package com.feth.play.module.pa.providers.oauth2;

import com.feth.play.module.pa.PlayAuthenticate;
import com.feth.play.module.pa.exceptions.AccessDeniedException;
import com.feth.play.module.pa.exceptions.AccessTokenException;
import com.feth.play.module.pa.exceptions.AuthException;
import com.feth.play.module.pa.exceptions.RedirectUriMismatch;
import com.feth.play.module.pa.providers.ext.ExternalAuthProvider;
import com.feth.play.module.pa.providers.oauth2.OAuth2AuthInfo;
import com.feth.play.module.pa.user.AuthUser;
import com.feth.play.module.pa.user.AuthUserIdentity;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.message.BasicNameValuePair;
import play.Application;
import play.Configuration;
import play.Logger;
import play.i18n.Messages;
import play.libs.WS;
import play.mvc.Http;

/* loaded from: input_file:com/feth/play/module/pa/providers/oauth2/OAuth2AuthProvider.class */
public abstract class OAuth2AuthProvider<U extends AuthUserIdentity, I extends OAuth2AuthInfo> extends ExternalAuthProvider {
    private static final String STATE_TOKEN = "pa.oauth2.state";
    protected static final String CONTENT_TYPE = "Content-Type";

    /* loaded from: input_file:com/feth/play/module/pa/providers/oauth2/OAuth2AuthProvider$Constants.class */
    public static abstract class Constants {
        public static final String CLIENT_ID = "client_id";
        public static final String CLIENT_SECRET = "client_secret";
        public static final String REDIRECT_URI = "redirect_uri";
        public static final String SCOPE = "scope";
        public static final String ACCESS_TYPE = "access_type";
        public static final String APPROVAL_PROMPT = "approval_prompt";
        public static final String RESPONSE_TYPE = "response_type";
        public static final String STATE = "state";
        public static final String GRANT_TYPE = "grant_type";
        public static final String AUTHORIZATION_CODE = "authorization_code";
        public static final String ACCESS_TOKEN = "access_token";
        public static final String ERROR = "error";
        public static final String CODE = "code";
        public static final String TOKEN_TYPE = "token_type";
        public static final String EXPIRES_IN = "expires_in";
        public static final String REFRESH_TOKEN = "refresh_token";
        public static final String ACCESS_DENIED = "access_denied";
        public static final String REDIRECT_URI_MISMATCH = "redirect_uri_mismatch";
    }

    /* loaded from: input_file:com/feth/play/module/pa/providers/oauth2/OAuth2AuthProvider$SettingKeys.class */
    public static abstract class SettingKeys {
        public static final String AUTHORIZATION_URL = "authorizationUrl";
        public static final String ACCESS_TOKEN_URL = "accessTokenUrl";
        public static final String CLIENT_ID = "clientId";
        public static final String CLIENT_SECRET = "clientSecret";
        public static final String SCOPE = "scope";
        public static final String ACCESS_TYPE = "accessType";
        public static final String APPROVAL_PROMPT = "approvalPrompt";
    }

    public OAuth2AuthProvider(Application application) {
        super(application);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.feth.play.module.pa.providers.ext.ExternalAuthProvider, com.feth.play.module.pa.providers.AuthProvider
    public List<String> neededSettingKeys() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(super.neededSettingKeys());
        arrayList.add("accessTokenUrl");
        arrayList.add("authorizationUrl");
        arrayList.add(SettingKeys.CLIENT_ID);
        arrayList.add(SettingKeys.CLIENT_SECRET);
        return arrayList;
    }

    protected String getAccessTokenParams(Configuration configuration, String str, Http.Request request) {
        List<NameValuePair> params = getParams(request, configuration);
        params.add(new BasicNameValuePair(Constants.CLIENT_SECRET, configuration.getString(SettingKeys.CLIENT_SECRET)));
        params.add(new BasicNameValuePair(Constants.GRANT_TYPE, Constants.AUTHORIZATION_CODE));
        params.add(new BasicNameValuePair(Constants.CODE, str));
        return URLEncodedUtils.format(params, "UTF-8");
    }

    protected Map<String, String> getHeaders() {
        return Collections.emptyMap();
    }

