package com.ocient.auth;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.ocient.jdbc.JDBCDriver;
import com.ocient.jdbc.proto.ClientWireProtocol;
import com.okta.sdk.impl.oauth2.OAuth2AccessToken;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Configuration;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import java.io.Closeable;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.net.URLEncoder;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Spliterators;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.apache.commons.text.CaseUtils;
import org.apache.commons.text.lookup.StringLookupFactory;
import org.apache.http.HttpHost;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;
import org.glassfish.grizzly.Grizzly;
import org.glassfish.grizzly.http.server.HttpServer;
import org.glassfish.grizzly.http.server.NetworkListener;
import org.glassfish.grizzly.nio.transport.TCPNIOTransport;
import org.glassfish.grizzly.threadpool.ThreadPoolConfig;
import org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.ServerProperties;
import org.jline.builtins.TTop;

/* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators.class */
public class OpenIDAuthenticators {
    private static final Logger LOGGER = Logger.getLogger("com.ocient.jdbc");
    public static final Gson GSON = new GsonBuilder().disableHtmlEscaping().create();
    public static final String DISCOVERY_DOCUMENT_PATH = "/.well-known/openid-configuration";
    public static final int DEFAULT_CODE_CALLBACK_PORT = 7050;
    public static final String OAUTH_DEVICE_GRANT = "oauthDeviceGrant";
    public static final String OAUTH_PKCE = "oauthPKCE";

    @Path("")
    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$AuthorizationCodeCallbackResource.class */
    public static class AuthorizationCodeCallbackResource {
        public static final String CODE_CALLBACK_ENDPOINT = "ocient/oauth2/v1/callback";

        @Context
        private Configuration config;

        @Produces({"text/html"})
        @GET
        @Path(CODE_CALLBACK_ENDPOINT)
        public Response handleCodeCallback(@QueryParam("code") @DefaultValue("") String str, @QueryParam("state") @DefaultValue("") String str2, @QueryParam("error") @DefaultValue("internal_client_error") String str3, @QueryParam("error_description") @DefaultValue("Something went wrong") String str4) {
            if (str2.isEmpty()) {
                HashMap hashMap = new HashMap();
                hashMap.put(OAuth2AccessToken.ERROR_KEY, "invalid_request");
                hashMap.put(OAuth2AccessToken.ERROR_DESCRIPTION, "'state' parameter missing from authorization response");
                return Response.status(400).entity(LandingPages.errorHTML(hashMap)).build();
            }
            try {
                CompletableFuture<String> authorizationCodeCallback = getAuthorizationCodeCallback(UUID.fromString(str2));
                if (authorizationCodeCallback == null) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(OAuth2AccessToken.ERROR_KEY, "invalid_request");
                    hashMap2.put(OAuth2AccessToken.ERROR_DESCRIPTION, "unknown request id in authorization response");
                    hashMap2.put(TTop.STAT_STATE, str2);
                    return Response.status(400).entity(LandingPages.errorHTML(hashMap2)).build();
                }
                if (!str.isEmpty()) {
                    authorizationCodeCallback.complete(str);
                    return Response.status(200).entity(LandingPages.successHTML("Successfully authenticated with OpenID Provider")).build();
                }
                HashMap hashMap3 = new HashMap();
                hashMap3.put(OAuth2AccessToken.ERROR_KEY, str3);
                hashMap3.put(OAuth2AccessToken.ERROR_DESCRIPTION, str4);
                hashMap3.put(TTop.STAT_STATE, str2);
                return Response.status(500).encoding("UTF-8").entity(LandingPages.errorHTML(hashMap3)).build();
            } catch (IllegalStateException e) {
                HashMap hashMap4 = new HashMap();
                hashMap4.put(OAuth2AccessToken.ERROR_KEY, "invalid_request");
                hashMap4.put(OAuth2AccessToken.ERROR_DESCRIPTION, "unknown request id in authorization response");
                hashMap4.put(TTop.STAT_STATE, str2);
                return Response.status(400).entity(LandingPages.errorHTML(hashMap4)).build();
            }
        }

