package org.mule.service.oauth.internal;

import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.function.BiConsumer;
import java.util.function.Function;
import java.util.function.Supplier;
import org.apache.commons.io.IOUtils;
import org.mule.runtime.api.el.MuleExpressionLanguage;
import org.mule.runtime.api.exception.MuleException;
import org.mule.runtime.api.exception.MuleRuntimeException;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.api.lifecycle.Lifecycle;
import org.mule.runtime.api.lock.LockFactory;
import org.mule.runtime.api.metadata.MediaType;
import org.mule.runtime.core.api.DefaultMuleException;
import org.mule.runtime.core.api.util.StringUtils;
import org.mule.runtime.http.api.HttpConstants;
import org.mule.runtime.http.api.client.HttpClient;
import org.mule.runtime.http.api.domain.ParameterMap;
import org.mule.runtime.http.api.domain.entity.ByteArrayHttpEntity;
import org.mule.runtime.http.api.domain.entity.EmptyHttpEntity;
import org.mule.runtime.http.api.domain.entity.InputStreamHttpEntity;
import org.mule.runtime.http.api.domain.message.request.HttpRequest;
import org.mule.runtime.http.api.domain.message.response.HttpResponse;
import org.mule.runtime.http.api.domain.message.response.HttpResponseBuilder;
import org.mule.runtime.http.api.server.HttpServer;
import org.mule.runtime.http.api.server.RequestHandler;
import org.mule.runtime.http.api.server.RequestHandlerManager;
import org.mule.runtime.http.api.server.async.HttpResponseReadyCallback;
import org.mule.runtime.http.api.server.async.ResponseStatusCallback;
import org.mule.runtime.http.api.utils.HttpEncoderDecoderUtils;
import org.mule.runtime.oauth.api.AuthorizationCodeOAuthDancer;
import org.mule.runtime.oauth.api.AuthorizationCodeRequest;
import org.mule.runtime.oauth.api.builder.AuthorizationCodeDanceCallbackContext;
import org.mule.runtime.oauth.api.exception.RequestAuthenticationException;
import org.mule.runtime.oauth.api.exception.TokenNotFoundException;
import org.mule.runtime.oauth.api.exception.TokenUrlResponseException;
import org.mule.runtime.oauth.api.state.DefaultResourceOwnerOAuthContext;
import org.mule.runtime.oauth.api.state.ResourceOwnerOAuthContext;
import org.mule.service.oauth.internal.authorizationcode.AuthorizationRequestUrlBuilder;
import org.mule.service.oauth.internal.authorizationcode.DefaultAuthorizationCodeRequest;
import org.mule.service.oauth.internal.state.StateDecoder;
import org.mule.service.oauth.internal.state.StateEncoder;
import org.mule.service.oauth.internal.state.TokenResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/mule/service/oauth/internal/DefaultAuthorizationCodeOAuthDancer.class */
public class DefaultAuthorizationCodeOAuthDancer extends AbstractOAuthDancer implements AuthorizationCodeOAuthDancer, Lifecycle {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultAuthorizationCodeOAuthDancer.class);
    private final HttpServer httpServer;
    private final String localCallbackUrlPath;
    private final String localAuthorizationUrlPath;
    private final String localAuthorizationUrlResourceOwnerId;
    private final String externalCallbackUrl;
    private final String state;
    private final String authorizationUrl;
    private final Supplier<Map<String, String>> customParameters;
    private final Function<AuthorizationCodeRequest, AuthorizationCodeDanceCallbackContext> beforeDanceCallback;
    private final BiConsumer<AuthorizationCodeDanceCallbackContext, ResourceOwnerOAuthContext> afterDanceCallback;
    private RequestHandlerManager redirectUrlHandlerManager;
    private RequestHandlerManager localAuthorizationUrlHandlerManager;

