package com.databricks.internal.sdk.core.oauth;

import com.databricks.internal.apache.commons.io.IOUtils;
import com.databricks.internal.apache.hc.core5.http.HeaderElements;
import com.databricks.internal.google.common.net.HttpHeaders;
import com.databricks.internal.sdk.core.DatabricksException;
import com.databricks.internal.sdk.core.commons.CommonsHttpClient;
import com.databricks.internal.sdk.core.http.HttpClient;
import com.databricks.internal.sdk.core.oauth.SessionCredentials;
import com.databricks.jdbc.driver.DatabricksJdbcConstants;
import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
import java.awt.Desktop;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/databricks/internal/sdk/core/oauth/Consent.class */
public class Consent implements Serializable {
    private static final Long serialVersionUID = -3832904096215095559L;
    private transient HttpClient hc;
    private final String authUrl;
    private final String verifier;
    private final String state;
    private final String tokenUrl;
    private final String redirectUrl;
    private final String clientId;
    private final String clientSecret;

    /* loaded from: input_file:com/databricks/internal/sdk/core/oauth/Consent$Builder.class */
    public static class Builder {
        private HttpClient hc = new CommonsHttpClient(30);
        private String authUrl;
        private String verifier;
        private String state;
        private String tokenUrl;
        private String redirectUrl;
        private String clientId;
        private String clientSecret;

        public Builder withHttpClient(HttpClient httpClient) {
            this.hc = httpClient;
            return this;
        }

        public Builder withAuthUrl(String str) {
            this.authUrl = str;
            return this;
        }

        public Builder withVerifier(String str) {
            this.verifier = str;
            return this;
        }

        public Builder withState(String str) {
            this.state = str;
            return this;
        }

        public Builder withTokenUrl(String str) {
            this.tokenUrl = str;
            return this;
        }

        public Builder withRedirectUrl(String str) {
            this.redirectUrl = str;
            return this;
        }

        public Builder withClientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder withClientSecret(String str) {
            this.clientSecret = str;
            return this;
        }

        public Consent build() {
            return new Consent(this);
        }
    }

    /* loaded from: input_file:com/databricks/internal/sdk/core/oauth/Consent$CallbackResponseHandler.class */
    static class CallbackResponseHandler implements HttpHandler {
        private final Logger LOG = LoggerFactory.getLogger(getClass().getName());
        private final Object lock = new Object();
        private volatile Map<String, String> params;

        CallbackResponseHandler() {
        }

        public void handle(HttpExchange httpExchange) {
            try {
                handleInner(httpExchange);
            } catch (IOException e) {
                this.LOG.error("Unable to handle callback request", e);
            }
        }

        public void handleInner(HttpExchange httpExchange) throws IOException {
            if (!"GET".equals(httpExchange.getRequestMethod())) {
                sendError(httpExchange, 400, "Unsupported method", "Unsupported method " + httpExchange.getRequestMethod() + "; only GET is supported");
                return;
            }
            String query = httpExchange.getRequestURI().getQuery();
            if (query == null || query.isEmpty()) {
                sendError(httpExchange, 400, "Missing Query", "No query received for the current request");
                return;
            }
            String decode = URLDecoder.decode(query, StandardCharsets.UTF_8.name());
            HashMap hashMap = new HashMap();
            Arrays.stream(decode.split("&")).forEach(str -> {
                String[] split = str.split(DatabricksJdbcConstants.PAIR_DELIMITER);
                hashMap.put(split[0], split.length > 1 ? split[1] : "");
            });
            sendSuccess(httpExchange);
            synchronized (this.lock) {
                this.params = hashMap;
                this.lock.notify();
            }
        }

        private void sendError(HttpExchange httpExchange, int i, String str, String str2) throws IOException {
            String iOUtils = IOUtils.toString((InputStream) Objects.requireNonNull(getClass().getClassLoader().getResourceAsStream("oauth/failed_response.html.tmpl")), StandardCharsets.UTF_8);
            HashMap hashMap = new HashMap();
            hashMap.put("{{code}}", String.valueOf(i));
            hashMap.put("{{message}}", str);
            hashMap.put("{{explain}}", str2);
            for (Map.Entry entry : hashMap.entrySet()) {
                iOUtils = iOUtils.replaceAll((String) entry.getKey(), (String) entry.getValue());
            }
            Headers responseHeaders = httpExchange.getResponseHeaders();
            responseHeaders.set("Connection", HeaderElements.CLOSE);
            responseHeaders.set("Content-Type", "text/html;charset=utf-8");
            httpExchange.sendResponseHeaders(200, iOUtils.length());
            httpExchange.getResponseBody().write(iOUtils.getBytes(StandardCharsets.UTF_8));
            httpExchange.close();
        }

