package org.jackhuang.hmcl.auth;

import com.google.gson.JsonParseException;
import com.google.gson.annotations.SerializedName;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.jackhuang.hmcl.auth.yggdrasil.RemoteAuthenticationException;
import org.jackhuang.hmcl.util.Lang;
import org.jackhuang.hmcl.util.Pair;
import org.jackhuang.hmcl.util.io.HttpRequest;
import org.jackhuang.hmcl.util.io.NetworkUtils;

/* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth.class */
public class OAuth {
    public static final OAuth MICROSOFT = new OAuth("https://login.live.com/oauth20_authorize.srf", "https://login.live.com/oauth20_token.srf", "https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode", "https://login.microsoftonline.com/consumers/oauth2/v2.0/token");
    private final String authorizationURL;
    private final String accessTokenURL;
    private final String deviceCodeURL;
    private final String tokenURL;

    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$AuthorizationResponse.class */
    public static class AuthorizationResponse extends ErrorResponse {

        @SerializedName("token_type")
        public String tokenType;

        @SerializedName("expires_in")
        public int expiresIn;

        @SerializedName("scope")
        public String scope;

        @SerializedName("access_token")
        public String accessToken;

        @SerializedName("refresh_token")
        public String refreshToken;

        @SerializedName("user_id")
        public String userId;

        @SerializedName("foci")
        public String foci;

        public AuthorizationResponse() {
            super();
        }
    }

    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$Callback.class */
    public interface Callback {
        Session startServer() throws IOException, AuthenticationException;

        void grantDeviceCode(String str, String str2);

        void openBrowser(String str) throws IOException;

        String getClientId();

        String getClientSecret();

        boolean isPublicClient();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$DeviceTokenResponse.class */
    public static class DeviceTokenResponse extends ErrorResponse {

        @SerializedName("user_code")
        public String userCode;

        @SerializedName("device_code")
        public String deviceCode;

        @SerializedName("verification_uri")
        public String verificationURI;

        @SerializedName("expires_in")
        public int expiresIn;

        @SerializedName("interval")
        public int interval;

        private DeviceTokenResponse() {
            super();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$ErrorResponse.class */
    public static class ErrorResponse {

        @SerializedName("error")
        public String error;

        @SerializedName("error_description")
        public String errorDescription;

        @SerializedName("correlation_id")
        public String correlationId;

        private ErrorResponse() {
        }
    }

    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$GrantFlow.class */
    public enum GrantFlow {
        AUTHORIZATION_CODE,
        DEVICE
    }

    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$Options.class */
    public static class Options {
        private String userAgent;
        private final String scope;
        private final Callback callback;

        public Options(String str, Callback callback) {
            this.scope = str;
            this.callback = callback;
        }

        public Options setUserAgent(String str) {
            this.userAgent = str;
            return this;
        }
    }

    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$RefreshResponse.class */
    private static class RefreshResponse extends ErrorResponse {

        @SerializedName("expires_in")
        int expiresIn;

        @SerializedName("access_token")
        String accessToken;

        @SerializedName("refresh_token")
        String refreshToken;

        private RefreshResponse() {
            super();
        }
    }

    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$Result.class */
    public class Result {
        private final String accessToken;
        private final String refreshToken;

        public Result(String str, String str2) {
            this.accessToken = str;
            this.refreshToken = str2;
        }

        public String getAccessToken() {
            return this.accessToken;
        }

        public String getRefreshToken() {
            return this.refreshToken;
        }
    }

    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$Session.class */
    public interface Session {
        String getRedirectURI();

        String waitFor() throws InterruptedException, ExecutionException;

        default String getIdToken() {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jackhuang/hmcl/auth/OAuth$TokenResponse.class */
    public static class TokenResponse extends ErrorResponse {

        @SerializedName("token_type")
        public String tokenType;

        @SerializedName("expires_in")
        public int expiresIn;

        @SerializedName("ext_expires_in")
        public int extExpiresIn;

        @SerializedName("scope")
        public String scope;

        @SerializedName("access_token")
        public String accessToken;

        @SerializedName("refresh_token")
        public String refreshToken;

        private TokenResponse() {
            super();
        }
    }

    public OAuth(String str, String str2, String str3, String str4) {
        this.authorizationURL = str;
        this.accessTokenURL = str2;
        this.deviceCodeURL = str3;
        this.tokenURL = str4;
    }

    public Result authenticate(GrantFlow grantFlow, Options options) throws AuthenticationException {
        try {
            switch (grantFlow) {
                case AUTHORIZATION_CODE:
                    return authenticateAuthorizationCode(options);
                case DEVICE:
                    return authenticateDevice(options);
                default:
                    throw new UnsupportedOperationException("grant flow " + grantFlow);
            }
        } catch (JsonParseException e) {
            throw new ServerResponseMalformedException(e);
        } catch (IOException e2) {
            throw new ServerDisconnectException(e2);
        } catch (InterruptedException e3) {
            throw new NoSelectedCharacterException();
        } catch (ExecutionException e4) {
            if (e4.getCause() instanceof InterruptedException) {
                throw new NoSelectedCharacterException();
            }
            throw new ServerDisconnectException(e4);
        }
    }