    public DefaultAuthorizationCodeOAuthDancer(HttpServer httpServer, String str, String str2, String str3, String str4, String str5, Charset charset, String str6, String str7, String str8, String str9, String str10, String str11, String str12, String str13, Supplier<Map<String, String>> supplier, Map<String, String> map, Function<String, String> function, LockFactory lockFactory, Map<String, DefaultResourceOwnerOAuthContext> map2, HttpClient httpClient, MuleExpressionLanguage muleExpressionLanguage, Function<AuthorizationCodeRequest, AuthorizationCodeDanceCallbackContext> function2, BiConsumer<AuthorizationCodeDanceCallbackContext, ResourceOwnerOAuthContext> biConsumer) {
        super(str, str2, str3, charset, str4, str11, str12, str13, map, function, lockFactory, map2, httpClient, muleExpressionLanguage);
        this.httpServer = httpServer;
        this.localCallbackUrlPath = str6;
        this.localAuthorizationUrlPath = str7;
        this.localAuthorizationUrlResourceOwnerId = str8;
        this.externalCallbackUrl = str5;
        this.state = str9;
        this.authorizationUrl = str10;
        this.customParameters = supplier;
        this.beforeDanceCallback = function2;
        this.afterDanceCallback = biConsumer;
    }

    public void initialise() throws InitialisationException {
        this.redirectUrlHandlerManager = addRequestHandler(this.httpServer, HttpConstants.Method.GET, this.localCallbackUrlPath, createRedirectUrlListener());
        this.localAuthorizationUrlHandlerManager = addRequestHandler(this.httpServer, HttpConstants.Method.GET, this.localAuthorizationUrlPath, createLocalAuthorizationUrlListener());
    }

    private static RequestHandlerManager addRequestHandler(HttpServer httpServer, HttpConstants.Method method, String str, RequestHandler requestHandler) {
        return httpServer.addRequestHandler(Collections.singleton(method.name()), str, (httpRequestContext, httpResponseReadyCallback) -> {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            try {
                try {
                    Thread.currentThread().setContextClassLoader(DefaultAuthorizationCodeOAuthDancer.class.getClassLoader());
                    requestHandler.handleRequest(httpRequestContext, httpResponseReadyCallback);
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                } catch (Exception e) {
                    LOGGER.error("Uncaught Exception on OAuth listener", e);
                    sendErrorResponse(HttpConstants.HttpStatus.INTERNAL_SERVER_ERROR, e.getMessage(), httpResponseReadyCallback);
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
            } catch (Throwable th) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th;
            }
        });
    }

    private static void sendErrorResponse(final HttpConstants.HttpStatus httpStatus, String str, HttpResponseReadyCallback httpResponseReadyCallback) {
        httpResponseReadyCallback.responseReady(HttpResponse.builder().setStatusCode(Integer.valueOf(httpStatus.getStatusCode())).setReasonPhrase(httpStatus.getReasonPhrase()).setEntity(str != null ? new ByteArrayHttpEntity(str.getBytes()) : new EmptyHttpEntity()).addHeader("Content-Length", str != null ? String.valueOf(str.length()) : "0").build(), new ResponseStatusCallback() { // from class: org.mule.service.oauth.internal.DefaultAuthorizationCodeOAuthDancer.1
            public void responseSendFailure(Throwable th) {
                DefaultAuthorizationCodeOAuthDancer.LOGGER.warn("Error while sending {} response {}", Integer.valueOf(httpStatus.getStatusCode()), th.getMessage());
                if (DefaultAuthorizationCodeOAuthDancer.LOGGER.isDebugEnabled()) {
                    DefaultAuthorizationCodeOAuthDancer.LOGGER.debug("Exception thrown", th);
                }
            }

