package de.unijena.bioinf.auth;

import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.github.scribejava.apis.auth0.Auth0Service;
import com.github.scribejava.apis.openid.OpenIdOAuth2AccessToken;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.builder.api.DefaultApi20;
import com.github.scribejava.core.model.Response;
import com.github.scribejava.core.oauth.OAuth20Service;
import com.github.scribejava.core.revoke.TokenTypeHint;
import com.github.scribejava.httpclient.apache.ApacheHttpClient;
import de.unijena.bioinf.ChemistryBase.utils.IOFunctions;
import java.io.Closeable;
import java.io.IOException;
import java.net.URI;
import java.util.Date;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.nio.client.CloseableHttpAsyncClient;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/unijena/bioinf/auth/AuthService.class */
public class AuthService implements IOFunctions.IOConsumer<HttpUriRequest>, Closeable {
    private OAuth20Service service;

    @Nullable
    private String refreshToken;
    private Token token;
    protected final ReadWriteLock tokenLock;
    private int minLifetime;

    /* loaded from: input_file:de/unijena/bioinf/auth/AuthService$Token.class */
    public class Token {
        private final OpenIdOAuth2AccessToken source;
        private final Date expTime;

        private Token(OpenIdOAuth2AccessToken openIdOAuth2AccessToken) {
            this.source = openIdOAuth2AccessToken;
            this.expTime = JWT.decode(openIdOAuth2AccessToken.getAccessToken()).getExpiresAt();
        }

        public boolean isExpired() {
            return this.expTime.getTime() - System.currentTimeMillis() < ((long) AuthService.this.minLifetime);
        }

        public String getAccessToken() {
            return this.source.getAccessToken();
        }

        public String getOpenIdToken() {
            return this.source.getOpenIdToken();
        }

        public DecodedJWT getDecodedIdToken() {
            return JWT.decode(getOpenIdToken());
        }

        public DecodedJWT getDecodedAccessToken() {
            return JWT.decode(getAccessToken());
        }

        public OpenIdOAuth2AccessToken getSource() {
            return this.source;
        }
    }

    public AuthService(@NotNull DefaultApi20 defaultApi20, @NotNull String str) {
        this(defaultApi20, str, null);
    }

    public AuthService(@NotNull DefaultApi20 defaultApi20, @NotNull String str, @Nullable CloseableHttpAsyncClient closeableHttpAsyncClient) {
        this(defaultApi20, str, null, null, closeableHttpAsyncClient);
    }

    public AuthService(@NotNull DefaultApi20 defaultApi20, @NotNull String str, @Nullable String str2, @Nullable String str3) {
        this(defaultApi20, str, str2, str3, null);
    }

    public AuthService(@NotNull DefaultApi20 defaultApi20, @NotNull String str, @Nullable String str2, @Nullable String str3, @Nullable CloseableHttpAsyncClient closeableHttpAsyncClient) {
        this(buildService(defaultApi20, str, str2, closeableHttpAsyncClient), str3);
    }

    public AuthService(@NotNull OAuth20Service oAuth20Service, @Nullable String str) {
        this.tokenLock = new ReentrantReadWriteLock();
        this.minLifetime = 900000;
        this.refreshToken = str;
        this.service = oAuth20Service;
    }

    private static OAuth20Service buildService(@NotNull DefaultApi20 defaultApi20, @NotNull String str, @Nullable String str2, @Nullable CloseableHttpAsyncClient closeableHttpAsyncClient) {
        ServiceBuilder serviceBuilder = new ServiceBuilder(str);
        if (closeableHttpAsyncClient != null) {
            serviceBuilder.httpClient(new ApacheHttpClient(closeableHttpAsyncClient));
        }
        if (str2 != null) {
            serviceBuilder.apiSecret(str2);
        }
        return serviceBuilder.build(defaultApi20);
    }

    public void reconnectService(@Nullable CloseableHttpAsyncClient closeableHttpAsyncClient) {
        reconnectService(null, closeableHttpAsyncClient);
    }