        private final CompletableFuture<String> getAuthorizationCodeCallback(UUID uuid) {
            Object property = this.config.getProperty("authorizationCodeCallbacks");
            if (property == null || !(property instanceof AuthorizationCodeCallbacks)) {
                throw new RuntimeException("authorizationCodeCallbacks not found in config");
            }
            return ((AuthorizationCodeCallbacks) property).requests.remove(uuid);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$AuthorizationCodeCallbacks.class */
    public static class AuthorizationCodeCallbacks {
        final Map<UUID, CompletableFuture<String>> requests;

        private AuthorizationCodeCallbacks() {
            this.requests = new ConcurrentHashMap();
        }
    }

    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$AuthorizationCodeWithPKCEClient.class */
    public static class AuthorizationCodeWithPKCEClient implements Closeable {
        private static final int NUM_THREADS = 1;
        private final AuthorizationCodeCallbacks authorizationCodeCallbacks = new AuthorizationCodeCallbacks();
        private final HttpServer server;
        private final URI uri;
        private final String host;
        private final int port;
        private final boolean debugMode;

        /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$AuthorizationCodeWithPKCEClient$AuthorizationCodeGrant.class */
        public static class AuthorizationCodeGrant<T extends Token> {
            private final String authorizationURL;
            private final CompletableFuture<T> tokenFuture;

            public AuthorizationCodeGrant(String str, CompletableFuture<T> completableFuture) {
                this.authorizationURL = str;
                this.tokenFuture = completableFuture;
            }

            public String getURL() {
                return this.authorizationURL;
            }

            public CompletableFuture<T> getToken() {
                return this.tokenFuture;
            }
        }

        public AuthorizationCodeWithPKCEClient(String str, int i, boolean z) {
            this.host = str;
            this.port = i;
            this.debugMode = z;
            ResourceConfig createResourceConfig = createResourceConfig(this.authorizationCodeCallbacks);
            this.uri = UriBuilder.newInstance().scheme(HttpHost.DEFAULT_SCHEME_NAME).host(str).port(i).build(new Object[0]);
            OpenIDAuthenticators.LOGGER.info(() -> {
                return String.format("Binding OIDC server to %s", this.uri);
            });
            this.server = GrizzlyHttpServerFactory.createHttpServer(this.uri, createResourceConfig, false);
            TCPNIOTransport transport = this.server.getListener("grizzly").getTransport();
            transport.setSelectorRunnersCount(1);
            transport.setWorkerThreadPoolConfig(ThreadPoolConfig.defaultConfig().setCorePoolSize(1).setMaxPoolSize(1));
        }

        static ResourceConfig createResourceConfig(AuthorizationCodeCallbacks authorizationCodeCallbacks) {
            ClassLoader classLoader = OpenIDAuthenticators.class.getClassLoader();
            return new ResourceConfig().setClassLoader(classLoader).packages(true, classLoader, "com.ocient.auth").property2("authorizationCodeCallbacks", (Object) authorizationCodeCallbacks).property2(ServerProperties.WADL_FEATURE_DISABLE, (Object) true);
        }

        public void start() throws IOException {
            JDBCDriver.copyJDBCLoggingConfig(Grizzly.logger(NetworkListener.class), Optional.of(Level.INFO));
            JDBCDriver.copyJDBCLoggingConfig(Grizzly.logger(HttpServer.class), Optional.of(Level.INFO));
            final Enumeration<String> loggerNames = LogManager.getLogManager().getLoggerNames();
            StreamSupport.stream(Spliterators.spliteratorUnknownSize(new Iterator<String>() { // from class: com.ocient.auth.OpenIDAuthenticators.AuthorizationCodeWithPKCEClient.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.Iterator
                public String next() {
                    return (String) loggerNames.nextElement();
                }