    protected I getAccessToken(String str, Http.Request request) throws AccessTokenException {
        Configuration configuration = getConfiguration();
        String accessTokenParams = getAccessTokenParams(configuration, str, request);
        WS.WSRequestHolder url = WS.url(configuration.getString("accessTokenUrl"));
        url.setHeader(CONTENT_TYPE, "application/x-www-form-urlencoded");
        for (Map.Entry<String, String> entry : getHeaders().entrySet()) {
            url.setHeader(entry.getKey(), entry.getValue());
        }
        return buildInfo((WS.Response) url.post(accessTokenParams).get(PlayAuthenticate.TIMEOUT));
    }

    protected abstract I buildInfo(WS.Response response) throws AccessTokenException;

    protected String getAuthUrl(Http.Request request, String str) throws AuthException {
        Configuration configuration = getConfiguration();
        return generateURI(configuration.getString("authorizationUrl"), getAuthParams(configuration, request, str));
    }

    protected List<NameValuePair> getAuthParams(Configuration configuration, Http.Request request, String str) throws AuthException {
        List<NameValuePair> params = getParams(request, configuration);
        if (configuration.getString("scope") != null) {
            params.add(new BasicNameValuePair("scope", configuration.getString("scope")));
        }
        params.add(new BasicNameValuePair(Constants.RESPONSE_TYPE, Constants.CODE));
        if (configuration.getString(SettingKeys.ACCESS_TYPE) != null) {
            params.add(new BasicNameValuePair(Constants.ACCESS_TYPE, configuration.getString(SettingKeys.ACCESS_TYPE)));
        }
        if (configuration.getString(SettingKeys.APPROVAL_PROMPT) != null) {
            params.add(new BasicNameValuePair(Constants.APPROVAL_PROMPT, configuration.getString(SettingKeys.APPROVAL_PROMPT)));
        }
        if (str != null) {
            params.add(new BasicNameValuePair(Constants.STATE, str));
        }
        return params;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<NameValuePair> getParams(Http.Request request, Configuration configuration) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(Constants.CLIENT_ID, configuration.getString(SettingKeys.CLIENT_ID)));
        arrayList.add(new BasicNameValuePair(getRedirectUriKey(), getRedirectUrl(request)));
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRedirectUriKey() {
        return Constants.REDIRECT_URI;
    }

    @Override // com.feth.play.module.pa.providers.AuthProvider
    public Object authenticate(Http.Context context, Object obj) throws AuthException {
        Http.Request request = context.request();
        if (Logger.isDebugEnabled()) {
            Logger.debug("Returned with URL: '" + request.uri() + "'");
        }
        String queryString = request.getQueryString(getErrorParameterKey());
        if (queryString != null) {
            if (queryString.equals("access_denied")) {
                throw new AccessDeniedException(getKey());
            }
            if (!queryString.equals(Constants.REDIRECT_URI_MISMATCH)) {
                throw new AuthException(queryString);
            }
            Logger.error("You must set the redirect URI for your provider to whatever you defined in your routes file.For this provider it is: '" + getRedirectUrl(request) + "'");
            throw new RedirectUriMismatch();
        }
        if (isCallbackRequest(context)) {
            String queryString2 = request.getQueryString(Constants.STATE);
            if (((UUID) PlayAuthenticate.getFromCache(context.session(), STATE_TOKEN)).equals(UUID.fromString(queryString2))) {
                return transform(getAccessToken(request.getQueryString(Constants.CODE), request), queryString2);
            }
            throw new AuthException(Messages.get("playauthenticate.core.exception.oauth2.state_param_forged", new Object[0]));
        }
        UUID randomUUID = UUID.randomUUID();
        PlayAuthenticate.storeInCache(context.session(), STATE_TOKEN, randomUUID);
        String authUrl = getAuthUrl(request, randomUUID.toString());
        Logger.debug("generated redirect URL for dialog: " + authUrl);
        return authUrl;
    }

    protected boolean isCallbackRequest(Http.Context context) {
        return context.request().queryString().containsKey(Constants.CODE);
    }

    protected String getErrorParameterKey() {
        return Constants.ERROR;
    }

    @Override // com.feth.play.module.pa.providers.AuthProvider
    public void afterSave(AuthUser authUser, Object obj, Http.Session session) {
        PlayAuthenticate.removeFromCache(session, STATE_TOKEN);
    }

    protected abstract AuthUserIdentity transform(I i, String str) throws AuthException;
}