            public void responseSendSuccessfully() {
            }
        });
    }

    private RequestHandler createRedirectUrlListener() {
        return (httpRequestContext, httpResponseReadyCallback) -> {
            HttpRequest request = httpRequestContext.getRequest();
            ParameterMap queryParams = request.getQueryParams();
            String str = queryParams.get(OAuthConstants.STATE_PARAMETER);
            StateDecoder stateDecoder = new StateDecoder(str);
            String str2 = queryParams.get(OAuthConstants.CODE_PARAMETER);
            String decodeResourceOwnerId = stateDecoder.decodeResourceOwnerId();
            if (str2 == null) {
                LOGGER.info("HTTP Request to redirect URL done by the OAuth provider does not contains a code query parameter. Code query parameter is required to get the access token.");
                LOGGER.error("Could not extract authorization code from OAuth provider HTTP request done to the redirect URL");
                sendResponse(stateDecoder, httpResponseReadyCallback, HttpConstants.HttpStatus.BAD_REQUEST, "Failure retrieving access token.\n OAuth Server uri from callback: " + request.getUri(), 100);
                return;
            }
            AuthorizationCodeDanceCallbackContext apply = this.beforeDanceCallback.apply(new DefaultAuthorizationCodeRequest(decodeResourceOwnerId, this.authorizationUrl, this.tokenUrl, this.clientId, this.clientSecret, this.scopes, stateDecoder.decodeOriginalState()));
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Redirect url request state: " + str);
                LOGGER.debug("Redirect url request code: " + str2);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(OAuthConstants.CODE_PARAMETER, str2);
            hashMap.put(OAuthConstants.CLIENT_ID_PARAMETER, this.clientId);
            hashMap.put(OAuthConstants.CLIENT_SECRET_PARAMETER, this.clientSecret);
            hashMap.put(OAuthConstants.GRANT_TYPE_PARAMETER, OAuthConstants.GRANT_TYPE_AUTHENTICATION_CODE);
            hashMap.put(OAuthConstants.REDIRECT_URI_PARAMETER, this.externalCallbackUrl);
            try {
                TokenResponse invokeTokenUrl = invokeTokenUrl(this.tokenUrl, hashMap, null, true, this.encoding);
                ResourceOwnerOAuthContext resourceOwnerOAuthContext = (DefaultResourceOwnerOAuthContext) getContextForResourceOwner(decodeResourceOwnerId == null ? "default" : decodeResourceOwnerId);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Update OAuth Context for resourceOwnerId %s", resourceOwnerOAuthContext.getResourceOwnerId());
                    LOGGER.debug("Retrieved access token, refresh token and expires from token url are: %s, %s, %s", new Object[]{invokeTokenUrl.getAccessToken(), invokeTokenUrl.getRefreshToken(), invokeTokenUrl.getExpiresIn()});
                }
                updateResourceOwnerState(resourceOwnerOAuthContext, stateDecoder.decodeOriginalState(), invokeTokenUrl);
                updateResourceOwnerOAuthContext(resourceOwnerOAuthContext);
                this.afterDanceCallback.accept(apply, resourceOwnerOAuthContext);
                sendResponse(stateDecoder, httpResponseReadyCallback, HttpConstants.HttpStatus.OK, "Successfully retrieved access token", 0);
            } catch (TokenNotFoundException e) {
                LOGGER.error(e.getMessage());
                sendResponse(stateDecoder, httpResponseReadyCallback, HttpConstants.HttpStatus.INTERNAL_SERVER_ERROR, "Failed getting access token or refresh token from token URL response. See logs for details.", 201);
            } catch (TokenUrlResponseException e2) {
                LOGGER.error(e2.getMessage());
                sendResponse(stateDecoder, httpResponseReadyCallback, HttpConstants.HttpStatus.INTERNAL_SERVER_ERROR, String.format("Failure calling token url %s. Exception message is %s", this.tokenUrl, e2.getMessage()), 200);
            }
        };
    }

