package org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.authcode;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Function;
import javax.inject.Inject;
import org.mule.oauth.client.api.AuthorizationCodeOAuthDancer;
import org.mule.oauth.client.api.AuthorizationCodeRequest;
import org.mule.oauth.client.api.builder.AuthorizationCodeDanceCallbackContext;
import org.mule.oauth.client.api.listener.AuthorizationCodeListener;
import org.mule.oauth.client.api.state.ResourceOwnerOAuthContext;
import org.mule.runtime.api.artifact.Registry;
import org.mule.runtime.api.exception.MuleException;
import org.mule.runtime.api.exception.MuleRuntimeException;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.api.message.Message;
import org.mule.runtime.api.util.LazyValue;
import org.mule.runtime.api.util.Pair;
import org.mule.runtime.api.util.Preconditions;
import org.mule.runtime.core.api.construct.Flow;
import org.mule.runtime.core.api.event.CoreEvent;
import org.mule.runtime.core.api.event.EventContextFactory;
import org.mule.runtime.core.api.util.SystemUtils;
import org.mule.runtime.core.internal.event.DefaultEventContext;
import org.mule.runtime.core.privileged.processor.MessageProcessors;
import org.mule.runtime.dsl.api.component.config.DefaultComponentLocation;
import org.mule.runtime.extension.api.connectivity.oauth.AuthorizationCodeGrantType;
import org.mule.runtime.extension.api.connectivity.oauth.AuthorizationCodeState;
import org.mule.runtime.http.api.HttpService;
import org.mule.runtime.http.api.server.HttpServer;
import org.mule.runtime.http.api.server.ServerNotFoundException;
import org.mule.runtime.module.extension.api.runtime.connectivity.oauth.ImmutableAuthCodeRequest;
import org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.ExtensionsOAuthUtils;
import org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.LazyLookup;
import org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.OAuthConfig;
import org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.OAuthHandler;
import org.mule.runtime.module.extension.internal.store.LazyObjectStoreToMapAdapter;
import org.mule.runtime.oauth.api.OAuthService;
import org.mule.runtime.oauth.api.builder.OAuthAuthorizationCodeDancerBuilder;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/mule/runtime/module/extension/internal/runtime/connectivity/oauth/authcode/AuthorizationCodeOAuthHandler.class */
public class AuthorizationCodeOAuthHandler extends OAuthHandler<AuthorizationCodeOAuthDancer> {
    private static final String DANCE_CALLBACK_EVENT_KEY = "event";

    @Inject
    private Registry registry;
    private LazyValue<HttpService> httpService;

    public AuthorizationCodeOAuthDancer register(AuthorizationCodeConfig authorizationCodeConfig) {
        return register(authorizationCodeConfig, Collections.emptyList());
    }

    public AuthorizationCodeOAuthDancer register(AuthorizationCodeConfig authorizationCodeConfig, List<AuthorizationCodeListener> list) {
        return (AuthorizationCodeOAuthDancer) this.dancers.computeIfAbsent(authorizationCodeConfig.getOwnerConfigName(), str -> {
            return createDancer(authorizationCodeConfig, list);
        });
    }

    public void refreshToken(String str, String str2) {
        try {
            ((AuthorizationCodeOAuthDancer) this.dancers.get(str)).refreshToken(str2).get();
        } catch (Exception e) {
            throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage(String.format("Could not refresh token for resourceOwnerId '%s' using config '%s'", str2, str)), e);
        }
    }

    public Optional<ResourceOwnerOAuthContext> getOAuthContext(AuthorizationCodeConfig authorizationCodeConfig) {
        AuthorizationCodeOAuthDancer authorizationCodeOAuthDancer = (AuthorizationCodeOAuthDancer) this.dancers.get(authorizationCodeConfig.getOwnerConfigName());
        if (authorizationCodeOAuthDancer == null) {
            return Optional.empty();
        }
        ResourceOwnerOAuthContext contextForResourceOwner = authorizationCodeOAuthDancer.getContextForResourceOwner(authorizationCodeConfig.getResourceOwnerId());
        return (contextForResourceOwner == null || contextForResourceOwner.getAccessToken() == null) ? Optional.empty() : Optional.of(contextForResourceOwner);
    }

    public void invalidate(String str, String str2) {
        AuthorizationCodeOAuthDancer authorizationCodeOAuthDancer = (AuthorizationCodeOAuthDancer) this.dancers.get(str);
        if (authorizationCodeOAuthDancer == null) {
            return;
        }
        authorizationCodeOAuthDancer.invalidateContext(str2);
    }

