package org.projectnessie.client.auth.oauth2;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
import java.io.IOException;
import java.io.PrintStream;
import java.io.UncheckedIOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Phaser;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.function.BiConsumer;
import java.util.function.Function;
import javax.annotation.Nullable;
import org.projectnessie.client.http.HttpClientException;
import org.projectnessie.client.http.impl.HttpUtils;
import org.projectnessie.client.http.impl.UriBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/projectnessie/client/auth/oauth2/AuthorizationCodeFlow.class */
class AuthorizationCodeFlow extends AbstractFlow {
    static final String CONTEXT_PATH = "/nessie-client/auth";
    static final String MSG_PREFIX = "[nessie-oauth2-client] ";
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationCodeFlow.class);
    private static final String HTML_TEMPLATE_OK = "<html><body><h1>Authentication successful</h1><p>You can close this page now.</p></body></html>";
    private static final String HTML_TEMPLATE_FAILED = "<html><body><h1>Authentication failed</h1><p>Could not obtain access token: %s</p></body></html>";
    private static final int STATE_LENGTH = 16;
    private final PrintStream console;
    private final String state;
    private final HttpServer server;
    private final String redirectUri;
    private final URI authorizationUri;
    private final Duration flowTimeout;
    private final CompletableFuture<HttpExchange> redirectUriFuture;
    private final CompletableFuture<Tokens> tokensFuture;
    private final CompletableFuture<Void> closeFuture;
    private final Phaser inflightRequestsPhaser;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationCodeFlow(OAuth2ClientConfig oAuth2ClientConfig) {
        super(oAuth2ClientConfig);
        this.redirectUriFuture = new CompletableFuture<>();
        this.closeFuture = new CompletableFuture<>();
        this.inflightRequestsPhaser = new Phaser(1);
        this.console = oAuth2ClientConfig.getConsole();
        this.flowTimeout = oAuth2ClientConfig.getAuthorizationCodeFlowTimeout();
        this.tokensFuture = this.redirectUriFuture.thenApply(this::extractAuthorizationCode).thenApply((Function<? super U, ? extends U>) this::fetchNewTokens).whenComplete(this::log);
        this.closeFuture.thenRun(this::doClose);
        this.server = createServer(oAuth2ClientConfig.getAuthorizationCodeFlowWebServerPort().orElse(0), this::doRequest);
        this.state = OAuth2Utils.randomAlphaNumString(STATE_LENGTH);
        this.redirectUri = String.format("http://localhost:%d%s", Integer.valueOf(this.server.getAddress().getPort()), CONTEXT_PATH);
        URI resolvedAuthEndpoint = oAuth2ClientConfig.getResolvedAuthEndpoint();
        this.authorizationUri = new UriBuilder(resolvedAuthEndpoint.resolve("/")).path(resolvedAuthEndpoint.getPath()).queryParam("response_type", "code").queryParam("client_id", oAuth2ClientConfig.getClientId()).queryParam("scope", oAuth2ClientConfig.getScope().orElse(null)).queryParam("redirect_uri", this.redirectUri).queryParam("state", this.state).build();
        LOGGER.debug("Authorization Code Flow: started, redirect URI: {}", this.redirectUri);
    }

    @Override // org.projectnessie.client.auth.oauth2.Flow, java.lang.AutoCloseable
    public void close() {
        this.closeFuture.complete(null);
    }

    private void doClose() {
        this.inflightRequestsPhaser.arriveAndAwaitAdvance();
        LOGGER.debug("Authorization Code Flow: closing");
        this.server.stop(0);
    }

    private void abort() {
        this.tokensFuture.cancel(true);
        this.redirectUriFuture.cancel(true);
    }