        private void sendSuccess(HttpExchange httpExchange) throws IOException {
            String iOUtils = IOUtils.toString((InputStream) Objects.requireNonNull(getClass().getClassLoader().getResourceAsStream("oauth/successful_response.html")), StandardCharsets.UTF_8);
            httpExchange.getResponseHeaders().set("Content-Type", "text/html;charset=utf-8");
            httpExchange.sendResponseHeaders(200, iOUtils.length());
            httpExchange.getResponseBody().write(iOUtils.getBytes(StandardCharsets.UTF_8));
            httpExchange.close();
        }

        public Map<String, String> getParams() {
            Map<String, String> map;
            synchronized (this.lock) {
                if (this.params == null) {
                    try {
                        this.lock.wait();
                    } catch (InterruptedException e) {
                        throw new DatabricksException("Interrupted while waiting for parameters: " + e.getMessage(), e);
                    }
                }
                map = this.params;
            }
            return map;
        }
    }

    private Consent(Builder builder) {
        this.hc = (HttpClient) Objects.requireNonNull(builder.hc);
        this.authUrl = (String) Objects.requireNonNull(builder.authUrl);
        this.verifier = (String) Objects.requireNonNull(builder.verifier);
        this.state = (String) Objects.requireNonNull(builder.state);
        this.tokenUrl = (String) Objects.requireNonNull(builder.tokenUrl);
        this.redirectUrl = (String) Objects.requireNonNull(builder.redirectUrl);
        this.clientId = (String) Objects.requireNonNull(builder.clientId);
        this.clientSecret = builder.clientSecret;
    }

    public Consent setHttpClient(HttpClient httpClient) {
        this.hc = httpClient;
        return this;
    }

    public String getAuthUrl() {
        return this.authUrl;
    }

    public String getVerifier() {
        return this.verifier;
    }

    public String getState() {
        return this.state;
    }

    public String getTokenUrl() {
        return this.tokenUrl;
    }

    public String getRedirectUrl() {
        return this.redirectUrl;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public SessionCredentials launchExternalBrowser() throws IOException {
        URL url = new URL(getRedirectUrl());
        if (!Arrays.asList("localhost", "127.0.0.1").contains(url.getHost())) {
            throw new IllegalArgumentException("cannot listen on " + url.getHost() + ", redirectUrl host must be one of: localhost, 127.0.0.1");
        }
        CallbackResponseHandler callbackResponseHandler = new CallbackResponseHandler();
        HttpServer create = HttpServer.create(new InetSocketAddress(url.getHost(), url.getPort()), 0);
        create.createContext("/", callbackResponseHandler);
        create.start();
        desktopBrowser();
        Map<String, String> params = callbackResponseHandler.getParams();
        create.stop(0);
        return exchangeCallbackParameters(params);
    }

    protected void desktopBrowser() throws IOException {
        Desktop.getDesktop().browse(URI.create(this.authUrl));
    }

    public SessionCredentials exchangeCallbackParameters(Map<String, String> map) {
        if (map.containsKey("error")) {
            throw new DatabricksException(map.get("error") + ": " + map.get("error_description"));
        }
        if (map.containsKey("code") && map.containsKey("state")) {
            return exchange(map.get("code"), map.get("state"));
        }
        throw new DatabricksException("No code returned in callback");
    }

    public SessionCredentials exchange(String str, String str2) {
        if (!this.state.equals(str2)) {
            throw new DatabricksException("state mismatch: original state: " + this.state + "; retrieved state: " + str2);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str);
        hashMap.put("code_verifier", this.verifier);
        hashMap.put("redirect_uri", this.redirectUrl);
        HashMap hashMap2 = new HashMap();
        if (this.tokenUrl.contains("microsoft")) {
            hashMap2.put(HttpHeaders.ORIGIN, this.redirectUrl);
        }
        return new SessionCredentials.Builder().withHttpClient(this.hc).withClientId(this.clientId).withClientSecret(this.clientSecret).withTokenUrl(this.tokenUrl).withToken(RefreshableTokenSource.retrieveToken(this.hc, this.clientId, this.clientSecret, this.tokenUrl, hashMap, hashMap2, AuthParameterPosition.BODY)).build();
    }
}
