package org.elastos.hive.vendor.vault;

import java.io.IOException;
import java.util.HashMap;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import java.util.concurrent.Semaphore;
import java.util.concurrent.atomic.AtomicBoolean;
import okhttp3.MediaType;
import okhttp3.RequestBody;
import org.elastos.did.DIDDocument;
import org.elastos.did.jwt.Claims;
import org.elastos.hive.AuthenticationHandler;
import org.elastos.hive.Callback;
import org.elastos.hive.ConnectHelper;
import org.elastos.hive.NullCallback;
import org.elastos.hive.Persistent;
import org.elastos.hive.exception.HiveException;
import org.elastos.hive.oauth.AuthServer;
import org.elastos.hive.oauth.AuthToken;
import org.elastos.hive.oauth.Authenticator;
import org.elastos.hive.utils.DateUtil;
import org.elastos.hive.utils.JwtUtil;
import org.elastos.hive.utils.UrlUtil;
import org.elastos.hive.vendor.AuthInfoStoreImpl;
import org.elastos.hive.vendor.connection.ConnectionManager;
import org.elastos.hive.vendor.connection.model.BaseServiceConfig;
import org.elastos.hive.vendor.connection.model.HeaderConfig;
import org.elastos.hive.vendor.vault.network.model.AuthResponse;
import org.elastos.hive.vendor.vault.network.model.SignResponse;
import org.elastos.hive.vendor.vault.network.model.TokenResponse;
import org.json.JSONObject;
import retrofit2.Response;

/* loaded from: input_file:org/elastos/hive/vendor/vault/VaultAuthHelper.class */
public class VaultAuthHelper implements ConnectHelper {
    private static final String CLIENT_ID_KEY = "client_id";
    private static final String ACCESS_TOKEN_KEY = "access_token";
    private static final String REFRESH_TOKEN_KEY = "refresh_token";
    private static final String EXPIRES_AT_KEY = "expires_at";
    private static final String TOKEN_TYPE_KEY = "token_type";
    private static final String USER_DID_KEY = "user_did";
    private static final String APP_ID_KEY = "app_id";
    private static final String APP_INSTANCE_DID_KEY = "app_instance_did";
    private String redirectUrl;
    private String clientId;
    private String scope;
    private String clientSecret;
    private String ownerDid;
    private String userDid;
    private String appId;
    private String appInstanceDid;
    private String nodeUrl;
    private AuthToken token;
    private AtomicBoolean connectState = new AtomicBoolean(false);
    private AtomicBoolean syncState = new AtomicBoolean(false);
    private String accessToken;
    private Persistent persistent;
    private DIDDocument authenticationDIDDocument;
    private AuthenticationHandler authenticationHandler;

    public VaultAuthHelper(String str, String str2, String str3, DIDDocument dIDDocument, AuthenticationHandler authenticationHandler) {
        this.authenticationDIDDocument = dIDDocument;
        this.authenticationHandler = authenticationHandler;
        this.ownerDid = str;
        this.nodeUrl = str2;
        this.persistent = new AuthInfoStoreImpl(str, str2, str3);
        try {
            BaseServiceConfig build = new BaseServiceConfig.Builder().build();
            ConnectionManager.resetHiveVaultApi(this.nodeUrl, build);
            ConnectionManager.resetAuthApi("https://oauth2.googleapis.com", build);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public VaultAuthHelper(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        this.nodeUrl = str2;
        this.clientId = str4;
        this.redirectUrl = str6;
        this.scope = str7;
        this.clientSecret = str5;
        this.persistent = new AuthInfoStoreImpl(str, str2, str3);
        try {
            BaseServiceConfig build = new BaseServiceConfig.Builder().build();
            ConnectionManager.resetHiveVaultApi(str2, build);
            ConnectionManager.resetAuthApi("https://oauth2.googleapis.com", build);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override // org.elastos.hive.ConnectHelper
    public CompletableFuture<Void> checkValid() {
        return checkValid(new NullCallback());
    }

    @Override // org.elastos.hive.ConnectHelper
    public CompletableFuture<Void> checkValid(Callback<Void> callback) {
        return CompletableFuture.runAsync(() -> {
            try {
                doCheckExpired();
            } catch (Exception e) {
                HiveException hiveException = new HiveException(e.getLocalizedMessage());
                callback.onError(hiveException);
                throw new CompletionException(hiveException);
            }
        });
    }