    private AuthorizationCodeOAuthDancer createDancer(AuthorizationCodeConfig authorizationCodeConfig, List<AuthorizationCodeListener> list) throws MuleException {
        Preconditions.checkArgument(list != null, "listeners cannot be null");
        OAuthAuthorizationCodeDancerBuilder authorizationCodeGrantTypeDancerBuilder = ((OAuthService) this.oauthService.get()).authorizationCodeGrantTypeDancerBuilder(this.lockFactory, new LazyObjectStoreToMapAdapter(() -> {
            return this.objectStoreLocator.apply(authorizationCodeConfig);
        }), this.expressionEvaluator);
        AuthorizationCodeGrantType grantType = authorizationCodeConfig.getGrantType();
        OAuthCallbackConfig callbackConfig = authorizationCodeConfig.getCallbackConfig();
        authorizationCodeGrantTypeDancerBuilder.name(authorizationCodeConfig.getOwnerConfigName()).encoding(SystemUtils.getDefaultEncoding(this.muleContext)).clientCredentials(authorizationCodeConfig.getConsumerKey(), authorizationCodeConfig.getConsumerSecret()).tokenUrl(authorizationCodeConfig.getAccessTokenUrl()).responseExpiresInExpr(grantType.getExpirationRegex()).responseRefreshTokenExpr(grantType.getRefreshTokenExpr()).responseAccessTokenExpr(grantType.getAccessTokenExpr()).resourceOwnerIdTransformer(str -> {
            return str + "-" + authorizationCodeConfig.getOwnerConfigName();
        }).withClientCredentialsIn(ExtensionsOAuthUtils.toCredentialsLocation(grantType.getCredentialsPlacement()));
        String orElseGet = authorizationCodeConfig.getScope().orElseGet(() -> {
            return (String) grantType.getDefaultScope().orElse(null);
        });
        if (orElseGet != null) {
            authorizationCodeGrantTypeDancerBuilder.scopes(orElseGet);
        }
        try {
            HttpServer lookup = ((HttpService) this.httpService.get()).getServerFactory().lookup(callbackConfig.getListenerConfig());
            authorizationCodeGrantTypeDancerBuilder.localCallback(lookup, callbackConfig.getCallbackPath()).externalCallbackUrl(getExternalCallback(lookup, callbackConfig)).authorizationUrl(authorizationCodeConfig.getAuthorizationUrl()).localAuthorizationUrlPath(callbackConfig.getLocalAuthorizePath()).localAuthorizationUrlResourceOwnerId("#[attributes.queryParams.resourceOwnerId]").state("#[attributes.queryParams.state]").customParameters(authorizationCodeConfig.getCustomQueryParameters()).customHeaders(authorizationCodeConfig.getCustomHeaders()).customBodyParameters(authorizationCodeConfig.getCustomBodyParameters()).customParametersExtractorsExprs(getParameterExtractors(authorizationCodeConfig));
            authorizationCodeGrantTypeDancerBuilder.includeRedirectUriInRefreshTokenRequest(grantType.includeRedirectUriInRefreshTokenRequest());
            Pair<Optional<Flow>, Optional<Flow>> listenerFlows = getListenerFlows(authorizationCodeConfig);
            ((Optional) listenerFlows.getFirst()).ifPresent(flow -> {
                authorizationCodeGrantTypeDancerBuilder.beforeDanceCallback(beforeCallback(authorizationCodeConfig, flow));
            });
            ((Optional) listenerFlows.getSecond()).ifPresent(flow2 -> {
                authorizationCodeGrantTypeDancerBuilder.afterDanceCallback(afterCallback(authorizationCodeConfig, flow2));
            });
            Objects.requireNonNull(authorizationCodeGrantTypeDancerBuilder);
            list.forEach(authorizationCodeGrantTypeDancerBuilder::addListener);
            AuthorizationCodeOAuthDancer authorizationCodeOAuthDancer = (AuthorizationCodeOAuthDancer) authorizationCodeGrantTypeDancerBuilder.build();
            if (this.started) {
                start(authorizationCodeOAuthDancer);
            }
            return authorizationCodeOAuthDancer;
        } catch (ServerNotFoundException e) {
            throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage(String.format("Connector '%s' defines '%s' as the http:listener-config to use for provisioning callbacks, but no such definition exists in the application configuration", authorizationCodeConfig.getOwnerConfigName(), callbackConfig.getListenerConfig())), e);
        }
    }

