package net.dean.jraw.http.oauth;

import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.SecureRandom;
import java.util.Map;
import net.dean.jraw.JrawUtils;
import net.dean.jraw.RedditClient;
import net.dean.jraw.http.AuthenticationMethod;
import net.dean.jraw.http.BasicAuthData;
import net.dean.jraw.http.Credentials;
import net.dean.jraw.http.HttpAdapter;
import net.dean.jraw.http.HttpRequest;
import net.dean.jraw.http.MediaTypes;
import net.dean.jraw.http.NetworkAccessible;
import net.dean.jraw.http.NetworkException;

/* loaded from: input_file:net/dean/jraw/http/oauth/OAuthHelper.class */
public class OAuthHelper implements NetworkAccessible {
    private SecureRandom secureRandom;
    private String state;
    private boolean started;
    private RedditClient reddit;

    public OAuthHelper(RedditClient redditClient) {
        this.reddit = redditClient;
    }

    public URL getAuthorizationUrl(String str, String str2, boolean z, String... strArr) {
        if (this.started) {
            this.started = false;
        }
        if (this.secureRandom == null) {
            this.secureRandom = new SecureRandom();
        }
        this.state = new BigInteger(130, this.secureRandom).toString(32);
        HttpRequest.Builder expected = new HttpRequest.Builder().https(true).host(RedditClient.HOST).path("/api/v1/authorize", new String[0]).expected(MediaTypes.HTML.type());
        Object[] objArr = new Object[12];
        objArr[0] = "client_id";
        objArr[1] = str;
        objArr[2] = "response_type";
        objArr[3] = "code";
        objArr[4] = "state";
        objArr[5] = this.state;
        objArr[6] = "redirect_uri";
        objArr[7] = str2;
        objArr[8] = "duration";
        objArr[9] = z ? "permanent" : "temporary";
        objArr[10] = "scope";
        objArr[11] = JrawUtils.join(strArr);
        HttpRequest build = expected.query(JrawUtils.mapOf(objArr)).build();
        this.started = true;
        return build.getUrl();
    }

    public OAuthData onUserChallenge(String str, String str2, Credentials credentials) throws NetworkException, OAuthException, IllegalStateException, MalformedURLException {
        if (!credentials.getAuthenticationMethod().isOAuth2()) {
            throw new IllegalArgumentException("Credentials provided are not for an OAuth2 login.");
        }
        if (credentials.getAuthenticationMethod() == AuthenticationMethod.SCRIPT) {
            JrawUtils.logger().warn("Unnecessarily complicated auth process. Use doScriptApp() instead.");
            return doScriptApp(credentials);
        }
        if (!this.started) {
            throw new IllegalStateException("Auth flow not started yet. See getAuthorizationUrl()");
        }
        Map<String, String> parseUrlEncoded = JrawUtils.parseUrlEncoded(HttpRequest.from("invalid", new URL(str), new Object[0]).getUrl().getQuery());
        if (!parseUrlEncoded.containsKey("state")) {
            throw new IllegalArgumentException("Final redirect URI did not contain the 'state' query parameter");
        }
        if (!parseUrlEncoded.get("state").equals(this.state)) {
            throw new IllegalArgumentException("State did not match");
        }
        if (parseUrlEncoded.containsKey("error")) {
            throw new OAuthException(parseUrlEncoded.get("error"));
        }
        if (!parseUrlEncoded.containsKey("code")) {
            throw new IllegalArgumentException("Final redirect URI did not contain the 'code' parameter");
        }
        try {
            return new OAuthData(this.reddit.execute(this.reddit.request().https(true).host(RedditClient.HOST).path("/api/v1/access_token", new String[0]).post(JrawUtils.mapOf("grant_type", "authorization_code", "code", parseUrlEncoded.get("code"), "redirect_uri", str2)).basicAuth(new BasicAuthData(credentials.getClientId(), credentials.getClientSecret())).build()).getJson());
        } catch (NetworkException e) {
            if (e.getCode() == 401) {
                throw new OAuthException("Invalid client ID/secret", e);
            }
            throw e;
        }
    }

    public OAuthData doScriptApp(Credentials credentials) throws NetworkException {
        if (credentials.getAuthenticationMethod() != AuthenticationMethod.SCRIPT) {
            throw new IllegalArgumentException("This method only authenticates 'script' apps");
        }
        return new OAuthData(this.reddit.execute(this.reddit.request().https(true).host(RedditClient.HOST_SPECIAL).path("/api/v1/access_token", new String[0]).post(JrawUtils.mapOf("grant_type", "password", "username", credentials.getUsername(), "password", credentials.getPassword())).sensitiveArgs("password").basicAuth(new BasicAuthData(credentials.getClientId(), credentials.getClientSecret())).build()).getJson());
    }

    @Override // net.dean.jraw.http.NetworkAccessible
    public HttpAdapter getHttpAdapter() {
        return this.reddit.getHttpAdapter();
    }
}