    @Override // org.elastos.hive.ConnectHelper
    public void connect() {
        try {
            this.connectState.set(false);
            signIn();
            initConnection();
            this.connectState.set(true);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void doCheckExpired() throws Exception {
        this.connectState.set(false);
        tryRestoreToken();
        if (this.token == null || this.token.isExpired()) {
            signIn();
        }
        initConnection();
        this.connectState.set(true);
    }

    private void redeemToken() throws Exception {
        handleTokenResponse(ConnectionManager.getVaultAuthApi().refreshToken(this.clientId, this.clientSecret, this.token != null ? this.token.getRefreshToken() : "", REFRESH_TOKEN_KEY).execute());
    }

    private void cloudAccess(Authenticator authenticator) throws Exception {
        this.connectState.set(false);
        tryRestoreToken();
        if (this.token == null) {
            nodeAuth("");
            accessToken(accessAuthCode(authenticator));
            this.connectState.set(true);
            return;
        }
        if (this.token.getExpiredTime() > System.currentTimeMillis() / 1000) {
            initConnection();
            this.connectState.set(true);
        } else {
            redeemToken();
            this.connectState.set(true);
        }
    }

    private void signIn() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("document", new JSONObject(this.authenticationDIDDocument.toString()));
        SignResponse signResponse = (SignResponse) ConnectionManager.getHiveVaultApi().signIn(getJsonRequestBoy(new JSONObject(hashMap).toString())).execute().body();
        if (null == signResponse) {
            throw new HiveException("Sign in challenge failed");
        }
        String challenge = signResponse.getChallenge();
        if (null == this.authenticationHandler || !verifyToken(challenge)) {
            return;
        }
        nodeAuth(this.authenticationHandler.authenticationChallenge(challenge).get());
    }

    private void nodeAuth(String str) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("jwt", str);
        handleAuthResponse(ConnectionManager.getHiveVaultApi().auth(getJsonRequestBoy(new JSONObject(hashMap).toString())).execute());
    }

    private boolean verifyToken(String str) {
        try {
            Claims body = JwtUtil.getBody(str);
            long time = body.getExpiration().getTime();
            String audience = body.getAudience();
            if (null == this.ownerDid || null == audience || !this.ownerDid.equals(audience)) {
                return false;
            }
            return System.currentTimeMillis() <= time;
        } catch (Exception e) {
            e.printStackTrace();
            return true;
        }
    }

    private void accessToken(String str) throws Exception {
        Response execute = ConnectionManager.getVaultAuthApi().getToken(str.replace("%2F", "/"), this.clientId, this.clientSecret, this.redirectUrl, "authorization_code").execute();
        handleTokenResponse(execute);
        syncGoogleDrive(execute);
    }

    private void handleTokenResponse(Response response) {
        TokenResponse tokenResponse = (TokenResponse) response.body();
        this.token = new AuthToken(tokenResponse != null ? tokenResponse.getRefresh_token() : "", this.accessToken, (System.currentTimeMillis() / 1000) + (tokenResponse != null ? tokenResponse.getExpires_in() : 0L), tokenResponse != null ? tokenResponse.getToken_type() : "");
        writebackToken();
        initConnection();
    }

    private void handleAuthResponse(Response response) throws Exception {
        AuthResponse authResponse = (AuthResponse) response.body();
        if (null == authResponse) {
            throw new HiveException("Authorize failed");
        }
        String access_token = authResponse.getAccess_token();
        if (null == access_token) {
            return;
        }
        Claims body = JwtUtil.getBody(access_token);
        long time = body.getExpiration().getTime();
        this.userDid = (String) body.get("userDid");
        this.appId = (String) body.get("appId");
        this.appInstanceDid = (String) body.get("appInstanceDid");
        this.token = new AuthToken("", access_token, (System.currentTimeMillis() / 1000) + (time / 1000), "token");
        writebackToken();
        initConnection();
    }

    private String accessAuthCode(Authenticator authenticator) throws Exception {
        Semaphore semaphore = new Semaphore(1);
        String[] decodeHostAndPort = UrlUtil.decodeHostAndPort(this.redirectUrl, "localhost", String.valueOf(12345));
        AuthServer authServer = new AuthServer(semaphore, decodeHostAndPort[0], Integer.valueOf(decodeHostAndPort[1]).intValue());
        authServer.start();
        authenticator.requestAuthentication(String.format("%s?client_id=%s&scope=%s&response_type=code&redirect_uri=%s", "https://accounts.google.com/o/oauth2/auth", this.clientId, this.scope, this.redirectUrl).replace(" ", "%20"));
        semaphore.acquire();
        String authCode = authServer.getAuthCode();
        authServer.stop();
        semaphore.release();
        this.connectState.set(true);
        return authCode;
    }