    private String getExternalCallback(HttpServer httpServer, OAuthCallbackConfig oAuthCallbackConfig) {
        return oAuthCallbackConfig.getExternalCallbackUrl().orElseGet(() -> {
            try {
                return new URL(httpServer.getProtocol().getScheme(), httpServer.getServerAddress().getIp(), httpServer.getServerAddress().getPort(), oAuthCallbackConfig.getCallbackPath()).toExternalForm();
            } catch (MalformedURLException e) {
                throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage(String.format("Could not derive a external callback url from <http:listener-config> '%s'", oAuthCallbackConfig.getListenerConfig())), e);
            }
        });
    }

    private Pair<Optional<Flow>, Optional<Flow>> getListenerFlows(AuthorizationCodeConfig authorizationCodeConfig) {
        try {
            return new Pair<>(lookupFlow(authorizationCodeConfig.getBefore()), lookupFlow(authorizationCodeConfig.getAfter()));
        } catch (Exception e) {
            throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage("Could not obtain 'before' and 'after' OAuth flows defined by config " + authorizationCodeConfig.getOwnerConfigName(), new Object[]{e}));
        }
    }

    private Optional<Flow> lookupFlow(Optional<String> optional) {
        return optional.map(this::lookupFlow);
    }

    private Flow lookupFlow(String str) {
        return (Flow) this.registry.lookupByName(str).orElseThrow(() -> {
            return new IllegalArgumentException("Flow " + str + " doesn't exist");
        });
    }

    private Function<AuthorizationCodeRequest, AuthorizationCodeDanceCallbackContext> beforeCallback(AuthorizationCodeConfig authorizationCodeConfig, Flow flow) {
        return authorizationCodeRequest -> {
            CoreEvent runFlow = runFlow(flow, createEvent(new ImmutableAuthCodeRequest(authorizationCodeRequest.getResourceOwnerId(), authorizationCodeRequest.getScopes(), (String) authorizationCodeRequest.getState().orElse(null), authorizationCodeConfig.getCallbackConfig().getExternalCallbackUrl()), authorizationCodeConfig, flow), authorizationCodeConfig, "before");
            return str -> {
                return DANCE_CALLBACK_EVENT_KEY.equals(str) ? Optional.of(runFlow) : Optional.empty();
            };
        };
    }

    private BiConsumer<AuthorizationCodeDanceCallbackContext, ResourceOwnerOAuthContext> afterCallback(AuthorizationCodeConfig authorizationCodeConfig, Flow flow) {
        return (authorizationCodeDanceCallbackContext, resourceOwnerOAuthContext) -> {
            AuthorizationCodeState authorizationCodeState = ExtensionsOAuthUtils.toAuthorizationCodeState(authorizationCodeConfig, resourceOwnerOAuthContext);
            runFlow(flow, CoreEvent.builder((CoreEvent) authorizationCodeDanceCallbackContext.getParameter(DANCE_CALLBACK_EVENT_KEY).orElseGet(() -> {
                return createEvent(authorizationCodeState, authorizationCodeConfig, flow);
            })).message(Message.builder().value(authorizationCodeState).build()).build(), authorizationCodeConfig, "after");
        };
    }

    private CoreEvent createEvent(Object obj, OAuthConfig oAuthConfig, Flow flow) {
        return CoreEvent.builder(EventContextFactory.create(flow, DefaultComponentLocation.from(oAuthConfig.getOwnerConfigName()))).message(Message.builder().value(obj).build()).build();
    }

    private CoreEvent runFlow(Flow flow, CoreEvent coreEvent, OAuthConfig oAuthConfig, String str) {
        return (CoreEvent) Mono.from(MessageProcessors.processWithChildContext(coreEvent, flow, DefaultEventContext.child(coreEvent.getContext(), Optional.of(flow.getLocation())))).onErrorMap(MuleException.class, muleException -> {
            return new MuleRuntimeException(I18nMessageFactory.createStaticMessage(String.format("Error found while execution flow '%s' which is configured in the '%s' parameter of the '%s' config", flow.getName(), str, oAuthConfig.getOwnerConfigName()), new Object[]{muleException}));
        }).block();
    }

    @Override // org.mule.runtime.module.extension.internal.runtime.connectivity.oauth.OAuthHandler
    public void initialise() throws InitialisationException {
        super.initialise();
        this.httpService = new LazyLookup(HttpService.class, this.muleContext);
    }
}