                @Override // java.util.Iterator
                public boolean hasNext() {
                    return loggerNames.hasMoreElements();
                }
            }, 16), false).filter(str -> {
                return str.contains("glassfish");
            }).map(Logger::getLogger).forEach(logger -> {
                JDBCDriver.copyJDBCLoggingConfig(logger, Optional.of(Level.INFO));
            });
            this.server.start();
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            try {
                this.server.shutdown().get(10L, TimeUnit.SECONDS);
            } catch (InterruptedException | ExecutionException | TimeoutException e) {
                OpenIDAuthenticators.LOGGER.warning("Error shutting response server down: " + e.getMessage());
            }
        }

        public AuthorizationCodeGrant<OAuthToken> create(ClientWireProtocol.OpenIDAuthenticator openIDAuthenticator) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException {
            return create(openIDAuthenticator, Collections.emptyMap());
        }

        public AuthorizationCodeGrant<OAuthToken> create(ClientWireProtocol.OpenIDAuthenticator openIDAuthenticator, Map<String, String> map) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException {
            String generateCodeVerifier = PKCE.generateCodeVerifier();
            String generateCodeChallange = PKCE.generateCodeChallange(generateCodeVerifier);
            JsonObject discoveryDocument = OpenIDAuthenticators.getDiscoveryDocument(openIDAuthenticator.getIssuer());
            String asString = discoveryDocument.get("authorization_endpoint").getAsString();
            String format = String.format("http://%s:%d/%s", this.host, Integer.valueOf(this.port), AuthorizationCodeCallbackResource.CODE_CALLBACK_ENDPOINT);
            UUID randomUUID = UUID.randomUUID();
            StringBuilder append = new StringBuilder().append(asString).append("?client_id=").append(openIDAuthenticator.getClientId()).append("&response_mode=query").append("&response_type=code").append("&redirect_uri=").append(format).append("&state=").append(randomUUID.toString()).append("&scope=").append(URLEncoder.encode((String) openIDAuthenticator.getScopeList().stream().collect(Collectors.joining(" ")), "UTF-8")).append("&code_challenge=").append(generateCodeChallange).append("&code_challenge_method=").append("S256").append("&consent=prompt");
            map.forEach((str, str2) -> {
                append.append("&").append(str).append("=").append(str2);
            });
            String sb = append.toString();
            return new AuthorizationCodeGrant<>(sb, this.authorizationCodeCallbacks.requests.computeIfAbsent(randomUUID, uuid -> {
                return new CompletableFuture();
            }).thenApply(str3 -> {
                return exchangeAuthorizationCode(openIDAuthenticator, generateCodeVerifier, discoveryDocument, format, sb, str3, this.debugMode);
            }));
        }

        @SuppressFBWarnings(value = {"REC_CATCH_EXCEPTION"}, justification = "Exception is re-thrown in completion stage")
        private static OAuthToken exchangeAuthorizationCode(ClientWireProtocol.OpenIDAuthenticator openIDAuthenticator, String str, JsonObject jsonObject, String str2, String str3, String str4, boolean z) throws CompletionException {
            try {
                String asString = jsonObject.get("token_endpoint").getAsString();
                HttpPost httpPost = new HttpPost(asString);
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
                arrayList.add(new BasicNameValuePair("redirect_uri", str2));
                arrayList.add(new BasicNameValuePair("client_id", openIDAuthenticator.getClientId()));
                arrayList.add(new BasicNameValuePair("code", str4));
                arrayList.add(new BasicNameValuePair("code_verifier", str));
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
                if (z) {
                    OpenIDAuthenticators.LOGGER.info("Exchanging authorization code: " + asString);
                }
                CloseableHttpClient createHTTPClient = OpenIDAuthenticators.createHTTPClient(str3);
                try {
                    CloseableHttpResponse execute = createHTTPClient.execute((HttpUriRequest) httpPost);
                    try {
                        String entityUtils = EntityUtils.toString(execute.getEntity());
                        if (z) {
                            OpenIDAuthenticators.LOGGER.info("Got response: " + entityUtils);
                        }
                        JsonObject asJsonObject = JsonParser.parseString(entityUtils).getAsJsonObject();
                        if (!asJsonObject.has(OAuth2AccessToken.ACCESS_TOKEN_KEY)) {
                            Object[] objArr = new Object[2];
                            objArr[0] = asJsonObject.has(OAuth2AccessToken.ERROR_KEY) ? asJsonObject.get(OAuth2AccessToken.ERROR_KEY).getAsString() : "general_error";
                            objArr[1] = asJsonObject.has(OAuth2AccessToken.ERROR_DESCRIPTION) ? asJsonObject.get(OAuth2AccessToken.ERROR_DESCRIPTION).getAsString() : "Something went wrong.";
                            throw new IOException(String.format("%s: %s", objArr));
                        }
                        asJsonObject.addProperty("code_verifier", str);
                        OAuthToken oAuthToken = new OAuthToken(asJsonObject);
                        if (execute != null) {
                            execute.close();
                        }
                        if (createHTTPClient != null) {
                            createHTTPClient.close();
                        }
                        return oAuthToken;
                    } catch (Throwable th) {
                        if (execute != null) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new CompletionException(e);
            }
        }
    }