    @Override // org.projectnessie.client.auth.oauth2.Flow
    public Tokens fetchNewTokens(@Nullable Tokens tokens) {
        this.console.println();
        this.console.println("[nessie-oauth2-client] ======= Nessie authentication required =======");
        this.console.println("[nessie-oauth2-client] Browse to the following URL to continue:");
        this.console.println(MSG_PREFIX + this.authorizationUri);
        this.console.println();
        this.console.flush();
        try {
            return this.tokensFuture.get(this.flowTimeout.toMillis(), TimeUnit.MILLISECONDS);
        } catch (InterruptedException e) {
            abort();
            Thread.currentThread().interrupt();
            throw new RuntimeException(e);
        } catch (ExecutionException e2) {
            abort();
            Throwable cause = e2.getCause();
            LOGGER.error("Authentication failed: {}", cause.toString());
            if (cause instanceof HttpClientException) {
                throw ((HttpClientException) cause);
            }
            throw new RuntimeException(cause);
        } catch (TimeoutException e3) {
            LOGGER.error("Timed out waiting for authorization code.");
            abort();
            throw new RuntimeException("Timed out waiting waiting for authorization code", e3);
        }
    }

    private void doRequest(HttpExchange httpExchange) {
        LOGGER.debug("Authorization Code Flow: received request");
        this.inflightRequestsPhaser.register();
        this.redirectUriFuture.complete(httpExchange);
        this.tokensFuture.handle((tokens, th) -> {
            return doResponse(httpExchange, th);
        }).whenComplete((BiConsumer<? super U, ? super Throwable>) (r3, th2) -> {
            httpExchange.close();
        }).whenComplete((r32, th3) -> {
            this.inflightRequestsPhaser.arriveAndDeregister();
        });
    }

    private Void doResponse(HttpExchange httpExchange, Throwable th) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Authorization Code Flow: sending response, error: {}", th == null ? "none" : th.toString());
        }
        try {
            if (th == null) {
                writeResponse(httpExchange, 200, HTML_TEMPLATE_OK, new Object[0]);
            } else {
                writeResponse(httpExchange, 401, HTML_TEMPLATE_FAILED, th.toString());
            }
            return null;
        } catch (IOException e) {
            LOGGER.debug("Authorization Code Flow: error writing response", e);
            return null;
        }
    }

    private String extractAuthorizationCode(HttpExchange httpExchange) {
        LOGGER.debug("Authorization Code Flow: extracting code");
        Map<String, String> parseQueryString = HttpUtils.parseQueryString(httpExchange.getRequestURI().getQuery());
        if (!this.state.equals(parseQueryString.get("state"))) {
            throw new IllegalArgumentException("Missing or invalid state");
        }
        String str = parseQueryString.get("code");
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("Missing authorization code");
        }
        return str;
    }

    private Tokens fetchNewTokens(String str) {
        LOGGER.debug("Authorization Code Flow: fetching new tokens");
        Tokens invokeTokenEndpoint = invokeTokenEndpoint(AuthorizationCodeTokensRequest.builder().code(str).redirectUri(this.redirectUri), AuthorizationCodeTokensResponse.class);
        LOGGER.debug("Authorization Code Flow: new tokens received");
        return invokeTokenEndpoint;
    }

    private void log(Tokens tokens, Throwable th) {
        if (LOGGER.isDebugEnabled()) {
            if (th == null) {
                LOGGER.debug("Authorization Code Flow: tokens received");
            } else {
                LOGGER.debug("Authorization Code Flow: error fetching tokens: {}", th.toString());
            }
        }
    }

    private static HttpServer createServer(int i, HttpHandler httpHandler) {
        try {
            HttpServer create = HttpServer.create();
            create.createContext(CONTEXT_PATH, httpHandler);
            try {
                create.bind(new InetSocketAddress(InetAddress.getLoopbackAddress(), i), 0);
                create.start();
                return create;
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        } catch (IOException e2) {
            throw new UncheckedIOException(e2);
        }
    }

    private static void writeResponse(HttpExchange httpExchange, int i, String str, Object... objArr) throws IOException {
        String format = String.format(str, objArr);
        httpExchange.getResponseHeaders().add(HttpUtils.HEADER_CONTENT_TYPE, "text/html");
        httpExchange.sendResponseHeaders(i, format.length());
        httpExchange.getResponseBody().write(format.getBytes(StandardCharsets.UTF_8));
    }
}