    private void syncGoogleDrive(Response response) throws IOException {
        TokenResponse tokenResponse = (TokenResponse) response.body();
        long currentTimeMillis = System.currentTimeMillis() + (tokenResponse != null ? tokenResponse.getExpires_in() : 0L);
        HashMap hashMap = new HashMap();
        hashMap.put("token", tokenResponse.getAccess_token());
        hashMap.put(REFRESH_TOKEN_KEY, tokenResponse.getRefresh_token());
        hashMap.put("token_uri", "https://oauth2.googleapis.com");
        hashMap.put(CLIENT_ID_KEY, this.clientId);
        hashMap.put("client_secret", this.clientSecret);
        hashMap.put("scopes", "[https://www.googleapis.com/auth/drive]");
        hashMap.put("expiry", DateUtil.getCurrentEpochTimeStamp(currentTimeMillis));
        ConnectionManager.getHiveVaultApi().googleDrive(getJsonRequestBoy(new JSONObject(hashMap).toString())).execute();
    }

    private void tryRestoreToken() throws HiveException {
        JSONObject parseFrom = this.persistent.parseFrom();
        String str = null;
        String str2 = null;
        String str3 = null;
        long j = -1;
        if (parseFrom.has(REFRESH_TOKEN_KEY)) {
            str = parseFrom.getString(REFRESH_TOKEN_KEY);
        }
        if (parseFrom.has(ACCESS_TOKEN_KEY)) {
            str2 = parseFrom.getString(ACCESS_TOKEN_KEY);
        }
        if (parseFrom.has(EXPIRES_AT_KEY)) {
            j = parseFrom.getLong(EXPIRES_AT_KEY);
        }
        if (parseFrom.has(TOKEN_TYPE_KEY)) {
            str3 = parseFrom.getString(TOKEN_TYPE_KEY);
        }
        if (parseFrom.has(USER_DID_KEY)) {
            this.userDid = parseFrom.getString(USER_DID_KEY);
        }
        if (parseFrom.has(APP_ID_KEY)) {
            this.appId = parseFrom.getString(APP_ID_KEY);
        }
        if (parseFrom.has(APP_INSTANCE_DID_KEY)) {
            this.appInstanceDid = parseFrom.getString(APP_INSTANCE_DID_KEY);
        }
        if (str == null || str2 == null || j <= 0 || str3 == null) {
            return;
        }
        this.token = new AuthToken(str, str2, j, str3);
    }

    private void writebackToken() {
        if (this.token == null) {
            return;
        }
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(CLIENT_ID_KEY, this.clientId);
            jSONObject.put(REFRESH_TOKEN_KEY, this.token.getRefreshToken());
            jSONObject.put(ACCESS_TOKEN_KEY, this.token.getAccessToken());
            jSONObject.put(EXPIRES_AT_KEY, this.token.getExpiredTime());
            jSONObject.put(TOKEN_TYPE_KEY, this.token.getTokenType());
            jSONObject.put(USER_DID_KEY, this.userDid);
            jSONObject.put(APP_ID_KEY, this.appId);
            jSONObject.put(APP_INSTANCE_DID_KEY, this.appInstanceDid);
            this.persistent.upateContent(jSONObject);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void initConnection() {
        ConnectionManager.resetHiveVaultApi(this.nodeUrl, new BaseServiceConfig.Builder().headerConfig(new HeaderConfig.Builder().authToken(this.token).build()).build());
    }

    public String getUserDid() {
        return this.userDid;
    }

    public void setUserDid(String str) {
        this.userDid = str;
    }

    public String getAppId() {
        return this.appId;
    }

    public void setAppId(String str) {
        this.appId = str;
    }

    public String getAppInstanceDid() {
        return this.appInstanceDid;
    }

    public void setAppInstanceDid(String str) {
        this.appInstanceDid = str;
    }

    boolean getConnectState() {
        return this.connectState.get();
    }

    void dissConnect() {
        this.connectState.set(false);
    }

    boolean getSyncState() {
        return this.syncState.get();
    }

    private RequestBody getJsonRequestBoy(String str) {
        return RequestBody.create(MediaType.parse("Content-Type, application/json"), str);
    }

    public int checkResponseCode(Response response) {
        if (response == null) {
            return -1;
        }
        int code = response.code();
        if (code < 300 && code >= 200) {
            return 0;
        }
        if (code == 401) {
            connect();
        }
        return code;
    }
}