    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$DeviceAuthorizationGrant.class */
    public static class DeviceAuthorizationGrant<T extends Token> {
        private final String verificationUriComplete;
        private final String userCode;
        private final String verificationUri;
        private final TokenPoller<T> getToken;

        public DeviceAuthorizationGrant(String str, String str2, String str3, TokenPoller<T> tokenPoller) {
            this.verificationUriComplete = str;
            this.verificationUri = str2;
            this.userCode = str3;
            this.getToken = tokenPoller;
        }

        public String getUserCode() {
            return this.userCode;
        }

        public String getVerificationURI() {
            return this.verificationUri;
        }

        public String getVerificationURIComplete() {
            return this.verificationUriComplete;
        }

        public T getToken(long j) throws AuthException, KeyManagementException, IOException, NoSuchAlgorithmException, KeyStoreException, InterruptedException, TimeoutException {
            return this.getToken.apply(j);
        }
    }

    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$DeviceAuthorizationGrantClient.class */
    public static class DeviceAuthorizationGrantClient {
        private DeviceAuthorizationGrantClient() {
        }

        public static DeviceAuthorizationGrant<OAuthToken> create(ClientWireProtocol.OpenIDAuthenticator openIDAuthenticator) throws IOException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
            JsonObject discoveryDocument = OpenIDAuthenticators.getDiscoveryDocument(openIDAuthenticator.getIssuer());
            String asString = discoveryDocument.get("device_authorization_endpoint").getAsString();
            HttpPost httpPost = new HttpPost(asString);
            httpPost.addHeader("Accept", "application/json");
            httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
            String str = (String) openIDAuthenticator.getScopeList().stream().collect(Collectors.joining(" "));
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("client_id", openIDAuthenticator.getClientId()));
            arrayList.add(new BasicNameValuePair("scope", str));
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            CloseableHttpClient createHTTPClient = OpenIDAuthenticators.createHTTPClient(asString);
            try {
                CloseableHttpResponse execute = createHTTPClient.execute((HttpUriRequest) httpPost);
                try {
                    JsonObject asJsonObject = JsonParser.parseString(EntityUtils.toString(execute.getEntity())).getAsJsonObject();
                    if (asJsonObject.has(OAuth2AccessToken.ERROR_KEY)) {
                        Object[] objArr = new Object[2];
                        objArr[0] = asJsonObject.get(OAuth2AccessToken.ERROR_KEY).getAsString();
                        objArr[1] = asJsonObject.has(OAuth2AccessToken.ERROR_DESCRIPTION) ? asJsonObject.get(OAuth2AccessToken.ERROR_DESCRIPTION).getAsString() : "Something went wrong.";
                        throw new IOException(String.format("%s: %s", objArr));
                    }
                    DeviceAuthorizationGrant<OAuthToken> handleDeviceCodeResponse = handleDeviceCodeResponse(openIDAuthenticator, discoveryDocument, asJsonObject);
                    if (execute != null) {
                        execute.close();
                    }
                    if (createHTTPClient != null) {
                        createHTTPClient.close();
                    }
                    return handleDeviceCodeResponse;
                } finally {
                }
            } catch (Throwable th) {
                if (createHTTPClient != null) {
                    try {
                        createHTTPClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }

        private static DeviceAuthorizationGrant<OAuthToken> handleDeviceCodeResponse(ClientWireProtocol.OpenIDAuthenticator openIDAuthenticator, JsonObject jsonObject, JsonObject jsonObject2) {
            String asString = jsonObject2.get("device_code").getAsString();
            String asString2 = jsonObject2.get("user_code").getAsString();
            String asString3 = jsonObject2.get("verification_uri").getAsString();
            String asString4 = jsonObject2.has("verification_uri_complete") ? jsonObject2.get("verification_uri_complete").getAsString() : "n/a";
            int asInt = jsonObject2.has("interval") ? jsonObject2.get("interval").getAsInt() : 5;
            return new DeviceAuthorizationGrant<>(asString4, asString3, asString2, j -> {
                try {
                    return pollTokenEndpoint(openIDAuthenticator, jsonObject, asString, asInt, j);
                } catch (IOException | InterruptedException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | TimeoutException e) {
                    throw new AuthException("Failed to retrieve token", e);
                }
            });
        }

        private static OAuthToken pollTokenEndpoint(ClientWireProtocol.OpenIDAuthenticator openIDAuthenticator, JsonObject jsonObject, String str, int i, long j) throws KeyManagementException, MalformedURLException, NoSuchAlgorithmException, KeyStoreException, IOException, InterruptedException, TimeoutException {
            long currentTimeMillis = System.currentTimeMillis();
            int i2 = i;
            String asString = jsonObject.get("token_endpoint").getAsString();
            CloseableHttpClient createHTTPClient = OpenIDAuthenticators.createHTTPClient(asString);
            while (System.currentTimeMillis() - currentTimeMillis < j) {
                try {
                    HttpPost httpPost = new HttpPost(asString);
                    httpPost.addHeader("Accept", "application/json");
                    httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(new BasicNameValuePair("client_id", openIDAuthenticator.getClientId()));
                    arrayList.add(new BasicNameValuePair("grant_type", "urn:ietf:params:oauth:grant-type:device_code"));
                    arrayList.add(new BasicNameValuePair("device_code", str));
                    httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
                    CloseableHttpResponse execute = createHTTPClient.execute((HttpUriRequest) httpPost);
                    try {
                        JsonObject asJsonObject = JsonParser.parseString(EntityUtils.toString(execute.getEntity())).getAsJsonObject();
                        if (asJsonObject.has(OAuth2AccessToken.ACCESS_TOKEN_KEY)) {
                            OAuthToken oAuthToken = new OAuthToken(asJsonObject);
                            if (execute != null) {
                                execute.close();
                            }
                            if (createHTTPClient != null) {
                                createHTTPClient.close();
                            }
                            return oAuthToken;
                        }
                        if (asJsonObject.has(OAuth2AccessToken.ERROR_KEY)) {
                            String asString2 = asJsonObject.get(OAuth2AccessToken.ERROR_KEY).getAsString();
                            if (asString2.equals("authorization_pending")) {
                                Thread.sleep(i2 * 1000);
                                if (execute != null) {
                                    execute.close();
                                }
                            } else if (asString2.equals("slow_down")) {
                                i2 += 5;
                                Thread.sleep(i2 * 1000);
                                if (execute != null) {
                                    execute.close();
                                }
                            }
                        }
                        Object[] objArr = new Object[2];
                        objArr[0] = asJsonObject.has(OAuth2AccessToken.ERROR_KEY) ? asJsonObject.get(OAuth2AccessToken.ERROR_KEY).getAsString() : "general_error";
                        objArr[1] = asJsonObject.has(OAuth2AccessToken.ERROR_DESCRIPTION) ? asJsonObject.get(OAuth2AccessToken.ERROR_DESCRIPTION).getAsString() : "Something went wrong.";
                        throw new IOException(String.format("%s: %s", objArr));
                    } finally {
                    }
                } catch (Throwable th) {
                    if (createHTTPClient != null) {
                        try {
                            createHTTPClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            if (createHTTPClient != null) {
                createHTTPClient.close();
            }
            throw new TimeoutException(String.format("The device authorization request timed out after %d seconds", Long.valueOf(j / 1000)));
        }
    }