    private static void sendResponse(StateDecoder stateDecoder, HttpResponseReadyCallback httpResponseReadyCallback, HttpConstants.HttpStatus httpStatus, String str, int i) {
        String decodeOnCompleteRedirectTo = stateDecoder.decodeOnCompleteRedirectTo();
        if (isEmpty(decodeOnCompleteRedirectTo)) {
            sendResponse(httpResponseReadyCallback, httpStatus, str);
        } else {
            sendResponse(httpResponseReadyCallback, HttpConstants.HttpStatus.MOVED_TEMPORARILY, str, HttpEncoderDecoderUtils.appendQueryParam(decodeOnCompleteRedirectTo, "authorizationStatus", String.valueOf(i)));
        }
    }

    private static void sendResponse(HttpResponseReadyCallback httpResponseReadyCallback, final HttpConstants.HttpStatus httpStatus, String str, String str2) {
        HttpResponseBuilder builder = HttpResponse.builder();
        builder.setStatusCode(Integer.valueOf(httpStatus.getStatusCode()));
        builder.setReasonPhrase(httpStatus.getReasonPhrase());
        builder.setEntity(new ByteArrayHttpEntity(str.getBytes()));
        builder.addHeader("Content-Length", String.valueOf(str.length()));
        builder.addHeader("Location", str2);
        httpResponseReadyCallback.responseReady(builder.build(), new ResponseStatusCallback() { // from class: org.mule.service.oauth.internal.DefaultAuthorizationCodeOAuthDancer.2
            public void responseSendFailure(Throwable th) {
                DefaultAuthorizationCodeOAuthDancer.LOGGER.warn("Error while sending {} response {}", Integer.valueOf(httpStatus.getStatusCode()), th.getMessage());
                if (DefaultAuthorizationCodeOAuthDancer.LOGGER.isDebugEnabled()) {
                    DefaultAuthorizationCodeOAuthDancer.LOGGER.debug("Exception thrown", th);
                }
            }

            public void responseSendSuccessfully() {
            }
        });
    }

    private static void sendResponse(HttpResponseReadyCallback httpResponseReadyCallback, final HttpConstants.HttpStatus httpStatus, String str) {
        HttpResponseBuilder builder = HttpResponse.builder();
        builder.setStatusCode(Integer.valueOf(httpStatus.getStatusCode()));
        builder.setReasonPhrase(httpStatus.getReasonPhrase());
        builder.setEntity(new ByteArrayHttpEntity(str.getBytes()));
        builder.addHeader("Content-Length", String.valueOf(str.length()));
        httpResponseReadyCallback.responseReady(builder.build(), new ResponseStatusCallback() { // from class: org.mule.service.oauth.internal.DefaultAuthorizationCodeOAuthDancer.3
            public void responseSendFailure(Throwable th) {
                DefaultAuthorizationCodeOAuthDancer.LOGGER.warn("Error while sending {} response {}", Integer.valueOf(httpStatus.getStatusCode()), th.getMessage());
                if (DefaultAuthorizationCodeOAuthDancer.LOGGER.isDebugEnabled()) {
                    DefaultAuthorizationCodeOAuthDancer.LOGGER.debug("Exception thrown", th);
                }
            }

            public void responseSendSuccessfully() {
            }
        });
    }

    private static boolean isEmpty(String str) {
        return str == null || StringUtils.isEmpty(str) || "null".equals(str);
    }

    private RequestHandler createLocalAuthorizationUrlListener() {
        return (httpRequestContext, httpResponseReadyCallback) -> {
            handleLocalAuthorizationRequest(httpRequestContext.getRequest(), httpResponseReadyCallback);
        };
    }

