length + YfyWebAuth.CSRF_STRING_SIZE > Request.MAX_STATE_SIZE) {
                    throw new IllegalArgumentException("UTF-8 encoded state cannot be greater than " + (Request.MAX_STATE_SIZE - YfyWebAuth.CSRF_STRING_SIZE) + " bytes.");
                }
                this.state = str;
                return this;
            }

            public Request build() {
                if (this.redirectUri != null || this.state == null) {
                    return new Request(this.redirectUri, this.state, this.sessionStore);
                }
                throw new IllegalStateException("Cannot specify a state without a redirect URI.");
            }
        }

        private Request(String str, String str2, YfySessionStore yfySessionStore) {
            this.redirectUri = str;
            this.state = str2;
            this.sessionStore = yfySessionStore;
        }

        public static Builder newBuilder() {
            return new Builder();
        }
    }

    public YfyWebAuth(YfyRequestConfig yfyRequestConfig) {
        if (yfyRequestConfig == null) {
            throw new NullPointerException("requestConfig");
        }
        this.requestConfig = yfyRequestConfig;
    }

    public String authorize(Request request) {
        return authorizeImpl(request);
    }

    private String authorizeImpl(Request request) {
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", YfyAppInfo.getKey());
        hashMap.put("response_type", "code");
        if (request.redirectUri != null) {
            hashMap.put("redirect_uri", request.redirectUri);
            hashMap.put("state", appendCsrfToken(request));
        }
        return YfyRequestUtil.buildUrlWithParams(YfyAppInfo.getHost().getAuth(), "oauth/authorize", hashMap);
    }

    private static String appendCsrfToken(Request request) {
        byte[] bArr = new byte[CSRF_BYTES_SIZE];
        RAND.nextBytes(bArr);
        String urlSafeBase64Encode = StringUtil.urlSafeBase64Encode(bArr);
        if (urlSafeBase64Encode.length() != CSRF_STRING_SIZE) {
            throw new AssertionError("unexpected CSRF token length: " + urlSafeBase64Encode.length());
        }
        if (request.sessionStore != null) {
            request.sessionStore.set(urlSafeBase64Encode);
        }
        String str = urlSafeBase64Encode;
        if (request.state != null) {
            str = urlSafeBase64Encode + request.state;
            if (str.length() > 500) {
                throw new AssertionError("unexpected combined state length: " + str.length());
            }
        }
        if (request.sessionStore != null) {
            request.sessionStore.set(str);
        }
        return str;
    }

    public YfyAuthFinish finishFromRedirect(String str, YfySessionStore yfySessionStore, Map<String, String[]> map) throws YfyException, BadRequestException, BadStateException, CsrfException {
        if (str == null) {
            throw new NullPointerException("redirectUri");
        }
        if (yfySessionStore == null) {
            throw new NullPointerException("sessionStore");
        }
        if (map == null) {
            throw new NullPointerException("params");
        }
        String param = getParam(map, "state");
        if (param == null) {
            throw new BadRequestException("Missing required parameter: \"state\".");
        }
        String param2 = getParam(map, "code");
        if (param2 == null) {
            throw new BadRequestException("Missing \"code\".");
        }
        verifyAndStripCsrfToken(param, yfySessionStore);
        return finish(param2, str);
    }

    public YfyAuthFinish finishFromCode(String str) throws YfyException {
        return finish(str, null);
    }

    public YfyAuthFinish passwordLogin(String str, String str2) throws YfyException {
        if (str == null) {
            throw new NullPointerException("username");
        }
        if (str2 == null) {
            throw new NullPointerException(YfySdkConstant.PASSWORD);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", YfySdkConstant.PASSWORD);
        hashMap.put("username", str);
        hashMap.put(YfySdkConstant.PASSWORD, str2);
        return (YfyAuthFinish) YfyRequestUtil.doPostInAuth(this.requestConfig, YfyAppInfo.getHost().getAuth(), "oauth/token", hashMap, YfyAuthFinish.class);
    }

    private String getParam(Map<String, String[]> map, String str) throws BadRequestException {
        String[] strArr = map.get(str);
        if (strArr == null) {
            return null;
        }
        if (strArr.length == 0) {
            throw new IllegalArgumentException("Parameter \"" + str + "\" missing value.");
        }
        if (strArr.length == 1) {
            return strArr[0];
        }
        throw new BadRequestException("multiple occurrences of \"" + str + "\" parameter");
    }

    private static void verifyAndStripCsrfToken(String str, YfySessionStore yfySessionStore) throws CsrfException, BadStateException {
        String str2 = yfySessionStore.get();
        if (str2 == null) {
            throw new BadStateException("No CSRF Token loaded from session store.");
        }
        if (str2.length() < CSRF_STRING_SIZE) {
            throw new BadStateException("Token retrieved from session store is too small: " + str2);
        }
        if (str.length() < CSRF_STRING_SIZE) {
            throw new CsrfException("Token too small: " + str);
        }
        if (!StringUtil.secureStringEquals(str2, str)) {
            throw new CsrfException("expecting " + StringUtil.jq(str2) + ", got " + StringUtil.jq(str));
        }
    }

    private YfyAuthFinish finish(String str, String str2) throws YfyException {
        if (str == null) {
            throw new NullPointerException("code");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str);
        if (str2 != null) {
            hashMap.put("redirect_uri", str2);
        }
        return (YfyAuthFinish) YfyRequestUtil.doPostInAuth(this.requestConfig, YfyAppInfo.getHost().getAuth(), "oauth/token", hashMap, YfyAuthFinish.class);
    }

    public static Request.Builder newRequestBuilder() {
        return Request.newBuilder();
    }
}