    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$OAuthFlow.class */
    public enum OAuthFlow {
        AUTHORIZATION_CODE,
        DEVICE_GRANT;

        private final String key = CaseUtils.toCamelCase(name(), false, '_');

        OAuthFlow() {
        }

        public String key() {
            return this.key;
        }
    }

    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$OAuthToken.class */
    public static class OAuthToken implements Token {
        private final JsonObject tokenResponse;

        public OAuthToken(JsonObject jsonObject) {
            this.tokenResponse = jsonObject;
        }

        @Override // com.ocient.auth.Token
        public String getTokenHint() {
            return "oauth_tokens";
        }

        @Override // com.ocient.auth.Token
        public String getToken() throws AuthException {
            try {
                return Base64.getUrlEncoder().encodeToString(OpenIDAuthenticators.GSON.toJson((JsonElement) this.tokenResponse).getBytes("UTF-8"));
            } catch (UnsupportedEncodingException e) {
                throw new AuthException("Could not encode token", e);
            }
        }

        public JsonObject getTokenResponse() {
            return this.tokenResponse;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$PKCE.class */
    public static class PKCE {
        static final SecureRandom RAND = new SecureRandom();

        private PKCE() {
        }

        static String generateCodeVerifier() throws UnsupportedEncodingException {
            byte[] bArr = new byte[32];
            RAND.nextBytes(bArr);
            return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
        }

        static String generateCodeChallange(String str) throws UnsupportedEncodingException, NoSuchAlgorithmException {
            byte[] bytes = str.getBytes("US-ASCII");
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bytes, 0, bytes.length);
            return Base64.getUrlEncoder().withoutPadding().encodeToString(messageDigest.digest());
        }
    }

    /* loaded from: input_file:com/ocient/auth/OpenIDAuthenticators$TokenPoller.class */
    public interface TokenPoller<T extends Token> {
        T apply(long j) throws AuthException, KeyManagementException, IOException, NoSuchAlgorithmException, KeyStoreException, InterruptedException, TimeoutException;
    }

    @SuppressFBWarnings(value = {"HTTP_PARAMETER_POLLUTION"}, justification = "Concatenated input is provided by an Ocient database")
    public static JsonObject getDiscoveryDocument(String str) throws IOException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
        CloseableHttpClient createHTTPClient = createHTTPClient(str);
        try {
            CloseableHttpResponse execute = createHTTPClient.execute((HttpUriRequest) new HttpGet(String.format("%s%s", str, DISCOVERY_DOCUMENT_PATH)));
            try {
                JsonObject asJsonObject = JsonParser.parseString(EntityUtils.toString(execute.getEntity())).getAsJsonObject();
                if (execute != null) {
                    execute.close();
                }
                if (createHTTPClient != null) {
                    createHTTPClient.close();
                }
                return asJsonObject;
            } finally {
            }
        } catch (Throwable th) {
            if (createHTTPClient != null) {
                try {
                    createHTTPClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CloseableHttpClient createHTTPClient(String str) throws MalformedURLException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
        URL url = new URL(str);
        if (url.getHost().equals("127.0.0.1") || url.getHost().equals(StringLookupFactory.KEY_LOCALHOST)) {
            LOGGER.warning(String.format("Creating insecure HTTPS client, thread: %s, host: %s", Thread.currentThread().getName(), url.getHost()));
            return HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial((KeyStore) null, new TrustAllStrategy()).build())).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
        }
        LOGGER.info("Creating HTTPS client, host: " + url.getHost());
        return HttpClients.createDefault();
    }
}
