package org.forgerock.openam.authentication.modules.oauth2.service;

import com.sun.identity.authentication.spi.AuthLoginException;
import java.net.URLEncoder;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.http.client.utils.DateUtils;
import org.forgerock.openam.authentication.modules.oauth2.HttpRequestContent;
import org.forgerock.openam.authentication.modules.oauth2.OAuthConf;
import org.forgerock.openam.authentication.modules.oauth2.OAuthParam;
import org.forgerock.openam.authentication.modules.oauth2.OAuthUtil;
import org.forgerock.openam.authentication.modules.oauth2.service.esia.Signer;

/* loaded from: input_file:org/forgerock/openam/authentication/modules/oauth2/service/ESIAServiceUrlProvider.class */
public class ESIAServiceUrlProvider implements ServiceUrlProvider {
    private static final String UTF_8 = "UTF-8";
    final Signer signer;
    static final String ESIA_HOST_SYNC_TIME = "https://esia.gosuslugi.ru/";
    private static final SimpleDateFormat format = new SimpleDateFormat("yyyy.MM.dd HH:mm:ss Z");
    static long syncOffset = 0;
    static final ScheduledExecutorService syncTime = Executors.newSingleThreadScheduledExecutor();

    public ESIAServiceUrlProvider(String str, String str2) {
        this.signer = new Signer(str, str2);
    }

    @Override // org.forgerock.openam.authentication.modules.oauth2.service.ServiceUrlProvider
    public String getServiceUri(OAuthConf oAuthConf, String str, String str2) throws AuthLoginException {
        String concat = oAuthConf.getAuthServiceUrl().concat("?client_id={0}&client_secret={1}&redirect_uri={2}&scope={3}&response_type=code&state={4}&timestamp={5}&access_type=offline");
        String timeStamp = getTimeStamp();
        try {
            return MessageFormat.format(concat, URLEncoder.encode(oAuthConf.getClientId(), UTF_8), URLEncoder.encode(this.signer.signString(oAuthConf.getScope() + timeStamp + oAuthConf.getClientId() + str2), UTF_8), URLEncoder.encode(str, UTF_8), URLEncoder.encode(oAuthConf.getScope(), UTF_8), URLEncoder.encode(str2, UTF_8), URLEncoder.encode(timeStamp, UTF_8));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.forgerock.openam.authentication.modules.oauth2.service.ServiceUrlProvider
    public Map<String, String> getTokenServicePOSTparameters(OAuthConf oAuthConf, String str, String str2) throws AuthLoginException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (str == null) {
            OAuthUtil.debugError("process: code == null");
            throw new AuthLoginException(OAuthParam.BUNDLE_NAME, "authCode == null", (Object[]) null);
        }
        OAuthUtil.debugMessage("authentication code: " + str);
        String timeStamp = getTimeStamp();
        String uuid = UUID.randomUUID().toString();
        try {
            linkedHashMap.put(OAuthParam.PARAM_CLIENT_ID, oAuthConf.getClientId());
            linkedHashMap.put(OAuthParam.PARAM_CODE, URLEncoder.encode(str, UTF_8));
            linkedHashMap.put(OAuthParam.PARAM_GRANT_TYPE, "authorization_code");
            linkedHashMap.put(OAuthParam.PARAM_CLIENT_SECRET, URLEncoder.encode(this.signer.signString(oAuthConf.getScope() + timeStamp + oAuthConf.getClientId() + uuid), UTF_8));
            linkedHashMap.put(OAuthParam.PARAM_REDIRECT_URI, URLEncoder.encode(str2, UTF_8));
            linkedHashMap.put(OAuthParam.PARAM_SCOPE, URLEncoder.encode(oAuthConf.getScope(), UTF_8));
            linkedHashMap.put("state", URLEncoder.encode(uuid, UTF_8));
            linkedHashMap.put("timestamp", URLEncoder.encode(timeStamp, UTF_8));
            linkedHashMap.put("token_type", "Bearer");
            return linkedHashMap;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public Map<String, String> getTokenServiceClientPOSTparameters(OAuthConf oAuthConf, String str) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        String timeStamp = getTimeStamp();
        String uuid = UUID.randomUUID().toString();
        try {
            linkedHashMap.put(OAuthParam.PARAM_CLIENT_ID, oAuthConf.getClientId());
            linkedHashMap.put("response_type", "token");
            linkedHashMap.put(OAuthParam.PARAM_SCOPE, URLEncoder.encode(str, UTF_8));
            linkedHashMap.put(OAuthParam.PARAM_GRANT_TYPE, "client_credentials");
            linkedHashMap.put("state", URLEncoder.encode(uuid, UTF_8));
            linkedHashMap.put("timestamp", URLEncoder.encode(timeStamp, UTF_8));
            linkedHashMap.put("token_type", "Bearer");
            linkedHashMap.put(OAuthParam.PARAM_CLIENT_SECRET, URLEncoder.encode(this.signer.signString(str + timeStamp + oAuthConf.getClientId() + uuid), UTF_8));
            return linkedHashMap;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.forgerock.openam.authentication.modules.oauth2.service.ServiceUrlProvider
    public Map<String, String> getTokenServiceGETparameters(OAuthConf oAuthConf, String str, String str2) throws AuthLoginException {
        return null;
    }

    public static void init() {
    }

    public static long getSyncOffset() throws Exception {
        return Calendar.getInstance().getTime().getTime() - DateUtils.parseDate(HttpRequestContent.getInstance().getHeadersUsingHEAD(ESIA_HOST_SYNC_TIME).get("Date").get(0)).getTime();
    }

    String getTimeStamp() {
        Calendar calendar = Calendar.getInstance();
        calendar.setTimeInMillis(Calendar.getInstance().getTime().getTime() - syncOffset);
        return format.format(calendar.getTime());
    }

    static {
        syncTime.scheduleAtFixedRate(new Runnable() { // from class: org.forgerock.openam.authentication.modules.oauth2.service.ESIAServiceUrlProvider.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    ESIAServiceUrlProvider.syncOffset = ESIAServiceUrlProvider.getSyncOffset();
                } catch (Exception e) {
                    OAuthUtil.debugWarning("ESIA error sync time: " + e.toString());
                }
            }
        }, 0L, 5L, TimeUnit.MINUTES);
    }
}