    private Result authenticateAuthorizationCode(Options options) throws IOException, InterruptedException, JsonParseException, ExecutionException, AuthenticationException {
        Session startServer = options.callback.startServer();
        options.callback.openBrowser(NetworkUtils.withQuery(this.authorizationURL, Lang.mapOf(Pair.pair("client_id", options.callback.getClientId()), Pair.pair("response_type", "code"), Pair.pair("redirect_uri", startServer.getRedirectURI()), Pair.pair("scope", options.scope), Pair.pair("prompt", "select_account"))));
        AuthorizationResponse authorizationResponse = (AuthorizationResponse) HttpRequest.POST(this.accessTokenURL).form(Pair.pair("client_id", options.callback.getClientId()), Pair.pair("code", startServer.waitFor()), Pair.pair("grant_type", "authorization_code"), Pair.pair("client_secret", options.callback.getClientSecret()), Pair.pair("redirect_uri", startServer.getRedirectURI()), Pair.pair("scope", options.scope)).ignoreHttpCode().retry(5).getJson(AuthorizationResponse.class);
        handleErrorResponse(authorizationResponse);
        return new Result(authorizationResponse.accessToken, authorizationResponse.refreshToken);
    }

    private Result authenticateDevice(Options options) throws IOException, InterruptedException, JsonParseException, AuthenticationException {
        DeviceTokenResponse deviceTokenResponse = (DeviceTokenResponse) HttpRequest.POST(this.deviceCodeURL).form(Pair.pair("client_id", options.callback.getClientId()), Pair.pair("scope", options.scope)).ignoreHttpCode().retry(5).getJson(DeviceTokenResponse.class);
        handleErrorResponse(deviceTokenResponse);
        options.callback.grantDeviceCode(deviceTokenResponse.userCode, deviceTokenResponse.verificationURI);
        options.callback.openBrowser(deviceTokenResponse.verificationURI);
        long nanoTime = System.nanoTime();
        int i = deviceTokenResponse.interval;
        while (true) {
            Thread.sleep(Math.max(i, 1));
            if (TimeUnit.SECONDS.convert(System.nanoTime() - nanoTime, TimeUnit.NANOSECONDS) >= Math.min(deviceTokenResponse.expiresIn, 900)) {
                throw new NoSelectedCharacterException();
            }
            TokenResponse tokenResponse = (TokenResponse) HttpRequest.POST(this.tokenURL).form(Pair.pair("grant_type", "urn:ietf:params:oauth:grant-type:device_code"), Pair.pair("code", deviceTokenResponse.deviceCode), Pair.pair("client_id", options.callback.getClientId())).ignoreHttpCode().retry(5).getJson(TokenResponse.class);
            if (!"authorization_pending".equals(tokenResponse.error)) {
                if ("expired_token".equals(tokenResponse.error)) {
                    throw new NoSelectedCharacterException();
                }
                if (!"slow_down".equals(tokenResponse.error)) {
                    return new Result(tokenResponse.accessToken, tokenResponse.refreshToken);
                }
                i += 5;
            }
        }
    }

    public Result refresh(String str, Options options) throws AuthenticationException {
        try {
            Map<String, String> mapOf = Lang.mapOf(Pair.pair("client_id", options.callback.getClientId()), Pair.pair("refresh_token", str), Pair.pair("grant_type", "refresh_token"));
            if (!options.callback.isPublicClient()) {
                mapOf.put("client_secret", options.callback.getClientSecret());
            }
            RefreshResponse refreshResponse = (RefreshResponse) HttpRequest.POST(this.tokenURL).form(mapOf).accept("application/json").ignoreHttpCode().retry(5).getJson(RefreshResponse.class);
            handleErrorResponse(refreshResponse);
            return new Result(refreshResponse.accessToken, refreshResponse.refreshToken);
        } catch (JsonParseException e) {
            throw new ServerResponseMalformedException(e);
        } catch (IOException e2) {
            throw new ServerDisconnectException(e2);
        }
    }

    private static void handleErrorResponse(ErrorResponse errorResponse) throws AuthenticationException {
        if (errorResponse.error == null || errorResponse.errorDescription == null) {
            return;
        }
        String str = errorResponse.error;
        boolean z = -1;
        switch (str.hashCode()) {
            case -847806252:
                if (str.equals("invalid_grant")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (errorResponse.errorDescription.contains("AADSTS70000")) {
                    throw new CredentialExpiredException();
                }
                break;
        }
        throw new RemoteAuthenticationException(errorResponse.error, errorResponse.errorDescription, StringUtils.EMPTY);
    }
}