    public void reconnectService(@Nullable DefaultApi20 defaultApi20, @Nullable CloseableHttpAsyncClient closeableHttpAsyncClient) {
        reconnectService(buildService(defaultApi20 == null ? this.service.getApi() : defaultApi20, this.service.getApiKey(), this.service.getApiSecret(), closeableHttpAsyncClient));
    }

    public void reconnectService(@NotNull OAuth20Service oAuth20Service) {
        this.tokenLock.writeLock().lock();
        try {
            this.service = oAuth20Service;
        } finally {
            this.tokenLock.writeLock().unlock();
        }
    }

    protected Token requestAccessTokenClientFlow() throws IOException, ExecutionException, InterruptedException {
        return new Token(this.service.getAccessTokenClientCredentialsGrant());
    }

    protected Token requestAccessTokenRefreshFlow() throws IOException, ExecutionException, InterruptedException {
        return new Token(this.service.refreshAccessToken(this.refreshToken));
    }

    protected Token requestAccessTokenPasswordFlow(String str, String str2) throws IOException, ExecutionException, InterruptedException {
        return new Token(this.service.getAccessTokenPasswordGrant(str, str2, "offline_access openid"));
    }

    protected boolean isRefreshTokenValid() {
        if (this.refreshToken == null || this.refreshToken.isBlank()) {
            return false;
        }
        this.tokenLock.writeLock().lock();
        try {
            this.token = requestAccessTokenRefreshFlow();
            return true;
        } catch (IOException | InterruptedException | ExecutionException e) {
            LoggerFactory.getLogger(getClass()).warn("Error when refreshing access_token with current refresh_token.", e);
            return false;
        } finally {
            this.tokenLock.writeLock().unlock();
        }
    }

    protected boolean hasClientSecret() {
        return this.service.getApiSecret() != null;
    }

    public boolean needsLogin() {
        return (!needsRefresh() || hasClientSecret() || isRefreshTokenValid()) ? false : true;
    }

    public boolean needsRefresh() {
        this.tokenLock.readLock().lock();
        try {
            return needsRefreshRaw();
        } finally {
            this.tokenLock.readLock().unlock();
        }
    }

    protected boolean needsRefreshRaw() {
        return this.token == null || this.token.isExpired();
    }

    public Token refreshIfNeeded() throws LoginException {
        return refreshIfNeeded(false);
    }

    /* JADX WARN: Code restructure failed: missing block: B:26:0x0021, code lost:
    
        if (needsRefreshRaw() != false) goto L11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public de.unijena.bioinf.auth.AuthService.Token refreshIfNeeded(boolean r7) throws de.unijena.bioinf.auth.LoginException {
        /*
            r6 = this;
            r0 = r7
            if (r0 != 0) goto Lb
            r0 = r6
            boolean r0 = r0.needsRefresh()
            if (r0 == 0) goto L8c
        Lb:
            r0 = r6
            java.util.concurrent.locks.ReadWriteLock r0 = r0.tokenLock
            java.util.concurrent.locks.Lock r0 = r0.writeLock()
            r0.lock()
            r0 = r7
            if (r0 != 0) goto L24
            r0 = r6
            boolean r0 = r0.needsRefreshRaw()     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            if (r0 == 0) goto L60
        L24:
            r0 = r6
            boolean r0 = r0.hasClientSecret()     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            if (r0 == 0) goto L36
            r0 = r6
            r1 = r6
            de.unijena.bioinf.auth.AuthService$Token r1 = r1.requestAccessTokenClientFlow()     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            r0.token = r1     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            goto L60
        L36:
            r0 = r6
            java.lang.String r0 = r0.refreshToken     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            if (r0 == 0) goto L47
            r0 = r6
            java.lang.String r0 = r0.refreshToken     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            boolean r0 = r0.isBlank()     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            if (r0 == 0) goto L58
        L47:
            de.unijena.bioinf.auth.LoginException r0 = new de.unijena.bioinf.auth.LoginException     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            r1 = r0
            java.lang.NullPointerException r2 = new java.lang.NullPointerException     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            r3 = r2
            java.lang.String r4 = "Refresh token is null or empty!"
            r3.<init>(r4)     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            throw r0     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
        L58:
            r0 = r6
            r1 = r6
            de.unijena.bioinf.auth.AuthService$Token r1 = r1.requestAccessTokenRefreshFlow()     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
            r0.token = r1     // Catch: java.lang.Throwable -> L71 java.lang.Throwable -> L7b
        L60:
            r0 = r6
            java.util.concurrent.locks.ReadWriteLock r0 = r0.tokenLock
            java.util.concurrent.locks.Lock r0 = r0.writeLock()
            r0.unlock()
            goto L8c
        L71:
            r8 = move-exception
            de.unijena.bioinf.auth.LoginException r0 = new de.unijena.bioinf.auth.LoginException     // Catch: java.lang.Throwable -> L7b
            r1 = r0
            r2 = r8
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L7b
            throw r0     // Catch: java.lang.Throwable -> L7b
        L7b:
            r9 = move-exception
            r0 = r6
            java.util.concurrent.locks.ReadWriteLock r0 = r0.tokenLock
            java.util.concurrent.locks.Lock r0 = r0.writeLock()
            r0.unlock()
            r0 = r9
            throw r0
        L8c:
            r0 = r6
            de.unijena.bioinf.auth.AuthService$Token r0 = r0.token
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: de.unijena.bioinf.auth.AuthService.refreshIfNeeded(boolean):de.unijena.bioinf.auth.AuthService$Token");
    }