    public void handleLocalAuthorizationRequest(HttpRequest httpRequest, HttpResponseReadyCallback httpResponseReadyCallback) {
        String readBody = readBody(httpRequest);
        ParameterMap readHeaders = readHeaders(httpRequest);
        MediaType mediaType = getMediaType(httpRequest);
        ParameterMap queryParams = httpRequest.getQueryParams();
        StateEncoder stateEncoder = new StateEncoder((String) resolveExpression(this.state, readBody, readHeaders, queryParams, mediaType));
        String str = (String) resolveExpression(this.localAuthorizationUrlResourceOwnerId, readBody, readHeaders, queryParams, mediaType);
        if (str != null) {
            stateEncoder.encodeResourceOwnerIdInState(str);
        }
        String str2 = queryParams.get("onCompleteRedirectTo");
        if (str2 != null) {
            stateEncoder.encodeOnCompleteRedirectToInState(str2);
        }
        sendResponse(httpResponseReadyCallback, HttpConstants.HttpStatus.MOVED_TEMPORARILY, readBody, new AuthorizationRequestUrlBuilder().setAuthorizationUrl(this.authorizationUrl).setClientId(this.clientId).setClientSecret(this.clientSecret).setCustomParameters(this.customParameters.get()).setRedirectUrl(this.externalCallbackUrl).setState(stateEncoder.getEncodedState()).setScope(this.scopes).setEncoding(this.encoding).buildUrl());
    }

    private String readBody(HttpRequest httpRequest) {
        try {
            InputStreamHttpEntity inputStreamEntity = httpRequest.getInputStreamEntity();
            return inputStreamEntity != null ? IOUtils.toString(inputStreamEntity.getInputStream()) : "";
        } catch (IOException e) {
            throw new MuleRuntimeException(e);
        }
    }

    private ParameterMap readHeaders(HttpRequest httpRequest) {
        ParameterMap parameterMap = new ParameterMap();
        for (String str : httpRequest.getHeaderNames()) {
            parameterMap.put(str, httpRequest.getHeaderValues(str));
        }
        return parameterMap;
    }

    private MediaType getMediaType(HttpRequest httpRequest) {
        String headerValueIgnoreCase = httpRequest.getHeaderValueIgnoreCase("Content-Type");
        return headerValueIgnoreCase != null ? MediaType.parse(headerValueIgnoreCase) : MediaType.ANY;
    }

    @Override // org.mule.service.oauth.internal.AbstractOAuthDancer
    public void start() throws MuleException {
        super.start();
        try {
            this.httpServer.start();
            this.redirectUrlHandlerManager.start();
            this.localAuthorizationUrlHandlerManager.start();
        } catch (IOException e) {
            throw new DefaultMuleException(e);
        }
    }

    @Override // org.mule.service.oauth.internal.AbstractOAuthDancer
    public void stop() throws MuleException {
        this.redirectUrlHandlerManager.stop();
        this.localAuthorizationUrlHandlerManager.stop();
        this.httpServer.stop();
        super.stop();
    }

    public void dispose() {
        this.redirectUrlHandlerManager.dispose();
        this.localAuthorizationUrlHandlerManager.dispose();
        this.httpServer.dispose();
    }

    public CompletableFuture<String> accessToken(String str) throws RequestAuthenticationException {
        String accessToken = getContextForResourceOwner(str).getAccessToken();
        if (accessToken == null) {
            throw new RequestAuthenticationException(I18nMessageFactory.createStaticMessage(String.format("No access token found. Verify that you have authenticated before trying to execute an operation to the API.", new Object[0])));
        }
        return CompletableFuture.completedFuture(accessToken);
    }

