package net.krotscheck.kangaroo.authz.common.util;

import java.net.URI;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.stream.Collectors;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriBuilder;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.database.entity.ApplicationScope;
import net.krotscheck.kangaroo.authz.common.database.entity.Authenticator;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientRedirect;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.Role;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/common/util/ValidationUtil.class */
public final class ValidationUtil {
    private ValidationUtil() {
    }

    public static void validateResponseType(Client client, String str) {
        if (client != null) {
            if (ClientType.Implicit.equals(client.getType()) && "token".equals(str)) {
                return;
            }
            if (ClientType.AuthorizationGrant.equals(client.getType()) && "code".equals(str)) {
                return;
            }
        }
        throw new RFC6749.UnsupportedResponseTypeException();
    }

    public static URI requireValidRedirect(URI uri, List<ClientRedirect> list) {
        URI validateRedirect = validateRedirect(uri, list);
        if (validateRedirect == null) {
            throw new RFC6749.InvalidRequestException();
        }
        return validateRedirect;
    }

    public static URI requireValidRedirect(String str, List<ClientRedirect> list) {
        URI validateRedirect = validateRedirect(str, list);
        if (validateRedirect == null) {
            throw new RFC6749.InvalidRequestException();
        }
        return validateRedirect;
    }

    public static URI requireValidRedirect(String str, Set<URI> set) {
        URI validateRedirect = validateRedirect(str, set);
        if (validateRedirect == null) {
            throw new RFC6749.InvalidRequestException();
        }
        return validateRedirect;
    }

    public static URI validateRedirect(URI uri, List<ClientRedirect> list) {
        return uri == null ? validateRedirect((String) null, list) : validateRedirect(uri.toString(), list);
    }

    public static URI validateRedirect(String str, List<ClientRedirect> list) {
        return validateRedirect(str, (Set<URI>) list.stream().map((v0) -> {
            return v0.getUri();
        }).collect(Collectors.toSet()));
    }

    public static URI validateRedirect(URI uri, Set<URI> set) {
        return uri == null ? validateRedirect((String) null, set) : validateRedirect(uri.toString(), set);
    }

    public static URI validateRedirect(String str, Set<URI> set) {
        if (set.size() == 0) {
            return null;
        }
        if (StringUtils.isEmpty(str)) {
            if (set.size() == 1) {
                return ((URI[]) set.toArray(new URI[set.size()]))[0];
            }
            return null;
        }
        try {
            URI build = UriBuilder.fromUri(str).build(new Object[0]);
            MultivaluedMap<String, String> extractParams = extractParams(build);
            HashSet hashSet = new HashSet(extractParams.keySet());
            extractParams.keySet().retainAll(hashSet);
            for (URI uri : set) {
                if (uri.getScheme().equals(build.getScheme()) && uri.getHost().equals(build.getHost()) && uri.getPort() == build.getPort() && uri.getPath().equals(build.getPath())) {
                    MultivaluedMap<String, String> extractParams2 = extractParams(uri);
                    hashSet.addAll(extractParams2.keySet());
                    for (Map.Entry<String, String> entry : extractParams2.entrySet()) {
                        if (!((List) extractParams.get(entry.getKey())).containsAll((Collection) entry.getValue())) {
                            break;
                        }
                    }
                    return build;
                }
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    private static MultivaluedMap<String, String> extractParams(URI uri) {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        for (NameValuePair nameValuePair : URLEncodedUtils.parse(uri, "UTF-8")) {
            multivaluedHashMap.add(nameValuePair.getName(), nameValuePair.getValue());
        }
        return multivaluedHashMap;
    }

    public static SortedMap<String, ApplicationScope> validateScope(String[] strArr, SortedMap<String, ApplicationScope> sortedMap) {
        if (strArr == null || strArr.length == 0) {
            return new TreeMap();
        }
        if (sortedMap == null) {
            throw new RFC6749.InvalidScopeException();
        }
        TreeMap treeMap = new TreeMap();
        for (String str : strArr) {
            if (sortedMap.containsKey(str)) {
                treeMap.put(str, sortedMap.get(str));
            }
        }
        return treeMap;
    }

    public static SortedMap<String, ApplicationScope> validateScope(String str, SortedMap<String, ApplicationScope> sortedMap) {
        return StringUtils.isEmpty(str) ? new TreeMap() : validateScope(str.split(" "), sortedMap);
    }

    public static SortedMap<String, ApplicationScope> validateScope(SortedMap<String, ApplicationScope> sortedMap, Role role) {
        if (role == null) {
            throw new RFC6749.InvalidScopeException();
        }
        Collection<ApplicationScope> values = role.getScopes().values();
        Iterator<ApplicationScope> it = sortedMap.values().iterator();
        while (it.hasNext()) {
            if (!values.contains(it.next())) {
                throw new RFC6749.InvalidScopeException();
            }
        }
        return sortedMap;
    }

    public static SortedMap<String, ApplicationScope> validateScope(String str, Role role) {
        if (role == null) {
            throw new RFC6749.InvalidScopeException();
        }
        return validateScope(str, role.getScopes());
    }

    public static SortedMap<String, ApplicationScope> revalidateScope(String[] strArr, SortedMap<String, ApplicationScope> sortedMap, SortedMap<String, ApplicationScope> sortedMap2) {
        if (sortedMap2 == null || sortedMap == null) {
            throw new RFC6749.InvalidScopeException();
        }
        if (strArr == null || strArr.length == 0) {
            return new TreeMap();
        }
        TreeMap treeMap = new TreeMap();
        for (String str : strArr) {
            if (!sortedMap.containsKey(str)) {
                throw new RFC6749.InvalidScopeException();
            }
            if (sortedMap2.containsKey(str)) {
                treeMap.put(str, sortedMap2.get(str));
            }
        }
        return treeMap;
    }

    public static SortedMap<String, ApplicationScope> revalidateScope(String str, SortedMap<String, ApplicationScope> sortedMap, SortedMap<String, ApplicationScope> sortedMap2) {
        return StringUtils.isEmpty(str) ? new TreeMap() : revalidateScope(str.split(" "), sortedMap, sortedMap2);
    }

    public static SortedMap<String, ApplicationScope> revalidateScope(String str, SortedMap<String, ApplicationScope> sortedMap, Role role) {
        if (role == null) {
            throw new RFC6749.InvalidScopeException();
        }
        return revalidateScope(str, sortedMap, role.getScopes());
    }

    public static Authenticator validateAuthenticator(AuthenticatorType authenticatorType, List<Authenticator> list) {
        if (list.size() == 0) {
            throw new RFC6749.InvalidRequestException();
        }
        if (authenticatorType == null) {
            if (list.size() == 1) {
                return list.get(0);
            }
            throw new RFC6749.InvalidRequestException();
        }
        for (Authenticator authenticator : list) {
            if (authenticator.getType().equals(authenticatorType)) {
                return authenticator;
            }
        }
        throw new RFC6749.InvalidRequestException();
    }
}
