package net.krotscheck.kangaroo.authz.oauth2.resource.token;

import ch.qos.logback.core.joran.action.Action;
import java.math.BigInteger;
import java.util.SortedMap;
import javax.inject.Inject;
import javax.ws.rs.core.MultivaluedMap;
import net.krotscheck.kangaroo.authz.common.database.entity.ApplicationScope;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthTokenType;
import net.krotscheck.kangaroo.authz.common.util.ValidationUtil;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.authz.oauth2.resource.TokenResponseEntity;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.glassfish.jersey.process.internal.RequestScoped;
import org.hibernate.Session;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/token/RefreshTokenGrantHandler.class */
public final class RefreshTokenGrantHandler implements ITokenRequestHandler {
    private final Session session;

    /* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/token/RefreshTokenGrantHandler$Binder.class */
    public static final class Binder extends AbstractBinder {
        @Override // org.glassfish.jersey.internal.inject.AbstractBinder
        protected void configure() {
            bind(RefreshTokenGrantHandler.class).to(ITokenRequestHandler.class).named("refresh_token").in(RequestScoped.class);
        }
    }

    @Inject
    public RefreshTokenGrantHandler(Session session) {
        this.session = session;
    }

    @Override // net.krotscheck.kangaroo.authz.oauth2.resource.token.ITokenRequestHandler
    public TokenResponseEntity handle(Client client, MultivaluedMap<String, String> multivaluedMap) {
        ClientType type = client.getType();
        if (!type.equals(ClientType.OwnerCredentials) && !type.equals(ClientType.AuthorizationGrant)) {
            throw new RFC6749.InvalidGrantException();
        }
        try {
            BigInteger fromString = IdUtil.fromString(multivaluedMap.getFirst("refresh_token"));
            if (fromString == null) {
                throw new NullPointerException();
            }
            OAuthToken oAuthToken = (OAuthToken) this.session.get(OAuthToken.class, fromString);
            if (oAuthToken == null || !oAuthToken.getTokenType().equals(OAuthTokenType.Refresh)) {
                throw new RFC6749.InvalidGrantException();
            }
            if (oAuthToken.isExpired()) {
                throw new RFC6749.InvalidGrantException();
            }
            SortedMap<String, ApplicationScope> revalidateScope = ValidationUtil.revalidateScope(multivaluedMap.getFirst(Action.SCOPE_ATTRIBUTE), oAuthToken.getScopes(), oAuthToken.getIdentity().getUser().getRole());
            String first = multivaluedMap.getFirst("state");
            OAuthToken oAuthToken2 = new OAuthToken();
            oAuthToken2.setClient(client);
            oAuthToken2.setTokenType(OAuthTokenType.Bearer);
            oAuthToken2.setExpiresIn(client.getAccessTokenExpireIn());
            oAuthToken2.setScopes(revalidateScope);
            oAuthToken2.setIdentity(oAuthToken.getIdentity());
            OAuthToken oAuthToken3 = new OAuthToken();
            oAuthToken3.setClient(client);
            oAuthToken3.setTokenType(OAuthTokenType.Refresh);
            oAuthToken3.setExpiresIn(client.getRefreshTokenExpireIn());
            oAuthToken3.setScopes(revalidateScope);
            oAuthToken3.setIdentity(oAuthToken.getIdentity());
            oAuthToken3.setAuthToken(oAuthToken2);
            this.session.save(oAuthToken2);
            this.session.save(oAuthToken3);
            if (oAuthToken.getAuthToken() != null) {
                this.session.delete(oAuthToken.getAuthToken());
            }
            this.session.delete(oAuthToken);
            return TokenResponseEntity.factory(oAuthToken2, oAuthToken3, first);
        } catch (IllegalArgumentException | NullPointerException e) {
            throw new RFC6749.InvalidGrantException();
        }
    }
}