    public CompletableFuture<Void> refreshToken(String str) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Executing refresh token for user " + str);
        }
        DefaultResourceOwnerOAuthContext defaultResourceOwnerOAuthContext = (DefaultResourceOwnerOAuthContext) getContextForResourceOwner(str);
        boolean tryLock = defaultResourceOwnerOAuthContext.getRefreshUserOAuthContextLock().tryLock();
        if (tryLock) {
            try {
                String refreshToken = defaultResourceOwnerOAuthContext.getRefreshToken();
                if (refreshToken == null) {
                    throw new MuleRuntimeException(I18nMessageFactory.createStaticMessage("The user with user id %s has no refresh token in his OAuth state so we can't execute the refresh token call", new Object[]{defaultResourceOwnerOAuthContext.getResourceOwnerId()}));
                }
                HashMap hashMap = new HashMap();
                hashMap.put("refresh_token", refreshToken);
                hashMap.put(OAuthConstants.CLIENT_ID_PARAMETER, this.clientId);
                hashMap.put(OAuthConstants.CLIENT_SECRET_PARAMETER, this.clientSecret);
                hashMap.put(OAuthConstants.GRANT_TYPE_PARAMETER, "refresh_token");
                hashMap.put(OAuthConstants.REDIRECT_URI_PARAMETER, this.externalCallbackUrl);
                try {
                    TokenResponse invokeTokenUrl = invokeTokenUrl(this.tokenUrl, hashMap, null, true, this.encoding);
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("Update OAuth Context for resourceOwnerId %s", defaultResourceOwnerOAuthContext.getResourceOwnerId());
                    }
                    updateResourceOwnerState(defaultResourceOwnerOAuthContext, null, invokeTokenUrl);
                    updateResourceOwnerOAuthContext(defaultResourceOwnerOAuthContext);
                } catch (TokenUrlResponseException | TokenNotFoundException e) {
                    CompletableFuture<Void> completableFuture = new CompletableFuture<>();
                    completableFuture.completeExceptionally(e);
                    if (tryLock) {
                        defaultResourceOwnerOAuthContext.getRefreshUserOAuthContextLock().unlock();
                    }
                    return completableFuture;
                }
            } catch (Throwable th) {
                if (tryLock) {
                    defaultResourceOwnerOAuthContext.getRefreshUserOAuthContextLock().unlock();
                }
                throw th;
            }
        }
        if (tryLock) {
            defaultResourceOwnerOAuthContext.getRefreshUserOAuthContextLock().unlock();
        }
        if (!tryLock) {
            defaultResourceOwnerOAuthContext.getRefreshUserOAuthContextLock().lock();
            defaultResourceOwnerOAuthContext.getRefreshUserOAuthContextLock().unlock();
        }
        return CompletableFuture.completedFuture(null);
    }

    private void updateResourceOwnerState(DefaultResourceOwnerOAuthContext defaultResourceOwnerOAuthContext, String str, TokenResponse tokenResponse) {
        defaultResourceOwnerOAuthContext.setAccessToken(tokenResponse.getAccessToken());
        if (tokenResponse.getRefreshToken() != null) {
            defaultResourceOwnerOAuthContext.setRefreshToken(tokenResponse.getRefreshToken());
        }
        defaultResourceOwnerOAuthContext.setExpiresIn(tokenResponse.getExpiresIn());
        if (str != null) {
            defaultResourceOwnerOAuthContext.setState(str);
        }
        Map<String, Object> customResponseParameters = tokenResponse.getCustomResponseParameters();
        for (String str2 : customResponseParameters.keySet()) {
            Object obj = customResponseParameters.get(str2);
            if (obj != null) {
                defaultResourceOwnerOAuthContext.getTokenResponseParameters().put(str2, obj);
            }
        }
        if (LOGGER.isDebugEnabled()) {
            Logger logger = LOGGER;
            Object[] objArr = new Object[5];
            objArr[0] = defaultResourceOwnerOAuthContext.getResourceOwnerId();
            objArr[1] = defaultResourceOwnerOAuthContext.getAccessToken();
            objArr[2] = StringUtils.isBlank(defaultResourceOwnerOAuthContext.getRefreshToken()) ? "Not issued" : defaultResourceOwnerOAuthContext.getRefreshToken();
            objArr[3] = defaultResourceOwnerOAuthContext.getExpiresIn();
            objArr[4] = defaultResourceOwnerOAuthContext.getState();
            logger.debug("New OAuth State for resourceOwnerId %s is: accessToken(%s), refreshToken(%s), expiresIn(%s), state(%s)", objArr);
        }
    }
}