    public void login(String str, String str2) throws IOException, ExecutionException, InterruptedException {
        this.tokenLock.writeLock().lock();
        try {
            this.token = requestAccessTokenPasswordFlow(str, str2);
            this.refreshToken = this.token.getSource().getRefreshToken();
        } finally {
            this.tokenLock.writeLock().unlock();
        }
    }

    public void accept(HttpUriRequest httpUriRequest) throws IOException {
        httpUriRequest.setHeader("Authorization", "Bearer " + refreshIfNeeded().getAccessToken());
    }

    public void logout() {
        this.tokenLock.writeLock().lock();
        try {
            if (this.refreshToken != null) {
                try {
                    this.service.revokeToken(this.refreshToken, TokenTypeHint.REFRESH_TOKEN);
                } catch (Throwable th) {
                    LoggerFactory.getLogger(getClass()).warn("Error when revoking refresh token!", th);
                }
            }
            if (this.token != null) {
                try {
                    this.service.revokeToken(this.token.getAccessToken(), TokenTypeHint.ACCESS_TOKEN);
                } catch (Throwable th2) {
                    LoggerFactory.getLogger(getClass()).warn("Error when revoking access token!", th2);
                }
            }
            this.token = null;
            this.refreshToken = null;
        } finally {
            this.tokenLock.writeLock().unlock();
        }
    }

    public int getMinLifetime() {
        return this.minLifetime;
    }

    public void setMinLifetime(int i) {
        this.minLifetime = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRefreshToken() {
        return this.refreshToken;
    }

    public URI signUpURL(URI uri) {
        return signUpURL(uri.toString());
    }

    public URI signUpURL(String str) {
        return URI.create(this.service.createAuthorizationUrlBuilder().additionalParams(Map.of("screen_hint", "signup", "prompt", "login", "redirect_uri", str)).build());
    }

    public void sendPasswordReset(String str) throws IOException, ExecutionException, InterruptedException {
        Response sendPasswordResetRequest = ((Auth0Service) this.service).sendPasswordResetRequest(str);
        if (!sendPasswordResetRequest.isSuccessful()) {
            throw new IOException("Could not initiate Password reset. Cause: " + sendPasswordResetRequest.getMessage() + " | Body: " + sendPasswordResetRequest.getBody());
        }
    }

    public Optional<Token> getToken() {
        try {
            return Optional.of(refreshIfNeeded());
        } catch (LoginException e) {
            LoggerFactory.getLogger(AuthServices.class).warn("No login Found: " + e.getMessage());
            return Optional.empty();
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.service.close();
    }
}
